RELATED APP
This patent application is a continuation of U.S. Patent Application Serial No. 16/939,077, filed July 27, 2020, which is a continuation arrangement to U.S. Patent Application Serial No. 16/938,991, filed July 26, 2020, July 2020, which is a continuation of PCT Application No. 62/809,847, filed February 25, 2019, U.S. Provisional Application 62/855,036, filed May 31, 2019, and U.S. Provisional Application No. 62/948,265 filed December 15, 2019, all of which are incorporated herein by reference in their entirety.
TECHNICAL AREA
This description relates generally to an apparatus and method for improving communication over the Internet by retrying the search for content (such as a web page or a web site identified by a URL) using a direct search scheme or using a non-direct search scheme Search schemes based on the use of intermediate nodes and in particular on repeating the search using the same or different parameters, characteristics or search schemes, such as using different proxies, using different IP addresses or using different brokers. devices when you repeat the search.
UNDER
Unless otherwise indicated herein, the materials described in this section do not constitute prior art relative to the claims of this application and are not admitted as prior art for inclusion in this section.
The Internet is a global system of interconnected computer networks that use the Internet Standardized Protocol Suite (TCP/IP), including Transmission Control Protocol (TCP) and Internet Protocol (IP), to serve billions of users around the world. It is a network of networks consisting of millions of private, public, academic, commercial and government networks, from local to global reach, interconnected by a wide range of electronic and optical network technologies. The Internet contains a wide range of information resources and services, such as B. linked hypertext documents on the World Wide Web (WWW) and the infrastructure that supports electronic mail. Internet backbones refer to the main data paths between large, strategically interconnected networks and core routers on the Internet. These data paths are hosted by high-capacity commercial, government, academic, and other network nodes, Internet exchange points, and network access points that exchange Internet traffic between the world's countries, continents, and oceans. The exchange of traffic between ISPs (typically Tier 1 networks) participating in the Internet backbone exchange traffic through privately negotiated interconnection agreements governed primarily by the no-deal connection principle.
Transmission Control Protocol (TCP) is one of the core protocols in the Internet Protocol (IP) suite described in RFC 675 and RFC 793, and the entire suite is often referred to as TCP/IP. TCP provides reliable, orderly, and error-checked transmission of a stream of octets between programs running on computers connected to a local area network, intranet, or public Internet. It is in the transport layer. Web browsers typically use TCP when connecting to servers on the World Wide Web and are used to send email and transfer files from one place to another. HTTP, HTTPS, SMTP, POP3, IMAP, SSH, FTP, Telnet and a variety of other protocols usually encapsulated in TCP. As the transport layer of the TCP/IP suite, TCP provides an intermediate level communication service between an application program and the Internet Protocol (IP). IP packets can be lost, duplicated, or delivered incorrectly due to network congestion, traffic load balancing, or other unpredictable network behavior. TCP detects these problems, requests retransmission of lost data, reorganizes bad data, and even helps minimize network congestion to reduce the occurrence of other problems. After the TCP receiver has reassembled the originally transmitted sequence of octets, it forwards them to the receiving application. Thus, TCP abstracts the application's communication from the details of the underlying network. TCP is commonly used by many of the most popular Internet applications, including the World Wide Web (WWW), email, File Transfer Protocol, Secure Shell, peer-to-peer file sharing, and some streaming applications.
While the IP layer handles the actual delivery of the data, TCP keeps track of the individual units of data transmission, called segments, into which a message is divided for efficient routing through the network. For example, when an HTML file is sent from a web server, the TCP software layer of that server breaks the octet stream of the file into segments and forwards them individually to the IP (Internet) software layer. The internet layer encapsulates each TCP segment in an IP packet by adding a header that contains (among other data) the destination IP address. When the client program on the target computer receives them, the TCP layer (transport layer) reassembles the individual segments and ensures that they are transmitted to an application in the correct order and without errors.
TCP protocol operations can be divided into three phases. Connections must be successfully established in a multi-stage negotiation process (connection establishment) before entering the data transmission phase. After the data transfer is complete, terminating the connection closes the established virtual circuits and frees all allocated resources. A TCP connection is typically managed by an operating system through a programming interface that represents the local endpoint for communication, the Internet socket. During the duration of a TCP connection, the local endpoint goes through a series of state changes.
Because TCP/IP is based on the client/server operating model, configuring the TCP connection involves preparing the client and server for the connection by performing an OPEN operation. A client process initiates a TCP connection by doing an active OPEN and sending a SYN message to a server. A server process using TCP prepares for an incoming connection request by performing a passive OPEN. Both devices create a data structure for each TCP session that is used to store important data related to the connection, called the Transmission Control Block (TCB).
There are two different types of OPENING, referred to as "active OPENING" and "passive OPENING". With Active OPEN, the client process using TCP takes the "active role" and initiates the connection by sending a TCP message to initiate the connection (a SYN message). With Passive OPEN, the server process, designed to use TCP, communicates with TCP and says "I'm here waiting for clients who want to talk to me to send me a message on the following port number." OPEN is said to be passive because the server process does nothing other than indicate that the process is listening. In fact, a passive OPEN can indicate that the server is waiting for an active OPEN from a particular client, although not all TCP/IP APIs support this feature. More often, a server process is willing to accept connections from all corners. Such a passive OPEN must then be unspecified.
In passive OPEN, TCP uses a three-way handshake, and before a client attempts to connect to a server, the server must first call and listen on a port to open it for connections. Once the passive OPEN is established, a customer can initiate an active OPEN. To establish a connection, the three-way (or 3-step) handshake is performed:
- 1. SYN: Active opening is performed by the client sending a SYN to the server. The client sets the sequence number of the segment to a random value A.
- 2. SYN-ACK: The server responds with a SYN-ACK. The acknowledgment number is set one higher than the received sequence number, i. H. A+1, and the sequence number the server chooses for the packet is another random number, B.
- 3. ACK: Finally, the client sends an ACK back to the server. The sequence number is defined as the received acknowledgment value, ie A+1, and the acknowledgment number is defined as one more than the received sequence number, ie B+1.
At this point, both the client and server have received confirmation of the connection. Steps 1 and 2 set the connection parameter (run number) for an address and confirm. In steps 2, 3, the connection parameter (sequence number) is set and confirmed in the other direction, and then full-duplex communication is established.
TCP lifetime maintenance. When two hosts are connected over a network using TCP/IP, TCP keep-alive packets can be used to determine if the connection is still valid and, if so, to terminate it. Most hosts that support TCP also support TCP keepalive, in which each host (or peer) periodically sends a TCP packet to its peer requesting a reply. The TCP keep-alive scheme involves the use of timers when establishing a TCP connection, and when the keep-alive timer reaches zero, a keep-alive packet with no data is sent and the ACK flag is set. This procedure makes sense because if the other peers lose their connection (e.g. due to a restart), the connection abort is noted even if no traffic is exchanged. If the keepalive test fails, the connection can no longer be considered valid. The TCP keepalive mechanism can be used to prevent inactivity from disconnecting the channel. For example, behind a NAT proxy or firewall, a host can go offline for no reason. This behavior is caused by connection tracing techniques implemented in proxies and firewalls that track all connections that pass through them. Due to the physical limitations of these machines, they can only hold a finite number of connections in their memory. The most common and logical policy is to keep the newest connections and discard old, idle connections first.
An activity signal is usually sent at predefined intervals and plays an important role on the internet. If no reply is received after sending a signal, the connection is assumed to be broken and future data is routed in a different way until the connection is restored. A keep-alive signal can also be used to indicate to the Internet infrastructure that the connection should be maintained. Without an activity token, intermediate NAT-enabled routers can disconnect after the timeout. Because their sole purpose is to find broken links or indicate connections that should be kept, keepalive messages are typically short and don't consume much bandwidth.
Transmission Control Protocol (TCP) keepalives are an optional feature and should be disabled by default if present. The keepalive packet contains null data, and on an Ethernet network, the length of a keepalive frame is 60 bytes, while the server's response to it, also a null data frame, is 54 bytes. There are three parameters related to keepalive: keepalive time is the duration between two idle keepalive transmissions, TCP keepalive period should be configurable and by default is set to not less than 2 hours, keepalive interval is keepalive the duration between two consecutive keepalive retransmissions when no acknowledgment of the previous keepalive transmission is received, and keepalive retransmission is the number of retransmissions that must be performed before the remote end is declared unavailable.
Internet Protocol (IP) is the primary communications protocol used to transmit datagrams (packets) over a network using the Internet Protocol Suite. Responsible for routing packets across network boundaries, it is the main protocol that builds the Internet. IP is the main protocol in the Internet layer of the Internet Protocol Suite and is responsible for delivering datagrams from the source host to the destination host based on their addresses. To do this, IP defines addressing methods and structures to encapsulate datagrams. Internet Protocol Version 4 (IPv4) is the predominant Internet protocol. IPv4 is described in the Internet Engineering Task Force (IETF) Request for Comments (RFC) 791 and RFC 1349, and its successor, Internet Protocol Version 6 (IPv6), is currently active and increasingly implemented around the world. IPv4 uses 32-bit addresses (resulting in 4 billion: 4.3 × 109addresses), while IPv6 uses 128-bit addresses (with 340 quintillion, or 3.4 × 1038addresses) as described in RFC 2460.
An overview of an IP-based package15is displayed
The Internet Protocol is responsible for addressing hosts and routing datagrams (packets) from a source host to a destination host over one or more IP networks. To this end, the Internet Protocol defines an addressing system that has two functions. Addresses identify hosts and provide a logical location service. Each packet is marked with a header containing metadata for delivery purposes. This marking process is also known as encapsulation. IP is a connectionless protocol for use in a packet-switched data link layer network and requires no circuit configuration before transmission. Aspects of guaranteed delivery, correct sequencing, avoidance of double deliveries and data integrity are handled by a higher transport layer protocol (e.g. TCP - Transmission Control Protocol and UDP - User Datagram Protocol).
The main aspects of IP technology are IP addressing and routing. Addressing refers to how IP addresses are assigned to end hosts and how host IP addresses are partitioned and subnetted. IP routing is performed by all hosts, but primarily by internetworking routers, which typically use Interior Gateway Protocols (IGPs) or Exterior Gateway Protocols (EGPs) to make routing decisions for forwarding IP datagrams over IP-connected networks . Core routers serving the Internet backbone typically use Border Gateway Protocol (BGP) as per RFC 4098 or Multi-Protocol Label Switching (MPLS). Other prior art publications relating to Internet-related protocols and routing include the following chapters of Cisco Systems, Inc. Publication Number 1-587005-001-3 (July 1999) entitled: "Handbook of Networking Technologies",which are incorporated in their entirety for all purposes as if fully set forth in this document: Chapter 5: "Routing Basics”(Pages 5-1 to 5-10), Chapter 30: “internet protocols”(Pages 30-1 to 30-16), Chapter 32: “ipv6” (pages 32-1 to 32-6), Chapter 45: “operating system/routing”(Pages 45-1 to 45-8) and Chapter 51: “Security"(pages 51-1 to 51-12), and in an IBM Corporation Redbook, International Technical Support Organization Documents no. GG24-4756-00, entitled: "Local area network concepts and products: LAN operating and management systems”.1st Edition May 1996, Red Book Document No. GG24-4338-00, Title: “Introduction to Network Technologies”.1call upApril 1994 Edition, Red Book Document No. GG24-2580-01 "IP Network Design Guide.2North DakotaJune 1999 Edition and Redbook Document #GG24-3376-07 "Tutorial and technical description of TCP/IP",ISBN 0738494682 8ºDecember 2006 edition, which are incorporated in their entirety for all purposes as if fully set forth in this document.
An Internet packet typically includes a Time to Live (TTL) value to prevent the case of an infinite packet loop. The initial TTL value is set in the packet header and each router in the packet path subtracts one from the TTL field and the packet is discarded when the value is exhausted. Because packets may be routed through different routers and servers, and reside in different locations, the TTL of packets arriving at the final destination computer is expected to vary.
The Internet architecture uses a client-server model, among other arrangements. As used in this document, the term "server" or "server computer" refers to a device or computer (or plurality of computers) connected to the Internet and used to provide functions or services to other computers or other devices ( in this context as ““Customers”). ') Connected to the Internet. A server is usually a host that has an IP address and runs a "server program", usually acting as a socket listener. Many servers have dedicated features such as a web server, Domain Name System (DNS) server (described in RFC 1034 and RFC 1035), DHCP server (described in RFC 2131 and RFC 3315), mail server, File Transfer Protocol (FTP) and database server. Also, the term "client" is used herein to include a program or device, or a computer (or set of computers) running that program that accesses a server for a service or resource over the Internet, but is not limited to this. Clients often initiate connections that a server can accept. As a non-limiting example, web browsers are clients that connect to web servers to retrieve web pages and email clients that connect to email storage servers to retrieve emails.
site. A web page is typically a collection of information consisting of one or more resources to be presented simultaneously and identified by a single unique resource identifier. More specifically, a web page can consist of a resource with zero, one, or more embedded resources to be presented as a single entity and referenced by the URI of the single resource that is not embedded. A Uniform Resource Identifier (URI) is intended to be recognized by a user as representing the identity of a specific web page (resource). A resource can include a network data object or a service that can be identified by a URI. Resources may be available in multiple renditions (e.g., multiple languages, data formats, size, or resolution) or vary in other ways. The URI specification defines a Uniform Resource Identifier (URI) or URL (Uniform Resource Locator) as a compact string of characters identifying an abstract or physical resource.
http. Hypertext Transfer Protocol (HTTP) is an application protocol for distributed and collaborative hypermedia information systems, commonly used for communication over the Internet. hypertext is. HTTP is the protocol for exchanging or transmitting hypertext, which is structured text that uses logical connections (hyperlinks) between nodes containing text. HTTP version 1.1 was standardized as RFC 2616 (June 1999), which was superseded (making RFC 2616 obsolete) by a number of standards including RFC 7230-HTTP/1.1: Message Syntax and Routing, RFC 7231-'HTTP/1.1: Routing Semantics and Content', RFC 7232 - 'HTTP/1.1: Conditional Requests', RFC 7233 - 'HTTP/1.1: Range Requests', RFC 7234 - 'HTTP/1.1: Caching' and RFC 7235 - 'HTTP/1.1: Authentication ' . HTTP works as a request-response protocol in the client-server computing model. For example, a web browser could be the client, and an application running on a computer hosting a website could be the server. The client sends an HTTP request message to the server. The server, which serves resources such as HTML files and other content, or performs other functions on behalf of the client, sends a response message back to the client. The response contains information about the completion status of the request and can also contain the requested content in the message body. A web browser is an example of a User Agent (UA). Other types of user agents include indexing software used by search providers (web crawlers), voice browsers, mobile applications, and other software that accesses, uses, or displays web content.
HTTP was designed to allow intermediary network elements to enhance or facilitate communication between clients and servers. High traffic websites often use web caching servers that serve content on behalf of upstream servers to improve response time. Web browsers save previously accessed web resources and reuse them whenever possible to reduce network traffic. HTTP proxy servers at the edge of the private network can facilitate communication for clients without a globally routable address by forwarding messages to external servers. HTTP is an application layer protocol developed as part of the Internet Protocol Suite. Its definition assumes a reliable underlying transport layer protocol, and Transmission Control Protocol (TCP) is commonly used. However, HTTP can use unreliable protocols such as User Datagram Protocol (UDP) over Simple Service Discovery Protocol (SSDP). HTTP resources are identified and located on the network by Uniform Resource Identifiers (URIs), or more specifically by Uniform Resource Locators (URLs), using either the HTTP or https URI scheme. URIs and hyperlinks in Hypertext Markup Language (HTML) documents form networks of interconnected hypertext documents. An HTTP session is a sequence of network request-response transactions. An HTTP client initiates a request by establishing a Transmission Control Protocol (TCP) connection to a specific port on a server. An HTTP server listening on this port is waiting for a request message from a client. Upon receiving the request, the server returns a status line like "HTTP/1.1 200 OK" and its own message. The body of this message is usually the requested resource, although an error message or other information can also be returned. HTTP is a stateless protocol. With a stateless protocol, the HTTP server does not need to store any information or state.
HTTP persistent connection, also known as HTTP keepalive or HTTP connection recycling, refers to using a single TCP connection to send and receive multiple HTTP requests/responses instead of opening a new connection for each request/response pair . Sticky connections provide a mechanism for a client and server to signal the closing of a TCP connection. This signaling is done using the connection header field. The persistent HTTP connection is defined in IETF RFC 2616 with the title: "Hypertext Transfer Protocol - HTTP/1.1”. In HTTP 1.1, all connections are considered persistent unless otherwise noted. Persistent HTTP connections do not use separate activity messages, but allow multiple requests to use a single connection. The benefits of using persistent connections include lower CPU and memory usage (because fewer connections are opened at a time), the ability to forward HTTP requests and responses, less network congestion (because there are fewer TCP connections), and lower latency subsequent requirements (due to minimal handshake). Any connection contained in this document may use or rely on a persistent HTTP connection.
HTTPS. HTTPS (also known as HTTP over Transport Layer Security (TLS), HTTP over SSL, and Secure HTTP) is a communications protocol for secure communication over a computer network that is widely used on the Internet. HTTPS is HTTP (Hypertext Transfer Protocol) communication over a connection encrypted by Transport Layer Security or its predecessor Secure Sockets Layer. The main motivation of HTTPS is to authenticate the website visited and to protect the privacy and integrity of the data exchanged. HTTPS typically provides authentication of the website and associated web server that someone is communicating with, protecting against man-in-the-middle attacks. In addition, it offers two-way encryption of the communication between a client and a server, thus protecting against eavesdropping and manipulation or forgery of the communication content. In practice, this provides reasonable assurance that someone is communicating with the very website they intend to communicate with (as opposed to a scammer), and ensures that the content of the communication between the user and the website cannot be read or falsified by third parties.
The HTTPS Uniform Resource Identifier (URI) scheme has the same syntax as the standard HTTP scheme, apart from its scheme token. However, HTTPS instructs the browser to use an additional layer of SSL/TLS encryption to protect traffic. SSL/TLS is particularly useful for HTTP because it can provide some protection even when only one side of the communication is authenticated. This is the case for HTTP transactions over the Internet, where typically only the server is authenticated (when the client checks the server's certificate). HTTPS creates a secure channel over insecure networks and provides adequate protection against intruders and man-in-the-middle attacks as long as the correct cipher suites are used and the server's certificate is verified and trusted. Because HTTPS fully leverages HTTP over TLS, the entire underlying HTTP protocol can be encrypted. This includes the request URL (which specific web page was requested), query parameters, headers and cookies (which usually contain identity information about the user). However, since host (website) addresses and port numbers are necessarily part of the underlying TCP/IP protocols, HTTPS cannot protect their disclosure. In practice, this means that even on a properly configured web server, snoopers can guess the IP address and port number (sometimes even the domain name, e.g. www.example.org, but not the rest of the URL) of the web server it's communicating with , as well as the volume (data transferred) and the duration (duration of the session) of the communication, but not the content of the communication.
The HTTPS implementation also allows the use of HTTP/2 (or its predecessor, the now obsolete SPDY protocol), which are newer HTTP generations designed to reduce page load time and latency. HTTP Strict Transport Security (HSTS) is typically used with HTTPS to protect users from man-in-the-middle attacks, particularly SSL stripping. While HTTPS URLs start with "https://" and use port 443 or alternatively 8443 by default, HTTP URLs start with "http://" and use port 80 by default, and HTTP is not encrypted and therefore vulnerable to humans. -Middle attacks and espionage that can allow attackers to gain access to website accounts and sensitive information, and modify websites to inject malware or ads. HTTPS was designed to resist these attacks and is considered secure against them (with the exception of old and obsolete versions of SSL).
HTTP status codes. Hypertext Transfer Protocol (HTTP) is a stateless application layer protocol for distributed and collaborative hypertext information systems. The semantics of HTTP/1.1 messages, expressed in terms of request methods, request header fields, response status codes, and response header fields, along with message payload (metadata and body content) and content mechanisms, are described in IETF RFC 7231 described. titled: "Hypertext Transfer Protocol(HTTP/1.1):semantics and content”(June 2014), which is incorporated in its entirety for all purposes as if set forth herein in its entirety. Status codes are typically issued by a server in response to a client request made to the server. The first digit of the status code indicates one of five standard response classes. The message phrases shown are typical, but any human-readable alternative can be provided.
All HTTP response status codes are divided into five classes or categories. The first digit of the status code defines the response class, while the last two digits have no classification or categorization function. The standard defines five classes: 1xx (100 to 199) informational response: the request was received, the process continues; 2xx (200 to 299) successful: The request was successfully received, understood and accepted; 3xx (300-399) Redirect: Other actions are required to complete the request; 4xx Client Error (400 to 499): The request contains incorrect syntax or cannot be fulfilled; y Server Error 5xx (500 to 599): The server could not fulfill what appeared to be a valid request.
The 200 OK status code is a standard response for successful HTTP requests. The actual response depends on the request method used. In a GET request, the response contains an entity that corresponds to the requested resource. In a POST request, the response contains an entity that describes or contains the result of the action.
The HTTP error message 404, '404 Not Found', '404', 'Page Not Found' or 'Server Not Found' is a standard HTTP (Hypertext Transfer Protocol) response code in computer network communications that indicates that the browser is trying to was able to communicate with a specific server, but the server could not find what it requested. Also, if the requested information is found but access is not granted, the server can return a404Error if you don't want to give this information. The website's hosting server often generates a "404 not found" webpage when a user tries to follow a broken or inactive link; Therefore, the 404 error is one of the most well-known errors on the World Wide Web. When communicating over HTTP, a server must respond to a request, such as a web browser request for a web page, with a numeric response code and an optional, required, or disallowed (based on the code) message. Condition). In the 404 code, the first digit indicates a client error, e.g. B. a misspelled URL (Uniform Resource Locator). The next two digits indicate the specific error that occurred. The use of 3-digit codes in HTTP is similar to the use of such codes in older protocols such as FTP and NNTP. At the HTTP level, a 404 response code is followed by a human-readable reason phrase. The HTTP specification proposes the phrase "Not Found"[2] and by default many web servers generate an HTML page that contains both the404code and the phrase "Not found".
A 404 error is usually returned when pages are moved or deleted. In the first case, it's better to use URL mapping or URL redirection, which permanently returns a 301 Moved response, which can be configured in most server configuration files, or URL rewriting; in the second case, a 410 Gone must be returned. Since these two options require special server configuration, most sites do not use them. A 404 error indicates that the server itself was found, but the server could not fetch the requested page.
5xx server errors indicate that the server could not fulfill a request. Response status codes that begin with the digit "5" indicate cases where the server knows it has encountered an error or cannot complete the request. Except when responding to a HEAD request, the server must include an entity that contains an explanation of the error condition and indicates whether the condition is transient or permanent. Also, user agents must present all entities related to the user. These response codes apply to all request methods.
URL Redirect. URL redirection, also known as "URL forwarding," is a technique for making a web page available at more than one URL address. When a web browser tries to open a redirected URL, a page opens with a different URL. Similarly, domain redirection or domain forwarding occurs when all pages in one URL domain are redirected to another domain, e.g. B. when wikipedia.com and wikipedia.net are automatically redirected to wikipedia.org. URL redirection is performed for several reasons: to shorten URLs; to avoid broken links when moving webpages; allow multiple domain names owned by the same owner to point to a single website; to guide navigation in and out of a website; to protect privacy; and for hostile purposes such as phishing attacks or malware distribution.
"3xx Redirect" is a status code class that indicates that the client must take additional action to complete the request. Many of these status codes are used in URL redirection. A user agent can perform the additional action without user interaction only if the method used in the second request is GET or HEAD. A user agent can automatically redirect a request. A user agent must detect and intervene to prevent cyclic redirects. In the HTTP protocol used by the World Wide Web, a redirect is a response with a status code starting with 3 that causes a browser to display another page. When a client encounters a redirect, it must make several decisions about how to handle the redirect. Clients use different status codes to understand the purpose of the redirect, how caching is handled, and which request method to use for the subsequent request. HTTP/1.1 defines several status codes for redirection (RFC 7231): 300 several options (e.g. offer different languages); 301 moved permanently (redirects permanently from one URL to another by passing the link value to the redirected page);302found (originally "temporary redirect" in HTTP/1.0 and commonly used for CGI scripting; superseded by 303 and 307 in HTTP/1.1 but retained for backwards compatibility); 303 see other (forces a GET request for the new URL even if the original request was POST); Temporary 307 redirect (provides a new URL for the browser to redirect a GET or POST request to); and permanent 308 redirect (provides a new URL for the browser to redirect a GET or POST request to).
ASN. Within the Internet, an Autonomous System (AS) is a collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators on behalf of a single administrative entity or domain that has a common framework and a well-defined routing policy. the Internet Autonomous System (AS) uses numbers (ASNs) from various routing protocols, and the IANA assigns AS numbers to Regional Internet Registries (RIRs). The RIRs still assign or allocate AS numbers to carriers according to the guidelines of the RIRs. Originally, the definition called for control by a single entity, typically an Internet Service Provider (ISP) or a very large organization with independent connections to multiple networks, adhering to a single, well-defined routing policy as originally defined in RFC 1771 . The RFC 1930 Definition RFC 1930 was used to support multiple organizations running the Border Gateway Protocol (BGP) and using private AS numbers for an ISP that connects all of these organizations to the Internet. Although multiple autonomous systems are supported by the ISP, the Internet sees only the ISP's routing policy. This ISP must have an officially registered Autonomous System Number (ASN). Each AS is assigned a unique ASN for use in BGP routing, and an ASN uniquely identifies each network on the Internet. The ASN representation is described in IETF 5396 December 2008 entitled: "Textual Representation of Autonomous System (AS) Numbers", and four-octet ASKs are described in IETF RFC 6793 December 2012 entitled: "BGP support for four-Octet Autonomous System(IF)number space".
Autonomous systems can be classified into four categories based on their connectivity and operational policy. A multivendor autonomous system is an AS that maintains connections with more than one other AS. This allows the AS to remain connected to the Internet in the event of a total failure of one of its connections. However, unlike a transit AS, this type of AS would not allow traffic to pass from one AS on its way to another AS. An autonomous stub system refers to an AS that is only connected to one other AS. This can be an apparent waste of AS number if the network's routing policy is the same as your upstream AS. However, it is possible for the stub AS to connect to other autonomous systems that are not reflected in the public route display servers. Concrete examples are private interconnectors in the financial and transport sectors. An autonomous transit system is an AS that provides connections to other networks through itself. That is, network A can use network B, the transit AS, to connect to network C. If an AS is an ISP for another, then the former is a transit AS. An Autonomous Internet Exchange Point System (IX or IXP) is a physical infrastructure that Internet Service Providers (ISPs) or Content Delivery Networks (CDNs) use to exchange Internet traffic between their networks (autonomous systems).
An operating system (OS) is software that manages the computer's hardware resources and provides general services for computer programs. The operating system is an essential component of any system software on a computer system, and most application programs generally require an operating system to function. For hardware functions such as input/output and memory allocation, the operating system acts as an intermediary between the programs and the computer hardware, although application code is usually executed directly by the hardware, often making a system call or being interrupted by an operating system function. Common features that operating systems typically support include process management, interrupt management, memory management, file system, device drivers, networking (such as TCP/IP and UDP), and input/output (I/O) management. Examples of popular modern operating systems are Android, BSD, iOS, Linux, OS X, QNX, Microsoft Windows, Windows Phone and IBM z/OS.
A server device (in a server/client architecture) typically provides clients with information, services, and application resources, and uses a dedicated or server-oriented operating system. Today's most popular server operating systems are based on Microsoft Windows (from Microsoft Corporation, headquartered in Redmond, Washington, USA), Unix and Linux-based solutions such as the "Windows Server 2012" server operating system, which is part of the The 2012 introduced by Microsoft Server family of operating systems provides enterprise-class data center and hybrid cloud solutions that are easy to deploy, cost-effective, application- and user-centric, and are described in a Microsoft publication titled: "Within-Windows Server Foren2012,” by William R. Stanek, published 2013 by Microsoft Press, which is incorporated in its entirety for all purposes as if set forth herein in its entirety.
Unix operating systems are widely used on servers. Unix is a multitasking, multiuser computer operating system that exists in many flavors and is characterized by a modular design, sometimes referred to as the "Unix philosophy", meaning that the operating system provides a set of simple tools that perform limited functions. .and well defined. Function, with a unified file system as the primary means of communication and a shell script and command language to combine the tools to achieve complex workflows. Unix was designed to be portable, multitasking, and for multiple users in a timesharing configuration, and Unix systems are characterized by several concepts: the use of plaintext to store data; a hierarchical file system; treat devices and certain types of interprocess communication (IPC) as files; and the use of a large number of software tools, small programs that can be piped together through a command-line interpreter, rather than using a single monolithic program that all contains the same functionality. On Unix, the operating system consists of many utilities along with the main control program, the kernel. The kernel provides services for starting and stopping programs, manages the file system and other general "low-level" tasks shared by most programs, and schedules access to avoid conflicts when programs try to run concurrently access the same resource or device. In order to mediate this access, the kernel has special rights, which are reflected in the separation between userspace and kernelspace. Unix is mentioned in a post entitled: "Tutorial UNIX"from tutorialspoint.com, downloaded July 2014, which is incorporated in its entirety for all purposes as if fully set forth herein.
A client device (in a server/client architecture) typically receives information, services, and application resources from servers and uses a dedicated or client-oriented operating system. Today's most popular server operating systems are based on Microsoft Windows (from Microsoft Corporation, headquartered in Redmond, Washington, USA), a suite of graphical user interface operating systems developed, marketed, and sold by Microsoft. Microsoft Windows is titled in Microsoft publications: "Window interiors – part1" and "Window interiors – part2,” by Mark Russinovich, David A. Solomon, and Alex Ioescu, published by Microsoft Press in 2012, both incorporated in their entirety for all intents and purposes as if fully set forth herein. Windows 8 is an operating system for personal computers developed by Microsoft as part of the Windows NT family of operating systems, which was released to general availability in October 2012 and is described in a 2012 publication from Microsoft Press titled: "Introduction to Windows8—An overview for IT professionals”by Jerry Honeycutt, which is incorporated in its entirety for all intents and purposes as if fully set forth herein.
Chrome OS is a Linux kernel-based operating system developed by Google Inc. from Mountain View, California, USA to work mainly with web applications. The user interface takes a minimalist approach and consists almost entirely of the Google Chrome browser; Because the operating system is aimed at users who spend most of their computing time on the web, the only "native" apps on Chrome OS are a browser, media player, and file manager, and thus Chrome OS is almost a web-only OS Thin Client .
According to the description, Chrome OS contains a three-tier architecture: firmware, browser and window managers, and system-level software and user services. The firmware contributes to faster boot times by not looking for hardware like floppy drives, which are no longer common in computers, especially netbooks. The firmware also helps with security by checking every step of the boot process and integrating system restore. System-level software includes the Linux kernel that has been patched to improve startup performance. Userland's software has been pared down to the bare minimum, with upstart management that can start services in parallel, regenerate failed jobs, and defer services for a faster start. The Chrome OS User Guide is presented in the presentation by Samsung Electronics Co., Ltd. described with the following title: "Google™ Chrome OS USER GUIDE”published in 2011, which is incorporated in its entirety for all purposes as if set forth herein in its entirety.
real-time operating system. A real-time operating system (RTOS) is an operating system (OS) designed to serve real-time applications that process data as it arrives, typically without buffering delays. Processing time requirements (including any operating system delays) are generally measured in tenths of a second or shorter time increments, and it is a timing system that has well-defined fixed timing constraints. Processing must generally occur within defined constraints or the system will fail. They are event-driven, or time-sharing, with event-driven systems switching between tasks based on their priorities, while time-sharing systems switch tasks based on clock interrupts. A key characteristic of an RTOS is how consistent it is in terms of the time it takes to accept and complete an application's task; Variability is fluctuation. A hard real-time operating system has less instability than a soft real-time operating system. The main goal of the project is not high performance, but to ensure a light or hard performance class. An RTOS that can generally meet a deadline is a flexible real-time operating system, but if it can deterministically meet a deadline, it is a difficult real-time operating system. An RTOS has an advanced scheduling algorithm and includes scheduler flexibility that allows for broader computer system orchestration of process priorities. The main factors in a real-time operating system are minimal interrupt latency and minimal thread switch latency; A real-time operating system is valued more for the speed or predictability with which it can respond than for the amount of work it can do in a given amount of time.
Common RTOS designs include event-driven tasks, where tasks only change when a higher-priority event needs servicing; pre-emptive priority calls or priority and time-sharing scheduling, where tasks are tied to a regular clock break and events; called rotation. Timesharing designs swap tasks more frequently than is strictly necessary, but offer smoother multitasking by giving the illusion that a process or user is exclusively using one machine. In typical projects, a task has three states: Running (running on the CPU); ready (ready to go); and Blocked (waiting for an event, such as I/O). Most tasks are blocked or ready most of the time, since typically only one task per CPU can run at a time. The number of items in the queue can vary widely depending on the number of tasks the system needs to run and the type of scheduler the system uses. In simpler non-preemptive but still multitasking systems, a task must give up its CPU time for other tasks, which can result in the ready task queue having a larger number of common tasks in a ready-to-execute state (resource exhaustion). ).
RTOS concepts and implementations are described in Application Note No. RES05B00008-0100/Rec. 1.00 released January 2010 by Renesas Technology Corp. with the title: "R8Family C - General Concepts of RTOS",in the JAJA Technology Review article published February 2007 [1535-5535/$32.00] by The Association for Laboratory Automation [doi:10.1016/j.jala.2006.10.016] entitled: “An overview of the real thing-time operating systems",and in Chapter 2 entitled: "Basic concepts of real-time operating systems”from a 2009 book [ISBN—978-1-4020-9435-4] by Springer Science + Business Media B.V. justified: "Hardware-Dependent Software: Principles and Practices”,all of which are incorporated in their entirety for all purposes as if fully set forth herein.
QNX. An example of an RTOS is QNX, a commercial Unix-like real-time operating system primarily aimed at the embedded systems market. QNX was one of the first commercially successful microkernel operating systems and is used in a wide variety of devices, including cars and cell phones. As a microkernel-based operating system, QNX is based on the idea of running most of the operating system kernel in the form of several small tasks known as resource managers. In the case of QNX, using a microkernel allows users (developers) to disable any features they don't need without having to change the operating system itself; Instead, these services are simply not running.
FreeRTOS. FreeRTOS™ is a free and open-source real-time operating system developed by Real Time Engineers Ltd. was developed for small embedded systems and implements only a very minimal set of functions: very simple and sufficient task handling and memory management API related to synchronization. Its features include features such as preemptive tasks, support for multiple microcontroller architectures, small footprint (4.3K bytes on an ARM7 post-compilation), written in C, and compiled with multiple C compilers. , provided that the hardware used allows this.
FreeRTOS™ provides methods for multiple threads or tasks, mutexes, semaphores, and software timers. A signalless mode is provided for low-power applications and thread priority is supported. Four memory allocation schemes are provided: allocate only; assign and release with a very simple and fast algorithm; more complex but fast allocation and free algorithm with memory merging; and the C library allocates and frees with some mutual exclusion protection. While the emphasis is on compression and execution speed, a POSIX-like command line interface and I/O abstraction plugins are supported. FreeRTOS™ implements multiple threads by having the host program call a thread marking method at regular short intervals.
The thread flag method switches tasks based on priority and a round-robin scheduling scheme. The usual range is 1/1000 second to 1/100 second via a hardware timer interrupt, but this range is often changed to suit a specific application. FreeRTOS™ is featured in an article by Nicolas Melot (downloaded July 2015) entitled: “Studying an Operating System: FreeRTOS: Operating Systems for Embedded Devices",in an article (dated September 23, 2013) by Dr. Richard Wall captioned it: "Photo by Carebot32MX7ck implementation of Free RTOS",FreeRTOS™ modules are described on web pages with the following titles: "FreeRTOS™ Module“published at www.freertos.org on 11/26/2006, and the FreeRTOS kernel is described in an article published on April 1, 7 by Rich Goyette of Carleton University as part of SYSC5701: Operating System Methods for real-time applications " with the title " : "An analysis and description of the inner workings of the FreeRTOS kernel",all of which are incorporated in their entirety for all purposes as if fully set forth herein.
RTOS definitely. SafeRTOS was developed as a complementary offering to FreeRTOS, with shared functionality but a uniquely designed, security-critical implementation. When the FreeRTOS functional model underwent a full HAZOP, vulnerabilities related to user abuse and hardware bugs in the functional model and API were identified and fixed. Both SafeRTOS and FreeRTOS share the same programming algorithm, have similar APIs, and are very similar, but they are designed for different purposes. SafeRTOS was developed exclusively in the C language to meet the certification requirements of IEC61508. SafeRTOS is known for its ability to reside solely in read-only memory on a microcontroller's chip to meet standards. When implemented in hardware memory, SafeRTOS code can only be used in its native configuration, so certification testing of systems using this operating system does not need to retest this part of their design during the build process.
VxWorks. VxWorks is an RTOS developed as proprietary software and designed for use in embedded systems that require real-time deterministic performance and, in many cases, security certification for industries such as aerospace and defense, medical devices, industrial equipment, robotics, energy, transportation , network infrastructure, automotive and consumer electronics. VxWorks supports Intel architecture, POWER architecture and ARM architectures. VxWorks can be used in multi-core, symmetric multiprocessing (SMP) and asymmetric multiprocessing (AMP) mixed-mode projects, as well as in multi-OS (via Type 1 hypervisor) on 32-bit and 64-bit processors. VxWorks ships with kernel, middleware, card support packages, Wind River Workbench development package, and complementary third-party hardware and software technologies. In its latest release, VxWorks 7, RTOS has been redesigned for modularity and upgradeability, keeping the operating system core separate from middleware, applications, and other packages. Scalability, security, protection, connectivity and graphics have been enhanced to meet the needs of the Internet of Things (IoT).
µC/OS. Micro-Controller Operating Systems (MicroC/OS, stylized as μC/OS) is a real-time operating system (RTOS) that is a priority-based, preemptive, real-time kernel for microprocessors written primarily in the C programming language. and It is designed for use in embedded systems. MicroC/OS allows you to define many functions in C, each of which can run as a separate thread or task. Each task runs with a different priority and runs as if it were owned by the central processing unit (CPU). Lower priority tasks can be overwritten by higher priority tasks at any time. Higher priority tasks use operating system (OS) services (such as a delay or event) to allow lower priority tasks to run. Operating system services are provided to manage tasks and memory, task-to-task communication, and synchronization.
Operating Systems: An operating system (OS) is software that manages the computer's hardware resources and provides general services for computer programs. The operating system is an essential component of any system software on a computer system, and most application programs generally require an operating system to function. For hardware functions such as input/output and memory allocation, the operating system acts as an intermediary between the programs and the computer hardware, although application code is usually executed directly by the hardware, often making a system call or being interrupted by an operating system function. Common features that operating systems typically support include process management, interrupt management, memory management, file system, device drivers, networking (such as TCP/IP and UDP), and input/output (I/O) management. Examples of popular modern operating systems are Android, BSD, iOS, Linux, OS X, QNX, Microsoft Windows, Windows Phone and IBM z/OS.
process management. The operating system provides an interface between an application program and the computer hardware such that an application program can only interact with the hardware if it obeys the rules and procedures programmed into the operating system. The operating system is also a set of services that simplify the development and execution of application programs. Execution of an application program involves the creation of a process by the operating system kernel, which allocates memory and other resources, sets a priority for the process on multitasking systems, loads the program's binary code into memory, and starts the program's execution. Users and Hardware Devices. The operating system must allocate resources to processes, allow processes to share and exchange information, protect each process's resources from other processes, and allow synchronization between processes. The operating system maintains a data structure for each process that describes the state and ownership of that process's resources and allows the operating system to exercise control over each process.
In many modern operating systems, more than one instance of a program can be loaded into memory at a time; for example, more than one user can run the same program with each user having separate copies of the program loaded into memory. In some programs, known as the reentrant type, it is possible to load a copy into memory while multiple users share access, allowing everyone to run the same program code. The processor can only execute one instruction of a program at a time, but multiple processes can be sustained for a period of time by allocating each process to the processor at intervals while the rest are temporarily idle. A set of processes running for a period of time instead of concurrently is known as concurrent execution. A multiprogramming or multitasking operating system is a system that runs many processes simultaneously. Multiprogramming requires that the processor be allocated to each process for a certain amount of time and deallocated at the appropriate time. If the processor is freed while a process is running, it should be done in such a way that it can be restarted later as easily as possible.
There are two typical ways for an operating system to regain control of the processor during program execution, allowing the operating system to deallocate or deallocate: the process issues a system call (sometimes called a software interrupt); For example, an I/O request is made to request access to a file on disk. Alternatively, a hardware interrupt occurs; For example, a key on the keyboard was pressed or a timer expired (used in preemptive multitasking). Stopping one process and starting (or restarting) another process is called context switching or context switching. In many modern operating systems, processes can consist of many threads. This introduces the concept of thread. A thread can be seen as a thread; that is, a separate and independent sequence of execution within the code of a process. Threads are becoming increasingly important in the design of client-server and distributed systems, and in software that runs on multiprocessor systems.
Manners. Many modern processors include a mode bit to define the processor's ability to run a program. This bit can be set in kernel mode or in user mode. A kernel mode is also commonly known as supervisor mode, monitor mode, or ring mode.0. In kernel mode, the processor can execute all instructions in its hardware repertoire, while in user mode, it can only execute a subset of instructions. Instructions that can only be executed in kernel mode are called kernel, privileged, or protected instructions to distinguish them from user-mode instructions. For example, I/O commands have privileges. Therefore, when an application program runs in user mode, it cannot perform its own I/O and must ask the operating system to perform the I/O on its behalf. The system can logically expand the mode bit to define areas of memory to be used when the processor is in kernel mode versus user mode. When the mode bit is set to kernel mode, the process running on the processor can access the kernel or user memory partition. However, when set to user mode, the process can only reference user memory space, so two classes of memory are defined, user memory space and system memory space (or kernel, supervisor, or protected memory space). In general, the mode bit extends the protection rights of the operating system and is set by the user mode fetch command, also known as the supervisor call command. This command sets the mode bit and branches to a fixed location in system space. Because only system code is loaded into system space, only system code can be invoked via an intercept. When the operating system has completed the supervisor call, it resets the mode bit to user mode before returning.
Computer operating systems provide different levels of access to resources, and these hierarchical protection domains are often referred to as "protection rings" and are used to protect data and functions from failure (enhancing fault tolerance) and malicious behavior (providing computer security). A protection ring is one of two or more hierarchical levels or privilege levels within a computer system's architecture. These levels can be hardware-enforced by some CPU architectures that provide different CPU modes at the hardware or microcode level. The rings are ordered in a hierarchy from most privileged (most trusted, usually numbered zero) to least privileged (least trusted, usually numbered highest). Kernel or 'ring' mode on most operating systems0' is the most privileged level and interacts most directly with physical hardware such as CPU and memory. Special gates are provided between the rings to allow an outer ring to access the resources of an inner ring in a predefined manner, rather than allowing arbitrary use. Proper access between rings can improve security by preventing programs in one ring or privilege level from misusing resources intended for programs in another. For example, spyware running as a user program on Ring3Turning on a webcam without notifying the user should be avoided as access to the hardware should be a ring1Function reserved for device drivers. Programs, such as web browsers, that run in higher-numbered rings must request access to the network, a resource that is restricted to a lower-numbered ring.
Center. Using firmware and device drivers, the kernel provides the most basic level of control over all of the computer's hardware devices. Manages memory access for programs in RAM, determines which programs get access to which hardware resources, sets or resets CPU operating states for optimal performance at all times, and organizes data for long-term, non-volatile storage using file systems on media such as disks, tapes, flash -Memory, etc. The part of the system that runs in the kernel monitor state is called the kernel or operating system kernel. The kernel works as trusted software, which means that during its development and implementation it should implement protection mechanisms that could not be surreptitiously changed by the actions of untrusted software running in user space. The operating system extensions run in user mode, so the operating system does not depend on the correctness of these parts of the system software for the correct operation of the operating system. Therefore, a fundamental design decision for any feature to be integrated into the operating system is whether it needs to be implemented in the kernel. When implemented in the kernel, it runs in kernel space (supervisor) and has access to other parts of the kernel. It will also be software that other parts of the kernel trust. When the function is implemented to run in user mode, it does not have access to kernel data structures.
There are two techniques a program running in user mode can use to request kernel services, namely 'system call' and 'message passing'. Operating systems often have one or the other of these two characteristics, but usually not both. Assuming a user process wants to invoke a specific function of the target system, in the system call approach the user process uses the trap statement, so the system call should look like an ordinary procedure call to the program. the operating system provides a library of user functions with names corresponding to each actual system call. Each of these stub functions contains a trap for the operating system function, and when the application program calls the stub, it executes the trap instruction, which switches the CPU to kernel mode and then bypasses (indirectly via an operating system table) to the entry point of the function to be called . When the function completes, it switches the processor to user mode and returns control to the user process; this simulates a normal return process. In the message-passing approach, the user process constructs a message describing the desired service and then uses a trusted dispatch function to forward the message to a trusted operating system process. The send function serves the same purpose as the trap; That is, it carefully examines the message, switches the processor to kernel mode, and then delivers the message to a process that implements the target functions. Meanwhile, the user process awaits the result of the service request with an operation to receive messages. When the operating system process completes the operation, it sends a message to the user process.
Handling Interruptions. Interrupts are critical to operating systems because they provide the operating system with an efficient way to interact and respond to its environment. Interrupts are generally handled by the operating system kernel and provide the computer with the ability to automatically save local registry contexts and run specific code in response to events. When an interrupt is received, the computer hardware automatically halts any currently running program, saves its state, and executes the computer code previously associated with the interrupt. When a hardware device triggers an interrupt, the operating system's kernel decides how to handle that event, usually by executing processing code. The amount of code executed depends on the priority of the interrupt, and hardware interrupt handling is done by a device driver, which may be part of the operating system kernel, part of another program, or both. Device drivers can pass information to a running program in a number of ways. A program can also trigger an interrupt in the operating system. For example, when a program wants to access hardware (such as a peripheral device), it can interrupt the operating system's kernel, which returns control to the kernel. The kernel processes the request. When a program needs additional resources (or wants to discard resources), such as B. memory, it will issue an interrupt to get the kernel's attention. Each interrupt has its own interrupt handler. The number of hardware interrupts is limited by the number of interrupt request (IRQ) lines to the processor, but there can be hundreds of different software interrupts. Interrupts are a commonly used technique for computing multitasking, particularly in real-time computer systems commonly known as interrupt-driven systems.
memory management. The kernel of a multiprogrammed operating system is responsible for managing all of the system memory that programs are currently using and ensuring that one program does not interfere with memory that another program is already using. Because programs share time, each program must have independent access to memory. Memory protection allows the kernel to restrict a process's access to the computer's memory. There are several methods of memory protection including memory segmentation and memory swapping. In both pipeline and paging, certain protected-mode registers tell the CPU which memory address a running program should access. Attempts to access other addresses trigger an interrupt that causes the CPU to switch back to supervisor mode, allowing the kernel to take responsibility. This is called a segmentation violation (or Seg-V), and the kernel will usually resort to killing the offending program and reporting the error.
Memory management also provides ways to dynamically allocate portions of memory to programs when needed, and free it for reuse when it's no longer needed. This is essential for any advanced computing system where more than one process can be running at any given time. Several techniques have been developed to increase the efficiency of memory management. Virtual memory systems separate the memory addresses used by a process from the actual physical addresses, allowing for process separation and increasing the effective amount of RAM available through paging or swapping to secondary storage. The quality of the virtual memory manager can have a significant impact on the overall system performance.
file system. Typically, a file system (or file system) is used to control how data is stored and accessed. By separating the data into individual parts and giving each part a name, the information is easily separated and identified, with each piece of data being referred to as a "file". The logical structure and rules used to manage groups of information and their names are called the "file system". There are many different types of file systems. Each has a different structure and logic, characteristics like speed, flexibility, security, size and more. Some file systems are designed for use by specific applications. For example, the ISO 9660 file system was specifically designed for optical discs. File systems can be used on many different types of storage devices. Some file systems are used on local data storage devices; others provide file access over a network protocol (such as NFS, SMB, or 9P clients). Some filesystems are "virtual" in the sense that the "files" provided are computed on demand (e.g. procfs) or are simply a mapping to another filesystem used as backing storage. The file system manages access to file content and metadata about those files. It is responsible for organizing the storage space; Reliability, efficiency, and adaptation to the physical storage medium are important design considerations.
An on-disk file system takes advantage of the ability of disk storage media to randomly address data in a short period of time. Additional considerations include the speed of accessing data after the initial request and the expectation that subsequent data may also be requested. This allows multiple users (or processes) to access multiple data on the disk, regardless of the sequential location of the data. Examples are FAT (FAT12, FAT16, FAT32), exFAT, NTFS, HFS and HFS+, HPFS, UFS, ext2, ext3, ext4, XFS, btrfs, ISO 9660, Files-11, Veritas File System, VMFS, ZFS, and ReiserFS UDF. Some disk file systems are journal file systems or version control file systems.
TMPFS. TMPFS (or tmpfs) is a common name for a temporary file storage facility on many Unix-like operating systems. Although it is intended to appear as a mounted file system, it is stored in volatile memory rather than a non-volatile storage device. A similar construct is a RAM disk that appears as a virtual drive and houses a disk file system. tmpfs is typically a file system based on SunOS virtual memory resources and does not use traditional non-volatile media to store file data. instead, tmpfs files only exist in virtual memory managed by the UNIX kernel. Since tmpfs file systems do not use dedicated physical storage for file data, but instead use VM system resources and facilities, they can take advantage of the kernel's resource management policies. Tmpfs was designed primarily as a performance enhancement to allow writing and ephemeral file access without generating disk or network I/O. Tmpfs maximizes file processing speed while preserving UNIX file semantics. It does not require dedicated storage space for files and has no negative impact on performance. tmpfs is described in an article by Sun Microsystem Inc. entitled: "tmpfs: a virtual memory file system"by Peter Snyder, downloaded July 2014, which is incorporated in its entirety for all purposes as if fully set forth herein.
device driver. A device driver is a specific type of computer software designed to allow interaction with hardware devices. Typically this represents a communications interface with the device, providing commands and/or receiving data from the device over the specific computer bus or communications subsystem to which the hardware is connected, and at the other end the interfaces required by the system. operational and software applications. A specialized, hardware-dependent computer program, also specific to the operating system, that allows another program, typically an operating system or an application software package or computer program running on the operating system kernel, to transparently interact with a hardware device and operating system. it generally provides the necessary interrupt handling for all time dependent asynchronous hardware interface requests.
Network: Most operating systems support a variety of network protocols, hardware, and applications to use them, allowing computers running different operating systems to participate in a common network and share resources such as computers, files, printers, and scanners with or without wired connections. . Basically, the network can allow a computer's operating system to access resources on a remote computer to support the same functions as if those resources were connected directly to the local computer. This includes everything from simple communication to using network file systems or sharing another computer's graphics or sound hardware. Some network services allow transparent access to a computer's resources, e.g. B. SSH, which allows network users to access a computer's command-line interface directly. A client/server network allows a program on one computer, called a client, to connect to another computer, called a server, over a network. Servers provide (or host) various services to other computers and users on the network. These services are typically provided through numbered ports or access points in addition to the server's network address. Each port number is usually associated with at most one running program responsible for handling requests to that port. A daemon, which is a user program, can in turn access that computer's local hardware resources by forwarding requests to the operating system's kernel.
Input/Output (I/O) handling. An input/output (or I/O) is the communication between an information handling system (e.g. a computer) and the outside world, possibly a human or another information handling system. The inputs are usually the signals or data received by the system and the outputs are the signals or data sent by the system. I/O devices can be used by a person (or other system) to communicate with a computer. For example, a keyboard or mouse can be an input device for a computer, while monitors and printers are considered output devices for a computer. Devices for communication between computers, such as modems and network cards, generally serve both input and output.
User interface. Any computer intended to be operated by a human needs a user interface, often referred to as a "shell," and is essential to supporting human interaction. The user interface sees the directory structure and requests operating system services, which collect data from input hardware devices such as a keyboard, mouse, or credit card reader, and requests operating system services to display prompts, message status, and others on hardware output devices. B. a video monitor or a printer. Historically, the two most common forms of a user interface have been the command line interface, in which computer commands are entered line by line, and the graphical user interface (GUI), in which there is a visual environment (most commonly a WIMP). The GUI is generally built into the kernel, which makes the GUI more responsive by reducing the number of context switches required for the GUI to perform its output functions.
wdm. The Windows Driver Model (WDM), also known as the Win32 Driver Model, is a standard model that defines a Microsoft-specified framework for device drivers and provides uniform driver models. The WDM model is based on WDM drivers that intersect in a complex hierarchy and communicate with each other via I/O request packets (IRPs). WDM was introduced with Windows 98 and Windows 2000 to replace VxD used in earlier versions of Windows such as Windows 95 and Windows 3.1 and the Windows NT driver model, and WDM drivers can be used on all operating systems Microsoft. Windows 95 and later. WDM is featured in the post entitled: "Microsoft Windows controller template(WDM)”, by Mohamad (Hani) Atassy, submitted to Dr. Dennis R. Hafermann on January 28, 2002, and in the post entitled: "A Comparison of Linux and Windows Device Driver Architecture”,by Melekam Tsegaye and Ricahrd Foss, both of Rhodes University, South Africa, downloaded from the Internet in July 2014, both are included in their entirety for all purposes as if fully stated herein.
A schematic description of the WDM architecture930is displayed
User mode applications (e.g. application #1 931A,Application #2 931B,and application number3 931C) Access to kernel space930BInvoking system calls, each known as a connection932A,932Bmi932C.Typically, these system calls are processed through an intermediary known as a Windows API, such as a Win32 API.933that access kernel space930Bvia standard message934. An API for Win32933is an example Windows API (informally WinAPI), which is the core set of Microsoft application programming interfaces (APIs) available in Microsoft Windows operating systems. Almost all Windows programs interact with the Windows API; In the Windows NT suite of operating systems, a small number (such as programs launched at the beginning of Windows startup) use the native API. Developer support comes in the form of the Windows Software Development Kit (SDK), which provides the documentation and tools needed to build software based on the Windows API and associated Windows interfaces. Win32 API933is the 32-bit API for modern versions of Windows and consists of functions implemented in system DLLs as in Win16. The most important Win32 DLLs include kernel32.dll, user32.dll and gdi32.dll. The Win32 API is titled in the tutorial: "Welcome to version2.0Sieg32API-Tutorial“by Professor M. Saeed, edited by Brook Miles, downloaded from the Internet July 2014, which is incorporated in its entirety for all purposes as if fully set forth herein.
System calls provide an essential interface between a process and the operating system. In a system call, a program requests a kernel service from an operating system. This can include hardware-related services (e.g. disk access), creation and execution of new processes, and communication with built-in kernel services (e.g. scheduling). A system call is usually processed in kernel mode, which is achieved by changing the processor's execution mode to a more privileged one. The hardware sees the world in terms of execution mode based on the processor state register, and processes are an abstraction provided by the operating system. A system call does not require a context switch to another process, it is processed in the context of the calling process. System calls are usually made via traps or interrupts; This automatically puts the CPU in a required privilege level and then hands control over to the kernel, which determines whether the calling program should get the requested service. When service is granted, the kernel executes a specific set of instructions over which the caller has no direct control, returns the privilege level to the caller, and then returns control to the caller. The implementation of system calls requires a transfer of control, which implies some kind of architectural feature.
System calls can be broadly classified into five main categories: Process control, such as B. Load, execute, create/terminate processes, get/set process attributes, timeout, wait for event and signal event; File management such as B. Request/unlock device, create/delete file, open/close file, read/write/reset file and get/set file attributes; Device management such as B. read/write/move devices, get/set device attributes and logically connect/disconnect devices; information management, such as B. get/set time or date, get/set system data, and get/set process, file, or device attributes; and communications, such as establishing and disconnecting a communications link, transmitting status information, and connecting or disconnecting remote devices.
System calls are typically handled by an I/O manager935B,which allows devices to communicate with subsystems in user mode. Translates user-mode read and write commands into read or write IRPs that are passed to device drivers. It accepts I/O requests from the file system and translates them into device-specific calls, and can embed low-level device drivers that manipulate the hardware directly to read input or write output. It also includes a cache manager to improve disk performance by caching read and write requests in the background. The I/O manager935Bcan interact with a power manager935C,which handles power events (shutdown, standby, hibernation, etc.) and notifies affected drivers with special IRPs (Power IRP).
Ein PnP-Administrator935Ahandles "Plug and Play" and supports device detection and installation on boot. It also has the responsibility of stopping and starting devices on demand, which can happen when a bus (like USB or FireWire) gets a new device and needs to have a device driver loaded to support it. The PnP manager935AIt can be partially implemented in user mode in the plug-and-play service, which handles the often complex tasks of installing the appropriate drivers, notifying services and applications when new devices arrive, and presenting the GUI to the user.
I/O request packets (IRPs) are kernel-mode structures used to communicate with each other and the operating system. These are data structures that describe I/O requests. All of these parameters (like buffer address, buffer size, I/O function type, etc.) are passed to a controller through a single pointer to this persistent data structure. The IRP with all its parameters can be queued if the I/O request cannot be completed immediately. I/O completion is reported to the I/O manager by passing its address to a routine, IoCompleteRequest, for that purpose. The IRP can be reused as a special kernel APC object, if needed, to report I/O completion to the requesting thread. IRPs are typically created by the I/O manager in response to user-mode I/O requests. However, IRPs are sometimes created by the Plug and Play manager, power manager, and other system components, and can also be created and passed to other drivers by drivers.
WDM uses kernel-mode device drivers to allow interaction with hardware devices, with each driver having well-defined system routines and internal routines that it exports to the rest of the operating system. DriverEntry is the first routine called after loading a driver and is responsible for initializing the driver. User-mode code sees all devices as file objects in the I/O manager, although the I/O manager itself sees the devices it defines as file objects, device, or controller as device objects. Controllers can be added as a controller stack936, including kernel-mode drivers at three levels: Higher-level drivers936A,intermediate conductor936B,und Low-Level-Controller936C.The pilots at the highest level936A,Trust intermediate drivers as file system drivers for FAT and NTFS936B,consisting of function controllers or core controllers for a device, optionally placed between subordinate and superordinate filter controllers. High-level controllers often know how files are represented on disk, but not in detail how to retrieve the data. Mid-level controllers process requests from higher-level controllers, breaking a large request into a number of small parts. The function driver usually has the details related to the operation of the peripheral's hardware, it usually depends on a bus driver or a driver serving a bus driver, adapter or bridge that may have an optional bus filter driver interspersed between them located and the function control. . For example, a PCI bus controller recognizes the card or hardware attached to the PCI slot and determines the allocated I/O connection or memory for the host. intermediate conductor936BRely on low-level drivers936Cwork. The lowest level drivers936CThey are legacy device drivers that control a device directly, or they can be a PnP hardware bus. These sub-controllers936CControl the hardware directly and don't rely on other drivers. The I/O manager935Bcommunicate with the high-level controller936Amit IRP937A,the top driver936ACommunication with the mid-level driver936Bmit IRP937B,the middle class driver936Bcommunicate with the low-level controller936Cmit IRP937C,and the low-level controller936Ccommunicate with a HAL938mit IRP937D.
WDM drivers can be classified into the following types and subtypes: device function drivers, bus drivers, and filter drivers. A function driver is the main driver for a device. A function driver is usually written by the device manufacturer and is required (unless the device is used in raw mode). A function handler can operate one or more devices. Miniport drivers are a type of functional driver for interfaces such as USB, audio, SCSI, and network adapters. They are hardware specific, but access control to the hardware is done through a special bus class driver. Class controllers are a type of functional controller and can be thought of as built-in framework controllers on which the miniport and other class controllers can be built. The class controllers provide interfaces between different layers of the WDM architecture. Common functionality between different driver classes can be written into the driver class and used by other classes and miniport drivers. The bottom edge of the class driver will have its interface exposed to the miniport driver, while the top edge of the top-level class driver is OS specific. Class controllers can be dynamically loaded and unloaded at will. They can perform class-specific functions that are not hardware or bus-specific (with the exception of bus-like class drivers), and indeed sometimes only class-specific functions, like enumeration.
A bus conductor supplies a bus controller, adapter or bridge. Microsoft provides bus drivers for the most common buses, e.g. B. Advanced Configuration and Power Interface (ACPI), Peripheral Component Interconnect (PCI), PnPISA, SCSI, Universal Serial Bus (USB) and FireWire. A bus driver can operate more than one bus if there is more than one bus of the same type on the machine. The ACPI bus driver interacts with the ACPI BIOS to enumerate devices on the system and control their power consumption, the PCI bus driver (as pci.sys) counts and configures devices connected over the PCI bus, the FireWire and the USB bus, it accesses and controls devices connected via the high-speed IEEE 1394 bus and USB. The Stream Class Controller provides core processing that supports time-sensitive, hardware-related, high-bandwidth audio and video, and uses minicontrollers to interact with real hardware, and the hard disk, floppy disks, CD, and DVD are interfaces that use SCSI and CDROM. /DVD class driver. The Human Input Device (HID) provides an abstract view of input devices and the Still Image Architecture (SIA) class driver is used to retrieve content from a scanner and camera using minidrivers. Access to a hard disk (e.g. HDD25C) implies a file system driver as a high-level driver, a volume manager driver as a mid-level driver, and a disk driver as a low-level driver.
Filter drivers are optional drivers that add a value or change the behavior of a device and can be non-device drivers. A filter driver can also serve one or more devices. High-level filter drivers sit above the main device driver (the function driver), while low-level filter drivers sit below the function driver and above the bus driver. A driver service is a type of kernel-level filter driver implemented as a Windows service that allows applications to work with devices.
The hardware abstraction layer938, or HAL, is a layer between the physical hardware layer930Ccomputer and the rest of the operating system. It is intended to hide hardware differences and thus provide a uniform platform on which the kernel runs. the hall938contains hardware-specific code that controls I/O interfaces, interrupt handlers, and various processors. Typically, hardware abstraction in particular does not involve instruction set abstraction, which often falls under the broader concept of portability. Instruction set abstraction is done when needed (e.g. to handle multiple revisions of the x86 instruction set or to emulate a missing math coprocessor) by the kernel or via platform virtualization.
Linux is a Unix-like and POSIX-compliant computer operating system built on the free and open-source software distribution and development model. The defining component of Linux is the Linux kernel, an operating system kernel first released on October 5, 1991 by Linus Torvalds. Linux was originally developed as a free operating system for Intel x86-based PCs, but has since been ported to more computer hardware platforms than any other operating system. Linux also runs on embedded systems such as mobile phones, tablets, network routers, building automation controllers, televisions and game consoles. Android, a widely used operating system for mobile devices, is based on the Linux kernel. Linux is usually packaged in a format known as a Linux distribution for use on desktops and servers.
Linux distributions include the Linux kernel, supporting utilities and libraries, and usually a large body of application software to accomplish the distribution's intended purpose. A Linux-based system is a Unix-like modular operating system. This system uses a monolithic kernel, the Linux kernel, which handles process control, networking and peripherals, and access to the file system. Device drivers are built directly into the kernel or added as modules that are loaded while the system is running. Some components of an installed Linux system are a bootloader, e.g. B. GNU GRUB or LILO, which runs the computer the first time you turn it on and loads the Linux kernel into memory; an init program, which is the first process started by the Linux kernel and resides at the root of the process tree, and starts processes such as system services and login prompts (either graphically or in terminal mode); software libraries containing code that can be used by running processes; and user interface programs such as command shells or window environments. For example, a version of Linux is published in IBM Corporation (located in Armonk, New York, USA) Publication No. SC34-2597-03 entitled: “Device drivers, features, and commands in Red Hat Enterprise Linux6.3” downloaded from the web in July 2014 and which is fully integrated for all purposes as if fully provided for in this document.
The general schematic architecture of the Linux driver950is displayed
Similar to WDM930It is shown in it
Similar to WDM930It is shown in it
Modules in the module stack954, often referred to as loadable kernel modules (or LKMs), are object files that contain code to extend the running Linux kernel, or what is known as the base kernel. LKMs are typically used to add support for new hardware and/or file systems, or to add system calls. When the functionality provided by an LKM is no longer needed, it can be unloaded to free memory and other resources. Loadable Linux kernel modules are located in /lib/modules and have had the extension ".ko" ("kernel object") since version 2.6 (earlier versions used the ".o" extension) and are loaded with the modprobe command ( and unloaded). The lsmod command lists the loaded kernel modules. In emergencies, when the system does not boot (e.g. due to defective modules), certain modules can be enabled or disabled by changing the kernel's boot parameter list (e.g. if you use GRUB, press 'e' into the GRUB menu). Boot menu, then edit the kernel parameter line). Linux allows you to disable module loading via the sysctl /proc/sys/kernel/modules_disabled option. An initramfs system can load specific modules required by a machine at startup and disable module loading.
multicast. Multitasking is a technique whereby multiple tasks (also known as processes or programs) run for equal amounts of time and simultaneously (during overlapping periods, new tasks begin before others finish), rather than sequentially (one finishes before the other). next beginnings). The tasks share common processing resources, such as B. the CPU and the main memory. Multitasking doesn't necessarily mean running multiple tasks at the same time. In other words, multitasking doesn't imply parallelism, but it does mean that more than one task can be running at the same time and more than one task is running in a given period of time.
In the case of a computer with a single CPU, only one task is said to be running at a time, which means the CPU is actively executing the instructions for that task. Multitasking solves the problem by scheduling which task can run at a given time and when another waiting task will arrive. The process of reallocating a CPU from one task to another is called context switching. When context switches occur frequently enough, the illusion of parallelism is achieved. Even on computers with more than one CPU (called multiprocessor machines) or more than one core on a given CPU (called multicore machines) that can run more than one task at a time (one per CPU or core), multitasking is possible the execution of many more tasks than the number of CPUs available.
Operating systems can use one of many different scaling strategies. In multiprogramming systems, the running task runs until it performs an operation that requires waiting for an external event (such as reading from a tape), or until the computer's scheduler forces the running task off the CPU switches. Multiprogramming systems are designed to maximize CPU utilization. In timesharing systems, the running task is forced to free up the CPU either voluntarily or by an external event such as a hardware interrupt. Timeshare systems are designed to allow multiple programs to run simultaneously. In real-time systems, some waiting tasks are sent to the CPU when an external event occurs. Real-time systems are designed to control mechanical devices such as industrial robots that require real-time processing.
multiprocessing Multiprocessing is the use of two or more processors, or central processing units (CPUs), in a single computer system, usually combined with the ability to allocate tasks between them. In order to process programs simultaneously, several processors often share main memory and peripheral devices. In a multiprocessor system, all CPUs can be the same, or some can be reserved for special purposes. A combination of operating system hardware and software design considerations determines the symmetry (or lack thereof) in a given system. For example, hardware or software considerations may require that only a specific CPU respond to all hardware interrupts, while allowing the rest of the work on the system to be distributed evenly among the CPUs; o Kernel-mode code can be restricted to only a specific CPU, while user-mode code can run on any combination of processors. Systems that treat all CPUs equally are called symmetric multiprocessor (SMP) systems. On systems where not all CPUs are equal, system resources can be partitioned in a variety of ways, including asymmetric multiprocessors (ASMP), non-uniform memory access (NUMA) multiprocessors, and clustered multiprocessing.
In multiprocessing, processors are typically used to process a single thread in multiple contexts (single instruction, multiple data, or SIMD, commonly used in vector processing), multiple threads in a single context (multiple instructions, data, or MISD is used for redundancy in fail-safe Systems used and sometimes applied to describe pipelined processors or hyperthreads or multiple sequences of instructions in multiple contexts (multiple instructions, multiple data or MIMD) Tightly coupled multiprocessor systems contain multiple CPUs connected at the bus level and can access a central have shared memory (SMP or UMA) or participate in a memory hierarchy with local and shared memory (NUMA).On-chip multiprocessors, also known as multicore computing, involves more than one processor on a single chip and can be used as the most extreme form of tightly coupled Multiprocessor processing can be viewed. Loosely coupled multiprocessor systems (often referred to as clusters) are based on several independent computers with one or two processors, connected by a high-speed communication system (Gigabit Ethernet is common). Tightly coupled systems perform better and are physically smaller than loosely coupled systems, but have historically required larger upfront investments and can lose value quickly. The nodes in a loosely coupled system are usually inexpensive computers and can be recycled as standalone machines after unbundling.
filter control. A filter driver is a Microsoft Windows compatible driver that extends or modifies the function of peripheral devices or supports a specific device on a PC and is usually associated with a driver, program or module that is inserted into the existing driver stack to perform a specific function. function without affecting in any way the normal operation of the existing driver stack. Any number of filter drivers can be added to Windows, with the higher-level filter drivers sitting above the main device driver (the function driver), while the lower-level filter drivers sit below the function driver, the function, and above a bus controller. Filter drivers may work on a specific brand of device, e.g. B. a mouse or a keyboard, or they can perform some operations on a device class, e.g. B. any mouse or keyboard. A filter control can be created using the guide titled: "Filter Driver Development Guide"Microsoft Corporation Version 1.0a, dated 2004, which is incorporated in its entirety for all purposes as if fully set forth herein.
Hook. A hook (also known as a hook procedure or hook function) is a mechanism that allows an application to intercept events such as messages, mouse actions, and keystrokes, and generally refers to a function provided by a software application that previously certain data is received by the normal or intended recipient of the data. Therefore, the hook function can examine or modify specific data before passing it on. The linking function allows a software application to examine or modify the data before the data is transmitted to the intended recipient. A function that catches a specific type of event is called a hook procedure. The hook procedure can react to any received event and then modify or discard the event. The term "hooking" is used herein to include a variety of techniques used to modify or improve the behavior of an operating system, application, or other software component by intercepting past function calls, messages, or events, but is not limited to that. between software components. . The code that handles such a caught function call, event, or message is called a "hook." The hook is used for many purposes including debugging and extending functionality.
Examples include intercepting keyboard or mouse event messages before they reach an application, or intercepting operating system calls to monitor the behavior or change the function of an application or other component. It is also commonly used in benchmarking programs, such as measuring frame rate in 3D games where the output and input are links. The trailer hitch is described in the documents of High-Tech Bridge SA and bears the title: "Userland Hooking ohne Windows“August 2011 and "Built-in Windows hook"of September 2011, both by Brian Mariani, and both incorporated in their entirety for all purposes as if fully set forth herein.
physical modification. A hook can be achieved by physically modifying an executable or library before running an application using reverse engineering techniques. This is typically used to intercept function calls in order to monitor them or cancel them entirely. For example, you can use a disassembler to find the entry point of a function within a module. It can then be modified to dynamically load another library module and then execute the desired methods within that loaded library. If necessary, changing an executable's import table is another related approach that can be used to achieve hooking. This table can be modified to load additional library modules and change what external code is called when an application calls a function. An alternative method of achieving function hooking is to intercept function calls via a wrapper library. By creating a wrapper, you create your own version of a library that an application loads with the same functionality as the original library it replaces, so all accessible functionality is essentially identical between the original and the replacement. This wrapper library can be designed to call any of the functions in the original library or replace them with an entirely new set of logic.
Change in execution time. Operating systems and software may provide the ability to easily inject event hooks at runtime, as long as the process injecting the hook has sufficient permissions to do so. Microsoft Windows allows the insertion of hooks that can be used to handle or modify system and application events for dialog boxes, scrollbars and menus, and other elements. It also allows a hook to insert, delete, process, or modify keyboard and mouse events. Linux provides another example where hooks can be used in a similar way to handle network events in the kernel via NetFilter. When this functionality is not provided, a special form of interception uses intercept library function calls made by a process. The function hook is implemented by changing the first code declarations of the target function to jump to the inserted code. Alternatively, in systems using the shared library concept, the interrupt vector table or the import descriptor table can be modified in memory.
A connection chain is a list of pointers to special application-defined callback functions called connection procedures. When a message associated with a particular hook type appears, the operating system forwards the message to each hook procedure referenced in the hook chain, in turn. The action of a hook procedure can depend on the type of hook involved. For example, for some types of hooks, the hook procedures can only monitor messages, while others can change messages or stop their progression in the chain, preventing them from reaching the next hook procedure or a target window.
Plug. A plug-in (or "plug-in", "extension" or "plug-in"/"plug-in") is a software component that adds a specific functionality, such as a customization, to an existing software application. Common examples are plugins used in web browsers to add new features like search engines or virus scanners, or the ability to use a new file type like a new video format. A "plugin" (or "plug-in") is the general term for what enhances an application, and includes plugin, plug-in, theme, and skin. An extension plugin customizes the core functionality of an application by adding an optional module, while a plugin plugin would customize the outer layers of an application to customize the functionality. A theme or skin plug-in is a predefined package that contains additional or modified graphical presentation details, achieved through the use of a graphical user interface (GUI) that can be applied to specific software and websites to achieve the purpose that To meet the theme or taste of different users. to customize the appearance of computer software or the front-end GUI of the operating system (and window managers).
Typically, the host application provides services that the plugin can use, including a way for plugins to register with the host application and the protocol for exchanging data with plugins. Plugins depend on services provided by the host application and generally do not work on their own. The host application, on the other hand, works independently of plugins, allowing end users to dynamically add and update plugins without making changes to the host application. The term "Add-On" is used in this document to include, but is not limited to, a software extension designed to extend the functionality or data available for the existing software application; is included in the program. Therefore, once integrated, the extensions can be viewed as part of the browser itself, customized from a set of optional modules.
CPI. Inter-process communication (IPC) (also known as inter-thread communication and inter-application communication) is a set of methods for exchanging data between multiple threads in one or more processes. IPC methods can use message passing, synchronization, shared memory, and remote procedure calls (RPC). It provides an environment that allows processes to cooperate and can be used for information sharing, computational acceleration, modularity, convenience, and privileged separation. In the Windows operating system environment, IPC provides mechanisms to facilitate communication and data exchange between processes or applications.
Common IPC methods include file sharing, where any process can access a record (or other data) stored on disk (or other storage) by name; a signal, which is an asynchronous notification sent to a process or to a specific thread within the same process to notify it of an event that has occurred; a socket, which is a stream of data sent over a network interface either to another process on the same computer or to another computer, e.g. B. Internet sockets; a pipe (or pipeline), which is a bidirectional flow of data interconnected by standard input and output and character-by-character reading, commonly used in Unix-like computer operating systems; message queues, which are anonymous tubular data flows that store and retrieve information in packets and provide an asynchronous communication protocol; a semaphore, which is an abstract data type or variable used to control access to a shared resource; shared memory, a memory that can be accessed by multiple programs simultaneously to provide communication between them or to avoid redundant copies, e.g. B. when a process creates an area in RAM that can be accessed by other processes; and memory-mapped file, where a file physically exists on disk, but could also be a device, shared memory object, or other resource that the operating system can reference through a file descriptor. Some IPC mechanisms are described in Chapter 9 of Marko Vuskovic's paper "Operating Systems" entitled: "COMMUNICATION BETWEEN PROCESSES",which is incorporated in its entirety for all purposes as if fully set forth herein.
The Windows operating system supports IPC mechanisms like a clipboard, where the clipboard acts as a central repository for data sharing between applications, so that when a user performs a cut or copy operation in an application, the application puts the selected data on the clipboard executes... at once. or more standard or application-defined formats, and any other application can retrieve data from the clipboard and select from the available formats it understands; Using the Component Object Model (COM), whereby applications using Object Linking and Embedding (OLE) can handle compound documents and be used to invoke other applications to manipulate data; Using data copies, which allow one application to send information to another application using the WM_COPYDATA message; DDE protocol that allows applications to exchange data in different formats; and mailslots, which provide one-way communication in which processes write messages to their mailslots.
browser extension. A browser extension is a computer program that extends the functionality of a web browser in some way. Extensions can be built using web technologies such as HTML, JavaScript, and CSS. Browser extensions can also improve the web browser user interface without directly affecting the visible content of a web page, which can be achieved through a variety of plug-ins such as toolbars and plug-ins. Extension syntax can differ from browser to browser, or at least be so different that an extension that works in one browser won't work in another.
Plugins add specific functionality to browsers through application programming interfaces (APIs) that allow third parties to create plugins that interact with the browser. The original API was NPAPI, but then Google introduced the PPAPI interface in Chrome. Additionally, plugins allow browser extensions to do things like block ads, create a safe online connection, and add apps to a browser. Common browser plug-ins are Adobe Flash Player, QuickTime Player, and the Java plug-in, which can launch a user-enabled Java applet on a web page and the applet is hosted in a Java Virtual Machine (JVM) in a separate process executed. from the web browser itself.
Plug. A socket (also known as a "network socket") is an endpoint of an IPC flow on a computer network. If the communication is based on IP (Internet Protocol), the network sockets are referred to as Internet sockets. A socket API is an application programming interface (API), typically provided by the operating system, that allows application programs to control and use network sockets. Internet socket APIs are generally based on the Berkeley sockets standard. A socket address is a combination of an IP address and a port number, much like an end of a dial-up connection that combines a phone number and a specific extension. Based on this address, Internet Sockets delivers incoming data packets to the appropriate application process or thread. Sockets are featured in a presentation from the University of Toronto's Department of Computer Science entitled: "Sockets Programming Tutorial"by Amin Tootoonchian downloaded August 2014 and by SAS Institute Inc. SHARE Session 5958 "C Sockets Programming Tutorial" entitled: "Writing client/server programs in C using sockets(a tutorial)Part One",by Greg Granger on February 1998, both incorporated in their entirety for all purposes as if fully set forth herein.
An Internet socket is identified by a unique combination of a local socket address (local IP address and port number), a remote socket address (used for established TCP sockets), and the protocol used, typically a transport protocol (e.g . TCP , UDP , Raw IP or others). In the operating system and application that created a socket, a socket is referenced by a unique integer value called a socket descriptor. The operating system forwards the payload of incoming IP packets to the appropriate application, extracts the socket address information from the IP headers and transport protocol, and removes the application data headers.
Different types of internet sockets are available such as • Transmission Control Protocol (TCP) or Stream Control Transmission Protocol (SCTP) and raw sockets (or IP raw sockets) commonly available on routers and other network devices. The transport layer is bypassed and the application can access the packet headers. Other socket types are implemented on top of other transport protocols such as Systems Network Architecture (SNA). The local and remote sockets that communicate are called socket pairs. Each socket pair is described by a single 4-tuple consisting of source and destination IP addresses and port numbers, i.e. H. local and remote socket addresses. In the case of TCP, each unique socket pair4-tuple assumes a socket number, whereas in the UDP case each unique local socket address assumes a socket number.
The socket is primarily a concept used in the transport layer of the Internet model. Network devices such as routers and switches do not require transport layer implementations as they operate at the data link layer (switches) or the internet layer (routers). However, stateful network firewalls, network address translators, and proxy servers keep track of active socket pairs. Even with fair queuing, Layer 3 switching, and Quality of Service (QoS) support in routers, packet flows can be identified by extracting information about socket pairs. Raw sockets are often available on network devices and are used for routing protocols such as IGRP and OSPF and in ICMP (Internet Control Message Protocol).
Web Navigator. A web browser (commonly referred to as a browser) is a software application for retrieving, presenting, and navigating through information resources on the World Wide Web. An information resource is identified by a Uniform Resource Identifier (URI/URL) and can be part of a web page, web page, image, video, or any other content. Hyperlinks within resources allow users to easily navigate their browsers to related resources. While browsers are primarily intended for using the World Wide Web, they can also be used to access information served by web servers on private networks or files on file systems. The main purpose of a web browser is to provide the user with informational resources (“retrieving” or “searching”), allowing the user to view the information (“viewing”, “rendering”) and then accessing other information (“navigation”) . , "Follow" links"). Today the major web browsers are known as Firefox, Internet Explorer, Google Chrome, Opera and Safari.
The process begins when the user enters a Uniform Resource Locator (URL), e.g. B. "http://en.wikipedia.org/" enters into the browser. The URL prefix, the Uniform Resource Identifier or URI, determines how the URL is interpreted. The most commonly used URI type begins with http: and identifies a resource to be accessed via Hypertext Transfer Protocol (HTTP). Many browsers also support a variety of other prefixes, e.g. E.g. https: for HTTPS, ftp: for File Transfer Protocol and file: for local files. Prefixes that cannot be handled directly by the web browser are often passed to another application. For example, mailto: URIs are normally forwarded to the user's default email application and news: URIs are forwarded to the user's default newsgroup reader. In the case of http, https, file and others, the web browser displays the resource once it has been fetched. The HTML and associated content (image files, formatting information like CSS, etc.) are passed to the browser's layout engine to be turned from markup into an interactive document, a process known as "rendering". In addition to HTML, web browsers can generally display any type of content that could be part of a web page. Most browsers can display images, audio, video, and XML files, and often have plugins to support Flash applications and Java applets. If a file of an unsupported type or a set of files for download is found instead of being displayed, the browser will prompt the user to save the file to disk. Information resources may contain hyperlinks to other information resources. Each link contains the URI of a resource to go to. When a link is clicked, the browser navigates to the resource specified by the link's target URI, and the process of serving content to the user begins again. The architecture of a web browser is described in the article entitled: "Architecture and development of the modern web browserby Alan Grosskurth and Michael W. Godfrey of the University of Waterloo in Canada, dated June 20, 2006, which is incorporated in its entirety for all purposes as if fully set forth herein.
A currently popular web browser is Internet Explorer (formerly Microsoft Internet Explorer and Windows Internet Explorer, commonly abbreviated as IE or MSIE) from Microsoft Corporation, headquartered in Redmond, Washington, USA, which is a suite of graphical browsers that Developed by Microsoft and included as part of the Microsoft Windows suite of operating systems. For example, Internet Explorer 8 is titled in Microsoft's 2009 publication: "Step-by-step tutorials for Microsoft Internet Explorer8access options",which is incorporated in its entirety for all purposes as if fully set forth herein. Another popular browser is Google Chrome, a free browser developed by Google based in Googleplex, Mountain View, California, USA.
A mobile browser, also known as a micro-browser, mini-browser, or wireless internet browser (WIB), is a web browser designed for use on a mobile device such as a cell phone or PDA. Mobile browsers are optimized to display web content more efficiently for small screens on handheld devices. Mobile browser software needs to be small and efficient to take into account the small storage capacity and bandwidth of handheld wireless devices. Some mobile browsers can handle newer technologies like CSS 2.1, JavaScript and Ajax. Websites that can be accessed from these browsers are known as wireless portals, or collectively, mobile web. For example, you can automatically create "mobile" versions of any page
The mobile browser typically connects over cellular, wireless LAN, or other wireless networks and uses standard HTTP over TCP/IP and displays web pages written in HTML, XHTML Mobile Profile (WAP 2.0), or WML (which evolves from HDML has) are written. WML and HDML are simplified formats suitable for transmission over a limited bandwidth and wireless data connection called WAP. WAP 2.0 specifies the mobile XHTML profile plus WAP CSS, subsets of the W3C XHTML standard, and CSS with minor mobile extensions. Some mobile browsers are full-featured web browsers that support HTML, CSS, ECMAScript, and mobile technologies such as WML, i-mode HTML, or cHTML. To accommodate small screens, some mobile browsers use post-WIMP interfaces. An example of a mobile browser is Safari, a mobile web browser developed by Apple Inc. (based in Apple Campus, Cupertino, California, USA), included with the OS X and iOS operating systems, and Apple's contribution with is described in the title: "Safari Web Content Guide",dated March 2014, which is incorporated for all purposes in its entirety as if fully set forth herein.
smartphone. A cellular phone (also known as a cell phone, cellular phone, smartphone, or handheld phone) is a device that uses a radio link to make and receive phone calls while moving across a large geographic area and connecting to a cellular network operated by a cellular network operator. Calls are made to and from the public telephone network, which includes other cell phones and landlines around the world. Smartphones are often portable and can combine the functions of a personal digital assistant (PDA) and serve as handheld media players and camera phones with high-resolution touchscreens and web browsers that can access and display web pages correctly, rather than just being mobile. optimized websites, GPS navigation, WiFi and mobile broadband access. In addition to telephony, smartphones can support a wide range of other services such as B. Text messaging, MMS, e-mail, Internet access, wireless short-range communication (infrared, Bluetooth), business applications, games and photography.
An example of a modern smartphone is the iPhone 6 model available from Apple Inc., headquartered in Cupertino, California, USA and described in the iPhone 6 Technical Specifications (obtained October 2015 from www.apple.com /iphone-6/specs/). , and in a 2015 user guide (019-00155/2015-06) by Apple Inc. entitled: “iPhone User Guide for iOS8.4Software",which are incorporated in their entirety for all purposes as if fully set forth herein. Another example of a smartphone is the Samsung Galaxy S6 available from Samsung Electronics based in Suwon, South Korea, described in the English (EU) User Guide Numbered March 2015 (Rev. 1.0) entitled: “SM-GRAMM925FSM-GRAMM925QF SM-GRAMM925User Guide"and with the below "Galaxie S6Edge – Specifications”(October 2015 retrieved from www.samsung.com/us/explore/galaxy-s-6-features-and-specs), both incorporated in their entirety for all purposes as if fully set forth herein.
A mobile operating system (also known as a mobile operating system) is an operating system that runs on a smartphone, tablet, PDA, or other mobile device. Modern mobile operating systems combine the capabilities of a PC operating system with other functions, including touchscreen, cellular, Bluetooth, Wi-Fi, mobile GPS navigation, camera, video camera, voice recognition, voice recorder, music player, near-field communication and infrared. blaster The most popular mobile operating systems today are Android, Symbian, Apple iOS, BlackBerry, MeeGo, Windows Phone and Bada. Mobile devices with cellular communication capabilities (e.g. smartphones) often contain two mobile operating systems: the main user-oriented software platform is complemented by a second proprietary low-level real-time operating system that runs the radio and other hardware.
Android is a Linux-based and open-source mobile operating system (OS) based on the Linux kernel currently offered by Google. With a direct manipulation-based user interface, Android is primarily designed for touchscreen mobile devices such as smartphones and tablets, with specialized user interfaces for televisions (Android TV), cars (Android Auto), and watches (Android Wear). The operating system uses touch inputs that roughly correspond to real-world actions, such as B. Swipe, tap, pinch, and pinch back to manipulate onscreen objects and a virtual keyboard. Although primarily designed for touchscreen input, it has also been used in game consoles, digital cameras, and other electronic devices. Response to user input is designed to be instantaneous and offers a fluid touch interface that often leverages the device's vibration capabilities to provide haptic feedback to the user. Some apps use internal hardware such as accelerometers, gyroscopes, and proximity sensors to respond to additional user actions, e.g. B. Allowing the screen to resize from portrait to landscape based on device orientation or allowing the user to drive a vehicle in a racing game. Turning the device, simulating the control of a steering wheel.
Android devices boot to the home screen, the device's main navigation and information point, which is similar to the desktop on PCs. Android home screens usually consist of app icons and widgets. App icons start the associated app, while widgets display automatically updated content such as the weather forecast, the user's e-mail inbox or a news ticker directly on the start screen. A home screen can consist of multiple pages that the user can swipe back and forth, although the Android home screen UI is highly customizable and allows the user to customize the look and feel of the device to their liking. Third-party apps available on Google Play and other app stores can extensively change the design of your home screen and even mimic the look and feel of other operating systems like Windows Phone. The Android operating system is mentioned in a post entitled: "How to build Android",Downloaded from tutorialspoint.com in July 2014, which is included in its entirety for all purposes as if fully stated here.
iOS (formerly iPhone OS) by Apple Inc. (headquartered in Cupertino, California, USA) is a mobile operating system distributed exclusively for Apple hardware. The iOS user interface is based on the concept of direct manipulation with multi-touch gestures. The interface controls consist of sliders, switches, and buttons. Interacting with the operating system includes gestures such as swipe, tap, pinch, and pinch, all of which have specific definitions in the context of the iOS operating system and its multi-touch interface. Some apps use internal accelerometers to respond to shaking the device (a common result is the Undo command) or rotating it in three dimensions (a common result is switching from portrait to landscape). iOS is titled in the post: "Tutorial iOS",Downloaded from tutorialspoint.com in July 2014, which is included in its entirety for all purposes as if fully stated here.
geolocation. IP-based geolocation (commonly known as geolocation) is a mapping of an IP address (or MAC address) to the actual geographic location of an internet-connected computing device or mobile device. Location data based on IP addresses may include information such as country, region, city, zip code, latitude, longitude, or time zone. Deeper datasets can determine other parameters such as domain name, connection speed, ISP, language, proxies, company name, US DMA/MSA, NAICS codes, and residential/commercial classification. The geolocation is mentioned in the post entitled: "in the street-customer level-Independent IP Geolocation”by Yong Wang et al., downloaded from the Internet in July 2014, and in a 2011 Information Systems Audit and Control Association (ISACA) white paper entitled: “Geolocation: Risks, Problems and Strategies”,which are incorporated in their entirety for all purposes as if fully set forth herein. There are several commercially available geolocation databases such as B. the website http://www.ip2location.com operated by Ip2location.com of Penang, Malaysia, which offers IP geolocation software applications and the geolocation can be obtained from IpInfoDB, which operates the website. http://ipinfodb.com, and by Max Mind, Inc., headquartered in Waltham, Mass., USA, which operates the website www.maxmind.com/en/home.
Additionally, the W3C Geolocation API is an attempt by the World Wide Web Consortium (W3C) to standardize an interface for retrieving geographic location information for a client-side device. Defines a set of objects that conform to the ECMA scripting standard and run in the client application that provide the location of the client device by querying location information servers transparent to the application programming interface (API). The most common sources of location information are IP address, Wi-Fi and Bluetooth MAC address, Radio Frequency Identification (RFID), Wi-Fi or GPS device connection location, and GSM/CDMA cell IDs. The location is returned with some accuracy based on the best available source of location information. The W3C Recommendation for Draft Geolocation API Specifications of 24 October 2013 is available at http://www.w3.org/TR/2013/REC-geolocation-API-20131024. Geolocation-based addressing is described in US Patent 7,929,535 to Chen et al. entitled "Geolocation-Based Addressing Method for IPv6 Addresses" and in U.S. Patent 6,236,652 to Preston et al. entitled: "Geospatial Internet Protocol Addressing" and described in US Patent Application Publication 2005/0018645 by Mustonen et al. entitled: "Use of Geographic Location Information from the IP address," which are incorporated in their entirety for all purposes as if fully set forth herein.
virtualization. The term virtualization generally refers to the technology that enables the creation of software-based virtual machines that can run multiple operating systems from a single physical machine. In one example, virtual machines can be used to consolidate workloads from multiple underutilized servers onto fewer machines, perhaps a single machine (server consolidation), offering benefits (perceived or real, but often cited by vendors) such as hardware cost savings , environmental costs, management and administration of the server infrastructure. The virtualization scheme allows the creation of surrogates of real resources, i.e. H. Surrogates, which have the same features and external interfaces as their counterparts, but differ in attributes such as size, performance, and cost. These substitutes are called virtual resources, and their users are generally unaware of the override.
Virtualization is commonly applied to physical hardware resources by combining multiple physical resources into shared pools from which users obtain virtual resources. With virtualization, you can make a physical resource look like multiple virtual resources. Virtual resources can have functions or characteristics that are not available in their underlying physical resources. Virtualization can provide the benefits of consolidation to reduce hardware costs, such as efficient resource management and access to reduce system and operational management costs, maintain required capacity, and allow a single server to function as multiple servers. In addition, virtualization can provide workload optimization, e.g. B. by dynamically responding to the demands of user applications and increasing the utilization of existing resources by enabling the dynamic sharing of resource pools. Additionally, virtualization can be used for IT flexibility and responsiveness, such as: B. A single, consolidated view and easy access to all available resources on the network, regardless of location, and reducing the management of your environment by providing emulation for compatibility and better interoperability. .
Virtual Machine (VM). The virtual machine is a representation of a real machine that uses software that provides an operating environment that can run or host a guest operating system. In one example, a virtual machine may contain a standalone software emulation of the machine that does not physically exist but shares resources with an underlying physical machine. Like a physical computer, a virtual machine runs an operating system and applications. Multiple virtual machines can run simultaneously on a single host system. There are different types of virtual machines, each with different functions: System virtual machines (also called full virtualized virtual machines) provide a replacement for a real machine. They provide the functionality required to run full operating systems. A hypervisor uses native execution to share and manage hardware, allowing multiple environments that are isolated from each other but coexist on the same physical machine. Modern hypervisors use hardware-assisted virtualization, virtualization-specific hardware, primarily the host CPUs. Compute virtual machines are designed to run computer programs in a platform-independent environment. Some virtual machines, such as Devices such as QEMU are designed to also emulate other architectures and allow running software applications and operating systems written for a different CPU or architecture. Operating system-level virtualization enables a computer's resources to be partitioned through kernel support for multiple isolated user-space instances, often referred to as containers, which can appear as real machines to end users.
guest operating system. A guest operating system is an operating system that runs in a virtual machine environment that would otherwise run directly on a separate physical system. OS-level virtualization, also known as containerization, refers to a feature of the operating system where the kernel allows multiple isolated instances of userspace to exist. These instances, called containers, partitions, virtualization engines (VEs), or jails (FreeBSD jail or chroot jail), can resemble real computers from the point of view of the programs running on them. A computer program running on a common operating system can see all resources (connected devices, files and folders, network shares, CPU performance, quantifiable hardware resources) of that computer. However, programs running in a container can only see the contents of the container and the devices assigned to the container. In addition to isolation mechanisms, the kernel often provides resource management features to limit the impact of one container's activities on other containers. With operating system virtualization, or containerization, it is possible to run programs in containers that are only allocated a subset of these resources. A program that expects to see the entire computer, once running in a container, can only see the allocated resources and believes that all of them are available. Multiple containers can be created on any operating system, each allocated a subset of the computer's resources. Each container can contain any number of computer programs. These programs can run simultaneously or separately, even interact with each other.
hypervisor. Hypervisor generally refers to a thin layer of software that often provides virtual partitioning capabilities that run directly on the hardware, but beneath higher-level virtualization services. The hypervisor typically manages virtual machines and allows them to interact directly with the underlying hardware. System virtualization creates many virtual systems within a single physical system. Virtual systems are independent operating environments that use virtual resources. System virtualization can be addressed using hardware partitioning or hypervisor technology. Hardware partitioning divides a physical server into stripes, each capable of running an operating system. These strips are usually created using approximate allocation units, e.g. B. entire processors or physical boards. This type of virtualization allows for hardware consolidation, but does not offer all the benefits of emulation and resource sharing that hypervisors offer. Hypervisors use a thin layer of code in software or firmware to achieve detailed and dynamic resource sharing. Because hypervisors offer the greatest flexibility in defining and managing virtual resources, they are the key technology for system virtualization.
Virtual machine monitoring. A Virtual Machine Monitor (VMM) is computer software, firmware, or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is called a host machine, and each virtual machine is called a guest machine. The hypervisor presents a virtual operating platform to the guest operating systems and manages the operation of the guest operating systems. Multiple instances of a variety of operating systems can share virtualized hardware resources: for example, Linux, Windows, and macOS instances can all run on a single physical x86 machine. This is in contrast to OS-level virtualization, where all instances (often referred to as containers) must share a single kernel, although guest OSs may differ in user space, e.g. B. Different Linux distributions with the same kernel. A VMM generally refers to software that runs in a layer between a hypervisor or host operating system and one or more virtual machines that provide the virtual machine abstraction to the guest operating systems. With full virtualization, VMM exports a virtual machine abstraction that is identical to the physical machine, allowing the standard operating system to run the same as it does on physical hardware.
Hardware virtualization or platform virtualization refers to creating a virtual machine that works like a real computer with an operating system. The software running on these virtual machines is separate from the underlying hardware resources. With hardware virtualization, the host machine is the actual machine being virtualized and the guest machine is the virtual machine. The words host and guest are used to distinguish software running on the physical machine from software running on the virtual machine. The software or firmware that creates a virtual machine on the host hardware is called a hypervisor or virtual machine manager. The different types of hardware virtualization include full virtualization, in which a near-complete simulation of actual hardware allows software, which typically consists of a guest operating system, to run without modification, and paravirtualization, in which no desktop environment is simulated. However, guest programs run in their own isolated domains as if they were running on a separate system. Guest programs must be specially modified to run in this environment.
Hardware-assisted virtualization is one way to improve overall virtualization efficiency. These are CPUs that provide hardware virtualization support and other hardware components that help improve the performance of a guest environment. Hardware virtualization can be viewed as part of a broader trend in enterprise IT that includes autonomous computing, a scenario in which the IT environment can manage itself based on perceived activity, and utility computing, a utility that customers can only pay for , if you need it. The usual goal of virtualization is to centralize administrative tasks while improving scalability and overall utilization of hardware resources. Virtualization allows multiple operating systems to run in parallel on a single central processing unit (CPU). This parallelism tends to reduce overhead and is different from multitasking, which is running multiple programs on the same operating system. With virtualization, an organization can better manage rapid updates and changes to the operating system and applications without disrupting the user.
server virtualization. Server virtualization is a virtualization technique that consists of splitting a physical server into multiple small virtual servers using virtualization software. With server virtualization, each virtual server runs multiple instances of the operating system at the same time. A Virtual Private Server (VPS) is a virtual machine sold as a service by an Internet hosting service that runs its own copy of an operating system (OS), and clients can have root access to that instance of the server . OS. Therefore, they can install almost any software that runs on this operating system. For many purposes, they are functionally equivalent to a physical dedicated server, and because they are software-defined, they are much easier to create and configure. They are generally much cheaper than an equivalent physical server. However, since they share the underlying physical hardware with other VPS, performance may be slower depending on the workload of other running virtual machines. Dedicated servers can also be more efficient with CPU dependent processes like hashing.
Application Virtualization. Application virtualization is a software technology that encapsulates computer programs from the underlying operating system on which they run. A fully virtualized application will not install in the traditional sense, although it will continue to run as if it were. The application behaves at runtime as if it were interacting directly with the native operating system and all the resources it manages, but can be isolated or isolated to varying degrees. Application virtualization overlays other virtualization technologies and enables real-time, dynamic allocation of computing resources. In this context, the term "virtualization" usually refers to the encapsulated artifact (application), which is quite different from its meaning in hardware virtualization, where it refers to the abstracted artifact (physical hardware).
network virtualization. Network virtualization refers to the process of combining hardware and software network resources to create a single set of resources that form a virtual network that can be accessed independently of the physical component. Network virtualization typically involves combining hardware and software network resources and network functionality into a single software-based management unit, a virtual network. Network virtualization includes platform virtualization, often combined with resource virtualization. Network virtualization is classified as external virtualization, which aggregates many networks or parts of networks into one virtual entity, or internal virtualization, which provides network functionality for software containers on a single network server.
storage virtualization. Storage virtualization refers to the process of consolidating the physical storage of multiple network storage devices to appear as a single storage entity. Two main types of virtualization can appear in the context of a storage system: Block virtualization, used in this context, refers to the abstraction (separation) of logical memory (partition) from physical memory so that it can be accessed without considering physical storage or heterogeneous Structure. This separation allows storage system administrators more flexibility in managing storage for end users. File virtualization addresses NAS challenges by eliminating dependencies between the data being accessed at the file level and where the files are physically stored. This provides opportunities to optimize storage usage and server consolidation, as well as perform seamless file migrations.
Desktop Virtualization. Desktop virtualization refers to the process of virtualizing desktop computers using virtualization software so that the desktop computer and its associated operating system and applications are separate from the physical client device used to access it. Desktop virtualization is a software technology that separates the desktop environment and associated application software from the physical client device used to access it.
Desktop virtualization can be used in conjunction with application virtualization and user profile management systems, now referred to as "user virtualization," to provide a complete management system for desktop environments. In this mode, all desktop components are virtualized, allowing for a much more flexible and secure desktop deployment model. Additionally, this approach supports a broader desktop disaster recovery strategy, as all components are essentially backed up in the data center and supported by traditional redundant maintenance systems. If a user's device or hardware is lost, recovery is straightforward and easy because the components are there when you log in from another device. Because there is no data stored on the user's device, if that device is lost, the likelihood that critical data can be recovered and compromised is much lower. Virtual Desktop Infrastructure (VDI): The practice of hosting a desktop environment in a virtual machine running on a central or remote server.
An example of a virtualization architecture900is displayed
a hosted architecture900Afor virtualization is shown in
Cloud computing and virtualization are discussed in a book entitled "Cloud Computing and Virtualization”Written by Dac-Nhuong Le (College of Information Technology, University of Haiphong, Haiphong, Vietnam), Raghvendra Kumar (Department of Computer Science and Engineering, LNCT, Jabalpur, India), Gia Nhu Nguyen (Graduate School, Duy University Tan, Da Nang, Vietnam) and Jyotir Moy Chatterjee (Department of Engineering and Computer Science at GD-RCET, Bhilai, India), and published in 2018 by John Wiley & Sons, Inc. [ISBN 978-1-119-48790-6], the is incorporated in its entirety for all purposes as if fully set forth herein. The book describes how the introduction of virtualization in data centers is creating the need for a new class of networks designed to support resource allocation elasticity, increasing mobile workloads and the shift to virtual production workloads, and demanding maximum availability. Building a network that includes both physical servers and virtual machines with consistent resources requires a new architectural approach to IT infrastructure design and construction. Performance, elasticity, and logical addressing frameworks need to be considered, as well as managing the physical and virtual network infrastructure. Once deployed, a virtualization-enabled network can deliver many revolutionary services on a shared infrastructure. Virtualization technologies from VMware, Citrix and Microsoft encapsulate existing applications and remove them from physical hardware. Unlike physical machines, virtual machines are represented by a portable software image that can be instantiated on physical hardware at any time. With virtualization comes elasticity, where the capacity of the computer can be scaled up or down as needed by adjusting the number of virtual machines actively running on a given physical server. In addition, virtual machines can be migrated from one physical server to another during operation.
Virtualization extends this further, creating "local freedom," making virtual machines portable over ever-increasing geographic distances. As cloud architectures and multi-tenant capabilities evolve and mature, economies of scale can be achieved by consolidating capabilities across separate applications, business units, and enterprises into a common, shared, but segmented, infrastructure. The elasticity, mobility, automation, and density of virtual machines require new, high-performance-oriented network architectures that address portability and the innate understanding of the virtual machine as the new building block of the data center. Consistent, network-aware, virtualization-aware policies and controls are required to gain visibility into the state and location of virtual machines as they are created and moved through a virtualized infrastructure.
Virtualization technologies in data center environments are described in an eBook written by Gustavo Alessandro Andrade Santana and published by Cisco Systems, Inc. (Cisco Press) [ISBN-13: 978-1-58714-324-3] in 2014 entitled: “Fundamentals of data center virtualization",which is incorporated in its entirety for all purposes as if fully set forth herein. The PowerVM technology for virtualization is titled in the IBM RedBook: "IBM PowerVM Virtualization: Introduction and Configuration"published by IBM Corporation in June 2013, and the fundamentals of virtualization are covered in a 2009 IBM Corporation article titled: "Energy Systems - Introduction to Virtualization",which are incorporated in their entirety for all purposes as if fully set forth herein.
The term "processor" is used in this document to include any integrated circuit or other electronic device (or collection of devices) capable of performing an operation on one or more instructions, including but not limited to instructional systems. (RISC), CISC microprocessors, microcontroller units (MCUs), CISC-based central processing units (CPUs), and digital signal processors (DSPs). The hardware of such devices may be embedded on a single substrate (e.g., a silicon "die") or distributed across two or more substrates. Additionally, many functional aspects of the processor can only be implemented as software or firmware associated with the processor.
the computer system11can be coupled via the bus13for an exhibition17a cathode ray tube (CRT), liquid crystal display (LCD), flat panel display, touch screen, or similar means for displaying textual and graphical data to a user. The monitor can be connected via a video adapter to support the monitor. the exhibition17allows a user to view, enter and/or edit information relevant to the operation of the system. an input device18, including alphanumeric and other keys, is attached to the bus13to communicate information and command selections to the processor27. Another type of user input device is a cursor control.19a mouse, trackball, or cursor arrow keys to convey directional information and command selections to the processor27and to control the movement of the cursor on the screen17. This input device typically has two degrees of freedom on two axes, a first axis (e.g. x) and a second axis (e.g. y), allowing the device to specify positions in a plane.
the computer system11can be used to implement the methods and techniques described here. According to one embodiment, these methods and techniques are performed by the computer system11in response to the processor27Executing one or more sequences of one or more instructions contained in main memory25A.These instructions can be read from main memory.25Afrom another computer-readable medium, such as the storage device25C.Execution of instruction sequences contained in main memory25Adoes the processor27to carry out the process steps described here. In alternative embodiments, hardwired circuitry may be used in place of or in combination with software instructions to implement the arrangement. Therefore, embodiments of the invention are not limited to any specific combination of hardware and software circuitry.
The term "computer-readable medium" (or "machine-readable medium") is used in this document to include any medium or memory that participates in the delivery of instructions to a processor (such as a27) for execution, or any mechanism for storing or transmitting information in a machine-readable format (such as a computer). Such media may store computer-executable instructions to be executed by a processing element and/or control logic and data to be manipulated by a processing element and/or control logic and may take many forms, including but not limited to non-transitory media , Ephemeral medium and medium of transmission. Transmission media include coaxial cable, copper wire, and fiber optics, including the wires that make up the bus.13. The transmission media may also take the form of sound or light waves, such as those generated during data communications via infrared and radio waves, or other forms of signal propagation (e.g., carrier waves, infrared signals, digital signals, etc.). Common forms of computer-readable media include, for example, floppy disks, floppy disks, hard drives, magnetic tape or any other magnetic media, a CD-ROM, any other optical media, punched cards, punched tape, any other physical media. with perforated patterns, RAM, PROM and EPROM, FLASH-EPROM, any other memory chip or cartridge, a wave carrier as described below, or any other medium from which a computer can read.
Various forms of computer-readable media may be involved in transporting one or more sequences of one or more instructions to the processor.27for execution. For example, the instructions can first be transported on a magnetic disk to a remote computer. The remote computer can load the instructions into its dynamic memory and send them over a telephone line using a modem. A local modem for the computer system.11It can receive the data through the phone line and use an infrared transmitter to convert the data into an infrared signal. An infrared detector can receive the data carried by the infrared signal and appropriate circuitry can place the data on the bus.13. The bus13Load data into main memory25A,where is the processor27retrieves and executes the instructions. Instructions received from main memory25Acan optionally be stored on the storage device25Cbefore or after execution by the processor27.
the computer system11usually contains a communication interface29attached to the bus13. the communication interface29provides a bi-directional data communications link for a network connection28You are connected to a local network14. For example the communication interface29it may be an Integrated Services Digital Network Card (ISDN) or a modem to provide a data communications connection to an appropriate type of telephone line. As a further non-limiting example, the communication interface29it may be a Local Area Network (LAN) card to provide a data communications link to a compatible LAN. For example, you can use an Ethernet-based connection based on the IEEE802.3 standard, such as 10/100BaseT, 1000BaseT (Gigabit Ethernet), 10 Gigabit Ethernet (10 GE or 10 GbE, or 10 GigE according to IEEE Std. 802.3 ae-2002 as standard), 40 Gigabit Ethernet (40 GbE) or 100 Gigabit Ethernet (100 GbE according to the Ethernet standard IEEE P802.3ba). These technologies are described in Cisco Systems, Inc., publication number 1-587005-001-3 (June 1999), "Handbook of Networking Technologies",Chapter 7: “Ethernet Technologies,” pages 7-1 through 7-38, which is incorporated in its entirety for all purposes as if fully set forth in this document. In this case the communication interface29typically comprises a LAN transceiver or modem such as the Standard Microsystems Corporation (SMSC) LAN91C111 10/100 Ethernet transceiver described in a Standard Microsystems Corporation (SMSC) data sheet.LAN91C111 10/100NO-Chip Ethernet PCI Único MAC + PHY“data sheet, rev. 15 (February 20, 2004), which is incorporated in its entirety for all purposes as if fully set forth herein.
an internet113It is a global system of interconnected computer networks using the standardized Internet Protocol Suite (TCP/IP), including Transmission Control Protocol (TCP) and Internet Protocol (IP), to serve billions of users worldwide. It is a network of networks consisting of millions of private, public, academic, commercial and government networks, from local to global reach, interconnected by a wide range of electronic and optical network technologies. The Internet contains a wide range of information resources and services, such as B. linked hypertext documents on the World Wide Web (WWW) and the infrastructure that supports electronic mail. Internet backbones refer to the main data paths between large, strategically interconnected networks and core routers on the Internet. These data paths are hosted by high-capacity commercial, government, academic, and other network nodes, Internet exchange points, and network access points that exchange Internet traffic between the world's countries, continents, and oceans. The exchange of traffic between ISPs (typically Tier 1 networks) participating in the Internet backbone exchange traffic through privately negotiated interconnection agreements governed primarily by the no-deal connection principle.
An Internet Service Provider (ISP)12is an organization that provides services for accessing, using or participating in the Internet113. ISPs can be organized in different ways, such as B. commercial, community owned, non-profit or privately owned. Internet services typically provided by ISPs include Internet access, Internet transit, domain name registration, web hosting, and colocation. Chapter 2 describes various ISP structures: “Structural Summary of ISP Networks”from the book entitled:Guide to Trusted Internet Services and Applications”,by Robert D. Doverspike, K.K. Ramakrishnan and Chris Chase, published 2010 (ISBN: 978-1-84882-827-8), which is incorporated in its entirety for all purposes as if set forth herein in its entirety.
A mailbox provider is an organization that provides services for hosting email domains with access to mailbox storage. Provides email servers to send, receive, accept and store emails for end users or other organizations. Internet hosting services provide email, web hosting or online storage services. Other services are virtual servers, cloud services or physical server operation. A virtual ISP (VISP) is an operation that purchases services from another ISP, sometimes referred to in this context as a wholesale ISP, and allows VISP customers to access the Internet using the services and infrastructure available to the wholesale ISP. owned and operated by ISP. It is comparable to competing virtual mobile network operators and local exchanges for voice communications. A Wireless Internet Service Provider (WISP) is an Internet service provider with a network based on a wireless network. Technology may include popular wireless Wi-Fi mesh networks or proprietary devices designed to operate in the open 900 MHz, 2.4 GHz, 4.9, 5.2, 5.4 and , 5.7 and 5.8 GHz bands or licensed frequencies in the UHF band (including the MMDS band frequency) and LMDS.
ISPs can participate in peering, where multiple ISPs connect to each other at peering points or Internet Exchange (IX) points, allowing data to be routed between each network without charging each other for the data transferred, data, that would otherwise have been routed upstream through a third party ISP, you will incur upstream ISP fees. ISPs that do not require upstream and only have customers (end customers and/or peer ISPs) are called Tier 1 ISPs.
Multitasking is a method in which multiple tasks (also known as processes or programs) run for the same time: they run concurrently (in overlapping periods, new tasks begin before others finish) rather than sequentially (a conclusion before the next). begins). ). The tasks share common processing resources, such as B. the CPU and the main memory. Multitasking doesn't necessarily mean running multiple tasks at the same time. In other words, multitasking doesn't imply parallelism, but it does mean that more than one task can be running at the same time and more than one task is running in a given period of time.
On a computer with a single CPU, only one task is running at a time, which means the CPU is actively executing the instructions for that task. Multitasking solves the problem by scheduling which task can be performed at what time and when it is another waiting task's turn. The process of reallocating a CPU from one task to another is called context switching. When context switches occur frequently enough, the illusion of parallelism is achieved. Even on computers with more than one CPU (called multiprocessor machines) or more than one core on a given CPU (called multicore machines) that can run more than one task at a time (one per CPU or core), multitasking is possible performing far more tasks than CPUs.
Operating systems can use one of many different scaling strategies. In multiprogramming systems, the running task runs until it performs an operation that requires waiting for an external event (such as reading from a tape), or until the computer's scheduler forces the running task off the CPU switches. Multiprogramming systems are designed to maximize CPU utilization. In timesharing systems, the running task is forced to free up the CPU either voluntarily or by an external event such as a hardware interrupt. Timeshare systems are designed so that multiple programs can appear to run simultaneously. In real-time systems, some waiting tasks are transferred to the CPU when an external event occurs. Real-time systems are designed to control mechanical devices such as industrial robots that require real-time processing.
Encryption-based mechanisms are typically end-to-end processes involving only the sender and recipient, with the sender encrypting the plaintext message by transforming it using an algorithm, making it unreadable to anyone but the recipient with special knowledge. The data is then sent to the recipient over a network such as the Internet, and when it is received, special knowledge allows the recipient to reverse the process (decrypt it) so that the information is just as readable as the original message. The encryption process typically involves computational resources such as processing power and disk space, and requires time to run the encryption/decryption algorithm, which can delay message delivery.
Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL) are non-limiting examples of end-to-end cryptographic protocols that provide secure communication over the OSI transport layer by using a keyed message authentication code and symmetric encryption . In client/server applications, the TLS client and server negotiate a stateful connection using a handshake technique that negotiates various parameters to enable communication that prevents eavesdropping and tampering. TLS 1.2 is defined in RFC 5246, and different versions of the protocol are widely used in applications such as web browsing, email, Internet fax, instant messaging, and Voice over IP (VoIP). In application design, TLS is typically implemented on top of one of the transport layer protocols, encapsulating application-specific protocols such as HTTP, FTP, SMTP, NNTP, and XMPP. In the past it was mainly used with reliable transport protocols such as the Transmission Control Protocol (TCP). However, it has also been implemented using datagram-oriented transport protocols such as User Datagram Protocol (UDP) and Datagram Congestion Control Protocol (DCCP), a usage that has been independently standardized under the term Datagram Transport Layer Security (DTLS). . A well-known use of TLS is to secure World Wide Web traffic transported over HTTP to form HTTPS. Notable applications are e-commerce and asset management. The Simple Mail Transfer Protocol (SMTP) is also increasingly protected by TLS (RFC 3207). These applications use public key certificates to verify endpoint identity. Other communication protocols based on layer 4 (transport layer) and higher encryption layer include SSH (Secure Shell) and SSL (Secure Socket Layer).
To provide the server name, RFC 4366 Transport Layer Security (TLS) Extensions allows clients to include a Server Name Indication (SNI) extension in the extended ClientHello message. This extension immediately tells the server what name the client wants to connect with, allowing the server to choose the appropriate certificate to send to clients.
Protocols based on Layer 3 (network layer) and lower-layer encryption include IPsec, L2TP (Layer 2 Tunneling Protocol) over IPsec, and Ethernet over IPsec. IPsec is a suite of protocols designed to protect IP communications by encrypting and authenticating each IP packet in a communications session. The IPsec standard is currently based on RFC 4301 and RFC 4309 and was originally described in the now obsolete RFCs 1825-1829 and uses the Security Parameter Index (SPI, per RFC 2401) as an additional identification tag. when using IPsec to tunnel IP traffic. An overview of IPsec is provided by Cisco Systems, Inc. entitled: "An introduction to IP security(IPSec)cryptography",which is incorporated in its entirety for all purposes as if fully set forth herein.
Two common approaches to encryption are found in U.S. Patent 3,962,539 to Ehrsam et al. entitled "Product Block Cipher System for Data Security" and in U.S. Patent No. 4,405,829 to Rivest et al. entitled "Cryptographic Communications System and Method", both of which are incorporated in their entireties for all purposes as if fully set forth herein. The Ehrsam patent discloses the well-known Data Encryption Standard (DES), while the Rivest patent discloses the well-known RSA algorithm (standing for Rivest, Shamir and Adleman, who first publicly described it) which is widely used in E -Commerce logs used. RSA involves the use of a public key and a private key. DES is based on secret-key cryptography, also known as symmetric cryptography, and relies on a 56-bit key for encryption. In this form of encryption, the sender and receiver of the ciphertext have identical secret keys that are completely unique in an ideal world and unknown to the world outside the sender and receiver. By encoding plaintext into ciphertext using the secret key, the sender can send the ciphertext to the receiver using any publicly available or insecure communication system. The recipient, having received the ciphertext, decrypts it using the secret key to get the plaintext.
SNI. Host Name Indication (SNI) is an extension of the TLS computer network protocol in which a client indicates which hostname it is attempting to connect to at the beginning of the negotiation process. This allows a server to present multiple certificates on the same IP address and TCP port number, and thus serve multiple secure (HTTPS) websites (or other services over TLS) from the same IP address, without all of those websites having to use the same certificate. It is the conceptual equivalent of HTTP/1.1 name-based virtual hosting, but for HTTPS. The desired hostname is not encrypted, so a spy can see which website is being requested.
SNI solves this problem by having the client send the virtual domain name as part of the TLS negotiation. This allows the server to select the correct virtual domain beforehand and present the browser with the certificate with the correct name. Therefore, for clients and servers that implement SNI, a server with a single IP address can serve a set of domain names for which obtaining a common certificate is impractical. SNI was added to the IETF Internet RFCs in June 2003 by RFC 3546, Transport Layer Security (TLS) Extensions. The latest version of the standard is RFC 6066. In order for an application program to implement SNI, it must be implemented by the TLS library used, and the application must pass the hostname to the TLS library. Also, the TLS library can be included in the application program or be a component of the underlying operating system.
proxy servers. A proxy server is a server (either a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server by requesting a service, e.g. a file, connection, web page, or other resource available on another server, and the proxy server evaluates the request to simplify and control its complexity. Proxies can be used to add structure and encapsulation to distributed systems. Today, most proxy servers are web proxy servers that facilitate access to content on the world wide web and provide anonymity. A proxy server can reside on the user's local computer or at various points between the user's computer and target servers on the Internet. A proxy server that transmits unmodified requests and responses is often referred to as a gateway or sometimes a tunnel proxy. A forward proxy is an internet-facing proxy used to fetch from a variety of sources (in most cases anywhere on the internet). Forward proxies are proxies where the client-server names the target server to connect to and can retrieve it from a variety of sources (anywhere on the internet in most cases). An open proxy is a forwarding proxy server that any Internet user can access while surfing the Internet or using other Internet services. However, there are varying degrees of anonymity, as well as different methods of tricking the client into revealing themselves, regardless of which proxy is used. The proxy server is described in IETF RFC 1919 (March 1996)."Classic versus transparent IP proxies”and in IETF RFC 3143 (March 1996)"Bekannte HTTP-Proxy-/Caching-Probleme“(June 2001), both of which are incorporated in their entirety for all purposes as if set forth herein in their entirety.
A reverse proxy (or substitute) is a proxy server that appears to clients like a regular server. Requests are forwarded to one or more proxy servers that process the request. The proxy server's response is returned as if it came directly from the origin server, so the client is unaware of the origin servers. Reverse proxies are installed near one or more web servers. All traffic coming from the Internet and destined for one of the neighboring web servers goes through the proxy server. The use of "reverse" stems from its "direct proxy" counterpart, as the reverse proxy is closer to the web server and only serves a limited number of websites.
As the IP address of the requesting client device #1 31Ait is included in the packets that the data server receives #1 22Aas part of the HTTP request in the Content Request message.55Aan internet113, the data server #1 22Aknows the identity of the requesting customer #1 31A,Disclosure of your identity, anonymity is not achieved.
An illustrative example of using a proxy server is shown in a schematic message flow diagram.50BShe
One of the main advantages of using a proxy server53refers to the obtained anonymity. During the 'Content Request' message54Atypically contains the IP address of the sending client device #1 31A(in the "Source IP address" field)sixteenD), the request message that arrives as part of the Content Request message54Bcontains the IP address of the proxy server53in the "Source IP Address" field.sixteenDof the packets that make up the 'Content Request' message54B.Hence the data server #1 22Aonly knows the identity of the proxy server53as the requesting device and the anonymity of the actually requesting client #1 31Areserved while the requested content is successfully retrieved.
A "transparent proxy" is a proxy that does not modify the request or response beyond what is necessary to authenticate and identify the proxy. A transparent proxy, also known as an intercepting proxy, online proxy, or enforced proxy, is a proxy that intercepts normal communications at the network layer without requiring any special client configuration. Clients do not need to be aware of the proxy's existence. A transparent proxy typically sits between the client and the Internet, and the proxy performs some of the functions of a gateway or router. An "opaque proxy" is a proxy that modifies the request or response to provide an additional service to the user-agent, such as B. Group annotation services, media type transformation, log reduction or anonymity filtering. TCP Intercept is a traffic filtering security feature that protects TCP servers from TCP SYN flood attacks, which are a type of denial of service attack. TCP Intercept is only available for IP traffic. Interception proxies are widely used in organizations to enforce acceptable use policies and reduce administrative overhead because no configuration of the client's browser is required. However, this second reason is mitigated by features such as Active Directory group policies or DHCP and automatic proxy detection. ISPs in some countries also commonly use interception proxies to save upstream bandwidth and improve per-cache client response times.
An "open proxy" is used to route requests to and from anywhere on the Internet and is a forwarding proxy server accessible to any Internet user. An "anonymous proxy" reveals your identity as a proxy server, but not the client's source IP address. While this type of server can be easily detected, some users may benefit from hiding their source IP address. A "transparent proxy" not only identifies itself as a proxy server, but can also read the source IP address with the support of HTTP header fields such as X-Forwarded-For. The main benefit of using this type of server is the ability to cache a website for faster retrieval.
A "reverse proxy" receives requests from the Internet and forwards them to servers on an internal network, while those making the requests connect to the proxy and may not be aware of the internal network. A reverse proxy (or substitute) is a proxy server that appears to clients like a regular server. Reverse proxies forward requests to one or more common servers that process the request. The proxy server's response is returned as if it came directly from the origin server, so the client is unaware of the origin server. Reverse proxies are installed near one or more web servers. All traffic coming from the Internet and destined for one of the neighboring web servers goes through the proxy server. The use of "reverse" stems from its "direct proxy" counterpart, as the reverse proxy is closer to the web server and only serves a limited number of websites. Reverse proxy servers often support or provide SSL encryption/acceleration – When building secure websites, Secure Sockets Layer (SSL) encryption is often not performed by the web server itself, but rather by a reverse proxy equipped with security hardware. Also, a host can deploy a single "SSL proxy" to provide SSL encryption to any number of hosts; This eliminates the need for a separate SSL server certificate for each host, with the disadvantage that all hosts behind the SSL proxy must use a common DNS name or IP address for SSL connections. In addition, reverse proxy servers often support or provide load balancing: the reverse proxy can distribute the load across multiple web servers, with each web server serving its own scope. In this case, the reverse proxy may need to rewrite URLs on each webpage (translate externally known URLs into internal locations) and serve/store static content; A reverse proxy can offload web servers by caching static content such as images and other graphical content. In addition, the proxy server can optimize and compress content to speed up load times and can also support or provide Spoon Power when slow clients cause reduced resource usage on web servers by caching content that the server web has sent and “Feed” Spoon slowly. ' to the client, which benefits dynamically generated pages. In addition, reverse proxy servers generally support or provide security, where the proxy server is an additional layer of defense and can protect against some operating systems and certain web server attacks, as well as extranet releases, where a reverse proxy server is used for the Internet can be used. to communicate with an organization's internal firewall server and provide extranet access for some functions while the servers remain behind the firewalls. With such use, security measures should be considered to protect the rest of your infrastructure if this server is compromised as your web application is exposed to attacks from the internet.
A "translation proxy" is a proxy server used to localize a website's experience for different markets. Traffic from the global audience is routed through the translation proxy to the origin site, and when visitors navigate through the proxy site, requests are returned to the origin site, where the pages are rendered. The original language content in the response is replaced with the translated content as it passes through the proxy. The translations used in a translation proxy can be machine translation, human translation, or a combination of machine translation and human translation. Different translation proxy implementations have different capabilities. Some allow further customization of the source site for local audiences, e.g. B. removing source content or replacing source content with original local content. A 'SOCKS proxy' forwards arbitrary data after a connection phase and is similar to HTTP CONNECT in web proxies.
A "CGI web proxy" accepts destination URLs through a web form in the user's browser window, processes the request, and sends the results back to the user's browser. Consequently, it can be used on a device or network that does not allow changing the "real" proxy settings. CGI proxies usually work with CGIProxy (written in Perl language), Glype (written in PHP language) or PHProxy (written in PHP language). Some CGI proxies were set up, for example to make websites more accessible for people with disabilities, but have since been removed due to excessive traffic, often caused by third parties advertising the service, to bypass website filtering. Because many of these users don't care about the collateral damage they cause, it has become necessary for organizations to hide their proxies and only expose URLs to those who take the time to contact the organization and demonstrate a real need.
A "suffix proxy" allows a user to access web content by appending the name of the proxy server to the URL of the requested content (e.g. "en.wikipedia.org.SuffixProxy.com"). Suffix proxy servers are easier to use than regular proxy servers, but they don't offer a high level of anonymity and are mainly used to bypass web filters.
An anonymous I2P proxy is part of the anonymous I2P network ("I2P"), which is a proxy network dedicated to online anonymity. Implements garlic routing, which is an improvement on Tor's onion routing. I2P is fully distributed and works by encrypting all communications at various layers and routing them through a network of routers managed by volunteers in multiple locations. By hiding the source of the information, I2P resists censorship. The goals of I2P are to protect personal liberty, privacy and the ability of users to conduct confidential business. Every I2P user runs an I2P router on their computer (node). The I2P router takes care of finding other peers and building anonymous tunnels through them. I2P offers proxies for all protocols like HTTP, IRC and SOCKS. The Onion Router (Tor) is a system for providing online anonymity. Tor client software routes Internet traffic through a voluntary worldwide network of servers to hide the location or usage of a user's computer from anyone conducting network monitoring or traffic analysis. The use of Tor makes it difficult to track Internet activity and is intended to protect users' personal freedom and privacy. "Onion routing" refers to the layered nature of the encryption service: the original data is encrypted and re-encrypted multiple times, then sent through successive Tor repeaters, each decrypting a "layer" of encryption before passing the data to the next. Relay and finally the goal. This reduces the likelihood that the original data will be decrypted or understood during transmission. A "DNS proxy server" takes DNS requests from a (usually local) network and forwards them to an Internet domain name server. You can also cache DNS records.
Squid is an open-source caching proxy for the web that allows you to use less bandwidth on your Internet connection when browsing the web, speed up webpage load times, and protect hosts on your internal network with proxy web traffic, Collecting statistics about web traffic on your network Preventing users from visiting inappropriate websites at work or school Ensuring only authorized users can surf the Internet Improving privacy by filtering information-sensitive web requests Reducing the load on your own web server(s) and converting encrypted (HTTPS) requests from a site to unencrypted (HTTP). Squid's job is to be both a proxy and a cache. Like a proxy, Squid is an intermediary in a web transaction. It accepts a request from a client, processes that request, and forwards it to the origin server. The request can be logged, rejected and even modified before it is forwarded. Like a cache, Squid stores recently accessed web content for possible reuse later. Subsequent requests for the same content can be served from the cache instead of contacting the origin server again. You can disable the caching part of Squid if you want, but the proxy part is essential. Squid is described in a book by Wessels entitled Squid. The Definitive Guide, published by O'Reilly Media; 1st Edition [ISBN-10: 9780596001629, ISBN-13: 978-0596001629, (1 January 2004)], which is incorporated in its entirety for all purposes as if fully set forth herein.
Web proxy servers are described in a book by Luotonen entitled: "Web-Proxy-Server“published by Prentice Hall; 1st Edition [ISBN-10: 0136806120, ISBN-13: 978-0136806127, (December 30, 1997)], which is incorporated in its entirety for all purposes as if set forth in its entirety herein. An article by Luotonen et al gives an overview of proxies and their status messages. justified: "Welt-Proxys des Wide Web“,publishes Computer Networks and ISDN Systems 27, 147-154 (Elsevier Science B.V.) (1994), which is incorporated in its entirety for all purposes as if fully set forth herein. A WWW proxy server, abbreviated as a proxy, provides access to the Internet to people on closed subnets who can only access the Internet through a firewalled computer. The hypertext server cern_httpd developed by CERN can act as a proxy and provide continuous external access to HTTP, Gopher, WAIS and FTP. ccm_httpd has long had gateway capabilities, but just this spring they were extended to support all HTTP protocol methods used by WWW clients. Clients do not lose any functionality when traversing a proxy, except for special processing they may have performed for non-native web protocols such as Gopher and FTP. A new feature is proxy caching, resulting in faster response times after the first document is retrieved. This makes proxy server useful even for people who have full internet access and don't really need the proxy server just to get out of their local subnet.
An example of open proxies is ProxyList.net, a website that maintains a list of links to open proxies as described on ProxyList.net and captured by the Wayback Machine (web.archive.org), July 17, 2011, which integrates is in its entirety for all purposes as if fully set forth herein. V.I.P72is a website that sells its registered users access to anonymous proxies described in a phrase that includes a numbered sequence containing approximately second-by-second screenshots of video from YouTube page VIP72 dated February 22, 2011 at https://www .youtube represents .com/watch?v=L0Hct2kSnn4, retrieved November 21, 2019 and described in more detail in VIP72 scene images from VIP72.com/nvpnnet, MPEG video recording -4 from "nVPN .net|Double your Safety and use Socks5 + nVpn”, retrieved from https://www.youtube.com/watch?v=L0Hct2kSnn4, posted September 11, 2011, as well as the VIP72.com home page as of 2013 on the Wayback Machine, all of which are integrated into its entirety for all purposes as if fully set forth herein.
A proxy server in a cloud-based proxy service is described in US patent application publication at . 2013/0080575 by Prince et al. entitled: "Distribution, Transmission of Requests Across Multiple IP Addresses from a Proxy Server in a Cloud-Based Proxy Service," which is incorporated for all purposes in its entirety as if fully set forth herein. A first packet is received. on a client's proxy server and contains a first incoming request for an action to be performed on an identified resource. The first packet is sent by the proxy server as . The result of a DNS request for a domain matching the identified resource, resolved to a proxy server IP address. The proxy server selects one of a plurality of IP addresses to use as a source address for a second packet carrying an outbound request based at least in part on a set of parameters associated with the first packet and transmits the second packet. The proxy server receives a third inbound response packet from the destination source server in response to the outbound request and transmits a fourth outbound response packet to the client based on the inbound response.
The distribution of the transmission of requests over multiple IP addresses of a proxy server is described in the US patent application in the publication. 2013/0080575 by Prince et al. entitled: "Distribution of Request Transmission Across Multiple IP Addresses from a Proxy Server in a Cloud-Based Proxy Service," which is fully incorporated for all purposes as if fully set forth herein. A first packet is received at a client's proxy server and contains a first incoming request for an action to be performed on an identified resource. The first packet is received at the proxy server as a result of a DNS request for a domain matching the identified resource, which resolves to a proxy server IP address. The proxy server selects, based at least in part on a set of parameters associated with the first packet, one of a plurality of IP addresses to use as the source IP address for a second packet carrying an outbound request, and transmits the second packet. The proxy server receives a third inbound response packet from the destination source server in response to the outbound request and transmits a fourth outbound response packet to the client based on the inbound response.
Data center (DC) proxy server. during the arrangement50BIt is shown in it
an improved arrangement50Cis displayed
For example, when you receive the "Request for content" message54Afrom client device #1 31Avia DC proxy server56, reply by selecting an IP address from the list58, such as IP number3 58C,and then forward the request to the data server#1 22Amy IP number3 58Cas the source of the source IP addresssixteenDas part of the "Content Request" message54B.The data server #1 22AReply and send the content in the Send Content message54Cto request the DC proxy server56, which in turn forwards the retrieved content to the requesting client device #1 31Awith the message 'send content'54D.So the client device#1 31Areceived the requested content in response to the sent "Content Request" message54A,however the data server#1 22Ait only knows the IP number3 58CIdentity and is unaware of the client's device number1 31AIdentity (IP address).
If the client device #1 31Arequest different content from data server #1 22A,Send another "Content Request" message57Ato the DC proxy server56. Upon receipt of the "Content Request" message.57Afrom client device #1 31Avia DC proxy server56, reply by selecting another IP address from the list58, such as IP number6 58F,and then forward the request to the data server#1 22Amy IP number6 58Fas the source of the source IP addresssixteenDas part of another "Content Request" message57B.The data server #1 22AReply and send the content in the Send Content message57Cto request the DC proxy server56, which in turn forwards the retrieved content to the requesting client device #1 31Awith another "send content" message57D.So the client device#1 31Areceived the requested additional content in response to the sent "Content Request" message57A,however the data server#1 22Ait only knows the IP number6 58FIdentity and is unaware of the client's device number1 31AIdentity (IP address). Also the data server #1 22Areceives requests from two different IP addresses IP#3 58Ce IP #6 58F,and it doesn't know that both requests were sent from the same source device.
DC proxy servers are usually offered as a service by different companies and not by an ISP. When you visit a website, the web server recognizes the DC proxy credentials instead of your actual information. DC proxy server services are generally an inexpensive, fast, and stable way to ensure anonymity and avoid being blocked by a web server. A typical DC proxy server service offers high performance and bandwidth with a speed of up to 1000 MB/s, the proxy IP addresses used can be static or dynamically changing and are present in many countries around the world. Using DC proxies is usually used to hide the true identity or IP of the internet user. The performance comparison of various commercially available DC proxy server services (so-called VPN services) can be found in a test report commissioned by AnchorFree and carried out by AV-TEST GmbH (dated June 15, 2018) with the title: "VPN comparison test",which is incorporated in its entirety for all purposes as if fully set forth herein. The report includes reviews of Hotspot Shield Elite by AnchorFree, Avast SecureLine, Avira Phantom VPN Pro, Cisco VPN, ExpressVPN, F-Secure FREEDOME VPN, KeepSolids VPN Unlimited, London Trust Medias Private Internet Access, NordVPN, Pulse VPN, Norton WiFi Privacy, and more tunnel wear. The evaluation was based on usability, privacy and security, performance and functionality.
Arbitrarily. Randomness is commonly implemented using random numbers, which are defined as a sequence of numbers or symbols that have no pattern and therefore appear random, usually generated by a random number generator. Randomness for security is also described in IETF RFC 1750.Safety Randomization Recommendations”(December 1994), which is incorporated in its entirety for all purposes as if set forth herein in its entirety. A random number generator (with analog or digital output) can be hardware-based and use a physical process such as thermal noise, gunshot noise, nuclear decay radiation, photoelectric effects, or other quantum phenomena. Alternatively or additionally, the generation of random numbers may be software-based, using a processor running an algorithm to generate pseudo-random numbers that approximate the properties of random numbers.
The term "random" in this document is intended to cover not only unpredicted, non-deterministic and purely randomly generated signals, but also deterministic pseudo-random signals, such as the output of a shift register array provided with a feedback loop. such as those used to generate pseudo-random binary signals, or as scramblers and chaotic signals, and where a random factor may be used.
For arbitrary randomness, a digital random signal generator (known as a random number generator) can be used, where numbers in binary form replace the output analog voltage value. One approach to generating random numbers is based on the use of linear feedback shift registers. An example of random number generators is disclosed in Ikake U.S. Patent No. 7,124,157 entitled: "Random Number Generator", in Schulz U.S. Patent No. 4,905,176 entitled: "Random Number Generator Circuit", in U.S. patent no. 4,853,884 to Brown et al. entitled: "Digital Feedback Random Number Generator" and in US Patent No. 7,145,933 to Szajnowski entitled: "Method and Apparatus for Generating Random Signals", which are incorporated in their entirety for all purposes as if fully set forth herein.
A digital random signal generator can be based on the 'RPG100/RPG100B True Random Number Generation IC' available from FDK Corporation and described in the data sheet 'RPG100.RPG100B Physical Random Number Generator' REV. 08, publication number HM-RAE106-0812, which is incorporated in its entirety for all purposes as if fully set forth herein. The digital random signal generator can be hardware based and generate random numbers from a natural physical phenomenon or process such as B. thermal semiconductor noise that has no periodicity. These hardware random number generators are typically based on microscopic phenomena such as thermal noise, shot noise, nuclear decay radiation, the photoelectric effect, or other quantum phenomena, and typically include a converter to convert some aspect of the physical phenomenon into an electrical signal. . an amplifier and other electronics to convert the output into a signal that can be converted to a digital representation using an analog-to-digital converter. In case digitized serial random number signals are generated, the output is converted as 8-bit data with 256 random number values (values 0 to 255) in parallel. Alternatively, a digital random signal generator may be software (or firmware) based, such as pseudo-random number generators. These generators contain a processor for running software containing an algorithm for generating numbers that approximate the properties of random numbers. The random signal generator (either analog or digital) can produce a uniformly distributed signal where there is a substantially or purely equal probability that a signal falls between two defined boundaries and does not appear outside of those boundaries. However, Gaussian and other distributions can also be used.
Man-in-the-middle (MITM) attack. MITM attacks are a type of unauthorized access where a node or other agent redirects, alters, or intercepts communications between two other nodes within the computing environment. These MITM attacks can go unnoticed for a long time, which in turn allows attackers to obtain sensitive and malicious information such as payment information and the like. In addition, a MITM attack is a form of active eavesdropping attack in which the attacker intercepts and selectively modifies communicated data to impersonate one or more of the entities involved in a communications link. Typically, in a man-in-the-middle (MITM) attack, the attacker secretly transmits and interrupts communications between two parties who believe they are communicating directly with each other. An example of a MITM attack is active eavesdropping, in which the attacker establishes separate connections to victims and transmits messages between them to trick them into believing they are speaking to each other directly over a private connection, when in fact the entire conversation is being sent by is controlled The perpetrator. The attacker must be able to intercept all relevant messages between the two victims and insert new ones.
Internet Censorship Internet censorship is the control or suppression of what is accessible, published or viewed on the Internet and is published by regulators or on their own initiative. Individuals and organizations may censor themselves for moral, religious, or commercial reasons, to conform to social norms, out of intimidation, or for fear of legal or other repercussions. The level of internet censorship varies from country to country. While most democratic countries have moderate internet censorship, other countries go so far as to restrict access to information, such as news, and suppress debate among citizens. Internet censorship also occurs in response to or in anticipation of events such as elections, protests and riots. One example is the tightening of censorship following the events of the Arab Spring. Other types of censorship include using copyright, defamation, harassment, and claims of obscene material to suppress content.
Blocking and filtering can be based on relatively static blacklists or determined more dynamically based on a real-time examination of the information exchanged. Blacklists can be created manually or automatically and are often not available to non-customers of the blocking software. Blocking or filtering can be done at a centralized national level, at a decentralized sub-national level, or at an institutional level, such as in libraries, universities, or internet cafes. Blocking and filtering can also vary within a country with different ISPs. Countries can filter sensitive content on an ongoing basis and/or introduce temporary filters during key periods such as elections. In some cases, censorship authorities can covertly block content to trick the public into believing that censorship has not been applied. It does this by returning a fake "Not Found" error message when trying to access a blocked website.
Internet Protocol (IP) address blocking: Access to a specific IP address is denied. If the target website is hosted on a shared hosting server, all websites on the same server will be blocked. This affects IP-based protocols such as HTTP, FTP, and POP. A typical workaround is to find proxies that have access to the target websites, but the proxies may be overloaded or blocked, and some websites, such as B. Wikipedia (while editing), the proxies also block. Some major websites like Google assigned additional IP addresses to bypass the block, but the block was later expanded to cover the new addresses. Due to the challenges of geolocation, geo-blocking is usually implemented through IP address blocking.
Domain Name System (DNS) filtering and redirection: Blocked domain names are not resolved or an incorrect IP address is returned through DNS hijacking or other means. This affects all IP-based protocols such as HTTP, FTP, and POP. A typical workaround is to find an alternative DNS resolver that resolves domain names correctly, but domain name servers are also subject to blocking, particularly IP address blocking. Another solution is to bypass DNS if the IP address is available from other sources and is not blocked. Some examples are modifying the hosts file or entering the IP address instead of the domain name as part of a URL served to a web browser.
Uniform Resource Locator (URL) filtering: URL strings are checked for target keywords regardless of the domain name specified in the URL. This affects the HTTP protocol. Typical fallback methods are using escape characters in the URL or using encrypted protocols such as VPN and TLS/SSL.
Packet Filtering - Terminates TCP packet transmissions when a specified number of conflicting keywords are detected. This affects all TCP-based protocols like HTTP, FTP, and POP, but search engine results pages are most likely to be censored. Typical workaround methods include using encrypted connections like VPN and TLS/SSL to bypass HTML content, or lowering the MTU/MSS of the TCP/IP stack to reduce the amount of text contained in a given packet.
Connection Reset - If the filter blocks a previous TCP connection, future connection attempts from either side can also be blocked for a variable amount of time. Depending on the blocking site, other users or websites may also be blocked if communications are routed through the blocking site. An alternative method is to ignore the reset packet sent by the firewall.
Network Shutdown: A more technically simple method of Internet censorship is to completely shut down (turn off machines, remove cables) all routers, either software or hardware. A workaround method can be to use a satellite ISP to access the internet.
Portal censorship and removal from search results: Large portals, including search engines, can exclude websites that they would normally include. It makes a website invisible to people who don't know where to find it. When a large portal does this, it has an effect similar to censorship. Sometimes this deletion is done to comply with a legal or other requirement, other times it is at the sole discretion of the portal. For example, Google.de and Google.fr remove neo-Nazis and other listings under German and French law.
Attacks on computer networks: Denial of service attacks and attacks that deface opposing websites can achieve the same result as other blocking techniques and prevent or restrict access to certain websites or other online services, albeit only for a limited period of time. This technique can be used in the run-up to an election or other sensitive time. It is most commonly used by non-state actors trying to disrupt services.
geo blocking Geo-blocking is a method to prevent users from a specific country from accessing content (due to licensing or other requirements). If the user attempting to access the content provides an IPv6 address, the network may attempt to derive an IPv4 address from the IPv6 address and assign a geolocation to the user to accurately apply geo-blocking. Other examples include using the IPv4 address attribute of the IPv6 address to select a default language for a user, assist in locating a user for law enforcement or emergency purposes, and the like. Geoblocking or geoblocking is a technology that restricts access to Internet content based on the user's geographic location. A geo-blocking scheme involves determining the user's location using geolocation techniques, e.g. B. by comparing the user's IP address to a black or white list, accounts and measuring the end-to-end delay of a network connection to estimate the physical location of the user. The result of this check is used to determine whether the system approves or denies access to the website or specific content. Geolocation can also be used to change the content provided, for example, the currency in which the products are listed, the price or the variety of products available, among others.
tunnel construction. Computer networks can use a tunneling protocol, where one network protocol (the delivery protocol) encapsulates another payload protocol. Tunneling allows a packet of one protocol type to be encapsulated in a datagram of another protocol. For example, VPN uses PPTP to tunnel IP packets through a public network like the Internet. You can configure a VPN solution based on Point-to-Point Tunneling Protocol (PPTP), Layer Two Tunneling Protocol (L2TP), or Secure Socket Tunneling Protocol (SSTP). When tunneling is used, a payload can be transported through an incompatible delivery network or provide a secure path through an untrusted network. Typically, the delivery protocol operates on an OSI layer equal to or higher than the payload protocol. In an example of a network layer at a network layer, Generic Routing Encapsulation (GRE), a protocol running on top of IP (IP Protocol Number 47), is typically used to transport IP packets with private RFC 1918 addresses. over the Internet by delivery with public IP addresses. In this case, the payload and delivery protocols are compatible, but the payload addresses are not compatible with those of the delivery network. In contrast, an IP payload may believe it is seeing data link layer delivery when transported within the Layer 2 Tunneling Protocol (L2TP), which the payload engine uses as a data link -Layer log data connection appears. However, L2TP actually runs at the transport layer using the User Datagram Protocol (UDP) over IP. The IP-over-Delivery protocol can run over any data link protocol from IEEE 802.2 to IEEE 802.3 (ie, standards-based Ethernet) to Point-to-Point Protocol (PPP) over a dial-up modem connection.
Tunneling protocols can use data encryption to transport insecure payload protocols over a public network (such as the Internet), providing VPN functionality. IPsec has an end-to-end transport mode, but can also operate in tunnel mode through a trusted security gateway. HTTP tunneling is a technique by which communications carried out using various network protocols are routed through the HTTP protocol, the network protocols in question generally belonging to the TCP/IP family of protocols. Thus, the HTTP protocol acts as a wrapper for a channel that the enclosing network protocol uses to communicate. An HTTP flow with its hidden channel is called an HTTP tunnel. HTTP tunneling software consists of client-server HTTP tunneling applications that integrate with existing application software and allow use in conditions of limited network connectivity, including firewall networks, networks behind proxy servers, and network networks.
Virtual Private Networks (VPNs) are peer-to-peer connections over a private or public network such as the Internet. A VPN client typically uses special TCP/IP-based protocols called tunneling protocols to make a virtual call to a virtual port on a VPN server. In a typical VPN implementation, a client initiates a point-to-point virtual connection to a remote access server over the Internet, then the remote access server answers the call, authenticates the caller, and transfers data between the VPN client and the Private VPN. network organization server. To emulate a point-to-point connection, the data is encapsulated or wrapped with a header. The header provides routing information that allows data to traverse the public or shared network to reach your endpoint. To emulate a private link, the data sent is encrypted for confidentiality. Packets intercepted on the public or shared network cannot be decrypted without the encryption keys. The connection that encapsulates and encrypts private data is called a VPN connection. Two types of VPN connections are commonly used, known as remote access VPN and site-to-site VPN. Common VPN connections use the PPTP, L2TP/IPsec or SSTP protocols. RFC 4026 provides “Provider Provided Virtual Private Network (VPN) terminology” and RFC 2547 provides a VPN method based on MPLS (Multi Protocol Label Switching) and BGP (Border Gateway Protocol).
Remote access VPN connections allow users working from home or on the road to access a server on a private network using the infrastructure provided by a public network such as the Internet. From the user's perspective, VPN is a point-to-point connection between your computer (the VPN client) and an organization's server. The exact infrastructure of the shared or public network is irrelevant as it seems logical that the data would be sent over a dedicated private connection.
Site-to-site VPN connections (also known as router-to-router VPN connections) enable organizations to have routed connections between separate offices or with other organizations on a public network, helping to maintain secure communications. Logically, a VPN connection routed over the Internet acts as a dedicated WAN (Wide Area Network) connection. When networks connect to the Internet, a router forwards packets to another router over a VPN connection. For routers, the VPN connection works like a data link layer connection. A site-to-site VPN connection connects two parts of a private network. The VPN server provides a routed connection to the network to which the VPN server is connected. The calling router (the VPN client) authenticates with the answering router (the VPN server), and for mutual authentication, the answering router authenticates with the calling router. In a site-to-site VPN connection, packets sent from one of the routers over the VPN connection typically do not originate from the routers.
The Internet is increasingly being used to transport multimedia such as video and audio. Various audio services include Internet radio stations and VoIP (Voice-over-IP). Internet video services include video conferencing and IPTV (IP television). In most cases, the media service is a real-time (or near real-time) application and is therefore sensitive to internet delays. In particular, bidirectional services such as VoIP or other telephony and video conferencing services are sensitive to delays. In some cases, the delays introduced by the encryption process and the hardware/software costs associated with encryption make encryption impractical. Therefore, it is not easy to guarantee users enough accessible Internet capacity to support real-time communication applications such as Internet games, chat, VoIP and MoIP (Multimedia over IP), so data loss, severe lag or unstable lag may occur. in the course of communication due to the proprietary Internet protocol, causing inappropriate real-time video communication. The following chapters from Cisco Systems, Inc. publication number 1-587005-001-3 (July 1999) entitled: "Handbook of Networking Technologies",relate to multimedia provided over the Internet and are included in their entirety for all purposes as if fully set forth in this document: Chapter 18: “Multi-Service Access Technologies”(Pages 18-1 to 18-10) and Chapter 19: “Speech/Data Integration Technologies”(p. 19-1 to 19-30).
VoIP systems in widespread use today fall into three groups: systems using the ITU-TH.323 protocol, systems using the SIP protocol, and systems using proprietary protocols. H.323 is a teleconferencing standard developed by the International Telecommunication Union (ITU). It supports full multimedia, audio, video and data transmission between groups of two or more participants and is designed to support large networks. H.323 is network independent: it can be used in networks that use transport protocols other than TCP/IP. H.323 is still a very important protocol, but it has fallen out of favor with consumer VoIP products due to the difficulty of getting it to work through firewalls designed to protect computers running many different applications. It's a system best suited for large organizations that have the technical skills to overcome these problems.
The Session Initiation Protocol (SIP) is an Internet Engineering Task Force (IETF) standard signaling protocol for teleconferencing, telephony, presence and event notifications, and instant messaging. It provides a mechanism for configuring and managing connections, but not for transferring audio or video data. It is probably the most widely used protocol for managing internet telephony today. Similar to IETF protocols, SIP is defined in various RFCs, most notably RFC 3261. A SIP-based VoIP implementation can send encrypted voice data over the network in a number of ways. Most implementations use a real-time transport protocol (RTP) defined in RFC 3550. Both SIP and RTP are implemented over UDP, which, as a connectionless protocol, can cause problems with certain types of routers and firewalls. Therefore, usable SIP phones must also use Simple Traversal of UDP over NAT (STUN), a protocol defined in RFC 3489 that allows a client behind a NAT router to discover its external IP address and NAT device type.
The amount of data transferred in a given period of time is commonly known as "bandwidth" (BW) or "bit rate", which is the number of bits transferred or processed per unit of time. The bitrate is quantized in units of bits per second (bit/s or symbol b/s), often together with an SI prefix like kilo-(1 Kbit/s=1000 bit/s), mega-(1 Mbit/s =1000 Kbit/s), giga-(1 Gbit/s=1000 Mbit/s) or tera-(1 Tbit/s=1000 Gbit/s). The non-standard abbreviation bps is often used to replace the standard bits/s symbol, so for example "1 Mbps" (or 1 Mb/s) is used to mean one million bits per second. One byte per second (1 b/s) corresponds to 8 bits/s.
Latency is typically defined as the time lag between stimulation and response, or more generally the time lag between cause and effect of an observed physical change in the system. Network-related latency, like in a packet-switched network, is a measure of the one-way time (the time from the source sending a packet to the destination receiving it) or round-trip delay time (RTT) related to it relates one-way latency. from source to destination plus unidirectional latency from destination to source plus any delays at destination e.g. B. Throughput or other delays. Round trip latency can be measured from a single point. Latency limits overall bandwidth in reliable two-way communication systems, as described by the bandwidth delay product, which refers to the product of a data link's capacity (in bits per second) and its transmission delay. ). The result, an amount of data measured in bits (or bytes), corresponds to the maximum amount of data on the network circuit at any given time, i.e. H. Data that has been transmitted but not yet confirmed. It is sometimes calculated as the capacity of the data link multiplied by the round trip time. A network with a high bandwidth delay product is commonly known as a Long Fat Network (LFN). As defined in IETF RFC 1072, a network is considered an LFN if its bandwidth delay product is significantly greater than 105 bits (12500 bytes).
Round Trip Delay (RTD) Time or Round Trip Time (RTT) is the time it takes for a signal to be sent, received, and processed at the destination node, plus the time it takes for the signal to be acknowledged. This time delay therefore includes the propagation times between the two points of a signal. The signal is usually a packet of data, and the RTT is also known as the ping time, and an internet user can find out the RTT using the ping command. Network connections with high bandwidth and high RTT can have a large amount of data (the product of bandwidth delay) "in transit" at any given time. These “long fat tubes” require a special protocol design. An example is the TCP window scaling option. RTT was originally estimated in TCP using: RTT = (α * Old_RTT) + ((1 - α) New_Round_Trip_Sample), where α is a constant weighting factor (0 ≤ α < 1). Choosing a value of α close to 1 makes the weighted average immune to short term changes (e.g. when a single segment experiences a long delay). Choosing a value of α close to 0 makes the weighted average response to delay changes very fast. After a new RTT is calculated, it is substituted into the above equation to obtain an average RTT for that connection, and the procedure continues for each recalculation. RTT can be measured as described in IETF 1323 and can be estimated using a method described in IETF RFC 6323, both of which are included in their entirety for all purposes as if fully set forth in this document.
An estimation of the RTT for messages using TCP can use Karn's algorithm described by Karn, Phil and Craig Partridge in the ACM publication SIGCOMM '87 - Computer Communication Review entitled: "improvement round-Travel time estimates in reliable transport protocols”,which is incorporated in its entirety for all purposes as if fully set forth herein. The round-trip time is estimated as the difference between the time a segment was sent and the time its acknowledgment was sent back to the sender, but when packets are retransmitted there is an ambiguity: the acknowledgment can be a Reply to the first transmission of his message. segment or to a later broadcast. Karn's algorithm ignores retransmitted segments when updating the estimated round trip time. The estimated round-trip time is based only on unique acknowledgments, which are segment acknowledgments sent only once.
Many software platforms offer a service called "ping" that can be used to measure round-trip latency. Ping does no packet processing; It only sends a response when it receives a packet (i.e. it doesn't do anything), so it's a rough first way to measure latency. Ping sends Internet Control Message Protocol (ICMP) echo request packets to the target host and waits for an ICMP response. It measures the time from transmission to reception (round trip time) and records any packet losses. The test results are printed in the form of a statistical summary of the response packets received, including the minimum, maximum and average round-trip times and sometimes the standard deviation of the mean.
The Transmission Control Protocol/Internet Protocol (TCP/IP) suite commonly used on the Internet includes an Internet Control Message Protocol (ICMP) that is commonly used in echo or ping testing and routing applications. In general, the Internet standard "ping" or "ICMP echo" has a request/response format in which one device sends an ICMP echo request and another device responds to a received ICMP echo request with a sent ICMP -Echo reply replies. IP devices are generally expected to implement ICMP as part of their support for IP, so you can use ICMP for testing. Internet RFC 792 entitled "Internet Control Message Protocol: DARPA Internet Program Protocol Specification“,which is incorporated herein by reference in its entirety for all purposes, describes at least in part the behavior of ICMP. The ICMP echo message has a type field, a code field, a checksum field, an identifier field, a sequence number field, and a data field. According to RFC 79: “The data received in the echo message should be sent back in the echo reply message.Therefore, an RFC-compliant ping responder or ICMP echo reply message responder must copy the data field received in an echo request message directly into the data field of the sent echo reply message.
A newer version of ICMP known as ICMP Version 6 or ICMPv6 as at least partially described in RFCs 1885 and 2463, both entitled "Internet Control Message Protocol(ICMPv6)for internet protocol version6 (IPv6)Specification",which are incorporated in their entirety for all purposes as if fully set forth herein. According to RFC 2463 "Any [IPv6]the node MUST implement an ICMPv6Echo reply function that receives echo requests and sends the corresponding echo replies. an ipv6The node MUST also implement an application-Layer interface for sending echo requests and receiving echo responses for diagnostic purposes”.Therefore, responding to ICMP echo requests is often a required feature to support IPv4 and/or IPv6 standards. ICMPv6 RFCs 1885 and 2464 specify that the data field of an ICMP echo reply contains the "Call Echo Request Message Data". Therefore, both ICMP and ICMP v6, which are associated with IPv4 and IPv6, respectively, specify that the data field in an ICMP Echo Reply message must essentially contain a copy of the data contained in the corresponding ICMP Echo Request message were received.
Also, the ICMP echo protocol is basically a two-way echo, where an initiating device or process initiates the communication by sending an echo request message, which can then be received by an echo response process. The echo-response process, which usually resides in another device, receives the echo-request message and responds with an echo-response to the initial process. Once the initiating device and/or process receives the response or the response times out, the two-way echo message exchange is complete. Although the echo request and echo reply are typically performed between processes on two different devices, one skilled in the art will know that a device can ping its own IP address, which implies that the echo request and reply processes reside on the same device. Additionally, the network loopback address 127.0.0.0 in IPv4 can be used to allow a device to send outbound echo request messages to loop back the device's own inbound echo request response processes. IPv6 also has loopback functionality.
This exact copy of the data in the ICMP Echo Response is wasteful because the responder generally does not pass as much information (if any) to the device initiating the ICMP Echo Request. Possibly, the initiating device could calculate bit error rate (BER) statistics for the transmitted versus received data field in ICMP echo packets. However, physical layer issues such as BER statistics are typically not as relevant to network layer IP datagrams, which already contain multiple error control code mechanisms. The device running the response process may be able to pass information to the device running the boot process, causing the device running the original response process to initiate its own echo request and wait for an echo response from the device . This approach results in four packets, where a first echo request from a local device is answered by a first echo reply from a remote device and a second echo request from the remote device is answered by a second echo reply from the local device.
An identifier and/or sequence number in ping packets typically allows a device to use ping to determine the round trip delay from the time an ICMP echo request packet is sent to the corresponding time it is received , an associated ICMP echo request. it is received back on an initiating device. Also, ping packets often contain little or no information about the type of device that initiated the ping. Additionally, although IPv4 has Type of Service (ToS) fields in the IP datagram, these fields have become more important as services used on the Internet and networks using Internet technology have grown from basic data communications to real-time applications such as voice and/or video. In IPv4 and IPv6, different types of services (ToS) have been used to implement different QoS (Quality of Service) characteristics defined for different service classes and/or service level agreements (SLAs).
SDK. As used herein, the term software development kit (SDK) refers to a specific software package, software framework, hardware platform, or set of development tools, and the like, at the time the operating system software is built. An SDK typically contains a programming package that enables a developer to develop applications for a specific platform and may contain one or more APIs, programming tools, and documentation. It could be as simple as implementing one or more application programming interfaces (APIs) in the form of a few libraries to interact with a specific programming language, or it could involve sophisticated hardware that can communicate with a specific embedded system. Common tools include debugging facilities and other utilities, typically presented in an integrated development environment (IDE). SDKs also often include sample code and supporting technotes or other supporting documentation to clarify points made in the main reference material. SDKs may have licenses attached to them that make them unsuitable for building software intended to be developed under an incompatible license. For example, a proprietary SDK is unlikely to be compatible with open-source development, while a GPL-licensed SDK may not be compatible with proprietary software development. LGPL SDKs are generally safe for proprietary development.
A software engineer typically obtains the SDK from the developer of the target system. The SDK can often be downloaded directly from the Internet or via the SDK marketplaces. Many SDKs are provided for free to encourage developers to use the system or language. This is sometimes used as a marketing tool. SDKs that are offered free of charge can also generate revenue based on user data extracted from apps, which can serve the interests of big players in the ecosystem, e.g. the operating system. An operating system plug-in SDK (e.g., QuickTime for Classic Mac OS) may contain the plug-in software itself, to be used for development purposes, but not necessarily for distribution with the developed product.
Heartbeat. A heartbeat is a periodic signal generated by hardware or software to indicate normal operation or to synchronize other parts of a system. Typically, a heartbeat is sent between computers at regular intervals, on the order of seconds. If no heartbeat is received for a while, usually a few heartbeat intervals, it is assumed that the machine that was supposed to be sending the heartbeat has failed. As used herein, a heartbeat is a periodic message, like a "ping," generated by internet-connected devices to indicate that they are "online" (connected to the internet) and functioning normally, and when they are not heartbeat is received The device is considered “offline” (not connected to the internet) for a while. A heartbeat protocol is often used to negotiate and monitor the availability of a resource, such as a fluctuating IP address. Typically, when a heartbeat is started on a computer, it performs an election process with other computers on the network to determine which computer owns the resource. IETF RFC 6520 describes the Transport Layer Security (TLS) heartbeat operation and is included in its entirety for all purposes as if fully defined here.
Internet users may wish to remain anonymous so as not to be identified as the publisher (sender) or reader (recipient) of information. Common reasons are censorship at a local, organizational or national level, personal privacy preferences such as avoiding tracking or data mining activities, the material or its distribution is considered illegal or burdensome by potential snoopers, the material may be legal but socially loathed, embarrassed, or problematic in the individual's social world and fear of retaliation (against whistleblowers, unofficial leaks, and activists who do not believe in information or knowledge limitations). However, complete anonymity on the Internet is not guaranteed, as IP addresses can be tracked, which can identify the computer from which a particular post was made, but not the actual user. Anonymization services such as I2P – “The Anonymous Network” or Tor address the issue of IP tracking as their distributed technology approach can provide a higher level of security than centralized anonymization services where there is a central point that can reveal an individual's identity. Anonymous web browsing refers to surfing the World Wide Web while hiding the user's IP address and any other personally identifiable information from the websites visited. There are many ways to surf the web anonymously. Anonymous web browsing is often useful for internet users who want to ensure that their sessions cannot be monitored. For example, it is used to bypass traffic control by organizations that want to find out or control which websites employees visit. Because some websites respond differently when accessed via mobile devices, anonymity may allow access to this website from a non-mobile device by impersonating a mobile device.
Wireless Internet access. A device here (like the computer system11) may consist of a personal computer (PC), desktop, mobile phone, laptop, notebook, tablet, server, handheld, handheld, personal digital assistant (PDA device) or mobile phone, part thereof be or contain such. Alternatively or additionally, a device may consist of, be part of, or include a handheld PDA device, an embedded device, an external device, a hybrid device, a vehicle device, a non-vehicle device, a mobile device, or a portable device. A network here (like LAN14), may consist of, be part of, or be part of a wired or wireless network, local area network (LAN), wireless LAN (WLAN), metropolitan area network (MAN), wireless MAN (WMAN), wide area network include a network (WAN), a wireless WAN (WWAN), a personal area network (PAN), or a wireless PAN (WPAN). Alternatively or additionally, a network here may operate substantially in accordance with IEEE 802.11, 802.11a, 802.11b, 802.11g, 802.11k, 802.11n, 802.11r, 802.16, 802.16d, 802.16e, 802.20, 802.21 and/or standards. or future versions and/or derivatives of previous standards. In addition, a network element (or device) herein may consist of, be part of, or include a cellular radiocommunication system, a cellular phone, a cordless telephone, a personal communication system (PCS), a PDA device, which includes: wireless communication device or a mobile/handheld device with a global positioning system (GPS). the communication interface29can consist of a transceiver or modem for communicating with a network such as a LAN, consist of, be part of, or contain a transceiver or modem14. For wired networks, the communication interface29connects to the network through a port28which may include a connector and, in the case of a wireless network, the communication interface29connects to the network through the port28which may contain an antenna.
a LAN14it can be a wireless LAN (WLAN) compliant or based on IEEE 802.11-2012, and the WLAN port can be a WLAN antenna and the WLAN transceiver can be a WLAN modem. The WLAN may conform to or be based on IEEE 802.11a, IEEE 802.11b, IEEE 802.11g, IEEE 802.11n or IEEE 802.11ac. This communication is commonly referred to as a wireless local area network (WLAN) and uses the industrial, scientific and medical (ISM) frequency spectrum. In the United States, three of the bands within the ISM spectrum are Band A, 902–928 MHz; B-Band, 2.4-2.484 GHz (aka 2.4 GHz); and the C-band, 5.725–5.875 GHz (also known as 5 GHz). Overlapping and/or similar bands are used in different regions such as Europe and Japan. To enable interoperability between devices from different vendors, some WLAN standards were developed as part of the IEEE 802.11 standards group called WiFi (www.wi-fi.org). The IEEE 802.11b standard describes communication using the 2.4 GHz frequency band and supports a communication speed of 11 Mb/s, IEEE 802.11a uses the 5 GHz frequency band to transmit 54 Mb/s and IEEE 802.11g uses the 2.4 GHz band. Band to support 54 Mb/s. WiFi technology is featured in a post entitled: "Wi-Fi-Technologies“by the Telecoms Regulatory Authority, published July 2003, which is incorporated in its entirety for all purposes as if fully set forth in this document. IEEE 802 defines an ad hoc connection between two or more devices without using a wireless access point: the devices communicate directly when they are within range. An ad hoc network offers a peer-to-peer design and is often used in situations such as a quick data exchange or a multiplayer LAN game because it is easy to set up and does not require an access point.
picture/video. All content contained in this document may consist of, be part of, or contain image or video content. A video content can be in a digital video format, which can be based on one of the following: TIFF (Tagged Image File Format), RAW format, AVI, DV, MOV, WMV, MP4, DCF (Design Rule for Video Format). , ITU-TH.261, ITU-TH.263, ITU-T H.264, ITU-T CCIR 601, ASF, Exif (Exchangeable Image File Format) and DPOF (Digital Print Order Format). Either intraframe or interframe compression can be used, and the compression can be lossless or lossless, which can be based on a standard compression algorithm, which can be one or more of JPEG (Joint Photographic Experts Group) and MPEG (Moving Imaging Experts Group). . , ITU-T H.261, ITU-T H.263, ITU-T H.264 and ITU-T CCIR 601.
DHCP. Dynamic Host Configuration Protocol (DHCP) is a standardized network protocol used in Internet Protocol (IP) networks to dynamically distribute network configuration parameters such as IP addresses to interfaces and host services. With DHCP, network elements automatically request IP addresses and network parameters from a DHCP server, eliminating the need for a network administrator or user to manually configure these settings.
DHCP is commonly used by network elements to set Internet protocol parameters such as B. to request an IP address from a network server and is based on the client-server model. When a network element connects to a network, its DHCP client software in the operating system sends out a broadcast request requesting the necessary information. Any DHCP server on the network can fulfill the request. The DHCP server maintains a pool of IP addresses and client configuration information such as default gateway, domain name, name server, and time server. Upon request, the server can respond with specific information for each client, as previously configured by an administrator, or with a specific address and other network-wide information and the period for assignment (location). it's valid. A host typically polls for this information immediately after startup and periodically before the information expires. When the client computer updates a map, it first requests the same parameter values and may receive a new address from the server, depending on the map policies defined by administrators.
Depending on the implementation, the DHCP server can have three methods of assigning IP addresses: (a) Dynamic assignment, where a network administrator reserves a range of IP addresses for DHCP and each client computer on the LAN is configured to that it requests an IP address from the DHCP server during network startup. The request and lease process uses a lease concept with a controllable period of time that allows the DHCP server to reclaim (and then reallocate) unrenewed IP addresses. (b) Automatic assignment, in which the DHCP server permanently assigns an IP address to a requesting client within the range defined by the administrator. This is similar to dynamic assignment, but the DHCP server maintains a table of previous IP address assignments so it can preferentially assign a client the same IP address that the client previously had. (c) Static assignment, where the DHCP server assigns an IP address based on a pre-configured mapping to each client's MAC address.
The DHCP used for Internet Protocol Version 4 (IPv4) is specified in IETF RFC 2131 entitled "Dynamic Host Configuration Log",and DHCP for IPv6 is described in IETF RFC 3315 entitled: "Dynamic host configuration protocol for IPv6 (DHCPv6)”, both of which are incorporated in their entirety for all purposes as if fully set forth herein. Although both versions serve the same purpose, the protocol details for IPv4 and IPv6 are so different that they can be considered separate protocols. Alternatively, for IPv6 operation, devices can use stateless automatic address configuration. IPv4 hosts can also use link-local addressing to achieve limited operation on the LAN connection.
The DHCP protocol uses a connectionless service model using the User Datagram Protocol (UDP). It is implemented with two UDP port numbers for its operations, which are identical to the BOOTP protocol. The UDP port number67is the destination port of a server and the UDP port number68is used by the client. DHCP operations are divided into four phases: server discovery, IP lease offer, IP request, and IP lease confirmation. These phases are often abbreviated as DORA for Discovery, Offer, Request and Acknowledgment. The operation of the DHCP protocol begins when the clients send a request. If the client and server are on different subnets, a DHCP helper or a DHCP relay agent can be used. Customers wishing to renew an existing lease can communicate directly via UDP unicast, provided the customer already has an established IP address at that time.
entrance gate. The term "gateway" is used herein to include, but is not limited to, a network element (or node) equipped to interconnect networks using different protocols. A gateway typically contains components such as protocol converters, impedance matching devices, speed converters, fault isolators, or signal converters that are needed for network interoperability. A gateway can be a router or proxy server that routes between networks and can operate at any network layer. In a corporate network, a computer server that acts as a gateway node typically also acts as a proxy server and firewall. A gateway is often associated with a router, which knows where to route a given packet of data arriving at the gateway, and a switch, which provides the actual path in and out of the gateway for a given packet.
A subnet mask is a mask used to determine which subnet an IP address belongs to. An IP address consists of two components, the network address and the host address. For example, consider the IP address 150.215.017.009. Assuming this is part of a Class B network, the first two numbers (150,215) represent the Class B network address and the second two numbers (017,009) identify a specific host on that network. A subnet allows the network administrator to further divide the host part of the address into two or more subnets. In this case, part of the host address is reserved to identify the specific subnet. In an IP network, clients must automatically send IP packets to a network gateway with a destination outside of a specific subnet mask. A subnet mask defines the IP range of a private network. For example, if a private network has a base IP address of 192.168.0.0 and a subnet mask of 255.255.255.0, all data going to an IP address outside of 192.168.0.X will be sent to that gateway network. When forwarding an IP packet to another network, the gateway may or may not perform Network Address Translation (NAT).
The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or other resources connected to the Internet or a private network. It associates various pieces of information with the domain names assigned to each of the participating entities and translates easy-to-remember domain names into numeric IP addresses needed to locate IT equipment and services around the world. For example, DNS is described in IETF RFC 3467 entitled: "Role of the Domain Name System(DNS)", in IETF RFC 6195 entitled: "Domain-Name-System(DNS)IANA Considerations”,and in IETF RFC 1591 entitled: "Structure and delegation of the domain name system",which are incorporated in their entirety for all purposes as if fully set forth in this document.
vpn Computer networks can use a tunneling protocol, where one network protocol (the delivery protocol) encapsulates another payload protocol. Tunneling allows a packet of one protocol type to be encapsulated in a datagram of another protocol. For example, VPN uses PPTP to tunnel IP packets through a public network like the Internet. You can configure a VPN solution based on Point-to-Point Tunneling Protocol (PPTP), Layer Two Tunneling Protocol (L2TP), or Secure Socket Tunneling Protocol (SSTP). When tunneling is used, a payload can be transported through an incompatible delivery network or provide a secure path through an untrusted network.
Typically, the delivery protocol operates on an OSI layer equal to or higher than the payload protocol. In an example of a network layer at a network layer, Generic Routing Encapsulation (GRE), a protocol running on top of IP (IP Protocol Number 47), is typically used to transport IP packets with private RFC 1918 addresses. over the Internet by delivery with public IP addresses. In this case, the payload and delivery protocols are compatible, but the payload addresses are not compatible with those of the delivery network. In contrast, an IP payload may believe it is seeing data link layer delivery when transported within the Layer 2 Tunneling Protocol (L2TP), which the payload engine uses as a data link -Layer log data connection appears. However, L2TP actually runs at the transport layer using the User Datagram Protocol (UDP) over IP. The IP-over-Delivery protocol can run over any data link protocol from IEEE 802.2 to IEEE 802.3 (ie, standards-based Ethernet) to Point-to-Point Protocol (PPP) over a dial-up modem connection.
Tunneling protocols can use data encryption to transport insecure payload protocols over a public network (such as the Internet), providing VPN functionality. IPsec has an end-to-end transport mode, but can also operate in tunnel mode through a trusted security gateway. HTTP tunneling is a technique by which communications carried out using various network protocols are routed through the HTTP protocol, the network protocols in question generally belonging to the TCP/IP family of protocols. Thus, the HTTP protocol acts as a wrapper for a channel that the enclosing network protocol uses to communicate. The HTTP flow with its secret channel is called an HTTP tunnel. HTTP tunneling software consists of client-server HTTP tunneling applications that integrate with existing application software and allow use in conditions of limited network connectivity, including firewall networks, networks behind proxy servers, and network networks.
Virtual Private Networks (VPNs) are peer-to-peer connections over a private or public network such as the Internet. A VPN client typically uses special TCP/IP-based protocols called tunneling protocols to make a virtual call to a virtual port on a VPN server. In a typical VPN implementation, a client initiates a point-to-point virtual connection to a remote access server over the Internet, and then the remote access server answers the call, authenticates the caller, and transmits data between the VPN client and the organization. Server. private network. To emulate a point-to-point connection, the data is encapsulated or wrapped with a header. The header provides routing information that allows data to traverse the public or shared network to reach your endpoint. To emulate a private link, the data sent is encrypted for confidentiality. Packets intercepted on the public or shared network cannot be decrypted without the encryption keys. The connection that encapsulates and encrypts private data is called a VPN connection.
There are generally two types of VPN connections known as Remote Access VPN and Site-to-Site VPN. Common VPN connections use the PPTP, L2TP/IPsec or SSTP protocols. PPTP is defined in IETF RFC 2637 entitled: "Goal-for-Point-Tunneling-Protokoll(PPTP)", L2TP see description in IETF RFC 2661 title: "Layer-Two-Tunneling-Protokoll „L2PT””,which are incorporated in their entirety for all purposes as if fully set forth herein. VPN and VPN usage are discussed in Cisco Systems, Inc.'s 2001 publication entitled "IP Tunneling and VPN" and Cisco Systems, Inc. 1-58705-001-3] Chapter 18 entitled "Virtual Private Networks" and described in publications in IBM Corporation's Redbook series entitled: "A Complete Guide to Virtual Private Networks”including "volume I. IBM Firewall, Server and Client Solutions”[SG24-5201-00, June 1998],"Volume II. IBM Nways Router Solutions"[SG24-5234-01, November 1999] and "Volume III. Cross-Management of Platform Policies and Keys”[SG24-5309-00, November 1999], which are incorporated in their entirety for all purposes as if set forth in their entirety in this document.
VPN and its use are discussed in more detail in IETF RFC 4026 entitled: "Vendor provided virtual private network(VPN)Terminology"describes vendor-provided virtual private networks (VPN), in IETF RFC 2764 entitled: "A framework for IP-based virtual private networks”.describing a framework for virtual private networks (VPNs) running on IP backbones, in IETF RFC 3931 entitled: "Layer-Two-Tunneling-Protokoll - Version3 (UE2TPv3)", and in IETF RFC 2547 entitled: "VPN-BGP/MPLS“which provides a VPN method based on MPLS (Multi Protocol Label Switching) and BGP (Border Gateway Protocol) fully integrated for all purposes as if fully specified in this document.
Remote access VPN connections allow users working from home or on the road to access a server on a private network using the infrastructure provided by a public network such as the Internet. From the user's perspective, VPN is a point-to-point connection between your computer (the VPN client) and an organization's server. The exact infrastructure of the shared or public network is irrelevant as it seems logical that the data would be sent over a dedicated private connection.
Site-to-site VPN connections (also known as router-to-router VPN connections) enable organizations to have routed connections between separate offices or with other organizations on a public network, helping to maintain secure communications. Logically, a VPN connection routed over the Internet acts as a dedicated WAN (Wide Area Network) connection. When networks connect to the Internet, a router forwards packets to another router over a VPN connection. For routers, the VPN connection works like a data link layer connection. A site-to-site VPN connection connects two parts of a private network. The VPN server provides a routed connection to the network to which the VPN server is connected. The calling router (the VPN client) authenticates with the answering router (the VPN server), and for mutual authentication, the answering router authenticates with the calling router. In a site-to-site VPN connection, packets sent from one of the routers over the VPN connection typically do not originate from the routers.
Negotiation of the encryption key may involve performing an Internet Key Exchange (IKE or IKEv2) as part of establishing a session under Internet Protocol Security (IPSec), as per IETF RFC 2409 entitled: "Internet key exchange(if)" and in RFC 4306 entitled: "Internet key exchange(IKEv2)Protocol",which are incorporated in their entirety for all purposes as if fully set forth herein. Alternatively or additionally, the cryptographic key negotiation may involve performing the RSA key exchange or the Diffie-Helman key exchange specified in IETF RFC 2631 entitled: “anders-Hellman's key contract method.which is included in its entirety for all purposes as if set forth herein in its entirety, as part of establishing a session under the Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocol.
Tunnel. As used in this document, the term "tunnel" encompasses an intermediate program that acts as a blind relay between two links. Once active, a tunnel is not considered part of HTTP communication, although the tunnel could be started by an HTTP request. The tunnel ceases to exist when both ends of the forwarded connections are closed.
Lawyer. The term "proxy" as used in this document includes an intermediary program that acts as both a server and a client to make requests on behalf of other clients. Requests are answered internally or sent to other servers with possible translation. A proxy MUST implement the client and server requirements of this specification. A "transparent proxy" is a proxy that does not modify the request or response beyond what is necessary to authenticate and identify the proxy. An "opaque proxy" is a proxy that modifies the request or response to provide an additional service to the user-agent, such as B. Group annotation services, media type transformation, log reduction or anonymity filtering. Except where transparent or non-transparent behavior is explicitly stated, the requirements for an HTTP proxy apply to both proxy types and are set out in IETF RFC 2616 entitled: "Hypertext Transfer Protocol - HTTP/1,1“.
HTTP tunneling. HTTP tunneling is a technique by which communications carried out using various network protocols are routed through the HTTP protocol, the network protocols in question generally belonging to the TCP/IP family of protocols. Thus, the HTTP protocol acts as a wrapper for a channel that the enclosing network protocol uses to communicate. The HTTP stream with its hidden channel is called an HTTP tunnel, and an HTTP tunneling software consists of client-server HTTP tunneling applications that can be integrated into existing application software, allowing them to work under conditions of limited network connectivity, including networks with Firewalls, can be used. Networks behind proxy servers and network address translation.
An HTTP tunnel is most commonly used as a means of communication from network locations with limited connectivity, often behind NATs, firewalls or proxies, and with applications that do not natively support communication under such limited connectivity conditions. Restricted connectivity in the form of blocking TCP/IP ports, blocking traffic initiated from outside the network, or blocking all but a few network protocols is a commonly used method of locking down a network to protect it from internal and external protect against threats.
HTTP CONNECTION tunnel. A variant of HTTP tunneling behind an HTTP proxy server is to use the HTTP "CONNECT" method. With this mechanism, the client asks an HTTP proxy server to forward the TCP connection to the desired destination. The server then establishes the connection on behalf of the client. After the server establishes the connection, the proxy server continues to send the TCP stream to and from the client. Note that only the initial connection request is HTTP; After that, the server simply forwards the established TCP connection. This mechanism allows a client to access websites behind an HTTP proxy over SSL or TLS (i.e. HTTPS). Not all HTTP proxies support this feature, and even those that do may restrict behavior (e.g. only allow connections to the standard HTTPS port 443 or block traffic that doesn't appear to be SSL).
HTTP tunnel without using CONNECT. Some networks restrict the use of the CONNECT method to certain trusted sites. In these cases, an HTTP tunnel can still only be implemented using the usual HTTP methods such as POST, GET, PUT and DELETE. This is similar to the approach used in BOSH (Bidirectional Over HTTP Synchronous) flows. In this proof-of-concept program, the server runs outside the protected network and acts as a dedicated HTTP server. The client program runs on a computer within the protected network. Each time network traffic is transmitted from the client, the client repackages the traffic data as an HTTP request and transmits it to the external server, which extracts and executes the original network request for the client. The response to the request sent to the server is repackaged as an HTTP response and forwarded to the client. Because all traffic is encapsulated in normal GET and POST requests and responses, this approach works on most proxies and firewalls.
SOCKS. Socket Secure (SOCKS) is an Internet protocol that works at layer 5 of the OSI model (the session layer, an intermediate layer between the presentation layer and the transport layer) and exchanges network packets between a client and a server through a proxy server. In addition, SOCKS5 provides authentication, so only authorized users can access a server. In practice, a SOCKS server sends TCP connections to any IP address and provides a way to forward UDP packets. The SOCKS server accepts incoming client connections on TCP port 1080. SOCKS is a de facto standard for circuit-level gateways and is also used as a bypass tool, allowing traffic to bypass network filtering to access content, which are blocked by governments, for example. , workplaces, schools and country-specific web services. Client software must have native SOCKS support to connect via SOCKS.
In addition, the SOCKS protocol provides a framework for client-server applications in the TCP and UDP domains to conveniently and securely use the services of a network firewall. The protocol is conceptually a "padding layer" between the application layer and the transport layer, and as such does not provide network layer gateway services such as ICMP message forwarding. The SOCKS protocol typically sends TCP sessions to a firewall to allow application users transparent access through the firewall. Because the protocol is independent of the application protocols, it can (and has been) used for many different services like Telnet, FTP, Finger, Whois, Gopher, WWW, etc. Access control can be applied at the beginning of each TCP session; After that, the server simply forwards the data between the client and the application server, resulting in minimal processing overhead. Since SOCKS never needs to know anything about the application's protocol, it should also be easy to consider applications that use encryption to protect their traffic from prying snoopers.
SOCKS works at a lower level than the HTTP proxy: SOCKS uses a handshake protocol to inform the proxy software about the connection the client is trying to establish and then acts as transparently as possible, while a normal proxy interpret headers and rewrite (e.g. to use a different underlying protocol like FTP; however, an HTTP proxy simply forwards an HTTP request to the desired HTTP server). Although the HTTP proxy has a different usage model in mind, the CONNECT method allows you to forward TCP connections; However, SOCKS proxies can also forward UDP traffic and work in reverse, while HTTP proxies cannot. HTTP proxies are traditionally better acquainted with the HTTP protocol and perform higher-level filtering (although this generally only applies to the GET and POST methods, not the CONNECT method). SOCKS4a extends the SOCKS4 protocol to allow a client to specify a target domain name instead of an IP address; This is useful when the client itself cannot resolve the target host's domain name to an IP address.
The SOCKS5 protocol is defined in RFC 1928 of March 1996 and is entitled: "Version of the SOCKS protocol5,” which is incorporated in its entirety for all purposes as if set forth herein in its entirety. It is an extension of the SOCKS4 protocol; It offers more authentication options and adds support for IPv6 and UDP, the latter of which can be used for DNS lookups. The protocol specification for SOCKS Version 5 RFC 1929 from March 1996 entitled: "Username/Password Authentication for SOCKS V5", which is incorporated in its entirety for all purposes as if fully set forth here, specifies a generalized framework for using any authentication protocol in the initial configuration of the socket connection and describes such a protocol as conforming to version 5 of SOCKS. RFC 1961 of June 1996 entitled: "GSS-API authentication method for the SOCKS version5", which is included in its entirety for all purposes as if set forth in its entirety in this document, provides the specification for the SOCKS V5 GSS-API authentication protocol and defines an encapsulation based on the GSS-API, to provide integrity and authentication and optional confidentiality RFC 3089 of April 2001 entitled: "A MEDIUM-IPv based6/ipv4Gateway-Engine“,which is included in its entirety for all purposes as if fully given in this document, describes a SOCKS-based IPv6/IPv4 gateway mechanism that enables seamless heterogeneous communication between IPv6 nodes and IPv4 nodes.
WebSocket. WebSocket is a computer communications protocol that provides full-duplex communication channels over a single TCP connection. The WebSocket protocol enables two-way communication between a client running untrusted code in a controlled environment and a remote host that has chosen to receive communications from that code. The security model used for this is the origin-based security model typically used by web browsers. The protocol consists of an opening handshake followed by a basic message frame layered over TCP. The goal of this technology is to provide a mechanism for browser-based applications that need bi-directional communication with servers that do not rely on opening multiple HTTP connections (e.g. using XMLHttpRequest or <iframe>s and long queries) . The WebSocket protocol is defined in RFC 6455 of December 2011 and is entitled: "The WebSocket Protocol",which is incorporated in its entirety for all purposes as if fully set forth herein.
While the WebSocket and HTTP protocols reside at layer 7 in the OSI model and as such rely on TCP at layer 4, and while WebSocket is designed to work on HTTP ports 80 and 443 and proxy servers and HTTP intermediary supported, the protocols are different. Unlike HTTP, WebSocket provides full-duplex communication, and WebSocket also allows messages to flow over TCP. TCP only handles streams of bytes with no inherent concept of a message. For compatibility reasons, the WebSocket handshake uses the HTTP update header to switch from the HTTP protocol to the WebSocket protocol. The WebSocket protocol allows interaction between a web client (such as a browser) and a web server with less overhead, making it easier to transfer real-time data to and from the server. This is achieved by providing the server with a standardized way to send content to the client without the client first requesting it, and by allowing messages to be sent back and forth while keeping the connection open. In this way, a continuous two-way conversation (two-way conversation) can take place between the client and the server. Communication occurs over TCP port number 80 (or 443 for TLS-encrypted connections), which is beneficial for environments that block non-web Internet connections through a firewall.
The WebSocket protocol specification defines ws (WebSocket) and wss (WebSocket Secure) as two new URI (Uniform Resource Identifier) schemes used for unencrypted and encrypted connections, respectively. In addition to the scheme and fragment name (# is not supported), the rest of the URI components are defined to use generic URI syntax. Browser developer tools allow developers to explore WebSocket handshake and WebSocket frameworks. Client implementations of the WebSocket protocol attempt to detect whether the user agent is configured to use a proxy when connecting to the target host and port, and if so use the HTTP CONNECT method to establish a persistent tunnel.
Although the WebSocket protocol itself does not recognize proxies and firewalls, it has an HTTP-compatible handshake that allows HTTP servers to use their standard HTTP and HTTPS ports (80 and 443) with a gateway or a WebSocket to share servers. The WebSocket protocol defines a ws:// and wss:// prefix to indicate a WebSocket and WebSocket Secure connection, respectively. Both schemes use an HTTP update mechanism to update to the WebSocket protocol. Some proxy servers are transparent and work well with WebSocket; others prevent WebSocket from working properly, causing the connection to fail. In some cases, additional proxy server configuration may be required and some proxy servers may need to be upgraded to support WebSocket. If unencrypted WebSocket traffic flows through an explicit or transparent proxy server that doesn't support WebSockets, the connection is likely to fail.
When an encrypted WebSocket connection is used, using Transport Layer Security (TLS) on the secure WebSocket connection ensures that an HTTP CONNECT command is issued if the browser is configured to use an explicit proxy server. This establishes a tunnel that allows end-to-end low-level TCP communication through the HTTP proxy between the WebSocket Secure client and the WebSocket server. With transparent proxies, the browser does not recognize the proxy server, so HTTP CONNECT is not sent. However, since the wired traffic is encrypted, intermediate transparent proxies can simply pass the encrypted traffic, so the likelihood of a successful WebSocket connection is much greater when Secure WebSocket is used.
firewall. The term "firewall" as used herein is a device that inspects network traffic passing through it and can take action, such as blocking traffic. Firewalls can be implemented as standalone network devices or, in some cases, integrated into a single network device, such as a router or switch, that performs other functions. For example, a network switch can perform both firewall-related functions and switch functions. A firewall can be implemented using hardware and/or software and can contain all the necessary subsystems that can control inbound and outbound network traffic based on a set of applied rules. A firewall can be used to create a barrier between a secure and trusted internal network and another network such as the Internet that may not be secure and trusted. Firewalls exist as software running on general purpose hardware and as a hardware device. Many hardware-based firewalls also provide additional functionality for the internal network that the firewalls protect.
NAT traversal. Network Address Translation (NAT) traversal is a network technique for establishing and maintaining Internet Protocol connections through gateways that implement Network Address Translation (NAT). NAT traversal techniques are required for many network applications, e.g. B. Peer-to-peer file sharing and Voice over IP. NAT devices are commonly used to reduce IPv4 address exhaustion by allowing the use of private IP addresses on private networks behind routers with a single public IP address facing the public internet. Devices on the internal network communicate with hosts on the external network by changing the source address of outgoing requests to the NAT device and forwarding responses back to the source device. NAT traversal techniques often bypass corporate security policies. Enterprise security professionals prefer techniques that explicitly cooperate with NAT and firewalls, allowing NAT traversal while orchestrating NAT to enforce enterprise security policies. The IETF standards based on this security model are Realm-Specific IP (RSIP) and Intermediate Box Communications (MIDCOM).
Several NAT traversal techniques are available such as WebSocket (ws) or WebSocket Secure (wss), Secure Socket (SOCKS) which uses proxies to forward traffic between networks or systems, Traversal Using Relays around NAT (TURN) , which is a retransmission purpose-built for NAT traversal, NAT piercing is a general technique that exploits how NAT treats some protocols (such as UDP, TCP, or ICMP) to allow previously blocked packets through NAT . Session Traversal Utilities for NAT (STUN) is a standardized set of methods and network protocol for penetrating NAT. It was developed for UDP but has also been extended to TCP. Interactive Connectivity Establishment (ICE) is a full protocol for using STUN and/or TURN to perform NAT traversal while choosing the best available network path, UPnP Internet Gateway Device Protocol (IGDP). ) is supported by many small NAT gateways in home or small office environments. Allows a device on a network to request the router to open a port, NAT-PMP is a protocol introduced by Apple as an alternative to IGDP, PCP is a successor to NAT-PMP, and Application-Level Gateway (ALG) is a component of a firewall or NAT that allows you to configure NAT traversal filters.
IPsec virtual private network clients use NAT traversal to tunnel security payload packets through NAT. In its operation, IPsec uses several protocols that must be enabled in order to pass through firewalls and network address translators: Internet Key Exchange (IKE): User Datagram Protocol (UDP) Port 500, Encapsulating Security Payload (ESP): IP Protocol Number 50, Authentication Header ( AH): IP protocol number 51 and IPsec NAT traversal: UDP port 4500 if NAT traversal is used. Many routers provide explicit functionality, often referred to as "IPsec passthrough". NAT traversal and IPsec can be used to provide opportunistic encryption of traffic between systems. NAT traversal allows systems behind NAT to request and establish secure connections when needed.
The techniques, methods, utilities, and uses of NAT traversal are described in IETF RFC 2663 (dated August 1999) entitled: "IP network address translator(NAT)Terminology and considerations",in IETF RFC 3715 (March 2004) entitled: "IPsec-Network Address Translation(NAT)compatibility requirements",in IETF RFC 3947 (dated January 2005) entitled: "NAT negotiation-Cruce and IKE",in IETF RFC 5128 (dated March 2008) entitled: "Pair-Status-for-Par(PAG2PAG)Communication between network address translators(NAT)", in IETF RFC 5245 (April 2010) entitled: "Interactive connectivity building(IT IS?):A network address translator protocol.(NAT)transversal for offer/response protocols",in IETF RFC 5389 (October 2008) entitled: "Session traversal utilities for NAT(ATURDIR)" and in IETF RFC 7350 (dated August 2014) entitled: "Datagram Transport Layer Security(DTL)as a transport for session pass utilities for NAT(ATURDIR)", both of which are included in their entirety for all purposes as if fully provided in this document. One of the simplest yet most robust and practical NAT traversal techniques, commonly known as "punch", is described in an article described by Bryan Ford (Massachusetts Institute of Technology), Pyda Srisuresh (Caymas Systems, Inc.) and Dan Kegel, published in 2008 entitled: "Par-for-point-to-point communication in network address translators”,which is incorporated in its entirety for all purposes as if fully set forth herein. The document documents and explains UDP communication scanning and how it can be reliably used to configure point-to-point TCP flows. NAT traversal techniques in P2P networks are discussed in a January 2008 article by Huynh Cong Phuoc, Ray Hunt and Andrew McKenzie (all from the University of Canterbury, Chistchurch, New Zealand) entitled: "Peer NAT Traversal Techniques-for-peer networks",which is incorporated in its entirety for all purposes as if fully set forth herein. First, Network Address Translation (NAT) detection is categorized and UDP and TCP traversal techniques are discussed. Methods such as retransmission, link reversal, and hole drilling are then discussed. Finally, the development of a test suite that can be used to evaluate NAT traversal techniques and determine the appropriate configurations to reach the P2P network is described.
Fragmentation. Database systems with large datasets and high-performance applications can challenge the capacity of a single server. High query rates can exhaust the server's CPU capacity, and larger amounts of data exceed the memory capacity of a single computer. In addition, working set sizes larger than system RAM increase disk drive I/O capacity. To solve these scaling problems, database systems have two basic approaches: vertical scaling and sharding. Vertical scaling adds more CPU and memory resources to increase capacity. Scaling by adding capacity has limitations: high-performance systems with lots of CPUs and lots of RAM are disproportionately more expensive than smaller systems. Additionally, cloud-based providers may only allow users to deploy smaller instances. As a result, there is a practical maximum capacity for vertical scaling. Sharding or horizontal scaling, on the other hand, splits the data set and spreads it across multiple servers or shards. Each shard is a separate database, and together the shards form a single logical database.
A database shard is a horizontal partition of data in a database or search engine, each individual partition being referred to as a shard or database shard. Each shard is kept on a separate database server instance to distribute the load. Some data in a database persists across all shards, but some data only appears in a single shard. Each shard (or server) acts as a single source for that subset of data. Horizontal partitioning is a database design principle in which the rows of a database table are kept separate instead of being split into columns (which is the case to varying degrees with normalization and vertical partitioning). Each partition is part of a shard, which can itself reside on a separate database server or in a physical location.
As tables are split and distributed across multiple servers, the total number of rows in each table in each database is reduced. This reduces the size of the index, which generally improves search performance. A database shard can be placed on separate hardware, and multiple shards can be placed on multiple machines. This allows the database to be distributed across a large number of machines, which significantly improves performance. Furthermore, if the database snippet is based on an actual segmentation of the data (e.g. European vs. US customers), it is possible to easily and automatically derive the corresponding snippet mapping and only query the relevant snippet.
Horizontal partitioning involves splitting one or more tables row by row, typically across a single instance of a schema and database server. It can provide an advantage in reducing index size (and hence search overhead) as long as there is an obvious, robust, and implicit way to identify which partition a given row is found in without having to search the first index. Splitting shards into multiple isolated instances requires more than just a horizontal partition. The expected efficiency gains would be lost if the database query required querying both instances just to retrieve a single dimension table. In addition to partitioning, sharding splits large partitionable tables between servers while replicating smaller tables as entire drives.
Database fragmentation is described in a white paper published in April 2017 by Oracle Corporation (World Headquarters at 500 Oracle Parkway, Redwood Shores, California 94065, USA) entitled: "Oracle Fragmentation: Linear Scalability, Fault Isolation, and Geo-web distribution-scale OLTP applications",and in a document from the MongoDB Documentation Project dated January 12, 2015 (version 2.8.0-rc3) entitled: "Fragmentation and MongoDB",which are incorporated in their entirety for all purposes as if fully set forth herein.
multihoming. Multihoming refers to the practice of connecting a host or network of computers to more than one network to increase reliability, performance, or reduce costs. Although a typical host or end-user network is connected to a single network, in many cases it can be useful to connect a host or network to multiple networks to increase reliability (if a single connection fails, packets can still be sent to forwarded to others). . . . networks), improve performance (depending on the destination, it may be more efficient to travel on one network or the other) and reduce costs (depending on the destination, it may be cheaper to travel on one network or the other).
There are several ways to perform multihoming. Host multihoming allows a single host to connect to multiple networks. For example, a mobile phone can connect to a Wi-Fi network and a 3G network at the same time, and a desktop computer can connect to both a home network and a VPN. A multihomed host is typically assigned multiple addresses, one for each attached network. With classic multi-hosting, a network is connected to several providers and uses its own address range (usually from a provider-independent (IP) range). Network edge routers communicate with providers using a dynamic routing protocol, typically BGP, which advertises the range of network addresses to all providers. If one of the links fails, the dynamic routing protocol detects the failure within seconds or minutes and reconfigures its routing tables to use the remaining links transparently to the hosts. Classic multihoming is expensive because it requires the use of an address space accepted by all providers, a public Autonomous System (AS) number, and a dynamic routing protocol. Because the multi-homed address space cannot be aggregated, the global routing table grows. In the multi-address multi-hosting approach, the network is connected to multiple providers and multiple address ranges are allocated, one for each provider. Hosts are assigned multiple addresses, one for each provider. Multi-address multihoming is cheaper than classic multihoming and can be used without the involvement of providers (e.g. in a home network), but requires additional technology to perform the routing: For incoming data traffic, hosts with multiple DNS A or AAAA records must be used. so that they can be accessed by all providers; and for outbound traffic, a technique such as source-specific routing must be used to route packets through the correct provider, and hosts must implement appropriate source address selection policies. Classic multi-hosting is the dominant technique for IPv4 and requires a network to have its own range of public IP addresses and public AS (Autonomous System) number. It is also possible to implement multihoming for IPv4 with multiple NAT gateways.
Both classic multi-hosting and multi-address multi-hosting can be used in IPv6. With classic multihoming, the Vendor Independent (PI) address space available in IPv6 can be used. The advantage of this technique is that it works like IPv4, supports cross-vendor traffic balancing and maintains existing TCP and UDP sessions in the event of failures. Multi-address multihoming can be implemented for IPv6, with the host using an agnostic protocol for outbound traffic (Multipath TCP, SCTP, etc.)6). The functional requirements and possible solutions for multihoming without using IPv6 NAT for IPv6 hosts and small networks are given in IETF RFC 7157 (dated March 2014) entitled: "ipv6multihoming without network address translation",which is incorporated in its entirety for all purposes as if fully set forth herein.
DNS Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or other resources connected to the Internet or a private network. It associates various pieces of information with the domain names assigned to each of the participating entities and translates easy-to-remember domain names into numeric IP addresses needed to locate IT equipment and services around the world. For example, DNS is described in IETF RFC 3467 entitled: "Role of the Domain Name System(DNS)", in IETF RFC 6195 entitled: "Domain-Name-System(DNS)IANA Considerations”,and in IETF RFC 1591 entitled: "Structure and delegation of the domain name system",which are incorporated in their entirety for all purposes as if fully set forth in this document.
A system for resolving DNS (Domain Name System) queries, which includes a communication device for resolving DNS queries, the communication device further including a memory and a processor configured by a memory for use of the communication device and an authorized cached on the domain network. Name servers, where in a process in which the communication device looks up a DNS query in the cache, if the communication device sees an expired DNS entry in the cache, the communication device continues the process of looking up the DNS query in the cache during the caching parallel broadcast a concurrent DNS request to an authoritative domain name server to which the expired DNS entry belongs is described in US Patent No. 8,671,221 by the same inventors of the present application, entitled "Method and System to Increase the Resolution Speed of the Domain Name." Systems in a Computing Device, which is incorporated in its entirety for all purposes as if it were contained in its entirety in this document.
Systems and methods for storing previously transmitted data and using them to reduce bandwidth usage and speed up future communications, and using algorithms to identify long compression history matches. A network device that can improve compression speed and efficiency is disclosed in US Patent No. 7,865,585 to Samuels et al. entitled: "Systems and Methods for Providing Dynamic Ad Hoc Proxy Cache Hierarchies," which is incorporated in its entirety for all purposes as if fully set forth herein. Additionally, a method and system for accelerating data reception in a client-to-client network is described in US Patent No. 7,203,741 to Marco et al. entitled: "Method and System for Speeding Up Data Reception in a Client-to-Client Network" which is fully integrated for all purposes as if fully intended in this document.
WWAN. Each wireless network here could be a wireless wide area network (WWAN), such as a wireless broadband network, and the WWAN port could be an antenna and the WWAN transceiver could be a wireless modem. The wireless network can be a satellite network, the antenna can be a satellite antenna, and the wireless modem can be a satellite modem. The wireless network can be an IEEE 802.16-2009-based or compatible WiMAX network, the antenna can be a WiMAX antenna, and the wireless modem can be a WiMAX modem. The wireless network can be a cellular network, the antenna can be a cellular antenna, and the wireless modem can be a cellular modem. The mobile network can be a third generation (3G) network and can use UMTS W-CDMA, UMTS HSPA, UMTS TDD, CDMA2000 1xRTT, CDMA2000 EV-DO or GSM EDGE-Evolution. The cellular network may be a fourth generation (4G) network and may use or be compatible with HSPA+, Mobile WiMAX, LTE, LTE-Advanced, MBWA, or be compatible with or based on IEEE 802.20-2008.
Wireless Internet access. Wireless Local Area Network (WLAN) is a popular wireless technology that uses the Industrial, Scientific, and Medical (ISM) frequency spectrum. In the United States, three of the bands within the ISM spectrum are Band A, 902–928 MHz; B-Band, 2.4-2.484 GHz (aka 2.4 GHz); and the C-band, 5.725–5.875 GHz (also known as 5 GHz). Overlapping and/or similar bands are used in different regions such as Europe and Japan. To enable interoperability between devices from different vendors, some WLAN standards were developed as part of the IEEE 802.11 standards group called WiFi (www.wi-fi.org). IEEE 802.11b describes communication using the 2.4 GHz frequency band and supports a communication speed of 11 Mb/s, IEEE 802.11a uses the 5 GHz frequency band to transmit 54 Mb/s and IEEE 802.11g uses the 5 GHz frequency band GHz to Supports 54 Mb/s. WiFi technology is featured in a post entitled: "Wi-Fi-Technologies“by the Telecoms Regulatory Authority, published July 2003, which is incorporated in its entirety for all purposes as if fully set forth in this document. IEEE 802 defines an ad hoc connection between two or more devices without using a wireless access point: the devices communicate directly when they are within range. An ad hoc network offers a peer-to-peer design and is often used in situations such as a quick data exchange or a multiplayer LAN game because it is easy to set up and does not require an access point.
A node/client with a WLAN interface is commonly referred to as an STA (Wireless Station/Wireless Client). The STA functionality can be integrated as part of the data unit or alternatively be a dedicated unit called a bridge attached to the data unit. Although STAs can communicate without additional hardware (ad hoc mode), this network typically includes a wireless access point (also known as WAP or AP) as the switching device. WAP implements Basic Set of Stations (BSS) and/or Independent BSS-based ad-hoc mode (IBSS). STA, client, bridge and WAP are collectively referred to herein as the WLAN entity. Bandwidth allocation for US IEEE 802.11g wireless technology allows multiple communication sessions to occur simultaneously, defining eleven overlapping channels with 5 MHz spacing extending from 2412 MHz as the center frequency to the channel number1, by channel2centered on 2417MHz and 2457MHz as the center frequency for the channel number10, to channel11centered at 2462 MHz The bandwidth of each channel is 22 MHz, arranged symmetrically (+/-11 MHz) around the center frequency. In the transmission path, the baseband (IF) signal is first generated based on the data to be transmitted using a modulation method based on 256 QAM (Quadrature Amplitude Modulation) OFDM (Orthogonal Frequency Division Multiplexing), which results in a frequency of 22 MHz (single channel width ) frequency band signal. The signal is then converted to 2.4 GHz (RF) and tuned to the center frequency of the desired channel and transmitted over the air through the antenna. Likewise, the receive path includes a received channel in the RF spectrum, which is converted to baseband (IF), where the data is then extracted.
To support multiple devices and use a permanent solution, a wireless access point (WAP) is typically used. A wireless access point (WAP or Access Point - AP) is a device that allows wireless devices to connect to a wired network using Wi-Fi or related standards. WAP is typically connected to a router as a standalone device (via a wired network), but it can also be an integral component of the router itself. The wireless access point (AP) allows users to add devices that access the network with few or no wires. A WAP typically connects directly to a wired Ethernet connection, and the AP provides wireless connections over RF links to allow other devices to use that wired connection. Most access points support connecting multiple wireless devices to a wired connection. Wireless access often comes with special security considerations, since any device within range of the WAP can connect to the network. The most common solution is to encrypt wireless traffic. Modern hotspots have built-in encryption such as Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA), often used with a password or passphrase. Authentication in general, and WAP authentication in particular, is used as the basis for authorization, which determines whether a particular user or process can be granted a privilege, privacy that prevents information from being learned by non-participants, and he did not refuse this d. H. the inability to refuse something that you have been authorized to do based on authentication. Authentication in general, and WAP authentication in particular, can use an authentication server that provides a network service that applications can use to authenticate their users' credentials, typically account names and passwords. When a client submits a valid set of credentials, it receives a cryptographic ticket, which it can then use to access various services. Authentication algorithms include passwords, Kerberos, and public key cryptography.
State-of-the-art technologies for data networks can be based on single carrier modulation techniques such as AM (amplitude modulation), FM (frequency modulation) and PM (phase modulation) as well as bit coding techniques such as QAM (quadrature amplitude modulation). . and QPSK (Quadrature Phase Shift Keying). Spread spectrum technologies including Direct Sequence Spread Spectrum (DSSS) and Frequency Hopping Spread Spectrum (FHSS) are known in the art. Spread spectrum often uses multi-carrier modulation (MCM), such as B. OFDM (Orthogonal Frequency Division Multiplexing). OFDM and other spread spectrum are commonly used in wireless communication systems, especially in WLAN networks.
BAN. A wireless network may be Body Area Network (BAN) compliant, compliant, or based on the IEEE 802.15.6 standard, and the communication devices may include a BAN interface, which may include a BAN port and a BAN transceiver. The BAN can be a wireless BAN (WBAN), and the BAN connector can be an antenna, and the BAN transceiver can be a WBAN modem.
Bluetooth. Bluetooth is a wireless technology standard for exchanging data over short distances (using short-wavelength UHF radio waves in the ISM band from 2.4 to 2.485 GHz) between fixed and mobile devices and for building Personal Area Networks (PANs). You can connect multiple devices and thus overcome synchronization problems. A Personal Area Network (PAN) may be compliant with or based on the Bluetooth™ or IEEE 802.15.1-2005 standard. A Bluetooth controlled electronic device is described in US patent application at . 2014/0159877 to Huang entitled: "Bluetooth Controllable Electrical Appliance" and an electrical power supply is described in US patent application at . 2014/0070613 by Garb et al. entitled: "Supply of Electric Power and Related Methods", both incorporated in their entireties for all purposes as if fully set forth herein. Any personal area network (PAN) can conform to, be compliant with, or be based on the Bluetooth™ or IEEE 802.15.1-2005 standard. A Bluetooth controlled electronic device is described in US patent application at . 2014/0159877 to Huang entitled: "Bluetooth Controllable Electrical Appliance" and an electrical power supply is described in US patent application at . 2014/0070613 by Garb et al. entitled: "Supply of Electric Power and Related Methods", both incorporated in their entireties for all purposes as if fully set forth herein.
Bluetooth operates on frequencies between 2402 and 2480 MHz or 2400 and 2483.5 MHz, including guard bands that are 2 MHz wide at the low end and 3.5 MHz wide at the high end. This is in the globally unlicensed (but unregulated) 2.4 GHz short-range Industrial, Scientific and Medical (ISM) radio frequency band. Bluetooth uses a radio technology called Frequency Hopping Spread Spectrum. Bluetooth divides transmitted data into packets and transmits each packet on one of 79 designated Bluetooth channels. Each channel has a bandwidth of 1MHz and typically hops 800 times per second when Adaptive Frequency Hopping (AFH) is enabled. Low Power Bluetooth uses a 2MHz headroom that supports 40 channels. Bluetooth is a packet-based protocol with a master-slave structure. A master can communicate with up to seven slaves in a piconet. All devices share the master clock. Packet switching is based on the basic clock specified by the master, which pulses at a rate of 312.5 μs. Two clock pulses form a 625 μs slot, and two notches form a pair of 1250 μs notches. In the simple case of single-slot packets, the master transmits on even slots and receives on odd slots. The slave, on the other hand, receives on the even slots and transmits on the odd slots. Packets can be 1, 3 or 5 slots long, but in all cases the master's transmission starts on the even slots and the slave's on the odd ones.
A Bluetooth master device can communicate with a maximum of seven devices in a piconet (an ad hoc network of computers using Bluetooth technology), although not all devices reach this maximum. Devices can switch roles by agreement, and the slave can become the master (e.g., a headset that initiates a connection to a phone necessarily starts as the master, the initiator of the connection, but can then act as a slave). . The Bluetooth core specification provides for the interconnection of two or more piconets to form a sparse network, in which certain devices simultaneously play the role of master on one piconet and slave on another. Data can be transferred between the master and another device at any time (except in the rarely used streaming mode). The master selects the slave device to be addressed; it usually changes quickly from one device to another on a rotating basis. Because it is the master that chooses which slave to address, while a slave must listen on every receive slot, it is easier to be a master than to be a slave. It is possible to dominate seven slaves; It is difficult to be a slave to more than one master.
Bluetooth low energy. Bluetooth Low Energy (Bluetooth LE, BLE, traded as Bluetooth Smart) is a wireless personal area network technology developed and commercialized by the Bluetooth Special Interest Group (SIG) for emerging applications in healthcare, fitness, beacon, Security and home entertainment is provided. Compared to classic Bluetooth, Bluetooth Smart is designed to offer significantly lower power consumption and cost while maintaining a similar communication range. Bluetooth Low Energy is described in a Bluetooth SIG published on December 2, 2014 in the Standard Covered Base Package Version: 4.2 entitled: "main index&Conformance Requirements - Specification Volume0”, and in a 2012 article in Sensors [ISSN 1424-8220] by Caries Gomez et al. [Sensors 2012, 12, 11734-11753; doi:10.3390/s120211734] entitled: "Bluetooth Low Energy Overview and Review: An Emerging Low-Wireless-Power-Technologie“,which are incorporated in their entirety for all purposes as if fully set forth herein.
Bluetooth Smart technology operates in the same frequency band (2.400 GHz to 2.4835 GHz ISM band) as classic Bluetooth technology, but uses a different channel set. Instead of classic Bluetooth 79 1MHz channels, Bluetooth Smart has 40 2MHz channels. Within a channel, data is transmitted using Gaussian frequency shift modulation, similar to the classic Bluetooth basic rate scheme. The bit rate is 1 Mbit/s and the maximum transmission power is 10 mW. Bluetooth Smart uses frequency hopping to counter narrowband interference problems. Classic Bluetooth also uses frequency hopping, but the details are different; While the FCC and ETSI classify Bluetooth technology as an FHSS scheme, Bluetooth Smart is classified as a system using direct sequence spread spectrum or digital modulation techniques. All Bluetooth Smart devices use the Generic Attribute Profile (GATT). The application programming interface offered by a Bluetooth Smart compatible operating system is generally based on GATT concepts.
NFC. Any wireless communication here may be partially or fully compliant with, compatible with, or based on short-range communications such as Near Field Communication (NFC), with a theoretical working distance of 20 centimeters and a practical working distance of about 4 centimeters, and is commonly used with mobile devices such as smartphones used. NFC typically operates at 13.56 MHz as defined by the air interface ISO/IEC 18000-3 and with data rates ranging from 106 Kbit/s to 424 Kbit/s. NFC typically includes an initiator and a target; The primer actively generates an RF field that can energize a passive target. NFC peer-to-peer communication is possible as long as both devices are powered on.
NFC generally supports passive and active modes of operation. In passive communication mode, the initiating device provides a carrier field and the target device responds by modulating the existing field, and the target device can derive its operating power from the electromagnetic field provided by the initiator, turning the target device into a transponder. In active communication mode, both devices normally have power sources, and the source and target devices communicate with each other by alternately generating their own fields, with one device turning off its RF field while waiting for data. NFC typically uses amplitude-shift keying (ASK) and uses two different schemes to transmit data. At the data rate of 106 kbit/s, modified Miller coding with 100% modulation is used, while in all other cases Manchester coding with 10% modulation rate is used.
mobile phone. The cellular network may be compatible with or based on a third generation (3G) network using UMTS W-CDMA, UMTS HSPA, UMTS TDD, CDMA2000 1xRTT, CDMA2000 EV-DO or GSM EDGE-Evolution. The cellular network may be a fourth generation (4G) network using HSPA+, Mobile WiMAX, LTE, LTE-Advanced, MBWA, or may be based on or compliant with IEEE 802.20-2008.
Utensil. Household appliances are electrical and mechanical devices that use technologies for domestic use, such as B. Food handling, cleaning, laundry handling or environmental control. Household appliances are commonly used in domestic, institutional, commercial, or industrial settings to perform routine household tasks and are typically powered by electrical energy. The device can be a large piece of equipment, also known as "appliances", which is usually large, difficult to move, and is usually fixed to a specific point (usually on the floor or mounted on a wall or ceiling) and which uses electrical power . from the alternating current network (mains). Non-limiting examples of large appliances include washing machines, clothes dryers, dehumidifiers, conventional ovens, ovens, refrigerators, freezers, air conditioners, garbage compactors, ovens, dishwashers, water heaters, microwave ovens, and induction cooktops. The device can be a small device, also known as “brown items”, which is usually a small portable or semi-portable device and is usually a desktop or countertop device. Examples of small appliances are televisions, CD and DVD players, home cinema and hi-fi systems, telephones and answering machines, and devices for preparing beverages such as coffee and tea makers.
The primary function of some household appliances is to store food, usually refrigeration-related appliances such as refrigerators and freezers. The main function of other household appliances is to prepare food, such as B. conventional (stove) or microwave ovens, electric mixers, food processors and electric mixers and beverage machines such. B. coffee machines and ice tea machines. Some food-related appliances commonly found in a home kitchen are shown in
Clothing. As used herein, the term “wearable device” (or “wearable”) includes a body-worn device (or article) designed or intended for human use. These devices are typically worn and worn or worn by the human body for convenience, and are commonly used to provide consistent, convenient, continuous, portable, and mostly hands-free access to electronic devices and computers. Wearable devices may be in direct contact with the human body (e.g. by touching or adhering to the skin of the body) or may be removably attached to clothing or other articles intended or designed for use on the human body. In general, the goal of wearable technology is to bring functional, portable computers and electronic devices into people's everyday lives. Wearable devices can be releasably attached to the human body using attachment means such as straps, buckles, belts, or clips. Alternatively or additionally, wearable devices may be shaped, structured, or have a form factor to be detachable or body-attached, such as using eyeglass or headset frames. Additionally, portable devices can be worn under, with, or over clothing.
Wearable devices may interact as sensors or actuators with a human body part or organ, for example a head worn wearable device may include a display suspended in front of the user's eye without assisting the user's vision. Examples of wearable devices include watches, glasses, contact lenses, pedometers, chest straps, wristbands, headbands, wristbands, belts, headwear, hats, glasses, watches, slippers, clothing, ear pads, textiles, smart electronics and fabrics, headbands, hats and caps as well Jewelry such as rings, bracelets, and hearing aid-like devices that resemble earrings. A wearable device may be identical in structure, design, or form factor, be substantially similar, or at least partially replace a traditional wearable device.
A wearable device may be headgear, which may be structured, designed, or have a form factor identical to, substantially similar to, or at least partially superseded by, any headgear. The headgear may be attached to or in contact with any part of the head, such as B. Face, nose, right nostril, left nostril, right cheek, left cheek, right eye, left eye, right ear or left ear, nose, mouth, lip, forehead or chin. A wearable device may be structured, designed, or have a form factor identical to, substantially similar to, or at least at least a bonnet, cap, crown, tie, headdress, hat, helmet, hood, mask, turban partly a substitute for it. veil or wig
A headgear may be an eyewear accessory that may be identical in structure, design, or form factor to, substantially similar to, or at least partially a substitute for a pair of protective eyewear such as eyeglasses, goggles, sunglasses, contact lenses, a blindfold, or glasses. . A head protection device may be a headset, which may be structured, shaped, or have a form factor that is identical, substantially similar, or at least partially superseded by any headset element, such as a headphone, headset with receiver, headset, or similar hearing protector.
A wearable device can be detachable, permanently attached, or be part of a garment, such as a a tie, sweater, jacket or hat. The attachment may use tape, glue, pins, fasteners, encapsulation, or any other attachment or integration method known in the art. Also, in some embodiments, there may be an attachment element, such as a pin or latch and hook system, part thereof (with the mating element on the article to which it is attached), or a clip. In one non-limiting example, the clasp has a clip-like design to allow attachment to bags, belts, watches, bracelets, brooches, rings, shoes, hats, bicycle handlebars, necklaces, ties, glasses, necklaces, socks, and so forth. wallets, purses, wallets or lanyards.
A wearable device may be attached to the top of an undergarment such as a bra, nightgown, or t-shirt, an undergarment such as a diaper, panties, plastic pants, panties, tanga, panties, boxer shorts, boxer shorts, or panties, or a full-body undergarment such as a bodysuit, long johns, bodysuits or terry cloth. Similarly, a wearable device may be removably or permanently attached to or form part of headgear, such as a headgear. a baseball cap, beret, baseball cap, hat, helmet, hood, cap, hat, turban or veil. Similarly, a wearable device may be detachably or permanently attached or part of footwear, such as athletic shoes, boots, heels, dress shoes, slippers, socks, sandals, shoes, leggings, slippers, socks, or stockings. In addition, a wearable device may be detachable, permanently attached, or part of an accessory, such as a a scarf, jewelry. , muff, tie, pocket protector, pocket watch, cummerbund, bandana, sunglasses, suspenders, umbrella, purse or watch.
A wearable device may be detachable or permanently attached to an outer garment such as an apron, jacket, British warm coat, raincoat, cape, chesterfield, overcoat, overcoat, cut, duffle coat, flight jacket or part waistcoat, protective jacket, protective jacket, harrington jacket, hoodie, down jacket, leather jacket, dining jacket, opera jacket, coat, parka, paletot, caban, poncho, raincoat, cape, safari jacket, scarf, shrug, ski suit, blanket with sleeves, tuxedo, sport coat , trench coat, ulster coat, waistcoat or windbreaker. Similarly, a wearable device can be permanently removed from or attached to a suit (or uniform), or made part of it, such as a suit (or uniform). , Overalls, Kasaya, Lab Coat, Military Uniform, Dressing Gown, Overalls, Pants Suit, Red Sea Suit, Overalls, School Uniform, Smock, Stroller, Tuxedo or White Tie. In addition, a wearable device may be detachably or permanently attached to or form part of a dress, such as a prom dress, puffer dress, cloak, cocktail dress, debutante dress, formal wear, smock, prom dress, evening dress, a dressing gown, a house dress, a sweater, a little black dress, a princess line, a fitted dress, a shirt dress, a tight dress, a strapless dress, a sundress, a wedding dress or a wrap dress. In addition, a wearable device may be detachably or permanently attached to or be part of a skirt, such as a flared skirt, ballerina skirt, denim skirt, men's skirt, mini skirt, pencil skirt, prairie skirt, etc., a rah rah skirt, a sarong, culottes, tutu or coat. In one example, a wearable device may be detachable, permanently attached, or part of a pair of pants (or shorts), such as a pair of pants. B. flared pants, beach shorts, bondage pants, capris, cargo pants, leggings, beach shorts, bike pants, dress pants, high rise water pants, drop rise pants, jeans, breeches, leggings, jumpsuits, palazzo pants, parachute pants, pedal pants, wide leg pants, shorts , tights, sweatpants, sweatpants or yoga pants. In an example, a wearable device may be removably or permanently attached to or be part of a blouse, such as a blouse, crop top, dress shirt, guayabera, guernsey, halter top, henley shirt, hoodie , a sweater, a polo shirt, a shirt, tank top, sweater, sweater vest, t-shirt, tube top, turtleneck sweater or twin set.
A wearable device may have a structure, design, or form factor identical to, substantially similar to, or at least partially a substitute for, a fashion accessory. These accessories can be purely decorative or have a purpose beyond aesthetics. Examples of these accessories include but are not limited to rings, bracelets, necklaces, watches, watch bands, bags, purses, earrings, body rings, headbands, glasses, belts, ties, tie clips, wallets, shoes, pendants, charms and pompoms. For example, wearable devices can also be built into bags, steering wheels, keyboards, pens, and bicycle grips.
In one example, the wearable device may be molded or integrated into a device that includes an annular member that defines an opening therethrough sized to receive a human body part therein. The body part can be part of a human hand, such as an arm, elbow, forearm, wrist (such as a bracelet), or a finger (such as a ring). Alternatively or additionally, the body part may be part of a human head or neck, such as a forehead, an ear, a skull or a face. Alternatively or additionally, the body part may be part of a human chest or abdomen, such as a waist or hip. Alternatively or additionally, the body part may be part of a human leg or foot, such as a thigh, calf, ankle, instep, knee or toe.
In one example, the wearable device may be molded or embedded in a ring. The ring may include, consist essentially of, or consist of a stem, which is the site that provides an opening for a finger, and a head, and a head, which in some embodiments includes, consist essentially of, or consist of ornamental features of the ring consists of it houses the assembly signaling of this device. The head can have any shape, for example, a regular sphere, a truncated sphere, a cube, a rectangular prism, a cylinder, a triangular prism, a cone, a pyramid, a barrel, a truncated cone, a convex cylinder, a truncated cylinder, a ellipsoid, a regular polygonal prism or three truncated. dimensional polygon with, for example, 4-16 sides, such as a truncated pyramid (trapezium) or a combination thereof, or may be of irregular shape. In addition, the head may include a top surface containing and configured to display one or more jewels and/or ornamental designs.
A mobile communication device configured to be worn on the index finger of a user's hand is described in Carroll's US Patent Application Publication 2015/0373443 entitled: "Mobile Communication Device for Finger Use", which is published in its entirety for includes all purposes if fully set forth herein. The device contains a housing, a microphone, a switch and a power supply. The microphone and switch are strategically placed along the shape of the housing so that the hand wraps around the microphone when worn on the user's index finger and when the switch is activated with the thumb of the user's hand to create a natural barrier form the environment. Noise. In addition, the microphone can be positioned close to the corner of the user's mouth to create optimal conditions for voice reception and allow for more private audio input.
A user controls an external electronic device with a ring-mounted touch screen disclosed in the US patent application publication. inside 2015/0277559 to Vescovi et al. entitled: "Arrangements and Methods for a Ring Computing Device," which is incorporated in its entirety for all purposes as if fully set forth herein. The device includes a computer processor, a wireless transceiver and a rechargeable power supply; wearing the ring on a first finger, receiving information from a second finger, selecting one of a plurality of touch events associated with the input, and wirelessly transmitting a command associated with the touch event to the external electronic device.
In the US patent application publication, a mobile communication device comprising a fashion accessory and a display assembly is described. inside 2015/0349556 to Mercadano et al. entitled: "Mobile Communication Devices," which is incorporated in its entirety for all purposes as if fully set forth herein. The cue set can be configured to provide sensory input such as a flashing LED light and vibration. These stimuli may vary depending on the signal received from a remote communication device or the gestures made by a user or the information stored in the mobile communication device.
A portable fitness tracking device is disclosed in US Pat. 8,948,832 to Hong et al. entitled: "Portable Heart Rate Monitor," which is incorporated in its entirety for all purposes as if fully defined herein. The device contains a motion sensor and a photoplethysmographic (PPG) sensor. The PPG sensor includes (i) a periodic light source, (ii) a photodetector, and (iii) circuitry that determines the user's heart rate from an output of the photodetector. Some embodiments provide methods for operating a heart rate monitor of a wearable fitness tracking device to measure one or more characteristics of a heart rate waveform. Some embodiments provide methods for operating the wearable fitness tracking device in a low power state when the device determines that the user is not wearing it. Some embodiments provide methods for operating the wearable fitness tracking device in a normal power state when the device determines that the user is wearing it.
In U.S. Patent No. 8,957,988 to Wexler et al. entitled: "Imaging Device for Extending Battery Life", which is incorporated in its entirety for all purposes as if fully set forth herein. In one implementation, a wearable device may include a wearable image sensor configured to capture a plurality of images of a user's surroundings. The handheld device may also include at least one processing device configured to process representations of the plurality of images in a first processing mode to later determine a value of at least one capture parameter for use in capturing the at least one image and later in a second processing mode it processes the representations of the plurality of images to extract information. In addition, at least one processing device can operate in the first processing mode when the portable device is powered by a mobile power source contained within the portable device, and can operate in the second processing mode when the portable device is powered by a mobile power source.external power source . Force.
A wearable device can be used to notify a person through, for example, tactile, visual, or auditory stimulation, such as described in US patent application at . 2015/0341901 by RYU et al. entitled: "Method and Apparatus for Providing Notifications," incorporated in its entirety for all purposes as if fully set forth herein, and describing an electronic device, comprising: a transceiver configured to communicate with at least one portable device and from the at least one portable device, status information indicating whether the at least one portable device is currently in use; and a processor configured to determine whether to send a notification request to at least one portable device based on status information received from the transceiver.
A communication device, system and method are described, for example, in US patent application at . 2007/0052672 to Ritter et al. entitled: "Equipment, System and Method of Communication", which is included in its entirety for all purposes as if fully set forth in this document. It comprises a virtual retinal display (VRD) in the form of glasses (1), at least one haptic sensor (12), which is attached to the frame of the glasses or connected to it via a short-range communication interface (13), glasses (1), in which by means of a Cursors can be navigated through an image represented by the Virtual Retinal Display (VRD) with at least one haptic sensor (12). A central control unit controls (11) the Virtual Retina Display (VRD) and at least one haptic sensor (12). When the virtual retinal display (VRD) is connected to an external device (2, 9) via a short-range communication interface (13), the user can browse the content of the external device (2, 9) using a simple haptic sensor (12).
Portable communication devices, e.g. implemented in a watch, using short-range communication with a mobile phone, and providing a natural and intuitive user interface with a low-power implementation are described, for example, in US patent application at . 2014/0045547 by Singamsetty et al. entitled: "Portable Communications Device And User Interface," which is incorporated in its entirety for all purposes as if fully defined herein. The devices allow a user easy access to all of the phone's features while a phone is nearby but not visible. Notification comes with vibration, an LED light, and an OLED text indicator for incoming calls, text messages, and calendar events. Enables hands-free communication. This allows you to use the communication device as a "remote control" for home devices, etc. through voice and touch. The device includes interface motion sensors such as accelerometers, magnetometers and gyroscopes, infrared proximity sensors, vibration motor, and/or voice recognition. Low power consumption is achieved by dynamically configuring sensor parameters to support only the required sensor functions in each device state.
A handheld electronic device configured to control and control a variety of nearby wireless devices is disclosed in US Patent No. 7,605,714 to Thompson et al. entitled: "System and Method for Controlling and Controlling Wireless Devices Using a Portable Device", which is incorporated in its entirety for all purposes as if fully contemplated in this document. The portable device dynamically creates a user interface that corresponds to the services of a given wireless device. Via the user interface, the wireless device displays content to a user and allows the user to select interactions with the wireless devices using the wearable device.
apparatus and methods for remote control and/or interaction with electronic devices such as computers; home entertainment systems; media centers; TV; DVD players; video recorder; music systems; Apparatus; security systems; toys and games; and/or displays are described in Wieder U.S. Patent No. 8,508,472 entitled: "One Button Control Portable Remote Control" which is fully incorporated for all purposes as if fully set forth in this document. A user may direct a pointer (e.g., a laser pointer) to place a pointer point on/near an object or objects on one or more active monitors; and/or fixed monitor(s); and/or on real world objects within a pointer point detection area or display area. Detectors, imagers and/or cameras may be connected/attached to the display area and/or a structure connected/attached to the display area. When the user initiates a "pick", the detectors/cameras can recognize the position of the pointer point within the display area. According to the user's choice(s); Control actions can be performed on the controlled/interacted devices and optionally additional selection menus can be presented on an active screen.
A hand control consisting of a housing with a central opening sized to allow the control to be worn as a ring on the index finger of a human hand is disclosed in US Patent Application Publication. inside 2006/0164383 by Machin et al. entitled: "Remote Controller Ring for User Interaction," which is incorporated in its entirety for all purposes as if fully set forth herein. A joystick protrudes from the housing and is positioned to be manipulated by the user's thumb. The joystick operates one or more control devices, such as switches or potentiometers, that generate control signals. A wireless communication device, such as a Bluetooth module, mounted in the housing transmits command signals to a remote control device indicative of the movement or position of the joystick.
A wearable augmented reality computing device having a display screen, a reflective device, a computing device, and a head-worn wiring harness to house these components is described in US Patent Application Publication No. 2012/0050144 by Morlock entitled: Apparatus. which is incorporated herein in its entirety for all purposes as if fully set forth herein. The display device and the reflective device are configured such that a user can see the reflection of the superimposed display device with respect to reality reflective device the use of the device is for vehicle or pedestrian navigation. The wearable monitor and general purpose computing device can be combined into a single device, such as a smartphone. Additional components consist of orientation sensors and input devices or laptops.
In one example, a wearable device may use or be based on a processor or microcontroller designed for wearable applications, such as B. the wireless multi-standard MCU SimpleLink ™ CC2650 available from Texas Instruments Incorporated (located in Dallas, Texas, USA). . ) and described in a 2015 Texas Instrument publication #SWRT022 entitled: "SimpleLink™ Ultra-Low Power - Wireless Microcontroller Platform" and in a 2015 Texas Instrument datasheet #SWRS158A (published February 2015, revised in October 2015. 2015) entitled: “CC2650 SimpleLink™ Multistandard Wireless MCU”, which are incorporated in their entirety for all purposes as if set forth herein in their entirety.
An example of a personal multimedia electronic device, and in particular a head worn device such as an eyeglass frame, is described in US patent application at . 2010/0110368 to Chaum entitled: "System and Devices for the Spectacle Apparatus Platform" which is fully incorporated for all purposes as if fully set forth herein. The device has several interactive electrical/optical components. In one embodiment, a personal multimedia electronic device includes an eyeglass frame having a side arm and an optical frame; an output device for providing an output to the user; an input device for receiving an input; and a processor comprising a set of programming instructions for controlling the input device and the output device. The output device is carried by the eyeglass frame and is selected from the group consisting of a speaker, a bone conduction transmitter, an image projector, and a touch actuator. The input device is carried by the frame of the glasses and is selected from the group consisting of an audio sensor, a haptic sensor, a bone conduction sensor, an image sensor, a body sensor, an environmental sensor, a receiving system, a global positioning device and an eye tracker. In one embodiment, the processor applies user interface logic that determines a state of the eyeglass device and determines the output in response to the input and the state.
An example of glasses for a wearer is described in US patent application. 2012/0050668 Howelle et al. entitled: "Touchscreen Glasses," which is incorporated in its entirety for all purposes as if fully defined herein. The eyewear includes an eyewear frame, electrical circuitry at least partially located within the eyewear frame, and a touch-sensitive input surface on the eyewear frame configured to provide input to electrical circuitry to perform a function by touching the input surface. In a further embodiment, the glasses include a switch that has at least two operating states. The operating states of the switches can be configured to change by sliding a finger across the board's touch-sensitive input surface.
An example of a portable computing device is disclosed in US patent application on . 2013/0169513 by Heinrich et al. entitled: "Portable Computing Device," which is incorporated in its entirety for all purposes as if fully set forth herein. The device includes a bone conduction transducer, extension arm, light connector, and flexible touchpad input circuitry. When a user wears the device, the transducer makes contact with the user's head. A screen is attached to a free end of an extension arm. The extension arm pivots so the distance between the screen and the user's eye is adjustable for optimal screen positioning. The light passage hole may include a light emitting diode and a flash. The touch pad input circuitry may be attached to at least one side arm such that no dividing lines are provided between the edges of the circuitry and the side arm.
Hash Function A hash function is any function that can be used to map data of any size to data of a fixed size, and the values returned by a hash function are called hash values, hash codes, digests, or simply hashes. One use is a data structure called a hash table, widely used in computer software for rapid data lookups, where hash functions speed up a table or database lookup by detecting duplicate records in a large file. With a cryptographic hash function, you can easily verify that some input data maps to a specific hash value, but when the input data is unknown, it is intentionally difficult to reconstruct it (or equivalent alternatives) given the stored hash value know. Hash functions can include checksums, check digits, fingerprints, lossy compression, encryption functions, error correction codes, and ciphers. Hash functions are described in an article by Jun Wang, Wei Liu, Sanjiv Kumar, and Shih-Fu Chang published September 17, 2015 in PROCEEDINGS OF THE IEEE (http://arxiv.org/abs/1509.05472v1) with the Title " :"Learning Hashing to Index Big Data: A Survey,”and in a book by Josef Pieprzyk and Babak Sadeghiyan, published in 1993 by Springer-Verlag [ISBN 3-540-57500-6] with the title: "Design of Hash Algorithms”.which are incorporated in their entirety for all purposes as if fully set forth herein. The hash table concept is a generalized idea of an array where the key does not have to be an integer. We can have a name as key or any object as key. Hash functions are used in hash tables to quickly find a record (such as a dictionary definition) based on its search key (the keyword). In particular, the hash function is used to match the search key to a list; The index provides the location in the hash table where the corresponding record should be stored. Hash tables are also used to implement associative arrays and dynamic sets. Typically, a hash function's domain (the set of possible keys) is larger than its range (the number of different table indexes), and so it assigns many different keys to the same index, which can lead to collisions. Therefore, each slot in a hash table is associated (implicitly or explicitly) with a set of records rather than a single record. For this reason, each slot in a hash table is often called a bucket, and the hash values are also known as a bucket list or bucket index.
In general, good hash functions are required to satisfy certain properties listed below. The exact requirements depend on the application. For example, a hash function that is good for indexing data is probably a poor choice for a cryptographic hash function. A hash procedure must be deterministic, which means it must always produce the same hash value for a given input value. That is, it must be a function of the data to be processed in the mathematical sense of the term. This requirement excludes hash functions that depend on external variable parameters, such as pseudo-random number generators or the time of day. It also excludes functions that depend on the memory address of the object being hashed, in cases where the address may change during execution, although it is sometimes possible to re-hash the item. Determinism is related to the reuse of functions. Also, a good hash function should map the expected inputs to its output domain as smoothly as possible. That is, each hash value in the output range should be generated with roughly the same probability. The reason for this last requirement is that the cost of hash-based methods increases dramatically as the number of collisions (pairs of inputs mapped to the same hash value) increases. When some hashes are more likely to occur than others, a larger fraction of the lookups need to search a larger set of conflicting table entries. Note that this criterion only requires that the value be evenly distributed, not random in any way. A good randomizer function is generally a good choice (except for computational efficiency issues) as a hash function, but the converse need not be true. Hash tables typically contain only a small subset of valid entries. For example, a club's membership list may contain only a hundred or so member names out of a very large set of all possible names. In these cases, the uniformity criterion must be satisfied for almost all typical subsets of entries found in the table, and not just for the global set of all possible entries. When testing a hash function, the evenness of the distribution of hash values can be assessed using the chi-square test.
It is often desirable for the output of a hash function to be of fixed size. For example, if the output is limited to 32-bit integer values, the hashes can be used to index into an array. Such a hash is often used to speed up data searches. On the other hand, cryptographic hash functions produce much larger hash values to ensure the computational complexity of brute force inversion. For example, SHA-1, one of the most widely used cryptographic hash functions, generates a 160-bit value. Generating a fixed-length output from a variable-length input can be achieved by dividing the input data into blocks of a specific size. The hash functions used for data lookup use an arithmetic expression that iterates over parts of the input (such as characters in a string) to produce the hash value. In cryptographic hash functions, these chunks are processed with a one-way compression function, and the last chunk is padded as needed. In this case, its size, called the block size, is much larger than the size of the hash. For example, with SHA-1, the hash value is 160 bits and the block size is 512 bits.
Also, in many applications, the range of hash values may be different for each execution of the program, or may change over the course of the same execution (e.g., when a hash table needs to be expanded). In these situations, a hash function is needed that accepts two parameters: the input data z and the number n of allowed hashes. A common solution is to calculate a fixed hash function with a very large range (e.g. 0 to 232-1), divide the result by n and use the remainder of the division. If n itself is a power of 2, this can be done by masking and bit shifting. Using this approach, the hash function should be chosen such that the result is fairly evenly distributed between 0 and n-1, no matter what value of n may occur in the application. Depending on the function, the remainder may only be uniform for certain values of n, e.g. odd or prime numbers.
IETF RFC 4634 (dated July 2006) entitled: "US Secure Hash Algorithms(SHA is HMAC-SCHA)", which is incorporated in its entirety for all purposes as if set forth herein in its entirety, describes a number of Secure Hash Algorithms (SHAs), including four in addition to SHA-1, as part of a federal data processing standard. Data Information ( FIPS), specifically SHA-224 (RFC 3874), SHA-256, SHA-384, and SHA-512. The purpose of this document is to make the source code that performs these hashing functions conveniently available to the hashing community Internet sample code supports input strings of arbitrary bit length RFC 3174 SHA-1 sample code has also been updated to handle input strings of arbitrary bit length Most of the text here has been adapted by the authors of FIPS 180-2 IETF RFC 3874 (dated September 2004 ) entitled: "A 224-bit one-way hash function: SHA-224", which is incorporated in its entirety for all purposes as if set forth in its entirety in this document o which describes a one-way hash function 224-bit hash function, called SHA-224. SHA-224 is based on SHA-256 but uses a different initial value and the result is truncated to 224 bits.
In U.S. Patent No. 9,241,044 to Shribman et al. entitled "System and Method for Enhancing Internet Communications Using Intermediate Nodes," which is incorporated in its entirety for all purposes as if fully set forth herein (hereinafter "the '044 Patent"). The client device accesses an accelerator server to get a list of available tunnel devices. The requested content is divided into segments and the client device sends a request for the segments to the available tunnel devices. The tunnel devices, in turn, receive the segments from the data server and send them to the client device, where the content is reconstructed from the received segments. A client device can also serve as a tunnel device and act as an intermediate device for other client devices. Likewise, a tunnel device can also serve as a client device to retrieve content from a data server. The selection of tunnel devices to be used by a client device can be done on the accelerator server, on the client device, or on both. The partitioning into segments may or may not be overlapped, and the same segment (or all of its content) can be reached through multiple tunneling devices.
In one example, the '044 patent describes that access to a data server is enhanced through the use of an intermediate device, referred to as a "tunnel" device, that executes a "tunnel" flowchart.
A schematic message flow diagram60per '044 patent describing the customer's device number1 31Aassociated flowchart for content retrieval and tunnel device#1 33AThe associated flow chart is shown in
When accessing the data server #1 22Awas instantiated above with tunnel device #1 33Aas an intermediary device, the system and the client #1 31AYou can use multiple tunnel devices to pull content from the same data server#1 22A.Two, three, four or any other number of tunnel devices serving as intermediate devices with the same or a similar function as the tunnel device#1 33A,can also be used. In an example, three tunnel devices can be used, such as adding the tunnel device number2 33Band tunnel device #3 33C,no system shown50She
In one example, three different data paths might be involved in content retrieval. In addition to the message data path60, a message flow60AIt is shown in it
A system and method for broadcasting media from multiple sources is described in US patent application publication. inside 2016/0337426 to Shribman et al. entitled: "System and Method for Transferring Content from Multiple Servers", which is incorporated in its entirety for all purposes as if fully specified in this document. A client device requesting content accesses a server for a list of available sources, which can span multiple Content Delivery Networks (CDNs) and standalone servers. Based on predefined criteria, such as B. feed performance and delivery costs, the client device divides the content into chunks, assigns a source to each chunk, and simultaneously receives media streams of the content chunks from the assigned sources. The server can be a video-on-demand (VOD) server and the content can be a single video data file, such as a movie. The delivery performance of the sources used is measured during transmission to update the split or allocation. The updated measured performance can be stored locally on the client's device or on a server for use by other clients. Client actions can be implemented as client-side script.
In Patent Cooperation Treaty (PCT) publication WO 2019/043687 by Shribman et al. entitled: "System and Method for Improving Content Obtainment by Selecting Tunnel Devices" which is incorporated in its entirety for all purposes as if fully set forth in this document The tunnel device is selected based on an attribute such as IP geolocation. A tunnel bank server stores a list of available tunnels that can be used, associated with values of various types of attributes. Tunnel devices initiate communication and connect to the tunnel bank server, enabling a tunnel bank server-initiated communication session. After receiving a content request from a client and specific attribute types and values, the tunnel bank server chooses a tunnel and uses it as a tunnel to retrieve the required content from the web server Standard protocol such as SOCKS, WebSocket or HTTP proxy. The client only communicates with a super proxy server that manages the content retrieval scheme.
An aggregation or combination of application or content delivery networks is described in Wolfe U.S. Patent 9,378,473 entitled "Application and Content Delivery Network Aggregation," which is incorporated in its entirety for all purposes as if it were contained in this document would be fully explained. Aggregation or combination is used to improve service quality, including content and media delivery within a city, state, country and internationally. The aggregation is formed by combining multiple CDNs or DNAs to create a larger server and network area. The benefits of each CDN or ADN are aggregated to provide better CDN/ADN service to the customer and end users.
Systems and techniques for transparently intercepting and optimizing resource requests are described in US patent application publication at . 2015/0163087 to Conner et al. entitled: "Transparently Intercepting and Optimizing Resource Requests," which is incorporated in its entirety for all purposes as if fully set forth herein. Some modalities can send a request to a server. In response to the request, the implementations may receive a first script and at least one second script from the server, the first script containing instructions for intercepting calls to a set of functions, and the second script containing at least one call to at least one function in the set of functions. The first script can then be executed, causing subsequent calls to each function in the function set to be intercepted by an appropriate resource optimization handler. Then the second script can be executed. If the second running script calls a function in the function set, the function call can be intercepted and a resource optimization handler corresponding to the function can be called instead of calling the function.
site. A web page (also known as a webpage) is a document that functions as a web resource on the World Wide Web. A web browser is typically used to retrieve and display web pages from the Internet, for example from a remote web server, using the Hypertext Transfer Protocol (HTTP) to make these requests to the web server. Typical web pages are hypertext documents containing hyperlinks for navigating to other web pages. While the term web page generally refers to what is visible, it can also refer to the content of the source code itself, which is typically a text file containing hypertext written in HTML or a comparable markup language. Most desktop web browsers provide the ability to view source code, but this feature may be absent or hidden in mobile browsers. Web browsers often need to access various elements of web resources such as style sheets, scripts, and images while rendering each web page.
A website usually contains a group of web pages that are linked to each other or have some other consistent method of navigation. The most important web page of a website is the index page. Depending on your web server configuration, the index page can have any name, but the most common names are index.html and index.php. When a browser visits a website's home page or any URL that points to a directory rather than a specific file, the web server serves the index page. A static web page is delivered exactly as it is stored, as HTML-formatted web content on the web server's file system. On the other hand, a dynamic web page is generated by a web application driven by server-side software, running on the client-side (in the web browser), or both. Dynamic web pages help the browser (the client) improve the web page based on user input to the server.
As a collection of information, a web page typically contains various types of information for the end user to see, hear, or interact with. This perceived information can include textual information (with different representation variations) as well as non-textual information. Non-text information can include static images (like raster graphics, typically JPEG, GIF, or PNG; or vector formats like SVG or Flash), animated images (typically animated GIF and SVG, but also Flash, Shockwave, or Java applets). ), audio (usually MP3, Ogg or various proprietary formats) and video (such as WMV (Windows), RM (RealMedia), FLV (Flash Video), MPG or MOV (QuickTime) formats). Interactive information can include interactive text (eg, DHTML) and interactive illustrations (which can range from click-to-play images to games, often using script orchestration, Flash, Java applets, SVG, or Shockwave). Other interactive information may include buttons, which are forms that provide an alternative interface, typically for use with DHTML scripting and orchestration, hyperlinks, and forms. Internal information that is usually hidden can include hyperlink files (like DOC, XLS, PDF, etc.), metadata (like semantic metadata, character set or document type definition (DTD) information), schema and style information. (e.g. information about elements (e.g. image size attributes) and visual specifications such as cascading style sheets (CSS) and scripts (usually JavaScript, complement interactivity and functionality).
A static web page (sometimes referred to as a flat page or stationary page) is a web page that is served to the user's web browser exactly as it is stored in the web server's file system. Dynamic web pages are generated by a web application, which typically retrieves data from a database to complete a web template and then serves the generated page to the user's browser. A server-side dynamic web page is a web page whose construction is controlled by an application server that processes server-side scripts. In server-side scripts, parameters determine how the composition of each new web page is done, including setting up client-side post-processing. A client-side dynamic web page renders the web page using HTML scripts that run in the browser as it loads. JavaScript and other scripting languages determine how the incoming page's HTML is parsed into the Document Object Model (DOM) that represents the loaded web page. The same client-side techniques can dynamically update or change the DOM in the same way.
A dynamic web page is reloaded by the user or a computer program to change variable content. The update information may come from the server or from changes to the DOM for that page. This may truncate your browsing history or create a saved version that you can return to, but dynamic webpage refresh using Ajax technologies does not create a page that you can return to, nor does it clip your browsing history from the page you are viewing. . With Ajax technologies, the end user gets a dynamic page that is rendered as a single page in the web browser, while the actual web content rendered on that page may vary. The Ajax engine simply sits in the browser and requests parts of its DOM, the DOM, for its client from an application server.
geolocation. IP-based geolocation (commonly known as geolocation) is a mapping of an IP address (or MAC address) to the actual geographic location of an internet-connected computing device or mobile device. Location data based on IP addresses may include information such as country, region, city, zip code, latitude, longitude, or time zone. Deeper datasets can determine other parameters such as domain name, connection speed, ISP, language, proxies, company name, US DMA/MSA, NAICS codes, and residential/commercial classification. The geolocation is mentioned in the post entitled: "in the street-customer level-Independent IP Geolocation”by Yong Wang et al., downloaded from the Internet in July 2014, and in a 2011 white paper by the Information Systems Audit and Control Association (ISACA): "Geolocation: Risks, Problems and Strategies”,which are incorporated in their entirety for all purposes as if fully set forth herein. There are several commercially available geolocation databases such as B. the website http://www.ip2location.com operated by Ip2location.com of Penang, Malaysia, which offers IP geolocation software applications and the geolocation can be obtained from IpInfoDB, which operates the website. http://ipinfodb.com, and by Max Mind, Inc. located in Waltham, Mass., USA, which operates the website https://www.maxmind.com/en/home. Determining the geographic location of Internet hosts is discussed in a January 2007 article by Doxa Chatzopoulou and Marios Kokkodis of the UC Riverside Department of Computer Science and Engineering entitled "IP geolocation”,which is incorporated in its entirety for all purposes as if fully set forth herein. Various IP geolocation techniques are discussed in an article (ISSN: 0975-9646, downloaded from the web August 2017) by Jayaprabha Bendale and Prof. J. Ratanaraj Kumar, both of the G.S. Moze College of Engineering, Balewadi, Pune-45, University of Pune, Pune, India, published in (IJCSIT) International Journal of Computer Science and Information Technologies, vol. 5(1), 2014, 436-440 and entitled: “Review of different methods and concepts of IP geolocation”,which is incorporated in its entirety for all purposes as if fully set forth herein.
Additionally, the W3C Geolocation API is an attempt by the World Wide Web Consortium (W3C) to standardize an interface for retrieving geographic location information for a client-side device. Defines a set of objects conforming to the ECMA scripting standard that, when executed in the client application, provide the location of the client device by querying location information servers transparent to the application programming interface (API). The most common sources of location information are IP address, Wi-Fi and Bluetooth MAC address, Radio Frequency Identification (RFID), Wi-Fi or GPS device connection location, and GSM/CDMA cell IDs. The location is returned with some accuracy based on the best available source of location information. The W3C Recommendation for Draft Geolocation API Specifications of 24 October 2013 is available at http://www.w3.org/TR/2013/REC-geolocation-API-20131024. Geolocation-based addressing is described in US Patent 7,929,535 to Chen et al. entitled "Geolocation-Based Addressing Method for IPv6 Addresses" and in U.S. Patent 6,236,652 to Preston et al. entitled: "Geospatial Internet Protocol Addressing" and described in US Patent Application Publication 2005/0018645 by Mustonen et al. entitled: "Use of Geographic Location Information from the IP address," which are incorporated in their entirety for all purposes as if fully set forth herein.
Methods and systems for geolocation routing and network condition simulation are described in US Pat. 9,660,895 Bennett entitled: "Geolocation Routing and Simulation Network Conditions," which is incorporated in its entirety for all purposes as if fully set forth herein. A network traffic profile is determined for a client device. A network access server selects a terminal server based on the location of the selected terminal server. The web access server routes traffic from the client device to an external server through the selected endpoint server. Network traffic from the client device to the external server appears to originate from a chosen endpoint server network address. Network traffic conditions are simulated based on the network traffic profile.
Techniques for accessing the Internet anonymously are described in US Pat. 8,302,161 to Burch et al. entitled: "Techniques for Anonymous Internet Access", which is incorporated in its entirety for all purposes as if fully provided in this document. Internet requests are intercepted in a firewall environment before being forwarded to destination websites over the Internet. Each web request is evaluated against the policy, and one or more anonymizers are selected in response to that evaluation. Internet requests are then routed through the appropriate anonymizers for processing on the target sites. A relationship between an Internet Protocol (IP) address assigned to the firewall environment and the IP addresses of target websites is masked and hidden from Internet viewers by anonymizers. In addition, secure communication is maintained between the firewall environment and the anonymizers.
A method and apparatus for selectively using an anonymous proxy is disclosed in Li U.S. Patent No. 8,301,787 entitled: "Selective Use of Anonymous Proxies", which is incorporated in its entirety for all purposes as if it were in its would be set out in this document in its entirety. A request for User Content is received. It is determined whether the user's request meets the context criteria. If the user's request meets the context criteria, the user's request is forwarded to an anonymous proxy. If the user's request does not meet the contextual criteria, the request is sent directly to a content provider.
For use with a network of user-browsable server pages based on identifiers received at server pages that are personal to users, alternative proxy systems are presented to provide surrogate server page identifiers that allow users to browse pages on servers anonymously via the Proxy system to browse in Pat USA. inside 5,961,593 to Gabber et al. entitled: "System and Method for Providing Personalized Anonymous Browsing Through a Proxy System in a Network", which is fully included for all purposes as if fully contemplated in this document. A central proxy system contains computer-executable routines that process site-specific surrogate identifiers created from user-specific data, transmit surrogate identifiers to service sites, transmit navigation commands received from users to service sites and services, and remove portions of navigation. Commands that would identify users for server sites. The central proxy system consistently performs the first functionality during subsequent visits to a given server site, since the same site-specific surrogate identifiers are reused. Consistent use of site-specific surrogate identifiers allows the hosting website to recognize a returning user and possibly provide a personalized service.
A device that receives a request for a resource from a client device, where the request provides an identifier of the client device, is shown in US Patent No. 8,504,723 to Kohli, entitled "Routing Proxy for Functions and Feature Requests." is incorporated in its entirety for all purposes as if fully set forth herein. The device selects a target device for the resource, establishes a connection with the selected target device, and provides a request proxy to the selected target device, where the request proxy hides the identifier of the client device. The device receives the resource from the selected target device, where the resource provides a target device identifier. The device provides a resource proxy to the client device, where the resource proxy hides the target device identifier.
A content delivery device that receives a request message to request transmission of content is disclosed in US patent application publication serial no. 2013/0117413 to Kaneko et al. entitled: "Content providing device, content playback device, content providing system, method for controlling a content providing device, control program and recording medium", which is included in its entirety for all purposes as if fully set forth in this document. Then, in the case that a device that sent the request message is a relay device to receive the requested content and it owns the content and transmits it to another device, the content delivery device transmits the requested content to the relay device, or in a case a device that sent the request message is a content player for playing the requested content, the content delivery device transmits to the content player an instruction to purchase content from a relay device that was streaming before the requested content.
U.S. Patent No. 7,565,450 to Garcia-Luna-Aceves et al. entitled: "System and Method for Using the Mapping Between Client Addresses and Cache Addresses to Support Content Delivery" which is fully included for all purposes , as if fully provided for in this document. The selection procedures include a direct cache selection process, a forwarding cache selection process, a remote DNS cache selection process, or a local DNS cache selection process. Various combinations of these methods can also be used. For example, different combinations can be used depending on the type of content requested. The direct cache selection process can be used for information objects that are loaded immediately without user action, while any forwarding cache selection process, remote DNS cache selection process and/or cache selection process can be used. The local DNS can be used for data objects that are only loaded after a user action.
A client device that establishes a first tunnel or tunnel connection is disclosed in U.S. Patent No. 7,673,048 to O'toole et al. entitled: "Methods and Apparatus for Establishing a Computing Device Tunnel Connection," which is incorporated in its entirety for all purposes as if set forth herein in its entirety. The client device establishes the first tunnel or tunnel connection through a public network with a first gateway of a private network and establishes a data connection with a target device within the private network through the tunnel connection. The first gateway monitors or analyzes the geographic locations of the gateways associated with the private network versus the geographic location of the target device associated with the data connection. Based on this monitoring, the first gateway transmits information to the client device regarding the establishment of a second tunnel or a tunnel connection with a second gateway in the private network. The client device establishes the second tunnel connection with the second gateway and establishes a data connection with the target device through the second gateway. By connecting the second tunnel to the second gateway, the client device uses the bandwidth of the public network to exchange data with the target device, reducing the cost of data transfer to the private network and reducing network latency.
Embodiments of a peer-to-peer based content sharing/distribution network (CDN) are disclosed in US Patent 7,783,777 to Pabla et al. described. entitled: "Peer-to-Peer Content Sharing/Distribution Networks," which is incorporated in its entirety for all purposes as if fully set forth herein. In the modalities, some peers are content publishers while other peers are content consumers. When a consumer peer receives content from a content publisher, the consumer peer can become a content publisher accessible to other peers. When a peer desires specific content, the peer can obtain the content from a nearby content publisher while retaining access to a central server. The higher the demand for content, the more likely it is to be replicated and the more likely it is to be found by peer consumers among close peers of content publishers. If a content publishing peer does not have all the requested content, the requesting peer can be redirected to another content publishing peer to get the missing content. The modalities can be implemented in point-to-point networks implemented according to a point-to-point platform.
A method for locating a community relay node within a network community is disclosed in US Patent 7,788,378 to Rao et al. described. entitled: "Apparatus and Method for Community Relay Node Discovery," which is incorporated in its entirety for all purposes as if fully set forth herein. In the method, the community relay node is operatively coupled to a secure access client and is adapted to facilitate communication between the secure access client and a requesting client, including receiving a request message from a requesting client that refers to a community relay request node, associating the request message with a serverless name resolution protocol name, selecting a community relay node from a list of community relay nodes based on the serverless name resolution protocol Protocol name servers, where the list of community relay nodes includes at least one internet protocol address associated with a community relay and returning an internet protocol address of the selected community relay node to the requesting client.
A method of reconstructing torrent content metadata, i. H. a torrent identifier, a segment length, and a number of segments of a torrent content file, without access to the torrent content metafile, is disclosed in US Pat. No. 8,719,430 to Van Ackere et al. described. entitled: "Method and Apparatus for Reconstructing Metadata of Torrent Content," which is incorporated in its entirety for all purposes as if fully set forth herein. The method comprises the steps of: A. obtaining the torrent's content identifier from a client's torrent flag; B. get a file size of the torrent content from the client's torrent indicator; C. Obtain a tracker address from the client's torrent signaling D. Obtain a peer address from a tracker; E. contact an affiliate via the affiliate's address; F. downloading sequential minimum-size blocks from a full-size segment of the pair to determine the length of the segment; G. Calculate the number of segments from the size of the torrent content file and the length of the segment.
in the patient. 8,838,811 to Chen et al. entitled: "Method and System for Storing and Providing Scalable Content," which is incorporated in its entirety for all purposes as if fully set forth herein. To make this possible, the crawler node maintains shared information for a list of files. For each file, the release information includes a list of locations where a full copy of the file can be found. The list of locations can include active peers, inactive peers, and remote tracking nodes. Collaboration information can be obtained from any peer when they join a local torrent. By joining the torrent, the peer can provide the local tracker node with a list of files it wants to serve.
Methods and systems for delivering content items in a peer-to-peer system are described in U.S. Patent 8,639,630 to Fomenko et al. described. entitled: "Distribution of Digital Content", which is incorporated in its entirety for all purposes as if fully provided for in this document. Content items are requested from a core server by a download peer, and the core server determines the upload peers from which the download peer can request portions of the content item.
A server application connected to multiple client/peer terminals as part of an IMS network is described in US Patent Application Publication 2008/0109446 by Wang entitled: "Peer-to-Peer File Download System for IMS Network", contained herein is in its entirety for all purposes as if set forth herein in its entirety. For peer-to-peer transfer of a selected data file, a client terminal establishes and logs on to a secure account in the server application. From the server application, the client terminal obtains the network locations of one or more peer terminals in which file sections/parts of data are stored. The client terminal contacts the peer terminals to obtain the portions of the data file over the IMS network. The client terminal and/or the peer terminals transmit accounting data to the server application via secure accounts. Billing data relates to the amount of data transferred and/or the data transfer rate and may be used for billing purposes.
A US patent application publication describes a method of directing a client to a content server containing the desired content by providing the client with an address shared by multiple content servers, each of which has a copy of the desired content. . 2002/0091760 to Rozen entitled: "Distributed Selection of a Content Server", which is incorporated in its entirety for all purposes as if fully contemplated herein. The client is then served by an ideal or closest available content server selected from the plurality of content servers. This optimal content server is selected based on an optimal path from the client to the shared address.
A computer program product includes instructions that, when executed by a processor, perform a method of delivering content over a network, as described in US patent application publication at . 2009/0248793 by Jacobsson et al. entitled: “Content Delivery on a Network”, which is incorporated in its entirety for all purposes as if set forth fully herein. The method includes receiving an identifier relayed from a device on a network and associated with content divided into pieces of content to be delivered to the device. The method includes selecting a content source on the network for each of the respective content sections, wherein for at least one of the content sections the content source is selected from a plurality of content sources associated with the respective content section using recorded information about multiple pieces of content. Sources. The method includes forwarding to the device, in response to the identifier, source information identifying each selected content source and configured for use by the device when requesting at least one of a plurality of pieces of content from each selected content source.
Methods and apparatus for a cooperative file distribution system that uses one or more storage proxies to allow an offline recipient to obtain files or portions thereof when the recipient goes online are disclosed in US patent tender publication in US - Patent No. 2006/0224687 to Popkin et al. entitled: "Method and Apparatus for Offline Cooperative File Distribution Using Cache Nodes," which is incorporated in its entirety for all purposes as if set forth in its entirety herein. A central tracker receives an indication from the sender that the sender has the file; determines whether the recipient is online; and initiates storage of the file on one or more storage proxies if the recipient is not online. A proxy service can identify one or more potential storage proxies that can store the file, each meeting one or more predefined resource criteria. The sender can send a request to one or more storage proxies in the storage proxy list to act as a storage proxy for the communication between sender and receiver. Potential storage proxies compare one or more resource measurements to predefined criteria; and providing an acceptance if one or more resource measurements meet the predefined criteria.
Computer methods and apparatus, including computer program products, for inserting policy-based content are described in US patent application publication at . 2009/0182843 by Hluchyj et al. entitled: "Policy-Based Content Insertion," which is incorporated in its entirety for all purposes as if fully set forth herein. A client device transmits a content delivery request to a content server. The content server modifies the request based on an input policy. The content server forwards the modified request to a second server where the second server processes the request. The second server transmits a response to the modified request to the content server. The response includes a content declaration to insert. The content server streams content to the client device based on the content push instruction and/or one or more output policies.
A system and method for efficient and private peer-to-peer file sharing is to attach an anonymous and uniquely identified link (a "fringe link") to each file or set of files on a peer-to-peer computer described in the patent. assign application. US Publication No. 2011/0035503 by Zaid et al. entitled: "System and Method for Anonymous Network Peer-to-Peer Content Addressing and for Peer-to-Peer Private File Sharing," which is incorporated in its entirety for all purposes as if fully set forth herein. The link is registered with a publishing server along with continuously updated connectivity information about the peer without any identifying information being recorded about the file. A peer receiver can access the link, get connectivity information about the publishing peer from the server, and then receive the file from the publishing peer without the file content going through the server, from any intervening NAT device, without one manual equipment is required. or automatic reconfiguration.
A method, system and corresponding apparatus for load balancing are described in the US patent application publication. inside 2013/0007253 by Li et al. entitled: "Method, System, and Corresponding Apparatus for Load Balancing," which is incorporated in its entirety for all purposes as if fully provided in this document. The present invention is a computer application and solves the technical problems due to the introduction of more mechanisms in the prior art. The method of the present invention mainly comprises acquiring address information of at least one SN of a BSSN by a pair, both the BSSN and the SN belonging to an overlay network; when the peer is a server, the server stores the address information, and the server notifies the server information to an SN corresponding to one of the address information, and sends the server information to other SNs through the SN; when the peer is a client, the client stores the address information and the client acquires the server information from an SN corresponding to one of the address information and stores the server information.
Techniques for obtaining and delivering content include receiving a request for the content, requesting and receiving one or more blocks of data, processing one or more blocks of data, and providing one or more blocks of data as requested content , are disclosed in U.S. Patent Application Publication described. 2013/0064370 to Gouge et al. entitled: "Distribution of Portions of Content," which is incorporated in its entirety for all purposes as if set forth herein in its entirety. The processing may include validating, decrypting, and/or decompressing one or more blocks of data to generate one or more blocks of data. Techniques for providing metadata and one or more data chunks may include taking content and dividing it into data chunks. Processing can then be performed on the data blocks to create data blocks and metadata can be generated from the processing. Metadata and one or more data blocks can be provided to a device.
A method, apparatus, server and system for/from peer-to-peer content transfer are disclosed in US Patent No. 7,574,515 to Fontijn et al. entitled: “Peer-to-Peer Transmission of Content”, which is incorporated in its entirety for all purposes as if fully set forth herein. The method comprises the steps of receiving and transmitting a first request with a first selection criterion for a first content from a first device (11) to a server (18) or to a second device (12); transmitting the first content that satisfies the first selection criteria to the server's first device, the server having previously recognized the first device as the legitimate recipient of the first content and the first content being available only on the server, and considering that the first device then making the first requested content available to other devices (14, 15, 16, 17); or redirecting the first request to a third device (13) where the server knows that the first requested content is still available and transmitting from the third device the first content that meets the first selection criteria for the first device; or transmitting the first content that meets the first selection criteria from the second device to the first device if the first content is available on the second device and informing the server that the first content is being transmitted from the second device to the first device became; and assigning the second or third device from which the first content was transmitted to the first device if the content was transmitted from one of them; and charge the first device to receive the first content. This allows legally protected paid content to be downloaded, uploaded and shared.
A method for delivering content to a remote electronic device is described in a US patent application publication. inside 2007/0142036 to Wikman et al. entitled: "Content Delivery in Mobile Environments", which is incorporated in its entirety for all purposes as if fully provided for in this document. The device can connect to the Internet and access content on a device (e.g., an Internet server) that is in close proximity to a mobile switching device by using the mobile switching device (another Internet server) as a "passthrough". . The switching device discovers other devices in its vicinity, lists the discovered devices, recognizes an access request to at least one of the listed internet servers, and forwards the access request to the listed internet servers for access. The remote device does not need to know the address of the original content.
Communication in a peer-to-peer computing environment is described in US patent application publication Ser. 2011/0066924 by DORSO et al. entitled: "Communication in a Computer Environment", which is incorporated in its entirety for all purposes as if fully set forth in this document. A peer tracker is contacted and a list of peer nodes is obtained from a user's device. A subset of peer nodes are selected from the peer node list to act as relay nodes for a communication. A suitable compression scheme is selected for communication on the user device. Data is transmitted to at least one relay node such that the at least one relay node is relayed to at least one other user device, the relay node being one of the subset of peer nodes. Data is received at the user's device by at least one forwarding node, which is sent by at least one other user.
Dynamic Adaptive Streaming over HTTP (DASH) is intended to support a streaming media model for delivering media content in which control rests solely with the client. Clients can request data over the HTTP protocol from standard web servers that lack DASH-specific capabilities. Consequently, this standard does not focus on client or server methods but on the data formats used to provide a DASH multimedia presentation. ISO/IEC 23009-1:2012(E), MPEG-DASH Standard, 5 January 2012, Title: "Informationstechnologie – Adaptives HTTP-Live-Streaming(FEATURE)—Papier1:Media presentation description and segment formats”,which is incorporated in its entirety for all purposes as if fully set forth in this document, primarily specifies formats for the media presentation segment and a description for the dynamic delivery of adaptive MPEG streaming media over HTTP and is referenced on Internet Streaming Services applicable.
The standard terminology and taxonomy of the web cache and replication infrastructure as implemented is in IETF RFC 3040 entitled: "Internet Web Replication and Cache Taxonomyfor Cooper et al. (January 2001), which is incorporated in its entirety for all purposes as if fully set forth herein. IETF RFC 3040 introduces standard protocols and concepts currently used in this application area. Currently implemented solutions using these technologies are presented to establish a standard taxonomy. This document introduces open protocols and references published material for each protocol.
An information object repository address that must satisfy a client information object request and is returned in response to a client request is disclosed in U.S. Patent 7,162,539 by Garcia-Luna-Aceves et al. entitled: "System and Method for Locating Information Objects and Information Object Repositories in Computer Networks", which is incorporated in its entirety for all purposes as if it were set forth in its entirety in this document. The returned address of the information object store is chosen according to the specified performance metrics, regardless of whether the information object store maintains a local copy of the information object that is the client's request. In some cases, the information object repository address is further selected according to the address of a client making the client request. In addition, the information object repository address is selected from a plurality of information object repository addresses. Specified performance metrics may include one or more average delays from the information object repository to the client, average processing delays across the information object repository, reliability of a path from the information object repository to the client, bandwidth available on the route, and load. in the information object repository. In some cases, the information object repository may be instructed to obtain a copy of the information object after the address of the information object repository is returned in response to the request.
A method and system for accelerating the downloading and displaying of content on web pages over a peer-to-peer network is disclosed in US patent application publication Ser. 2006/0212584 to Yu et al. entitled: "Method and System for Accelerating the Downloading of Web Page Contents over a Peer-to-Peer Network", which is fully incorporated for all purposes as if fully specified in this document. A peer-to-peer network client captures a download request from a web browser and sends a query containing a file identifier to an index server. The peer-to-peer network client receives a peer list containing connectivity information from a peer-to-peer node that has stored at least part of the file content. The peer-to-peer network client then connects to the peer node and downloads the peer node part. The peer-to-peer client transfers the downloaded portion to the web browser.
A system and method for automatically collecting content is described in a US patent application publication. inside 2015/0206176 to Toval et al. entitled: "Behavioural Content Discovery," which is incorporated in its entirety for all purposes as if fully set forth herein. The method includes the steps of: defining a plurality of content pages, creating a collection of virtual agent data including user property data and user behavior data, presenting the collection of virtual agents to the plurality of content pages, receiving the visited interaction website; and save the received content. or present to a user.
US patent application publication describes a method and system for monitoring an advertisement displayed in a mobile application. inside 2017/0221092 to Toval et al. entitled: "System and Methodology for Examining Ads in Mobile Applications", which are incorporated in their entirety for all purposes as if fully provided in this document. The method includes real-time tracking of the executable code of the mobile application rendering an advertisement. Where this ad tracking process takes place: negotiating ad delivery, communicating an ad, and serving an ad. Then, within the advertisement process, the system recognizes an advertisement processed by the executable code. The system then records the display as it is displayed and the parameters associated with the display.
In US Patent Application Publication No. 2013/0191456 by Ting et al. entitled: "Peer-to-Peer Browser Content Caching," which is incorporated in its entirety for all purposes as if fully set forth herein. Facilitation includes receiving a content request from a content server, receiving content metadata from the content server indicating that the requested content is available from at least one alternative user computing device over a peer-to-peer network, instantiating on the user Computing Device a browser utility that facilitates peer-to-peer network access and content server receipt of a lookup table comprising a list of alternative user computing devices from which the requested content is available. The look-up table may be parsed to select an alternative user computing device from which to request the content or portions thereof. The received content can be saved for later use or presented to the user via the browser.
A method and apparatus for point-to-point services are disclosed in US patent no. 7,440,994 to Harrow et al. entitled: "Method and Apparatus for Peer-to-Peer Services for Modifying Network Traffic to Allow Efficient Transmission of Information Between Devices by Priority Listing", which is incorporated in its entirety for all purposes as if it were contained in this document would be fully established.
A method and apparatus for point-to-point services are disclosed in US patent no. 7,562,112 to Harrow et al. entitled: "Method and Apparatus for Peer-to-Peer Services for the Efficient Transmission of Information between Networks", which is incorporated in its entirety for all purposes as if fully specified in this document. In one embodiment, a data request is received from a first local device. A second local device determination is performed on the data. The first local device addresses the second local device to get the data directly from the second local device. A direct transfer of data is performed from the second local device to the first local device.
Given the above, it would be a major advance in the art to provide a method and system with enhanced functionality that is simple, secure, anonymous, cost-effective, load-balanced, redundant, optimized, reliable, and uses less CPU and/or memory pipelined requests and responses, reduces network congestion, is easy to use, reduces latency, is faster, has minimal parts, minimal hardware, and/or uses components, protocols, programs, and existing and available applications to improve quality of service, avoid congestion, better or optimized resource allocation and utilization, better communication and additional functionality and provide a better user experience, especially when a client device receives content from a web server over the Internet.
Alternatively or additionally, it would be an advance in the art to provide a method and system with enhanced functionality for web crawling, search engine optimization (SEO), search engine data mining, ad verification, price comparison, business or market intelligence, big data. , classified ads, social networks and other related tasks.
SUMMARY pass on claims
A method can be used to obtain internet content from a client device using a first device. All content contained in this document may be hosted on a web server and identified by a Uniform Resource Locator (URL). Each method described in this document may include: the first device of the client device receiving a URL request; searching N times, where N>1 or N=1, by the first web server device for a first response until it can be determined that the first response is an appropriate response. Each of the N times searches may include the first device sending a first message comprising the URL request to the web server; receiving, by the first web server device, the first response in response to sending the first message to the web server; and verifying and determining whether the first response is an appropriate response that understands the content. The Amy method herein may further comprise: responding to the determination that the first response is an appropriate response, the first device sending the content to the client device; and sensitive to determining that the first response is not a correct response by sending an error message from the first device to the client device. The number N can be equal to or greater than 1, 2, 3, 4, 5, 7, 10, 15, 20, 25, 30, 40, 50, or 100. Alternatively or additionally, the number N can be less than 2, 3, 4, 5, 7, 10, 15, 20, 25, 30, 40, 50, 100, 150 or 200.
Any communication included herein, such as over the Internet between the client device and the first device or between the first device and the web server, may be based on, use, or be compatible with Hypertext Transfer Protocol (HTTP) or hypertext. Protocol or Secure Transfer Connection Protocol (HTTPS). Each client device here can serve as an HTTP or HTTPS client, and each first device here can serve as an HTTP or HTTPS client. Alternatively or additionally, each first device here may serve as an HTTP or HTTPS server, and further each message here or response here may be an HTTP or HTTPS message. All content contained in this document may contain or consist of any web page or web site, which may contain, consist of, or include any or all of any or all files, text, numbers, audio, voice, multimedia, video, images, music or computer program.
Any verification of a response contained in this document may include identifying and verifying an HTTP status code receivable by any device, including the first device, in response to sending the URL request. Any answer here, like the first answer, could be determined as the correct answer to a 2xx status code. Any response here, such as the first response, may be determined as not an appropriate response for a 4xx or 5xx status code, or for a 404 HTTP error message status code. Alternatively or additionally, any verification of a response here may include the use of a timeout mechanism, and each response here, no correct answer can be determined if no correct answer is received after a defined period of time has elapsed after the search was initiated. Alternatively or additionally, any review of any response contained in this document may include a review that a URL redirect is identified, such as an appropriate response. a when detecting a URL redirect.
Alternatively or additionally, any method described herein may be used with criteria that may relate to any resource, feature, or type of content received, and any verification of a response contained herein may include verification that the content received that criterion met. Each criterion in this document may include a value, and each answer in this document may be determined as not an appropriate answer in response to comparing the function, feature, or content type to the value. Alternatively or additionally, any criteria herein may include a value of file size, and any response here may be determined as not an appropriate response in response to a comparison of the received content size to the value.
Each method in this document may involve performing more than 2 retrievals, and the same first message may be sent from any device, such as the first device, to any device or server, such as the web server, across all retrievals. Alternatively or additionally, each method herein may include performing more than 2 searches, and at least two different first messages may in all cases be sent from each device, such as the first device, to each device or server, such as the web server . . . seeks. Alternatively or additionally, each method in this document may include performing more than two queries, and a particular first message may be sent from any device, such as the first device, to any device or server, such as the web server, on any of them the queries. .
Each method here can be used with a list of IP addresses stored on any device as the first device, and each of the searches here can further include selecting an IP address from the list for any device as the first device include. . Any transmission here by any device, such as the first device, to the web server of any message, such as the first message, may include using the selected IP address as the source IP address. Each list here can be at least 10, 20, 50, 100, 200, 500, 1,000, 2,000, 5,000, 20,000, 50,000, 100,000, 200,000, 500, 1,000,000, 0,000,000,000, 50,000, 200,000 , 500,000, 1,000,000,000,000,000 included.
Each method here can be used with a group of devices, and each of the IP addresses here can be an IP address of a device in the group. Any sending here, for example by the first device to the web server of the first message, may include the first device sending the first message to a device in the group to which the selected IP address is addressed; the selected device sending the first message to the web server; receiving, by the selected web server device, the first response to the first message sent; and the selected device sending the first response to the first device.
Here, at least one or each of the devices in any group can be a client device. Any method herein may be used with virtualization and at least one or each of the devices herein, such as the devices in the group, may be a client device that may exist, comprise, be part of, or be integrated with a Server device capable of virtualizing a client device addressed by the selected IP address. Alternatively or additionally, at least one or each of the devices in any group herein may be a client device housed in a single chassis, which may be a portable chassis or a portable chassis. Alternatively or additionally, at least one or each of the devices in any group described herein may be a client device, which may be fully or partially integrated into a device. Alternatively or additionally, at least one or each of the devices in any group contained herein may consist of, comprise, be integrated into, or form part of a portable device that can be used by a person. Alternatively or additionally, at least one or each of the devices in any group herein may be a client device, which may consist of, include, be part of or be integrated with a laptop, laptop, media player, digital still camera (DSC), digital video camera (DVC or digital camcorder), personal digital assistant (PDA), mobile phone, digital camera, VCR or smartphone. Alternatively or additionally, at least one or each of the devices in any group contained herein may consist of, comprise, form part of, or be integrated with a smartphone, including an Apple iPhone 6 or a Samsung Galaxy S6 or based on it.
Alternatively or additionally, at least one or each of the devices in any group herein may be a client device, and any method herein may further comprise storing, operating or using an operating system. Each operating system in this document can be a mobile operating system based on Android version 2.2 (Froyo), Android version 2.3 (Gingerbread), Android version 4.0 (Ice Cream Sandwich), Android version Android 4.2 (Jelly Bean), Android version 4.4 (KitKat ), Apple iOS version 3, Apple iOS version 4, Apple iOS version 5, Apple iOS version 6, Apple iOS version 7, Microsoft Windows® Phone version 7, Microsoft Windows® Phone version 8, Microsoft Windows ® Phone version 9 or Blackberry® Operating system.
Any choice here, such as B. selecting an IP address from a list or selecting a device from a group of devices can be based on or use load balancing or random selection. Each random selection herein may use or be based on one or more random numbers generated by a random number generator. Any random number generator here could be hardware based and could use thermal noise, shot noise, nuclear decay radiation, photoelectric effect or quantum phenomena. Alternatively or additionally, any random number generator herein may be software based and rely on an algorithm being run to generate pseudo-random numbers.
Any choice here, such as B. selecting an IP address from a list or selecting a device from a group of devices, can be based on an estimated geographic location of any device, such as. B. the client device or the web server, are based on or use this. . Any method herein may further comprise estimating the geographic location of the client device or the web server using geolocation, and any geolocation herein may be based on IP geolocation or the W3C Geolocation Application Programming Interface (API). Alternatively or additionally, any selection here, such as B. selecting an IP address from a list or selecting a device from a group of devices based on the estimate that it is associated with being in the same area as the client device or the web server. , e.g. For example, in the same continent, country, state, region, city, zip code, latitude, longitude, or time zone as the client device or web server. Alternatively or additionally, any selection here, such as B. selecting an IP address from a list or selecting a device from a group of devices are based on it being last selected or longest selected. , manually selected by a user.
Each device herein, such as the first device or the client device, may comprise a client device in a client/server architecture, be part of or consist of a client device and housed in a single housing that is a portable device can be . Hand box or portable box. Alternatively or additionally, each device herein, such as the first device or the client device, may be a laptop, notebook, media player, digital still camera (DSC) player, digital video camera (DVC or digital camcorder), personal digital assistant (PDA), a mobile phone, a digital camera, a video recorder or a smartphone. Alternatively or additionally, each device herein, such as the first device or the customer device, may consist of, comprise, form part of, or be integrated into a smartphone, which may include or be based on an Apple iPhone 6 or Samsung Galaxy S6 . Any method herein may further comprise for each device, such as the first device, storing, operating, or using an operating system, which may be a mobile operating system, such as Android version 2.2 (Froyo), Android version 2.3 (Gingerbread), Android version 4.0 (Ice Cream Sandwich), Android version 4.2 (Jelly Bean), Android version 4.4 (KitKat), Apple iOS version 3, Apple iOS version 4, Apple iOS version 5, Apple iOS version 6 , Apple iOS version 7, operating system Microsoft Windows® Phone version 7, Microsoft Windows® Phone version 8, Microsoft Windows® Phone version 9 or Blackberry®.
Each device, such as the first device or the client device, can be partially or fully integrated into a device. A primary functionality of each device described in this document may be related to the storage, handling or preparation of food. A primary function of any appliance here could be heating food, and any appliance here could be a microwave, blender, range, oven, or induction cooktop. Alternatively or additionally, each appliance described herein could be a refrigerator, freezer, food processor, dishwasher, blender, beverage maker, coffee maker, or ice tea maker. Alternatively or additionally, any device described in this document may have a primary functionality associated with environmental control, and any device included in this document may consist of or be part of an HVAC system. Alternatively or additionally, a main functionality of any home appliance herein may be associated with temperature control, and any home appliance herein may be air conditioning or heating. Alternatively or additionally, a primary functionality of any device herein may be dedicated to cleaning, such as laundry, and each device herein may be a washing machine, tumble dryer, or vacuum cleaner. Alternatively or additionally, a primary functionality of any device described herein may be associated with water control or water heating. Alternatively or additionally, any device described in this document may be an answering machine, telephone, home theater system, Hi-Fi system, CD or DVD player, electric oven, trash compactor, smoke detector, lighting device or dehumidifier . Any device described in this document may be a battery-powered portable electronic device such as a laptop, media player, cell phone, personal digital assistant (PDA), imaging device, camera, video recorder, or portable computing device.
Any integration here may involve sharing a component, e.g. For example, they can be housed in the same case, share the same processor, or be mounted on the same surface. Any integration here could involve sharing the same port, and any port here could be a power port to connect to a power supply, and any integration here could mean sharing the same port to be powered by the same power supply, or that the same power supply is shared.
Each device here, such as the first device or the client device, may consist of, comprise, be integrated into, or be part of a wearable device that can be used by a person, such as used on a head organ of the person and the organ can be an eye, an ear, a face, a cheek, a nose, a mouth, a lip, a forehead or a chin. Alternatively or additionally, each device herein, like the first device or the customer device, may be constructed to have a substantially similar shape, constructed to have a shape that enables identical or similar assembly or use, or is designed in such a way that it has the possibility of at least partially replacing hats, glasses or headphones. Alternatively or additionally, any device herein, such as the first device or the customer's device, may be in a form to be permanently or removably attached to, or made part of, a person's garment, and the accessory may be adhesive tape, adhesive , clasp, closure, encapsulation, a pin or latch and a hook clip. Alternatively or additionally, each device herein, such as the first device or the client device, may comprise or consist of an annular member defining an opening therethrough sized to receive a portion of a human body therein.
Any headdress herein may consist of, be structured as such, or a bonnet, cap, crown, hair band, hair wrap, hat, headpiece, bonnet, mask, turban, headpiece, veil or wig include such. Any eyewear herein may consist of, be structured as, or comprise eyeglasses, sunglasses, contact lenses, a blindfold, or glasses. Any headset herein may consist of, be structured as, or comprise a hearing aid, an earphone, an earphone, or an earbud. Each garment contained herein may be an upper, lower, or full body garment or hat, shoe, accessory, outerwear, suit, dress, skirt, or top.
Each method in this document may further include by any device, such as the first device or the client device, storing, operating on, or using by a client operating system, which may consist of, include, or be based on Microsoft's Windows 7 , Microsoft Windows XP, Microsoft Windows 8, Microsoft Windows 8.1, Linux and Google Chrome OS. Each client operating system here can be a real-time operating system (RTOS) such as FreeRTOS, SafeRTOS, QNX, VxWorks or microcontroller operating systems (μC/OS).
Each device here, like the first device, may consist of, comprise, be part of, or be integrated with a server device, which may consist of, contain, be part of, or integrated with a server . Each proxy server in this document can be selected from an HTTP proxy server, web proxy server, caching proxy, open source caching proxy server, cloud-based proxy server, open proxy server, Forward proxy server, reverse proxy server, transparent proxy server, non-transparent proxy server, anonymous proxy server, translation proxy server, SOCKS proxy server, CGI web proxy server, suffix -proxy server, an anonymous I2P proxy server, a DNS proxy server, or any combination thereof.
Any method herein can be used with virtualization, and each device here, such as the first device or the client device, can consist of, comprise, be part of, or be integrated with a server device. that can virtualize any client. Device here as addressed by any selected IP address. Each device virtualization here, like any client device virtualization, can run as part of a virtual machine (VM). Any method herein may be used with a host computer capable of implementing the VM, and any method herein may further include the host computer running a hypervisor or virtual machine monitor (VMM). Any virtualization included in this document may include, be based on, or use full virtualization, para-virtualization, or hardware-assisted virtualization.
Any communication over the Internet on either of the two devices described in this document, such as B. between the client device and the first device or between the first device and the web server, may be based on, used or compatible with Socket Secure (SOCKS) protocol or connection, and each device here, like each server, can serve as a SOCKS server, and any device here, like any selected device, can serve as a SOCKS client. Any SOCKS protocol or connection in this document may conform to, be based on, or compatible with SOCKS4, SOCKS4a, or SOCKS5. In addition, any SOCKS protocol or connection in this document may conform to, be based on, or be compatible with IETF RFC 1928, IETF RFC 1929, IETF RFC 1961, or IETF RFC 3089. Alternatively or additionally, any communication via the Internet in both devices here, such as e.g. between the client device and the first device or between the first device and the web server, may be based on, use or be compatible with WebSocket (ws) or WebSocket Secure (wss) protocol or connection.
Each method in this document may be used with a web browser, and may further comprise identifying, by the client device, the URL requested by the web browser; the client device sending the URL request to the first device; and receiving, by the client device, the content or the error message of the first device. Moreover, any method hereof may further comprise using the content by the web server on the client device in response to receiving the content from the first device and the web server displaying on the client device or another device the presence of the content. to a user Any method hereof may further comprise, by any device, such as the client device, notifying a user of the client device or displaying a notification to the user in response to receiving the error message from any device, such as the first device. .
Any method herein may further include storing, operating, or using a web browser by any device here, such as the client device or the first device. Any web browser included in this document may consist of, include, or be based on Microsoft Internet Explorer, Google Chrome, Opera™, or Mozilla Firefox®. Each web browser included in this document may consist of, include, or be based on a mobile web browser, which may consist of, include, or be based on a Safari, Opera Mini™, or Android browser.
Any step here, like any identification here, may be performed as part of a plug-in or extension built into your web browser. At least one of the steps performed here from any device, such as the client device, can be integrated into the web browser in the form of a plug-in or extension. Any identification here, such as B. the first URL request, can use a plugin or extension for your web browser. Each integration in this document can be connected to the web browser, or each integration in this document can be in the form of a filter control, or each web browser and all steps within it can be communicated via interprocess communication (IPC). . Any identification here, such as the first URL request, could use a web browser connection, could be in the form of a filter handler, or could use interprocess communication (IPC) which could use a file share, token, socket, channel, a message queue, shared memory, semaphore, memory-mapped file, clipboard, component object model (COM), data copy, DDE protocol, or mail slots.
Each method in this document may be used with a web browser and may further include the client device identifying the URL request through the web browser; the client device sending the URL request to the first device; and receiving, by the client device, the content or the error message of the first device. Alternatively or additionally, any method described in this document may be used with a web browser and may further include: identifying, by the client device, the URL requested by the web browser; polling M times, where M>1 or M=1, by the client device for a second response until it is determined that the second response is not the error message. Each of the M times searches may include: the client device sending the URL request to the first device; receiving a second response by the client device of the first device; checking and determining whether the second answer is a correct answer that understands the content or whether the second answer is the error message; and receptive to determining that the second response is an appropriate response using the content via the web browser. The number M can be equal to or greater than 1, 2, 3, 4, 5, 7, 10, 15, 20, 25, 30, 40, 50, or 100. In addition, the number M can be less than 2. 3, 4, 5, 7, 10, 15, 20, 25, 30, 40, 50, 100, 150 or 200.
Each method here may involve performing more than 2 searches out of M searches, and the client device may send the same message to the first device in all searches. Alternatively or additionally, the client device sends at least two different messages to the first device during the searches. Alternatively or additionally, the client device sends a different message to the first device for each of the queries.
Any method with a list of IP addresses can be used here, and each of the M lookups can further involve the selection of an IP address from the list by any device, such as the client device, and any hedrein obtained by a any device, such as from the client device to the first device, you can include using the selected IP address as the source IP address. Each list here can be at least 10, 20, 50, 100, 200, 500, 1,000, 2,000, 5,000, 20,000, 50,000, 100,000, 200,000, 500, 1,000,000, 0,000,000,000, 50,000, 200,000 , 500,000, 1,000,000,000,000,000 included. Each IP address selection may be manually selected by a user, and any method described herein may include showing the user the IP addresses in the list for each search and allowing the user to select an IP address from the list.
All non-transitory computer-readable media may contain computer instructions that, when executed by a processor, may cause the processor to perform at least one or more of the steps described in this document. All non-transitory computer-readable media may contain computer instructions that, when executed by a processor, may cause the processor to perform some or all of the steps described in this document. Any part or all of the methods or steps contained in this document may be embodied in a software development kit (SDK) that may be provided as non-transitory computer-readable medium with computer instructions, and any methods contained in this document may also be embodied including SDK installation. Each method here may further include extracting data such as the URL using SSL sniffing. Any identifying information or data received here, such as URLs or URL request identifiers, may use or be based on SSL tracking information or data extraction.
customer complaints
One method could be to retrieve content from the Internet through a web browser on a client device that could be used by a group of devices. All content can be stored on a web server and is identified by a Uniform Resource Locator (URL). Each method described in this document may include: identifying, by the client device, a URL request by the web browser; and obtaining, by the client device, N times, where N>1 or N=1, for a first response until the first response is determined to be a correct response. Each of the N searches may include: the client device selecting a device from the group; send the URL request from the client device to the selected device; receiving the first response in response to the client device of the selected device sending the URL request; and checking to determine whether the first response is an appropriate response that understands the content. Each method may further include responsiveness to determine that the first response is an appropriate response using the content via the web browser; and sensitive to determine that the first answer is not a correct answer, returning an error message to the web browser. The number N can be greater than or equal to 1, 2, 3, 4, 5, 7, 10, 15, 20, 25, 30, 40, 50, or 100. In addition, the number N can be less than 2. 3, 4, 5, 7, 10, 15, 20, 25, 30, 40, 50, 100, 150 or 200.
Any communication over the Internet between the Client Device and the Selected Device may be based on, use, or support Hypertext Transfer Protocol (HTTP) or Hypertext Transfer Protocol Secure (HTTPS) protocol or connection. Any client device can serve as an HTTP or HTTPS client. Each selected device can serve as an HTTP or HTTPS client, and each selected device can serve as an HTTP or HTTPS server. Each error message or first response can be an HTTP or HTTPS message.
Any verification or determination of a response in this document may include an identifier for verifying an HTTP status code that may be received by any device, such as the client device, in response to sending the URL request. Any answer here, like the first answer, could be determined as the correct answer to a 2xx status code. Any response here, such as the first response, may be determined as not an appropriate response for a 4xx or 5xx status code, or for a 404 HTTP error message status code. Alternatively or additionally, any verification of a response here may include the use of a timeout mechanism, and each response here, no correct answer can be determined if no correct answer is received after a defined period of time has elapsed after the search was initiated. Alternatively or additionally, any review of any response contained in this document may include a review that a URL redirect is identified, such as an appropriate response. a when detecting a URL redirect.
Each method here may involve performing more than 2 searches. One device or at least two different devices from the group can be selected for all searches. Alternatively or additionally, different devices can be selected from the group for all searches. Each of the devices in the group can be addressable by a respective IP address, and either method can be used with a list that can contain the IP addresses of all devices in the group. Here any selection of any device in the group may include or consist of selection of the respective IP address of the selected device. The number of devices in the pool is at least 10, 20, 50, 100, 200, 500, 1000, 2000, 5000, 10,000, 20,000, 50,000, 100,000, 200,000, 500,000, 1,000,000, 00,00,0 or 0. 00.0 00.0
At least one or each of the devices in the group can be a client device. Additionally, any method described herein may be used with virtualization, and at least one or each of the devices in the group may be a client device, which may consist of, be part of, or be integrated with a server. Device capable of virtualizing a client device addressed by the selected IP address. Alternatively or additionally, at least one or each of the devices in the group may be a client device, which may be housed in a single chassis, which may be a portable chassis or a portable chassis. Alternatively or additionally, at least one or each of the devices in the group may be a client device that may be partially or fully integrated into a device. Alternatively or additionally, at least one or each of the devices in the group may consist of, comprise, be integrated into, or form part of a portable device that can be used by a person.
Alternatively or additionally, at least one or each of the devices in the group may be a client device, which may consist of, comprise, be part of, or be integrated with a laptop, notebook, media player 100 (DSC), digital video camera ( DVC or digital camcorder), personal digital assistant (PDA), mobile phone, digital camera, video recorder or smartphone. Alternatively or additionally, at least one or each of the devices in the group may be a client device, which may consist of, comprise, form part of, or be integrated with a smartphone, which may comprise or be based on a smartphone, an Apple iPhone 6 or a Samsung Galaxy S6.
At least one or each of the devices in the group may be a client device that may be operable to store, operate, or use an operating system, which may be, for example, a mobile operating system. which may be based on or include Android version 2.2 (Froyo), Android version 2.3 (Gingerbread), Android version 4.0 (Ice Cream Sandwich), Android version 4.2 (Jelly Bean), Android version Android 4.4 (KitKat), Apple iOS version 3 , Apple iOS version 4, Apple iOS version 5, Apple iOS version 6, Apple iOS version 7, Microsoft Windows® Phone version 7, Microsoft Windows® Phone version 8, Microsoft Windows® Phone version 9 or Blackberry® operating system.
Each selection of a device in the pool can be based on or use load balancing or random selection. Each random selection herein may use or be based on one or more random numbers generated by a random number generator. Each random number generator here can be hardware based and use thermal noise, shot noise, nuclear decay radiation, photoelectric effect or quantum phenomena. Alternatively or additionally, each random number generator may be software based, relying on an algorithm running to generate pseudo-random numbers.
Alternatively or additionally, each selection of a device from the group may be based on or using an estimated geographic location of the client or server device, and any method herein may further include estimating the geographic location of the client or server device. . Web using geolocation, such as B. IP geolocation, or based on the Geolocation Application Programming Interface (API) of the W3C. Here you can select any device based on the estimate that it is in the same area as the client device or web server, e.g. B. same continent, country, state, region, city, zip code, latitude, longitude. or the time zone, such as the client device or web server. Alternatively or additionally, each selection of a device in the group may be based on being the longest selected device or manually selected by a user. Each method described herein may further include, for each search, displaying the devices in the group to the user and selecting a device from the group to the user.
Each client device here, or at least one or each of the devices in the group, may comprise, be part of, or consist of a client device in a client/server architecture and may be housed in a single housing, which may be a portable box or a portable closet. Each client device here, or at least one or each of the devices in the group, may consist of, be a part of, or be integrated with a laptop, notebook, media player, a digital camera (DSC), a digital video camera (DVC or digital camcorder) , a personal digital assistant (PDA), a mobile phone, a digital camera, a video recorder or a smartphone such as an Apple iPhone 6 or Samsung Galaxy S6.
Any method herein may further comprise, by the client device or at least one or each of the devices in the group, storing, operating, or using an operating system. Any operating system can be a mobile operating system based on Android version 2.2 (Froyo), Android version 2.3 (Gingerbread), Android version 4.0 (Ice Cream Sandwich), Android version 4.2 (Jelly Bean), Android version 4.4 (KitKat), Apple iOS Version 3, Apple iOS Version 4, Apple iOS Version 5, Apple iOS Version 6, Apple iOS Version 7, Microsoft Windows® Phone Version 7, Microsoft Windows® Phone Version 8, Microsoft Windows® Phone Version 9 or a working Blackberry ® system .
Each client device in this document may be partially or fully integrated into a device, and at least one or each of the devices in the group may be partially or fully integrated into a device. A primary functionality of the device may be related to the storage, handling, or preparation of food. Alternatively or additionally, a primary function of the appliance may be to heat food and the appliance may be a microwave oven, blender, stove, oven or induction cooker. Alternatively or additionally, the device may be a refrigerator, freezer, food processor, dishwasher, blender, beverage machine, coffee maker, or ice tea maker. Alternatively or additionally, a primary function of the device may be dedicated to environmental control and the device may consist of or form part of an HVAC system.
Alternatively or additionally, a primary function of the device may be associated with temperature control, and the device may be air conditioning or heating. Alternatively or additionally, a main function of the appliance may be dedicated to cleaning, such as washing clothes, and the appliance may be a washing machine, tumble dryer or vacuum cleaner. Alternatively or additionally, a main function of the device can be assigned to water control or water heating. Alternatively or additionally, the device can be an answering machine, a telephone, a home cinema system, a hi-fi system, a CD or DVD player, an electric stove, a garbage compactor, a smoke detector, a lamp or a dehumidifier. Alternatively or additionally, the device may be a portable, battery-powered electronic device such as a laptop, notebook computer, media player, cell phone, personal digital assistant (PDA), imaging device, digital camera, video recorder, or portable computing device.
Any integration here could involve sharing a component, putting them in the same package, sharing the same processor or surface mount, or sharing the same connector. Alternatively or additionally, each integration herein may share a common power port to connect to a power source, share a common port to be powered by the same power source, or share a common power source.
Each client device herein, or at least one or each of the devices in the group, may consist of, be part of, be integrated into, or be part of a portable device that can be used by a person. Here, any wearable device can be used on an organ in the person's head, and the organ can be an eye, an ear, a face, a cheek, a nose, a mouth, a lip, a forehead or a chin.
Each portable device herein can be designed to have a shape that is substantially similar, can be designed to have a shape that allows for identical or similar assembly or use, or can be designed to have a shape that is substantially similar shaped to at least partially replace the headset. , glasses or headphones. Any headdress herein may consist of, be structured as such, or a bonnet, cap, crown, hair band, hair wrap, hat, headpiece, bonnet, mask, turban, headpiece, veil or wig include such. Any eyewear herein may consist of, be structured as, or comprise eyeglasses, sunglasses, contact lenses, a blindfold, or glasses. Any headset herein may consist of, be structured as, or comprise a hearing aid, an earphone, an earphone, or an earbud. Here, any wearable device may be shaped to be permanently attached to, removable from, or part of a person's clothing, and the attachment may include tape, glue, pins, fasteners, encapsulation, a safety pin or latch and a use hook. Each article of clothing contained herein may be a top, bottom, lingerie, hat, shoe, accessory, outerwear, suit, dress, skirt or top. Each garment herein may include an annular member defining an opening therethrough which may be sized to receive a human body part.
Any method hereof may further include the storage, operation, or use by the first device or one or more devices in the group of a client operating system, which may consist of, include, or be based on Microsoft Windows 7, Microsoft Windows XP, Microsoft Windows 8, Microsoft Windows 8.1, Linux or Google Chrome OS. Each client operating system here can be a real-time operating system (RTOS) such as FreeRTOS, SafeRTOS, QNX, VxWorks or microcontroller operating systems (μC/OS).
At least one or each of the devices in the group may consist of, may comprise, be part of, or integrated with a server device in a server/architecture, and the server device may consist of, may include, be part of, or with be integrated into a proxy server. Each proxy server in this document can be selected from an HTTP proxy server, web proxy server, caching proxy, open source caching proxy server, cloud-based proxy server, open proxy server, Forward proxy server, reverse proxy server, transparent proxy server, non-transparent proxy server, anonymous proxy server, translation proxy server, SOCKS proxy server, CGI web proxy server, suffix -proxy server, an anonymous I2P proxy server, a DNS proxy server, or any combination thereof.
Any method hereof may further comprise, by the or each selected device: receiving, by the selected device, the URL request from the client device in response to the client device sending the URL request; and obtaining, by the selected web server device, M times, where M>1 or M=1, for a second response until the second response is determined to be a correct response. Each of the M times searches may include: the selected device sending the URL request to the web server; receiving, by the selected device, the second response from the web server in response to sending the URL request to the web server; and checking and determining whether the second response is an appropriate response that understands the content; sensitive to determine that the second response is a correct response, sending the content from the selected device to the client device; and responding to the determination that the first response is not a correct response by sending another error message from the selected device to the client device, determining that the further error message is not a correct answer. The number M can be equal to or greater than 1, 2, 3, 4, 5, 7, 10, 15, 20, 25, 30, 40, 50, or 100. In addition, the number M can be less than 2. 3, 4, 5, 7, 10, 15, 20, 25, 30, 40, 50, 100, 150 or 200.
Multiple search claims
Each method in this document can be used to search the Internet for a first device for content that can be stored on a web server and identified by a Uniform Resource Locator (URL). Any method described herein may include: first searching for a first response via the first device using a first search scheme; Check to see if the first answer is an appropriate answer that understands the content; respond to determine whether the initial response is appropriate using the content received. Each method may further include a response to determine that the first response is not a correct response by performing the steps of: the first device second searching for a second response using a second search scheme that is different than the first search scheme; checking to determine if the second response is an appropriate response that understands the content; respond to determine that the second answer is a correct answer using the content received. Each method may further include a response to determine that the second response is not an appropriate response by performing the steps of: the first device thirdly searching for a third response using a third search scheme that differs from the first search scheme, and the second search scheme; Check to see if the third answer is an appropriate answer that understands the content; receptively determining that the third response is an appropriate response using the content received; and responsive to determining that the third response is not an appropriate response, the first device performing a first action. Each method in this document may further include the first device of a server device receiving a URL request.
Here, each first action may further include a fourth paging by the first device, a fourth response using a fourth paging pattern, which may be different from the first paging pattern, the second paging pattern, and the third paging pattern. Alternatively or additionally, each first action herein may further comprise checking to determine whether the fourth answer is a correct answer understanding the content; and receptive to determining that the fourth response is an appropriate response using the received content. Each of the first, second or third retrieval schemes can be a direct retrieval scheme or a non-direct retrieval scheme, and each non-direct retrieval scheme can be a proxy server-based retrieval scheme, a proxy server (DC) data center tunnel-based paging scheme or a tunnel-based paging scheme.
Each first device herein may be addressed on the Internet using an IP address, and at least one of the first, second, or third paging scheme may be a direct paging scheme, which may consist of or include forwarding through the first device to the web server a URL request containing the IP address; and receiving, by the first web server device, the respective first, second, or third response; The URL request sent by the first device can be received by the web server as is, allowing the web server to know the IP address of the first device.
At least one of the first, second, or third retrieval scheme may be a non-direct retrieval scheme, which may consist of or include: the first device sending a URL request that responds to the URL; receiving the URL request containing a different IP address than the IP address of the first device from the web server; the web server sending the content in response to the received URL request; and receive, by the first device, the content. The URL request received from the web server may not contain the IP address of the first device, so the IP address of the first device may be unknown to the web server.
Any method herein may also be used with a second device acting as an intermediate device, and any non-direct retrieval scheme may consist of or may include: the first device sending the URL request, which may be a URL, to the second device sensitive ; the second device sending the URL request to the web server; receive via the web server of the second device the URL request; sending the content via the web server to the second device in response to the received URL request; and receiving, by the second device, the content from the web server; the second device sending the content to the first device; and receiving, by the first device, the content from the second device.
Any non-direct paging scheme herein may consist of or include a proxy server paging scheme, wherein the second device consists of, includes, is part of, or is integrated with a server device . Each server device herein may consist of, include, be part of, or be integrated with a proxy server, which may consist of, include, be part of, or integrated with an HTTP proxy server, a web proxy, a Caching proxy, an open source caching proxy, a cloud-based proxy, an open proxy, a forward proxy, a reverse proxy, a transparent proxy, a non-transparent proxy, an anonymous proxy, a translation proxy , a SOCKS proxy, CGI web proxy, suffix proxy, anonymous I2P proxy, DNS proxy, or any combination thereof.
Any method herein may be used with a list of IP addresses stored on the second device, and any method herein may further include the first or second device selecting an IP address from the list and including the URL request the selected IP to the web server sends address as the source address. Each non-direct paging scheme in this document may consist of or comprise a data center (DC) based proxy server paging scheme and the second device may consist of, comprise, a part of a proxy server paging scheme be or be embedded com, a server appliance using selected IP address as source destination.
Any method here may be used with virtualization, and each device here, such as the second device, may consist of, may be part of, or integrated with a server device that may virtualize a client device , which is controlled by the IP address selected. Any client device virtualization can be performed as part of a virtual machine (VM), and the method can be used with a host computer capable of implementing the VM, the method further allowing the host computer to run a hypervisor or the like includes virtual machine. Monitor (VMM). Any virtualization included in this document may include, be based on, or use full virtualization, para-virtualization, or hardware-assisted virtualization.
Any method can be used here with a group of devices, and each of the IP addresses in the list can be associated with a different device in the group, and the second device can consist of, can include, can be part of, or can be in a server appliance can be integrated. Any non-direct paging scheme in this document may consist of or include a tunnel-based paging scheme, which may consist of or include: selecting a device from the group by selecting the IP address from the associated list with the selected device; the second device sending the URL request to the selected device; receive, through the selected device, the URL request; the selected device sending the URL request to the web server; receive the URL request via the web server of the selected device; the web server sending the content to the selected device in response to the received URL request; and receiving, by the selected device, the content from the web server; the selected device sending the content to the second device; receive through the second device of the selected device the content; the sending device sending the content to the first device; and receiving, by the first device, the content from the second device. Each method herein can be used with a group of multiple devices, which can include the first device, and each method can further include selecting the first device in the group.
The first, second, or third search may include searching N times, where N>1 or N=1, the respective first, second, or third response by the first device using the respective first, second, or third search scheme until the the respective first, second or third answer is determined as an appropriate answer. Each of the N lookups may include: the first device sending the URL request; and receiving, by the first device, the first response in response to sending the URL request. Sending may include sending to the web server and receiving may include receiving the web server. Alternatively or additionally, sending may include sending to an additional device, which may be different from the web server, and receiving may include receiving from the additional device. The number N can be greater than or equal to 1, 2, 3, 4, 5, 7, 10, 15, 20, 25, 30, 40, 50, or 100. In addition, the number N can be less than 2. 3, 4, 5, 7, 10, 15, 20, 25, 30, 40, 50, 100, 150 or 200.
The first device may consist of, comprise, or be part of a client device in a client/server architecture and may be housed in a single housing, which may be a portable housing or a portable housing. Each client device in this document can be a laptop, notebook computer, media player, digital still camera (DSC), digital video camera (DVC or digital camcorder), personal digital assistant (PDA), cellular phone, digital camera, a Video recorder or a smartphone, which may include or be based on an Apple iPhone 6 or a Samsung Galaxy S6.
Each method in this document may further include the first device receiving a URL request from a client device. Each method in this document may be used with a web browser, and may further comprise identifying, by the client device, the URL requested by the web browser; the client device sending the URL request to the first device; and receiving, by the first device, the URL request from the client device, and the first retrieval may be responsive to receiving the URL request from the client device. Any use of the received content may involve the first device sending the received content to the client device. Each method in this document may further include storing, operating, or using the web browser by the client device, and the URL identification by the web browser may be performed as part of a plug-in or extension built into the web browser. Performing the first action may include the first device sending an error message to the client device.
Any method herein may further include obtaining, by the client device, M times, where M>1 or M=1, for a fourth response until it is determined that the fourth response is not the error message. Each of the M times searches may include: the client device sending the URL request to the first device; receiving the fourth response by the client device of the first device; checking and determining whether the fourth answer is a correct answer that understands the content or whether the fourth answer is the error message; and receptive to determining that the fourth response is an appropriate response using the content via the web browser.
Content Comparison Claims
Any method herein can be used to search a first device, which can be a server device or a client device, over the Internet for content that can be stored on a web server and identified by a Uniform Resource Locator (URL). Each method herein may comprise: first retrieving, by the first device, a first content, wherein the web server receives a URL request using a first IP address as the source address on the first retrieval; storing, by the first device, the first extracted content; second retrieval by the first device of the second content, wherein in the second retrieval the URL request is received from the web server using a second IP address as the source address, the second IP address being different than the first IP address; comparing the first stored extracted content and the second extracted content; sensitive to determining that the first and second contents are identical using the obtained contents; and in response to determining that the first and second content are not identical, performing a first action using the first device.
Each method here may be preceded by an N number of retrievals by the first device, and each of the N retrievals may include a URL retrieval. Alternatively or additionally, each of the N pull times may include pulls from the web server. The number N can be equal to or greater than 2, 3, 4, 5, 6, 7, 8, 9, 10, 12, 15, 20, 50, 70, 100, 150, 200, 250, 300, 400, 500 , 700, or 1000. Also, the number N can be less than 3, 4, 5, 6, 7, 8, 9, 10, 12, 15, 20, 50, 70, 100, 150, 200, 250, 300, 400 , 500, 700, 1000 or 2000.
Each method in this document may further include the first device receiving the URL request from a second device. Each first action here can include sending an error message to the second device. In addition, any use of the received content may involve sending the received content to the second device. The first search may use or be based on a first search scheme and the second search may use or be based on a second search scheme, which may differ from the first search scheme. Each search here, like the first search, can use or be based on a direct search scheme. Each search here, like the second search, can use or be based on a non-direct search scheme. Each non-direct retrieval scheme in this document may be a proxy server-based retrieval scheme, a data center (DC) proxy server-based retrieval scheme, or a tunnel-based retrieval scheme. In the get-forward scheme here, the web server can receive the URL request using an IP address of the first device as the source address. One of the first and second IP addresses may include or consist of an IP address of the first device.
The first device can be addressed on the Internet using an IP address, and one of the first and second lookups can use a direct lookup scheme, which may consist of or include: the first device sends to the web server a request URL that contains the IP address of the first device; and receiving the respective content from the web server by the first device, and the URL request sent from the first device can be received by the web server as is, so that the web server knows the IP address of the first device.
Alternatively or additionally, the first device on the Internet may be addressed using an IP address, and either the first or second paging may use a non-direct paging scheme, which may consist of or include: broadcast, by the first device , request url; receiving the URL request containing a different IP address than the IP address of the first device from the web server; the web server sending the content in response to the received URL request; and the first device receiving the content and the URL request received from the web server does not include the IP address of the first device such that the IP address of the first device is unknown to the web server. Any method herein may also be used with a second device that may serve as an intermediate device, and any non-direct retrieval scheme herein may consist of or may include: the first device sending the URL request to the second device; receiving, by the second device, the URL request; the second device sending the URL request to the web server; receive via the web server of the second device the URL request; sending the content via the web server to the second device in response to the received URL request; and receive the content by the second web server device; the second device sending the content to the first device; and the first device receiving the received content from the second device.
Any non-direct paging scheme herein may consist of or include a proxy server paging scheme, and the second device may consist of, include, be part of, or be integrated with a server device, which may consist may include, be part of, or integrated with a proxy server. Each proxy server in this document can be selected from an HTTP proxy server, web proxy server, caching proxy, open source caching proxy server, cloud-based proxy server, open proxy server, Forward proxy server, reverse proxy server, transparent proxy server, non-transparent proxy server, anonymous proxy server, translation proxy server, SOCKS proxy server, CGI web proxy server, suffix -proxy server, an anonymous I2P proxy server, a DNS proxy server, or any combination thereof. The second device that sends the URL request to the web server can use the IP address of the server device as the source address.
Any method herein may be used with a list of IP addresses stored on the second device, and any method herein may further include the first device selecting an IP address from the list and the URL request to the web server sends can use the selected IP address as the source address. Any non-direct paging scheme herein may use or be based on a data center (DC)-based proxy server paging scheme, and the second device may consist of, comprise, be part of, or be integrated with the data center (DC ) based proxy server. Any method involving virtualization can be used here, and the second device can consist of, comprise, be part of, or be integrated into a server device that can virtualize a client device addressed by the selected IP address. Each client device virtualization in this document can be performed as part of a virtual machine (VM) and can use a host computer that can implement the VM, and each method in this document can further include that the host computer has a hypervisor or running a virtual monitoring machine (VMM). Any virtualization included in this document may include, be based on, or use full virtualization, para-virtualization, or hardware-assisted virtualization.
Any method with a group of devices can be used here, each of the IP addresses in the list can be assigned to a different device in the group, the second device can consist of a server, be part of it or be integrated into a server device and any non-direct paging scheme herein may consist of or include a tunnel-based paging scheme, which may consist of or include: selecting a device from the group by selecting its IP address from the list associated with the selected device; the second device sending the URL request to the selected device; receive, through the selected device, the URL request; the selected device sending the URL request to the web server; receive the URL request via the web server of the selected device; the web server sending the content to the selected device in response to the received URL request; receive the content from the web server through the selected device; the selected device sending the content to the second device; receive through the second device of the selected device the content; the sending device sending the content to the first device; and receiving, by the first device, the content from the second device. Each first device herein may consist of, comprise, or be part of a client device in a client/server architecture and may be housed in a single housing, which may be a portable housing or a portable housing.
Any method hereof may further include storing, operating or using by the first device a web browser which may consist of, include or be based on Microsoft Internet Explorer, Google Chrome, Opera™ or Mozilla Firefox ®. Each web browser in this document may be a mobile web browser, which may consist of, include, or be based on Safari, Opera Mini™, or Android web browsers. Any initial action here may include returning an error message to the web browser, and any use of the retrieved content may include the web browser's use of the retrieved content.
Any method hereof may further comprise receiving, by the first device, the URL request from a client device and may be used with a web browser on the client device, further comprising: identifying, by the client device, the URL request URL the web browser; the client device sending the URL request to the first device; and receiving the URL request by the first device of the client device. The first search may be responsive to receiving the URL request from the client device. Using the retrieved content may include the first device sending the retrieved content to the client device. Each method in this document may further include storing, operating, or using the web browser by the client device. Any identification of the URL by the web browser may occur as part of a web browser built-in plug-in or extension. Each performance of the first action may include the first device sending an error message to the client device.
Any server included in this document may consist of, be part of, or integrated with a proxy server. Each proxy server in this document can be selected from an HTTP proxy server, web proxy server, caching proxy, open source caching proxy server, cloud-based proxy server, open proxy server, Forward proxy server, reverse proxy server, transparent proxy server, non-transparent proxy server, anonymous proxy server, translation proxy server, SOCKS proxy server, CGI web proxy server, suffix -proxy server, an anonymous I2P proxy server, a DNS proxy server, or any combination thereof. Any method can be used here to bypass the blocking, e.g. B. when a lookahead scheme fails due to geo-blocking, web censorship, Man-In-The-Middle (MITM) attack, or firewall.
A method of obtaining content identified by a content identifier for a client device from a web server using tunneling devices may be used. The method can be used with a first and a second server and a group of tunnel devices connected to the Internet, each Internet addressable using a respective IP address, and the first server can provide a list of the IP addresses assigned to the devices. save addresses . tunnels in the group. The method may include sending, by the client device, to the second server, a request message that includes the content identifier; receiving the request message by the second server of the client device; the second server sending a first message to the first server; receiving, by the first server, the first message from the second server; selecting, by the first server, an IP address associated with a tunnel device from the list of tunnel devices in response to the first received message; the first server sending a second message to the selected tunnel device using an IP address of the first selected tunnel device; receiving the second message by the selected tunneling device of the first server; the selected tunneling device sending a content request including the content identifier to the web server; receiving, by the selected tunnel device, the content in response to the content request from the web server; sending the content through the selected tunnel device to the second server; receiving the content by the second server of the selected tunnel device; send the content to the client device through the second server; and receiving, by the client device of the second server, the content in response to the request message.
Each list here, such as the list of IP addresses, may include or consist of multiple different lists, and each of the multiple different lists may include one or more of the IP addresses that may be associated with tunnel devices in the group. Any list of IP addresses contained in this document may contain or consist of at least 2, 3, 4, 5, 8, 10, 20, 30, 50, 80, 100, 120, 150, 200, 300, 500, 1,000, 2,000, 3,000, 5,000, 10,000, 20,000, 30,000, 50,000 or 100,000 different lists. Alternatively or additionally, each list of IP addresses in this document may contain or consist of less than 3, 4, 5, 8, 10, 20, 30, 50, 80, 100, 120, 150, 200, 300. 500 , 1000, 2000, 3000, 5000, 10,000, 20,000, 30,000, 50,000, 100,000 or 200,000 different lists. Any list of IP addresses here, like at least one list of several different lists here, can contain at least 1, 2, 3, 4, 5, 8, 10, 12, 15, 20, 20, 30, 50, 80, 100, 120, 150, 200, 500, 1000, 2000, 5000 or 10000 IP addresses or less than 2, 3, 4, 5, 8, 10, 12, 15, 20, 20, 30, 50, 80, 100, 120 , 150, 200, 500, 1000, 2000, 5000, 10000 or 20000 IP addresses. Each of the many different lists in this document can contain at least 1, 2, 5, 8, 10, 12, 15, 20, 20, 30, 50, 80, 100, 120, 150, 200, 500, 1,000, 2,000, 5,000 or 10,000 IP addresses or less than 2, 3, 4, 5, 8, 10, 12, 15, 20, 20, 30, 50, 80, 100, 120, 150, 200, 500, 1,000, 2,000, 5,000, 10,000 or 20,000 IP addresses.
Any two lists here, such as at least the first and second lists of the various separate lists, may be mutually exclusive such that any IP address included in the first list may not be part of the second list. Additionally, some or all of the lists of the multiple distinct lists may be mutually exclusive, whereby each of the IP addresses included in one of the lists cannot be part of any other list of the multiple distinct lists. Any two lists here, such as at least the first and second lists of multiple different lists, cannot be mutually exclusive, so at least one of the IP addresses included in the first list can be part of the second list. Additionally, all of the lists in the multiple distinct lists may not be mutually exclusive, and at least one of the IP addresses included in one list may be part of another list of the multiple distinct lists.
Each list here, like any list with multiple distinct lists, can contain a single IP address, and at least two lists with multiple distinct lists can contain a single IP address. At least two lists from several different lists can contain the same number of IP addresses. Also, at least 3, 5, 8, 10, 15, 20, 30, 50, 100, 200, 300, 500, 1,000, 5,000, or 10,000 lists can contain the same number of IP addresses. Alternatively or additionally at least 1%, 2%, 3%, 5%, 10%, 15%, 20%, 25%, 30%, 35%, 40%, 45%, 50%, 55%, 60%, 70% %, 80%, or 90% of the lists in multiple different lists can contain the same number of IP addresses, or all lists in multiple different lists can contain the same number of IP addresses. Any IP address here, or any tunnel device mapped here, from any list, such as at least one list of several different lists, may be mapped to the same value or range of values of an attribute type. In addition, any IP address or associated tunnel device from any of several different lists can be mapped to the same attribute type value or range of values. In addition, each value in this document may include a numeric value or identifier of a characteristic, attribute, trait, or property of the attribute type, and each range of values in this document may include a range of numeric values or identifiers a characteristic, an attribute, characteristic or a property of the attribute type.
Each attribute type included in this document may include a geographic location, and each value included in this document may include a name or identifier of a continent, country, region, city, street, zip code, or time zone. Alternatively or additionally, each attribute type herein may include an Internet Service Provider (ISP) or an Autonomous System Number (ASN), and each value herein may include an ISP name and identifier, respectively, or an ASN number. Alternatively or additionally, any type of attribute herein may correspond to hardware or software tunneling devices. Alternatively or additionally, each attribute type herein may correspond to a communication property, type or function of a communication link of any device, such as any tunneling device. Alternatively or additionally, any type of attribute here may correspond to an operating system of any device, such as e.g. B. tunnel devices. Alternatively or additionally, any type of attribute here may correspond to an RTT of the tunneling devices. Alternatively or additionally, each attribute type herein may correspond to a content type, and each content type value may include video data, audio data, and no multimedia web page. Each method here can be used with multiple web servers, and each attribute type can correspond to one web server of multiple web servers, and the values include a web server identifier, and each identifier here can contain a web server IP address, a domain name, a website name, or a URL.
Any selection here of any IP address from any list may involve selecting one from several different lists; and selecting an IP address from the selected list. Each selection of any IP address from any selected list may be load-balanced and may be based on or use random, quasi-random, or deterministic selection. Alternatively or additionally, any selection of any list from any other multiple list, or any selection of any IP address from any selected list, may be based on or use a random selection, which may use one or more random numbers generated by random numbers. . Any random number generator here could be hardware based and could use thermal noise, shot noise, nuclear decay radiation, photoelectric effect or quantum phenomena. Alternatively or additionally, any random number generator herein may be software based and rely on an algorithm being run to generate pseudo-random numbers.
In addition, any selection from any list of multiple different lists, or any selection of any IP address from any selected list, may be based on or use Last In First Out (LIFO) or First In First Out (FIFO). Here, alternatively or additionally, any selection of any IP address from any selected list may be based on or use sequential or cyclic selection. Each message here, such as the first message, may include a criterion, and each selection here from any list or any other multiple list may be based on, use, or responsive to the criteria. Any choice here from any list of several different lists can be based on load balancing. Here, alternatively or additionally, any selection from any list or any other multiple list may be based on or use random selection, sequential selection or cyclic selection. Each message here, such as the first message, may include a criterion, and each selection here from the list of several different lists may be based on, use, or be responsive to the criteria.
Any device here, such as the client device, may be associated with any list from any other multiple list, and any selection here from any list from any other multiple list may include selecting the list corresponding to the client device can be assigned. Each method here can be used with multiple client devices, and each list of multiple different lists can be associated with one of multiple client devices. Also, any one of multiple client devices may be selected here, and each selection here from any one of any multiple other lists may include a selection from the list that may be associated with the selected client device. In addition, each of the different client devices can be assigned a list with several different lists.
A different value or a range of different values of an attribute type can be assigned to each IP address or each associated tunnel device from at least two lists or from several different lists. Also, like the first message, each message here can include a value or range of values of the attribute type, and each selection here from any list or any other multilist can be based on, can be made in response to, or can use the value or range of values used in the first message, and any selection here from any list of several different lists may involve selection of the list that may be associated with the value or range of values in the first message. Alternatively or additionally, each message here may, like the first message, include a client device identifier, and any selection here from any list of any other multiple list may be based on, may be a response to, or may use the identifier the client device, which may contain, use or be based on the IP address of the client device.
Any web server here, content here, or content identifier here may be associated with a list of multiple distinct lists, and any selection here of any list of any multiple distinct list may include selection of the list that may be associated with the web. server, content, or content identifier. Each method in this document may be used with multiple web servers or multiple content, each associated with a corresponding content identifier, and each list of any other multiple list may be associated with a corresponding multiple web server or multiple content. In addition, each web server here or content here may be selected from the various web servers or the various contents, respectively, and any selection here from any list of multiple other lists may include a selection from the list that may be associated with the web. Server or selected content. Alternatively or additionally, each of the multiple web servers or multiple content can be associated with one of the multiple different lists.
Any method herein may further include defining, forming, maintaining, or storing at least one list of multiple distinct lists or all lists of multiple distinct lists. Any configuration, training, maintenance or storage here can be performed from any device or devices here, such as the first server, the second server or the client device. Additionally, any method herein may further include updating any list, such as B. updating at least one list of several different lists. Any method herein may further include updating at least 2, 3, 5, 8, 10, 15, 20, 30, 50, 100, 200, 300, 500, 1000, 5000, or 10,000 lists of multiple different lists, or updating at least minus 1%, 2%, 3%, 5%, 10%, 15%, 20%, 25%, 30%, 35%, 40%, 45%, 50%, 55%, 60%, 70%, 80 % or 90% of the lists of the various lists.
Alternatively or additionally, any method herein may further include forming, maintaining, or storing all lists of any one or more other lists. Alternatively or additionally, each update to any list may include adding an IP address to the list or removing an IP address from the list. Each update contained in this document may be at least 1 minute, 2 minutes, 5 minutes, 10 minutes, 20 minutes, 30 minutes, 1 hour, 2 hours, 5 hours, 10 hours, 1 day, 2 days, 4 days, 1 week, 2 weeks, 3 weeks, 1 month, 2 months or 6 months after any workout, environment, workout or storage. Additionally, each update contained in this document may be less than 1 minute, 2 minutes, 5 minutes, 10 minutes, 20 minutes, 30 minutes, 1 hour, 2 hours, 5 hours, 10 hours, 1 day, 2 days, 4 days. . 1 week, 2 weeks, 3 weeks, 1 month, 2 months or 6 months after setup, customization, configuration or storage. Alternatively or additionally, at least two lists or all lists of several different lists may not be updated or changed for at least 1 minute, 2 minutes, 5 minutes, 10 minutes, 20 minutes, 30 minutes, 1 hour, 2 hours, 5 hours, 10 hours, 1 day, 2 days, 4 days, 1 week, 2 weeks, 3 weeks, 1 month, 2 months, or 6 months since the last creation, configuration, creation, or storage. Any update contained in this document may include a regular update, which may be at least every 1 minute, 2 minutes, 5 minutes, 10 minutes, 20 minutes, 30 minutes, 1 hour, 2 hours, 5 hours, 10 hours, 1 day, 2 days, 4 days, 1 week, 2 weeks, 3 weeks, 1 month, 2 months or 6 months or any less than 1 minute, 2 minutes, 5 minutes, 10 minutes, 20 minutes, 30 minutes, 1 hour, 2 hours , 5 hours, 10 hours, 1 day, 2 days, 4 days, 1 week, 2 weeks, 3 weeks, 1 month, 2 months or 6 months.
Any selection here from any list of several different lists, or any selection here from any IP address from any selected list, may be based on, or may be in response to, a moment of action or event. Any action contained in this document may include an action of any device or device in this document, such as: B. any client device, any first server, any second server, any web server or any selected tunnel device. Any event here may be an event affecting or detected by any device or device here, such as any client device, any first server, any second server, any web server, or any selected tunnel device. Each point in time in this document can contain the time at the respective location of the selected client device, first server, second server, web server or tunnel device. Any action contained herein may include any receipt or transmission of any message over the Internet, such as B. being sent or received by any device or application here, such as e.g. B. any client device, any first server, any second server, any web server or any selected tunnel device. . Alternatively or additionally, each action herein may include any selection of any list from any multiple distinct list, or any selection of any IP address from any selected list.
At least one list from any other multiple list may be associated with time information, and any selection here from any list from any other multiple list may be based on time versus the associated time information of at least minus or in accordance with time a list. At least 3, 5, 8, 10, 15, 20, 30, 50, 100, 200, 300, 500, 1,000, 5,000 or 10,000 lists of any different multiple lists can be assigned different time information or at least 1%, 2%, 3%, 5%, 10%, 15%, 20%, 25%, 30%, 35%, 40%, 45%, 50%, 55%, 60%, 70%, 80% , or 90% of any list of any different multiple lists can be assigned to different time information. Any selection here from any list or any other multiple list may be based on or consistent with time versus the associated time information of the lists. Each time reference in this document may include a month, a week, a day of the week, an hour of a day, or a minute of an hour, and may contain any number of separate listings in this document at a minimum7separate lists, each associated with a different day of the week. Alternatively or additionally, any separate multiple listings in this document may include at least one24separate lists, each associated with at least one different time of day. Also, each time here may include a month, a week, a day of the week, an hour of a day, or a minute of an hour.
Any method herein can be used with a first device that can be connected to the internet and be addressable to the internet using a first IP address. Each method described in this document may further comprise the first device sending a third message to the first server; and receiving the third message by the first server of the first device. Additionally, each method herein may further include adding the IP address of the first device to a single list, two or more lists, any other multiple list. Any method herein may be used with a first internet-connectable and internet-addressable device using a first IP address and may further include forming or adding another list to the various other lists. Additionally, any method herein may further include forming or adding an additional list to the multiple different lists that includes the first IP address. Alternatively or additionally, any method described herein may further comprise the first device sending a third message to the first server; and receiving the third message by the first server of the first device. Any formation or addition here from the additional list can be unlocked to receive the third message.
Any selection here of any IP address from any list may involve selecting one from several different lists; Select an IP address from the selected list; verifying the availability of the device associated with the selected IP address to serve as a tunnel device; and in response to the unavailability of the selected device, to serve as a tunnel device by selecting and using another IP address from the selected list. Alternatively or additionally, any selection contained herein of any IP address from any list may include selection of a list of multiple other lists; Check the availability of all devices associated with the IP addresses in the selected list to serve as a tunnel device; and sensitive to the availability of a device to serve as a tunnel device by selecting and using the IP address of the available device. Alternatively or additionally, any selection contained herein of any IP address from any list may include selection of a list of multiple other lists; Check the availability of all devices associated with the IP addresses in the selected list to serve as a tunnel device; and in response to the unavailability of a device on the list selected to serve as a tunnel device, by adding and using an additional IP address of an available device. At least2Lists of each different multiple list can be identified here by a respective different identifier. Alternatively or additionally, each list of any number of different lists can be identified by a respective different identifier. Each identifier here can contain a string, an alphanumeric string, a number, or an IP address.
Each list of IP addresses contained in this document may include or consist of several different collections, and each collection may contain one or more lists containing several different lists. For example, two or more collections can have more than 1, 2, 5, 10, 12, 15, 20, 20, 30, 50, 80, 100, 120, 150, 200, 500, 1000, 2000, 5000 or more than 10,000 lists or two or more collections may contain less than 5, 10, 12, 15, 20, 20, 30, 50, 80, 100, 120, 150, 200, 500, 1,000, 2,000, 5,000, 10,000 or less than 20 000 lists. Additionally, each collection can contain more than 1, 2, 5, 10, 12, 15, 20, 20, 30, 50, 80, 100, 120, 150, 200, 500, 1,000, 2,000, 5,000, or 10,000 lists or fewer as 5, 10, 12, 15, 20, 20, 30, 50, 80, 100, 120, 150, 200, 500, 1,000, 2,000, 5,000, 10,000 or 20,000 lists.
Any method here may be used with a mapping function, and each list here of any multiple distinct list here may be mapped or identified by a unique value that may result from the mapping function in the IP addresses or unique values assigned to the devices are corresponding tunnels. All unique values here can be numeric values that can correspond to a feature, an attribute, a trait or property of an attribute type, or any combination thereof. Alternatively or additionally, each unique value herein can be a numeric value, which is a random value or can be assigned sequentially. Each mapping function here may consist of, include, or be based on a hash function, and each unique value here may be a hash value. Each hash function herein may consist of, include, or be based on a checksum, check digit, fingerprint, lossy compression, scrambling, error correction code, or encryption. In addition, each hash function herein may consist of, be part of, or be based on a Secure Hash Algorithm (SHA) or a modulo-N function or operation, and each hash function herein may be in accordance with, based on, or based on be compatible. with the IEEE 754-1985 standard. The number N can be the number of lists in several different lists and can be greater than or equal to 1, 2, 5, 10, 12, 15, 20, 20, 30, 50, 80, 100, 120, 150, 200, 500 , 1,000, 2,000, 5,000 or 10,000 or less than or equal to 5, 10, 12, 15, 20, 20, 30, 50, 80, 100, 120, 150, 200, 500, 1,000, 2,000 , 5,000 , 10,2000 or 10,2000 or 10,2000 .
Any method herein can be used with a first device that can be connected to the internet and be addressable to the internet using a first IP address. The method may further include the first device sending a third message to the first server; receiving the third message by the first server of the first device; and store at the first server the first IP address in the list and add the first device to the tunnel device group so that the first device can be selected as a tunnel device as part of the selection by the first server. The third message may include at least one value related to at least one attribute type associated with the first device. Any method hereof may further comprise storing at least one value associated with the first device or the first IP address in the first server, establishing a connection between the first server and the first device, and the first server initiating communication with the first device over the established connection. Any connection or connection established herein may be a TCP connection using Active OPEN, Passive OPEN, a TCP keep-alive mechanism, or may use or be based on a Virtual Private Network (VPN).
Any method described in this document may further comprise, for each of the tunneling devices in the group, the tunneling device sending a third message to the first server; receiving the third message by the first server of the tunneling device; and store at the first server the IP address of the tunnel device in the list and add the tunnel device to the tunnel device group so that the tunnel device can be selected as the tunnel device as part of the selection by a part of the first server. The third message may include at least one value related to at least one attribute type associated with the tunneling device. Any method hereof may further comprise storing in the first server at least one of a value associated with the tunneling device and the IP address of the tunneling device. Any method herein may further include establishing a connection between the first server and the tunneling device, and the first server may initiate communication with the tunneling device using the established connection, and the established connection may be a TCP connection that is OPEN Active ' used. , 'Passive OPEN' or TCP keepalive mechanism, can either use or be based on a virtual private network (VPN).
Each of the messages included in this document, such as the first and second messages, may include the content identifier, and the selected tunnel device sending the content request with the content identifier to the web server may be in response to the second message. receive. Sending the content to the second server via the selected tunneling device may include sending the content to the first server via the selected tunneling device; receiving the content by the first server of the selected tunnel device; the first server sending the content to the second server; and receiving, by the second server, the content from the first server.
Each message here, like the second message, can contain the IP address of the second server. In response to receipt of the second message, any method described herein may include the selected tunneling device initiating a communication with the second server. The initiation of communication by the selected tunnel device may use or be based on the Network Address Translator (NAT) traversal scheme, which may be specified, based on, or use the Working Group Request Internet Engineering Standards (IETF). for comments (RFC) 2663, IETF RFC 3715, IETF RFC 3947, IETF RFC 5128, IETF RFC 5245, IETF RFC 5389 or IETF RFC 7350. Alternatively or additionally, any NAT traversal scheme herein may conform to, may be based on, or Traversal using Relays around NAT (TURN), Socket Secure (SOCKS), WebSocket (ws) or WebSocket Secure (wss), NAT 'punching', Session Traversal Utilities for NAT (STUN), Interactive Connectivity Establishment (ICE ) , UPnP Internet Gateway Device Protocol (IGDP) or Application Level Gateway (ALG).
In response to a communication initiated by the selected tunnel device, any method herein may further comprise the second server sending the content identifier to the selected tunnel device and the selected tunnel device sending the web request for the content, may in response to receiving the content identifier from the second server. Alternatively or additionally, the selected tunnel device sending the content to the second server may include the selected tunnel device sending the content to the second server using the initiated communication.
Any communication over the Internet between the selected tunnel device and the second server may be based on, use, or support the Transmission Control Protocol over Internet Protocol (TCP/IP) protocol or connection. Any communication over the Internet between the selected tunnel device and the second server can be based on it, can use or support the HTTP or HTTPS protocol or connection, and the second server can serve as an HTTP or HTTPS server, respectively, and the tunnel is selected can serve as HTTP or HTTPS client.
Any communication over the Internet between the selected tunnel device and the second server may be based on, use or support the Secure Sockets (SOCKS) protocol or connection, and the second server may serve as a SOCKS server and the selected tunnel device may serve as SOCKS customer. Any SOCKS protocol or connection in this document may conform to, be based on, or compatible with SOCKS4, SOCKS4a, or SOCKS5. Alternatively or additionally, any SOCKS protocol or connection in this document may conform to, be based on, or be compatible with IETF RFC 1928, IETF RFC 1929, IETF RFC 1961, or IETF RFC 3089. Alternatively or additionally, any communication between any two entities herein, such as over the Internet between the selected tunnel device and the second server, may be based on Socket Secure (SOCKS) or WebSocket (ws), which may be WebSocket Secure (wss). or support, protocol or connection, and the second server can serve as a SOCKS or WebSocket server and the selected tunnel device as a WebSocket client. Any WebSocket protocol or connection in this document may conform to, be based on, or be compatible with IETF RFC 6455. serve clients. Any method described herein may further include establishing a connection between the second server and the selected tunneling device, and the second server may initiate communication with the selected tunneling device using the established connection.
Any method described in this document may further comprise the second server sending the IP address of the selected tunnel device to the client device; receiving, by the second server client device, the IP address of the selected tunnel device; and storing, by the client device, the IP address received from the selected tunnel device. Any method with a first IP address stored in the client device can be used here and the request message can include the first IP address. The first message may include the first IP address, and the first server may select the tunnel device from the list of tunnel devices based on or in response to the first IP address received. Any selection made here by the first tunnel device server may include selecting a tunnel device with the first IP address.
Each first tunneling device in the group can operate in various states, which can include an idle state and non-idle states. Each method herein may further include the first responsive tunneling device being in one of the non-idle states and determining whether an idle condition is met; in response to determining that the idle condition is met, transitioning to the idle state; in response to being in a sleep state, determining whether a sleep condition is met; and in response to determining that the idle condition is not met, transitioning to one of the non-idle states. The first tunnel device may be selected by the first server in response to the first tunnel device being in an idle state. Each method herein may further comprise receiving, by the first server of the first tunneling device, a message in response to the status of the first tunneling device; and the first tunneling device is selectable by the first server in response to the idle state of the first tunneling device.
Any method described herein may further comprise the first tunneling device sending a first status message to the first server in response to the change to the idle state; and sending a second status message by the first tunneling device to the first server in response to the change to a non-idle state. The first tunnel device can be selected by the first server in response to the first or the second status message. Each method described in this document may further include the first server of the first tunneling device receiving the first status message; and adding the IP address of the first tunnel device to the IP address list in response to the first received status message. Each method described in this document may further include the first server of the first tunneling device receiving the second status message; and removing the IP address of the first tunneling device from the IP address list in response to the received second status message. Any method herein may be used with an additional idle condition, and each determination herein may include determining whether the idle condition and the additional idle condition are met.
Any method herein may further include operating an operating system or a program process or thread through the first tunneling device, and each sleep condition herein may be determined to be true based on or in accordance with activation or execution of the process or thread. by the operating system or program. The process or thread may contain a background or low-priority task, an idle process, or a screen saver. In addition, the process or thread may involve using the full screen for display. Any method herein may further comprise monitoring or measuring a resource utilization by the first tunneling device and determining that each downtime condition herein is met based on or in accordance with the monitored or measured resource utilization being below a threshold, and the Resource utilization may include utilization of a processor in the first tunneling device. Each tunneling device herein, such as the first tunneling device, may include an input device to receive input from a human user or operator, and any method herein may further include detecting input through any tunneling device (or the first tunneling device). Using the input device, and each idle state herein, may be determined to be true based on or in accordance with no input being received from the input device for a predefined time interval. Each input device herein may include a pointing device, keyboard, touch screen, or microphone.
Each tunnel device herein, such as the first tunnel device, may include a motion sensor for detecting movement, acceleration, vibration, or change in position of the first tunnel device, and each method herein may further include detecting a tunnel device tunnel (or the first tunnel device) using the motion sensor, respectively initial movement of the tunneling device, acceleration, vibration, or change of position, and any idle conditions herein based on or according to the respective movement, vibration, movement, vibration, acceleration, or change of location below a threshold. Each motion sensor herein may include an accelerometer, gyroscope, vibration sensor, or GPS (Global Positioning System) receiver.
Each tunneling device herein, like the first tunneling device, may include a network interface or network transceiver for communicating over a network (such as the Internet), and each method herein may further include a measurement by any tunneling device (or the first tunneling device), a data set, that is sent or received from the network during a time interval and any idle conditions here may be determined to be true based on the measured amount of data below a threshold level. Each tunnel device herein, such as the first tunnel device, may include a battery, and any method herein may further include measuring or detecting a battery charge level and any interrupt conditions herein by any tunnel device (or the first tunnel device) determined to be met based thereon or consistent with the measured or sensed charge level being above a threshold level. The measurement or detection can use a battery management system (BMS) and the threshold level can be above 40%, 50%, 60%, 70%, 80% or 90% of the defined battery's full charge capacity.
Each method here can be used with a first attribute type, each or each of the tunnel devices in the group can be associated with a first value related to the first attribute type, and each method here can first better understand and store. server , the first value associated with each of the tunnel devices in the group. Here, each first value may include a numeric value or an identifier of a resource, feature or property of the first attribute type. Here each selection of a tunneling device by the first server may be based on the first value associated with the selected tunneling device, and any method here may further comprise sending by each of the tunneling devices in the group to the first server a respective first value to the first server and receiving the first transmitted value from the first server.
Each message here, such as the request message and the first message, may include one or more values, and each tunnel device selection here by the first server may be based on a comparison of one or more values with the associated first value. with the selected tunnel device. Alternatively or additionally, each message here, such as the request message and the first message, may include a requested value, and the tunnel device selection by the first server may be based on the requested value, which is equal to the first value associated with the selected tunnel device . Alternatively or additionally, each message here, such as the request message and the first message, may comprise multiple values, and each selection here of the tunnel device by the first server may be based on the first value of the associated tunnel device, which is select . equal to one of several values. Each value here, such as the first attribute type, can be a numeric value, and the request message and the first message can include a minimum value, and any selection of the tunnel device by the first server can be based on the associated first value with the selected tunnel device greater than is the minimum value. Alternatively or additionally, the values of the first attribute type are numeric values, and the request message and the first message may include a maximum value, and any selection here of the tunnel device by the first server may be based on the first value associated with the selected tunnel device, is less than the maximum value. Alternatively or additionally, the request message and the first message may further include a minimum value, and any tunnel device selection therein by the first server may be based on the first value associated with the selected tunnel device being greater than the minimum value.
Each method here can be used with a second attribute type, and each of the tunnel devices in the group can be assigned a second value related to the second attribute type, and each method here can be used for the first server to better understand and store that second value associated with each of the tunnel devices in the group. Each tunnel device selection here by the first server may be based on the first and second values associated with the selected tunnel device. Each method herein may further comprise each of the tunneling devices in the group sending to the first server the respective first and second values to the first server and receiving the first and second sent values by the first server. .
Each message here, such as the request message and the first message, may include a first set of one or more values and a second set of one or more values, and here any selection of the tunnel device may be made by the first server, based on the respective comparison of the first and second sets of first and second values associated with the selected tunneling device. Each tunnel device selected here can be selected by the first server so that the first value can be added to the first set and the second value can be added to the second set. Alternatively or additionally, each tunnel device selected here may be selected by the first server such that the first value is included in the first set or the second value is included in the second set. Alternatively or additionally, each tunnel device selected here may be selected by the first server such that the first value is included in the first set and the second value is not included in the second set.
Here, each first attribute type may include a geographic location, and each of the first values may include a name or identifier of a continent, country, region, city, street, zip code, or time zone. Any first value here from any of the tunnel devices in the group or any of the IP addresses may be based on IP geolocation, which may be based on the W3C Geolocation API. Any method herein may be used with a database associating IP addresses with geographic locations, the database may be stored on the first server, and any method herein may further comprise the first server receiving and storing the database, and any method herein may further comprise the database estimating or assigning the first value to each of the tunneling devices in the group. Alternatively or additionally, each first type of attribute may here comprise an internet service provider (ISP) identifier or an autonomous system number (ASN), and each of the first values comprises a name or identifier of the ISP or the ASN number, respectively.
Each first attribute type here can correspond to hardware or software tunneling devices. Here, each first type of attribute may include the hardware of the tunneling device, as stationary or portable values, based on whether the tunneling device is stationary or portable, respectively. Each first attribute type herein may include a software program or application (such as an operating system) installed, used, or operated on tunnel devices, such as the type, make, model, or version of the software.
Here, each first attribute type may correspond to a communication property, a resource of a communication connection of tunnel devices, and the communication connection may correspond to the Internet connection of the respective tunnel devices. Alternatively or additionally, the communication link may correspond to a communication link of a tunnel device with the web server, the first server, the second server or the client device. The first attribute may correspond to a bandwidth (BW) or round-trip delay time (RTT) of the communication link, and each first value here may be the corresponding estimate or measurement of the BW or RTT. Any method herein may further include estimating or measuring the BW or RTT of the communication link by the first server or by a tunneling device. Alternatively or additionally, each first attribute type here may correspond to the technology or scheme used by tunneling devices to connect to the Internet, and each first value here may include wired or wireless values, respectively, depending on the tunneling device with which it is connected is connected .connect. Internet via a wired or wireless connection.
Any method described herein may be used with multiple servers, including the first server, each of the multiple servers may be connected to the internet, may be internet addressable using a corresponding IP address, and may store a corresponding list of device IPs addresses. . Tunnels that are part of the group. Any method described herein may further comprise the second server selecting the first server from the plurality of servers; and the first server selecting the tunneling device may comprise selecting a tunneling device from the respective list of IP addresses of the respective selected first server. The first server may be randomly selected from the plurality of servers by the second server, for example using one or more random numbers generated by a random number generator.
Each selection herein may be a random selection using one or more random numbers generated by a random number generator. The random number generator can use thermal noise, shot noise, nuclear decay radiation, photoelectric effect or quantum phenomena. Alternatively or additionally, the random number generator may be software based and the random number generator may rely on running an algorithm to generate pseudo-random numbers.
Each server here and each of the plurality of servers may be associated with one or more attribute values related to an attribute type, and each server here may be selected as the first server from the second server of the plurality of servers based on or in accordance with one or more corresponding attribute values. Each attribute type here may be a geographic location, and one or more attribute values here may include a name or identifier for a continent, country, region, city, street, zip code, or time zone. Each of the other attribute values may be based on actual geographic location or IP geolocation, which may be based on the W3C Geolocation API, and each request message contained in this document may contain one or more attribute values.
Any of the methods described herein can be used with multiple servers, which can include the first server, each of the multiple servers can be connected to the Internet, can be addressable over the Internet using a corresponding IP address, and can store a corresponding list of Addresses IP of the tunnel devices that are part of the group. Any method described herein may further comprise, for each of the tunnel devices in the group, selecting the first server from the plurality of servers via the respective tunnel device; the tunneling device sending a third message to the first selected server; receiving the third message by the first selected server of the respective tunnel device; and storing the IP address of the respective tunnel device in the list in the first selected server and adding the respective tunnel device to the tunnel device group by the first selected server so that the respective tunnel device can be selected as a tunnel device as part of the selection by the first selected Server.
The first server can be randomly selected from the plurality of servers by each tunnel device. Each of the plurality of servers may be associated with one or more attribute values related to an attribute type, and the respective tunneling device may select the first server of the plurality of servers based on or in accordance with the respective one of a plurality of attribute values. Each attribute type herein can be a geographic location, and one or more attribute values can include a name or identifier for a continent, country, region, city, street, zip code, or time zone. Each of the other attribute values may be based on actual geographic location or IP geolocation, which may be based on the W3C Geolocation API, and each request message contained in this document may contain one or more attribute values.
Each method here can be used with a DNS (Domain Name System) server, and each content identifier here can contain a domain name. Each method herein may further include the client device using the DNS server performing DNS resolution to obtain a numeric IP address, and the request message, the first message, and the second message using the obtained numeric include IP address. Alternatively or additionally, each method herein may further include the second server using the DNS server by performing DNS resolution to obtain a numeric IP address, and each request message herein may include the domain name, and the first message and the second message may include received numeric IP address. Alternatively or additionally, each method herein may further comprise performing DNS resolution by the selected tunnel device using the DNS server to obtain a numeric IP address, and each request message, the first message and the second message can understand the domain name .
Any content contained herein may comprise a webpage or website. Each content identifier in this document may be or include a Uniform Resource Identifier (URI) or a Uniform Resource Locator (URL). Some or all of the IP addresses contained in this document may be in IPv4 or IPv6 format. Any web server included herein may use Hypertext Transfer Protocol (HTTP) or HTTP Secure (HTTPS) to respond to appropriate HTTP or HTTPS requests over the Internet, and any Content request included herein may be or include an HTTP or HTTPS request . Any communication over the Internet, such as between the client device and the second server, between the second server and the first server, between the first server and the selected tunnel device, or between the selected tunnel device and the web server, can be TCP/IP (Transmission Control Protocol over Internet Protocol) protocol or connection, may use or be compatible with it. Alternatively or additionally, the internet communication between the client device and the second server, between the second server and the first server, between the first server and the selected tunnel device and between the selected tunnel device and the web server can be based on itself. in, may use or be compatible with Transmission Control Protocol over Internet Protocol (TCP/IP) protocol or connection.
Each method herein can also be used for redundancy or resilience and can further include selecting an additional IP address associated with any device, such as an additional tunnel device, from the list of tunnel devices for each device, such as the first server. include response to the first received message; sending, through any device, such as the additional tunnel device, to any device, such as the web server, a content request that may include the content identifier; receiving the content in response to the content request by any device, such as the additional tunnel device, from any device, such as the web server; and receiving, by any device, such as the client device, from any device, such as the second server, the content received from the additional tunnel device in response to the request message. Here, any selection of the additional IP address can be made after the selected tunnel device has sent the content request, or alternatively before the selected tunnel device has sent the content request.
Each method herein may further include sending, by any device, such as the first server, to any device, such as the further tunnel device, an additional message using an IP address of the further tunnel device; receiving the further message by any device, such as the further tunneling device, from any device, such as the first server; sending the content through any device, such as the additional tunnel device, to any device, such as the second server; receive the content from any device, such as the second server, from any device, such as the additional tunnel device; and sending the content from any device as a second server to any device as a client device.
Here, any selection, for example by the first server, of an IP address assigned to a tunnel device, selecting any multiple IP address, each assigned to a plurality of tunnel devices, from the list by any device as the first server comprised of tunnel devices. devices.tunnel in response to the first message received. At least two or all multiple IP addresses can be selected in parallel. Alternatively or additionally, at least two or all of the multiple IP addresses can be selected sequentially. Any method herein may further include, for each tunnel device of the plurality of tunnel devices, receiving the content of the tunnel device in response to the request message by any device, such as e.g. B. the client device include. Contents from at least two or all of the multi-tunnel devices can be received sequentially or in parallel. Each method herein may further comprise selecting and using, by any device, such as the client device, content received from one of the plurality of tunnel devices as the first content received from one of the plurality of tunnel devices. Each method herein may further include discarding, by any device as the client device, content received from an unselected multi-tunnel device, or comparing content received from any two or more devices include any device as the client device. Multi-Tunnel Devices.
Each method herein may further comprise, for each tunnel device of any multi-tunnel device, any device, such as the tunnel device, sending a content request, which may include the identifier of the content, to any device, such as the web server; and receiving the content in response to the content request by any device, such as the tunnel device, from any device, such as the web server. Any sending of the content request or any receiving of the content from the web server by at least two or all of the multiple tunneling devices may be sequential or parallel. Each protocol used by at least two or all multi-tunnel devices to receive content from the web server may be identical or different from each other.
Each method herein may further comprise, for each tunnel device of any multiple tunnel device, sending any device, such as the first server, to any device, such as the tunnel device, any second message using an IP address of the device tunnel; and receiving the second message by any device, such as the tunnel device, from any device, such as the first server. Any sending of the second message by any device, such as the first server, or receiving content from any device, such as the first server, by at least two or all of the multiple tunnel devices may be sequential or parallel. Each protocol used by at least two or all multi-tunneling devices to receive content from any device, such as the first server, may be identical or different.
Each method herein may further comprise, for each tunnel device sending any multiple tunnel device through any device as the tunnel device to any device as the second server, the content; receiving the content by any device, such as the second server, from any device, such as the tunnel device; send the content from any device, such as the second server, to any device, such as the client device; and receiving the content in response to the request message by any device, such as the client device, from any device, such as the second server. Any sending of content to the second server or any receiving of content from the second server by at least two or all of the multiple tunneling devices may be performed sequentially or in parallel. Each protocol used by at least two or all of the different tunneling devices to send the content to the second server may be identical or different from each other.
The number of multiple IP addresses selected here can be equal to or greater than 2, 3, 4, 5, 6, 7, 8, 9, 10, 12, 15, 20, 30, 35, 40, 45, 50, 60 be , 70 or 100 IP addresses. Also, the number of multiple IP addresses selected in this document may be less than 3, 4, 5, 6, 7, 8, 9, 10, 12, 15, 20, 30, 35, 40, 45, 50, 60 , 70, 100 or 150 IP addresses. Each list of IP addresses in this document may include or consist of multiple distinct lists, and each of the multiple distinct lists may contain one or more of the IP addresses associated with the tunneling devices in the group and any multiple IP addresses in this document may be part same list of several different lists.
Any method hereof may further comprise any device, such as the client device, sending an additional request message, which may include the content identifier, to any device, such as the second server; and receiving the content in response to the further request message by any device, such as e.g. B. the client device. Any method described in this document may further comprise receiving the additional request message by any device, such as the second server, from any device, such as the client device; sending a first additional message by any device, such as the second server, to any device, such as the first server; receiving the first additional message by any device, such as the first server, from any device, such as the second server; selecting, by any device, such as the first server, an additional IP address associated with an additional tunnel device from the list of tunnel devices in response to the received first additional message; sending, by any device, such as the selected additional tunneling device, to any device, such as the web server, a content request that includes the content identifier; and receiving the content in response to the content request via any device, such as the selected additional tunnel device, from any device, such as the web server. Additionally, each method herein may further comprise sending, by any device, such as the first server, to the additional selected tunnel device, a second additional message using the additional IP address of the first selected tunnel device; receiving the second additional message by any device, such as the selected additional tunnel device, from any device, such as the first server; sending the content through any device, such as the selected additional tunnel device, to any device, such as the second server; receiving the content by any device, such as the second server, from any device, such as the selected additional tunnel device; and send the content from any device, such as the second server, to any device, such as the client device.
Any sending of any other request message may occur at least in part in parallel with or after the sending of any other request message. Any receipt of content in response to the additional request message by any device, such as the client device, may occur in parallel with or subsequent to receipt of content in response to another message by any device, such as the client device request. Each method herein may further include selecting and using, by any device, such as the client device, one of the content received in response to any other request message and the content received in response to any other request message include, such as selecting and using, the first received content. Any method herein may further comprise discarding, by any device, such as the client device, the received content from an unselected selected content received in response to various request messages.
Any method hereof may further comprise sending a plurality of request messages from any device, such as the client device, to any device, such as the second server, and each of the plurality of request messages may include the content identifier; and receiving the content in response to each of the plurality of request messages by any device, e.g. B. the client device. The number of multiple request messages sent here can be equal to or greater than 2, 3, 4, 5, 6, 7, 8, 9, 10, 12, 15, 20, 30, 35, 40, 45, 50, 60, 70 or 100 messages. Alternatively or additionally, the number of multiple request messages sent here may be less than 3, 4, 5, 6, 7, 8, 9, 10, 12, 15, 20, 30, 35, 40, 45, 50, 60, 70, 100 or 150 messages. Content received in response to at least two or all of the multiple paging messages may be received sequentially or in parallel. Each protocol used to send at least two or all of the multiple request messages or to receive the respective responses may be the same or different. Any method hereof may further comprise any device, such as the client device, selecting and using as the first received content content received in response to one of the plurality of transmitted paging messages. Any method in this document may further comprise discarding, by any device, such as the client device, the content received in response to the non-selection of the plurality of messages sent. Any method herein may further include comparing, via any device, such as the client device, content received in response to two or more messages sent with different indicators.
Any method described herein may further comprise receiving, by any device, such as the second server, from any device, such as the client device, each of a plurality of request messages; any device, such as the second server, sending messages to any device, such as the first server, in response to the received multi-request messages; and receiving the messages by any device, such as the first server, from any device, such as the second server. Each method described herein may further comprise selecting, by any device as the first server, for each of the plurality of request messages, an IP address associated with a tunnel device from any list of tunnel devices. Each list of IP addresses in this document may include or consist of multiple different lists, and each of the multiple different lists may include one or more of the IP addresses associated with tunneling devices in the group and any selected multiple IP addresses here several different lists may form part of the same list.
Each method herein may further comprise selecting, by any device, such as the first server, in response to each first message received, an IP address associated with a tunneling device from the list of tunneling devices; sending, by any device, such as the first server, to any device, such as the selected tunnel device, a plurality of messages, each using an IP address of the selected tunnel devices; receiving the messages by any device, such as any of the selected tunnel devices, from any device, such as the first server; sending, by any device, such as any selected tunnel device, to any device, such as the web server, a content request that may include the content identifier; receiving the content in response to the content request by any device, such as any selected tunnel device, from any device, such as the web server; sending the content through any device, such as any of the selected tunnel devices, to any device, such as the second server; receiving the content by any device, such as the second server, from any device, such as any selected tunnel device; and sending each of the received contents to any device, such as the client device, by any device, such as the second server. The protocols used for at least two or all of the sending actions here or the receiving actions can be identical or different from one another. At least two or all of the sending actions here or the receiving actions here may be performed in parallel or sequentially.
In doing so, any communication over the Internet, such as between the client device and the second server, between the second server and the first server, between the first server and the selected tunnel device, or between the selected tunnel device and the web server, based on this, the Use or support HTTP or HTTPS protocol or connection, and one of the nodes can serve as an HTTP or HTTPS server, respectively, and the other node can serve as an HTTP or HTTPS client, respectively. Alternatively or additionally, the internet communication between the client device and the second server, between the second server and the first server, between the first server and the selected tunnel device and between the selected tunnel device and the web server can be based on: the HTTP or HTTPS protocol or using or supporting the connection, and one of the nodes can act as an HTTP or HTTPS server, respectively, and the other node can act as an HTTP or HTTPS client, respectively. Any communication over the Internet between the client device and the second server may be based on, use, or be compatible with the HTTPS protocol or connection, and any request messages contained herein may match, may be based on, you, Use HTTPS framework or per packet. Any method in this document may further include retrieving, for example by the first or second server, the content identifier using SSL tracking. Each request message included in this document may include an attribute value corresponding to an attribute type, and each method included in this document may further include the first or second server retrieving the attribute value using SSL sniffing.
Any communication via the Internet here, such as between the client device and the second server, between the second server and the first server, or between the first server and the selected tunnel device, may be based on, use, or support protocols. or connection. . Socket Secure (SOCKS), and one of the nodes can each serve as a SOCKS server and the other node can each serve as a SOCKS client. Any communication over the Internet here between the client device and the second server may be based on, use or support the Secure Sockets (SOCKS) protocol or connection. The second server can serve as a SOCKS server and the client device can serve as a SOCKS client, or the second server can serve as a SOCKS client and the client device can serve as a SOCKS server. Any SOCKS protocol or connection in this document may conform to, be based on, or compatible with SOCKS4, SOCKS4a, or SOCKS5. Alternatively or additionally, any SOCKS protocol or connection in this document may conform to, be based on, or be compatible with IETF RFC 1928, IETF RFC 1929, IETF RFC 1961, or IETF RFC 3089.
Alternatively or additionally, any communication here may be between two entities, such as over the Internet between the client device and the second server, between the second server and the first server, or between the first server and the selected tunnel device. uses or can support Socket Secure (SOCKS) or WebSocket (ws), which can be WebSocket Secure (wss), protocol or connection, and the second server can serve as a SOCKS or WebSocket server, and the selected tunnel device can serve as a Client WebSocket. Any WebSocket connection or protocol in this document may conform to, be based on, or be compatible with IETF RFC 6455.
Any communication over the Internet in this document, such as B. between the client device and the second server, between the second server and the first server or between the first server and the selected tunnel device, can be based on, used or compatible with , HTTP proxy protocol or connection, and a each node may serve as an HTTP proxy server and the other node may serve as an HTTP proxy client. Any communication over the Internet herein between the client device and the second server may be based on, use, or be compatible with the HTTP proxy protocol or connection. The second server can act as an HTTP proxy server and the client device can act as an HTTP proxy client, or the second server can act as an HTTP proxy client and the client device can act as an HTTP Proxy servers serve.
Each tunnel device or each of the tunnel devices in the group can be assigned a single IP address. Multiple IP addresses can be assigned to one or more tunnel devices in the group, e.g. B. more than 1,000, 2,000, 5,000, 10,000, 20,000, 50,000 or 100,000 different IP addresses. A primary or unique functionality of one or each or more of the tunneling devices may serve as the selected tunneling device.
Any method herein may further include storing, operating, or using a server operating system by at least one of the tunneling devices in the group or by the selected tunneling device. The server operating system may include, include, or be based on Microsoft Windows Server®, Linux, or UNIX. Alternatively or additionally, the server operating system may consist of a variant of Microsoft Windows Server® 2003 R2, 2008, 2008 R2, 2012 or 2012 R2, Linux™ or GNU/Linux, or may include or be based on Debian GNU/Linux, Debian GNU/kFreeBSD, Debian GNU/Hurd, Fedora™, Gentoo™, Linspire™, Mandriva, Red Hat® Linux, SuSE and Ubuntu®, UNIX® Solaris™ flavor, AIX®, Mac™ OS X, FreeBSD® , OpenBSD and NetBSD®. Any method hereof may further include storing, operating, or using at least one of the tunneling devices in the group or the selected tunneling device of a client operating system. The operating system of the client may consist of or be based on any of the operating systems Microsoft Windows 7, Microsoft Windows XP, Microsoft Windows 8, Microsoft Windows 8.1, Linux and Google Chrome. Any operating system (OS) herein, like any server or client operating system, may consist of, include, or be based on a real-time operating system (RTOS) such as FreeRTOS, SafeRTOS, QNX, VxWorks, or Micro-Controller Operating. Systems (µC/OS).
Any method hereof may further comprise storing, operating or using at least one of the tunnel devices in the group or the selected tunnel device of a web browser by any client device. The web browser may consist of, include or be based on Microsoft Internet Explorer, Google Chrome, Opera™ or Mozilla Firefox®. Alternatively or additionally, the web browser may be a mobile web browser, which may consist of, include, or be based on Safari, Opera Mini™, or an Android web browser.
At least one of the tunnel devices in the group or the selected tunnel device can be fully or partially integrated into a device. A primary functionality of the appliance may be associated with food storage, handling, or preparation, such as heating food, and the appliance may be a microwave oven, blender, stove, oven, or induction cooker. Alternatively or additionally, the device may be a refrigerator, freezer, food processor, dishwasher, blender, beverage machine, coffee maker, or ice tea maker. Alternatively or additionally, a primary function of the device may be dedicated to environmental control and the device may consist of or form part of an HVAC system. Alternatively or additionally, a primary function of the device may be associated with temperature control, and the device may be air conditioning or heating. Alternatively or additionally, a main function of the appliance may be dedicated to cleaning, such as washing clothes, and the appliance may be a washing machine, tumble dryer or vacuum cleaner. Alternatively or additionally, a main function of the device can be assigned to water control or water heating. Alternatively or additionally, the device can be an answering machine, a telephone, a home cinema system, a hi-fi system, a CD or DVD player, an electric stove, a garbage compactor, a smoke detector, a lamp or a dehumidifier. Alternatively or additionally, the device may be a portable, battery-powered electronic device such as a laptop, notebook computer, media player, cell phone, personal digital assistant (PDA), imaging device, digital camera, video recorder, or portable computing device.
Any integration here could involve sharing a component, being in the same case, sharing the same processor, mounting on the same surface, or sharing the same connector, which could be a power connector for connecting to a power source. Alternatively or additionally, the integration may involve sharing the same plug so that it is powered by the same power supply, or the integration may involve sharing the same power supply.
Each device here, such as at least one of the tunnel devices in the group or the selected tunnel device, can be housed in a single housing, which can be either a portable housing or a portable housing. Each device here, such as at least one of the tunnel devices in the group or the selected tunnel device, can be integrated into at least one laptop, notebook, media player, digital still camera (DSC), digital video camera (DVC or digital camcorder), personal digital assistant (PDA), mobile phone, digital camera, video recorder or smartphone, which may contain or be based on an Apple iPhone 6 or a Samsung Galaxy S6.
Any method described herein may further include storing, running, or using an operating system by at least one of the tunneling devices in the group or the selected tunneling device. The operating system may be a mobile operating system that supports Android version 2.2 (Froyo), Android version 2.3 (Gingerbread), Android version 4.0 (Ice Cream Sandwich), Android version 4.2 (Jelly Bean), Android version 4.4 (KitKat ), Apple iOS version 3, Apple iOS version 4, Apple iOS version 5, Apple iOS version 6, Apple iOS version 7, Microsoft Windows® Phone version 7, Microsoft Windows® Phone version 8, Microsoft Windows® Phone version 9 or Blackberry® -Operating system .
Each method in this document may further include or precede any device, such as at least one of the tunneling devices in the group or the selected tunneling device, connecting to the Internet via a wireless network.
A non-transitory computer-readable medium may contain computer instructions that, when executed by a computer processor, cause the processor to perform at least part or all of the steps of any method described herein. At least part or all of the steps of any method described in this document may be embodied in a software development kit (SDK), which may be provided as a non-transitory computer-readable medium containing instructions for a computer, and each method in this document may require installation of the SDK continue treatment on any device here. All steps for each tunneling device in this document may be embodied in a software development kit (SDK) that may be provided as non-transitory computer-readable medium with computer instructions, and each method in this document may further include installing the tunneling device. SDK on one or all tunnel devices in the group. Each client device here, each server here, such as the first server or the second server, or the selected tunnel device may comprise a non-transitory computer-readable medium containing computer instructions that, when executed by a computer processor, cause the processor perform at least part of the steps of any method herein. Each list here can contain at least 10,000, 20,000, 50,000, 100,000, 200,000, 500,000, 1,000,000, 2,000,000, 5,000,000 or 10,000,000 IP addresses or tunnel devices.
The first and second servers may be owned, operated, or controlled by an entity. In addition, at least one of the tunnel devices in the group may be owned, operated, or controlled by the entity. The first server can randomly choose a tunnel device.
Any identifier of a content here or a device contained here may be an IP address (in IPv4 or IPv6 format) or a URL. Each of the servers may be a web server using Hypertext Transfer Protocol (HTTP) responding to HTTP requests over the Internet, and the first and second requests may be HTTP requests. All communication with a server can be based on or use a persistent HTTP connection.
Any communication with a network element such as the first device, the second device, the first server or the second server, may be based on or correspond to the TCP/IP protocol or the TCP/IP connection and precede the step of establishing the connection. Connection. In addition, communication between any two elements of the network can take place via the established connection, for example between the first device and the second device. Any communication between any two network elements can use TCP, and the connection can be established by performing "Active OPEN" or "Passive OPEN", it can use a VPN, or it can use a tunneling protocol. Any Content here, like the first Content, may contain, consist of, or include any portion of files, text, numbers, audio, voice, multimedia, video, images, music, web pages, or computer programs, in whole or in part.
Each of the network elements herein, like each of the servers, may host, operate, or use a server operating system based on Microsoft Windows Server®, Linux, or UNIX, such as B. Microsoft Windows, may be based on, include or use this server. ® 2003 R2 , 2008, 2008 R2, 2012 or 2012 R2 variant, Linux™ or based on GNU/Linux Debian GNU/Linux, Debian GNU/kFreeBSD, Debian GNU/Hurd, Fedora™, Gentoo™, Linspire™, Mandriva, Red Hat® Linux, SuSE and Ubuntu®, variant of UNIX® Solaris™, AIX®, Mac™ OS X, FreeBSD®, OpenBSD and NetBSD®. Each of the network elements here, such as the client device or one of the tunnel devices, can store, run or use a client operating system, which can consist of Microsoft Windows 7, Microsoft Windows XP, Microsoft Windows XP, Microsoft Windows XP, Microsoft Windows 8, Microsoft Windows 8.1, Linux or Google Chrome OS. The client operating system can be mobile operating system such as Android Version 2.2 (Froyo), Android Version 2.3 (Gingerbread), Android Version 4.0 (Ice Cream Sandwich), Android Version 4.2 (Jelly Bean), Android Version 4.4 (KitKat), Apple iOS Version 3, Apple iOS Version 4, Apple iOS Version 5, Apple iOS Version 6, Apple iOS Version 7, Microsoft Windows® Phone Version 7, Microsoft Windows® Phone Version 8, Microsoft Windows® Phone Version 9 or Blackberry® system. Any operating system (OS) herein, like any server or client operating system, may consist of, include, or be based on a real-time operating system (RTOS) such as FreeRTOS, SafeRTOS, QNX, VxWorks, or Micro-Controller Operating. Systems (µC/OS).
Any device or device thereof, e.g. one or more of the client devices or tunnel devices, may consist of, comprise, be integrated into, or form part of a portable device that can be used by a person. Here, any wearable device can be used on an organ in the person's head, such as an eye, ear, face, cheek, nose, mouth, lip, forehead, or chin. Alternatively or in addition, each portable device herein may be constructed to have a form that is substantially similar, may be constructed to have a form that enables assembly or use that is, or may be, identical or similar be designed to have a shape, at least in part. replaced by a helmet, goggles or headphones. Any headdress herein may consist of, be structured as such, or a bonnet, cap, crown, hair band, hair wrap, hat, headpiece, bonnet, mask, turban, headpiece, veil or wig include such. Any eyewear herein may consist of, be structured as, or comprise eyeglasses, sunglasses, contact lenses, a blindfold, or glasses. Any headset herein may consist of, be structured as, or comprise a hearing aid, an earphone, an earphone, or an earbud. Alternatively or additionally, any portable device herein may be in the form of being permanently or removably attached to, or part of, a person's clothing, and any accessory herein may be tape, glue, pins, fasteners, encapsulation, a pin or a Use latches and a hook clip. . Each garment contained herein may be an upper, lower, or full body garment or hat, shoe, accessory, outerwear, suit, dress, skirt, or top. Alternatively or additionally, each wearable device herein may further comprise an annular member defining an opening therethrough sized to receive a human body part therein. Any human body part herein may be part of a human hand consisting of or comprising an upper arm, elbow, forearm, wrist or fingers. Furthermore, any part of the human body herein may be part of a human head or neck, which may consist of or include a forehead, an ear, a skull, or a face. Alternatively or additionally, any part of the human body herein may be part of a human thorax or abdomen, which may consist of or include a waist or hips. Furthermore, any part of the human body herein can be part of a human leg or foot, which can consist of or include a thigh, calf, ankle, instep, knee or toe.
Any system or method in this document may implement redundancy, where the system or method may include one or more identical, similar or different additional elements, such as more parts, identical or similar network elements performing identical or similar functions, two or more identical or use similar hardware components that perform identical or similar functions, or use two or more data paths that carry identical or similar information. Redundancy can be based on dual modular redundancy (DMR), triple modular redundancy (TMR), quadruple modular redundancy (QMR), 1:N redundancy, cold standby, or hot standby.
The steps described herein may be sequential and performed in the order described. For example, if a step runs in response to another step or after another step completes, the steps run sequentially. However, in the event that two or more steps are not explicitly described as being performed sequentially, those steps may be performed in any order or concurrently. Two or more steps can be performed by two different network elements or in the same network element and can be performed in parallel using multiprocessing or multitasking.
A tangible, machine-readable medium (e.g., memory) may be stored with a set of instructions detailing some (or all) of the methods and steps described in this document so that, when executed by one or more processors, they constitute a may cause one or more processors to perform some or all of the methods and steps described in this document. Each of the network elements may be a computing device that includes a processor and computer-readable memory (or any other tangible machine-readable medium), and the computer-readable memory may include computer-readable instructions such that, when read by the processor, the instructions cause the processor to specify one or more the methods or steps described in this document.
Each method herein can be used to obtain content identified by a content identifier for a client device from a web server, and can also be used with first and second servers and a tunnel device connected to the Internet and each via the Internet are addressable. using a corresponding IP address. The second server method may include receiving a request message including the content identifier from the client device; sending a first message to the first server; receive the content from the tunnel device or the first server; and sending the content to the client device in response to the request message. Each receipt of the content may include receipt of the content by the tunneling device. The method may further include responding to a communication initiated by the tunneling device, and the communication initiated by the tunneling device may use or be based on the Network Address Translator (NAT) traversal scheme. Any NAT traversal scheme here can be used with Internet Engineering Task Force (IETF) Request for Comments (RFC) 2663, IETF RFC 3715, IETF RFC 3947, IETF RFC 5128, IETF RFC 5245, IETF RFC 5389, or IETF RFC 7350. Any NAT -Traversal scheme here can be set, based on or uses traversal using relays around NAT (TURN), Socket Secure (SOCKS), Socket Secure (SOCKS) or WebSocket (ws ), which can be WebSocket Secure (wss), NAT " punching", Session Traversal Utilities for NAT (STUN), Interactive Connectivity Establishment, (ICE), UPnP Internet Gateway Device Protocol (IGDP) or Application-Level Gateway (ALG). The method may further include, in response to the communication initiated by the tunneling device, sending the content identifier to the tunneling device.
The Internet communication with the tunnel device, the first server, or the client device may be based on, use, or support Transmission Control Protocol over Internet Protocol (TCP/IP) protocol or connection. Furthermore, internet communication with the tunnel device, the first server or the client device can be based on, use or support the HTTP or HTTPS protocol or connection and the second server can serve as an HTTP or HTTPS server. , and the tunnel device can serve as an HTTP or HTTPS client.
In addition, Internet communication with the tunnel device, the first server, or the client device may be based on, use, or support the Socket Secure (SOCKS) protocol or connection, and the second server may serve as a SOCKS server, or the tunnel device that first server or the client device to serve as a SOCKS client. Any SOCKS protocol or connection in this document may conform to, be based on, or compatible with SOCKS4, SOCKS4a, or SOCKS5. Alternatively or additionally, each SOCKS protocol or connection may conform to, be based on, or be compatible with IETF RFC 1928, IETF RFC 1929, IETF RFC 1961, or IETF RFC 3089. Alternatively or additionally, any communication over the Internet with the tunnel device, with the first server or with the client device on which it may be based, may use or support Socket Secure (SOCKS) or WebSocket (ws), which WebSocket Secure (wss), Protocol or Connection, and the second The server can act as a SOCKS or WebSocket server and the selected tunnel device as a WebSocket client. Any WebSocket connection or protocol in this document may conform to, be based on, or be compatible with IETF RFC 6455.
Furthermore, the Internet communication with the tunnel device, the first server or the client device can be based on, use or support the HTTP proxy protocol or connection, and the second server can serve as a proxy HTTP server or can be the tunnel device , the first server or the client device serve as an HTTP proxy client. The method may further include establishing a connection with the tunneling device, and the second server may initiate communication with the tunneling device using the established connection. The connection established may be a TCP connection using an 'Active OPEN', 'Passive OPEN' or TCP keepalive mechanism, or the connection established may use or be based on a virtual private network (VPN).
The method may further include sending the IP address of the tunneling device to the client device, may be used with a first IP address stored in the client device, and the request message may include the first IP address. Furthermore, the first message can include the first IP address. The method can also be used with multiple servers, including the first server. Each of the plurality of servers is connectable to the Internet and addressable to the Internet using a respective IP address. The method may further include selecting the first server from the plurality of servers, such as when the first server is randomly selected from the plurality of servers. The first server may be randomly selected using one or more random numbers generated by a random number generator, and the random number generator may be hardware or software based. The random number generator may use thermal noise, shot noise, nuclear decay radiation, the photoelectric effect, or quantum phenomena, or it may be based on running an algorithm to generate pseudo-random numbers.
Here, each of any plurality of servers may be associated with one or more attribute values related to an attribute type, and the first server may be selected from the plurality of servers based on or in accordance with the respective one of the plurality of attribute values. . Each message here, such as the request message, may contain one or more attribute values. The attribute type can be a geographic location, and one or more attribute values can include a name or identifier for a continent, country, region, city, street, zip code, or time zone. Additionally, one or more attribute values may be based on actual geographic location or IP geolocation, which may be based on the W3C Geolocation API.
Each method here can be used with a DNS (Domain Name System) server, and each content identifier here can contain a domain name. Each method in this document may further include performing DNS resolution using the DNS server to obtain a numeric IP address, and any message contained in this document, such as the request message, may include the domain name and any contained therein Message Contain , like the request message, like the first message, can include the received numeric IP address.
The Internet communication with the client device may be based on, use or support the HTTPS protocol or connection, and all messages here, such as the request message, may conform to, be based on, or use the HTTPS framework. or package form. Any method herein may further include extracting, by the first or second server, the content identifier using SSL tracking. Each message here, such as the request message, may include an attribute value corresponding to an attribute type, and the method may further include retrieving the attribute value using SSL detection.
A non-transitory computer-readable medium containing computer instructions that, when executed by a computer processor, cause the processor to perform some or all of the methods described in this document. A server may include a non-transitory computer-readable medium embodying computer instructions that, when executed by a computer processor, cause the processor to perform some or all of the methods described herein.
Any of the servers here, such as the second server, may host, operate, or use a server operating system, which may consist of, be part of, or be based on Microsoft Windows Server®, Linux, or UNIX. Alternatively or additionally, each server operating system in this document may consist of, include or be based on Microsoft Windows Server® 2003 R2, 2008, 2008 R2, 2012 or 2012 R2 variants, Linux™ or based on GNU/Linux Debian GNU/Linux, Debian GNU /kFreeBSD, Debian GNU/Hurd, Fedora™, Gentoo™ Linspire™, Mandriva, Red Hat® Linux, SuSE and Ubuntu®, UNIX® Solaris™ flavor, AIX®, Mac™ OS X, FreeBSD ®, OpenBSD or NetBSD® . Each of the servers here, such as the first and second servers, may be owned, operated, or controlled by an entity. In addition, any tunneling equipment included in this document may be owned, operated, or controlled by the company.
A method of obtaining content identified by a content identifier using tunneling devices having first and second servers and a group of tunneling devices connected to the Internet and each having a respective IP address over the Internet addressable can be used. The first server can store a list of IP addresses associated with tunnel devices in the pool. The first server method may include receiving a first message containing the content identifier from the second server; selecting an IP address associated with a tunnel device from the list of tunnel devices in response to the first received message; and sending a second message to the selected tunnel device using an IP address of the selected tunnel device. The second message may include the content identifier. The method may further include receiving the content from the selected tunneling device; and send the content to the second server. The second message can include the IP address of the second server.
The method can be used with a first device connected to the internet and addressable via a first IP address on the internet. The method may further include receiving a third message from the first device; and storing the first IP address in the list and adding the first device to the tunnel device group so that the first device can be selected as a tunnel device as part of the selection. The third message may include at least one value related to at least one attribute type associated with the first device, and the method may further include storing at least one value associated with the first device or the first IP address. The method may further include establishing a connection with the first device and initiating communication with the first device using the established connection. The connection established can be a TCP connection using an 'Active OPEN', 'Passive OPEN' or TCP keep-alive mechanism, or it can use or be based on a virtual private network (VPN).
Alternatively or additionally, the method may further comprise, for each of the tunnel devices in the group, receiving a respective third message from each of the tunnel devices; Save the IP address of the tunnel device in the list and add the tunnel device to the tunnel device group so that the tunnel device can be selected as a tunnel device as part of the initial server selection. The third message may include at least one value related to at least one attribute type associated with the tunneling device, and the method may further include storing at least one value associated with the tunneling device or the IP address of the tunneling device. Additionally, the method may further include establishing a connection with the tunneling device, and communication may be initiated with the tunneling device using the established connection. The connection established may be a TCP connection using an 'Active OPEN', 'Passive OPEN' or TCP keepalive mechanism, or the connection established may use or be based on a virtual private network (VPN).
The first message may include a first IP address, and the first server may select the tunnel device from the list of tunnel devices based on or in response to the first IP address received. Alternatively or additionally, selecting the tunnel device may include selecting a tunnel device having the first IP address.
The method can be used with a first tunneling device in the group that can operate in multiple states, which can include an idle state and non-idle states. The method may further include selecting the first tunneling device in response to the first tunneling device being in an idle state. The method may further include receiving a message from the first tunneling device in response to the status of the first tunneling device; and the first tunneling device may be selected in response to the state of the first tunneling device being the idle state. Alternatively or additionally, the method may further comprise receiving a first status message from the first tunneling device; and adding the IP address of the first tunnel device to the IP address list in response to the first received status message. Additionally, the method may further include receiving the second status message from the first tunneling device; and removing the IP address of the first tunneling device from the IP address list in response to the received second status message.
The method can be used with a first type of attribute and each of the tunneling devices in the group can be assigned a first value related to the first type of attribute. The method may further include storing the first value associated with each of the tunneling devices in the group. The first value may include a numeric value or an identifier of a resource, feature, or property of the first attribute type.
Any selection of any tunneling device herein may be based on the first value associated with the selected tunneling device, and any method herein may further comprise receiving the respective first value from each of the tunneling devices in the group. The first message may include one or more values and the selection of the tunneling device may be based on comparing one or more values to the first value associated with the selected tunneling device. Alternatively or additionally, the first message may include a requested value and the selection of the tunneling device may be based on the requested value being equal to the first value associated with the selected tunneling device. Alternatively or additionally, the first message may include multiple values and the selection of the tunneling device may be based on the first value associated with the selected tunneling device being equal to one of the multiple values. Here, each value of the first attribute type may be a numeric value, and the first message may include a minimum value, and the selection of the tunnel device may be based on the first value associated with the selected tunnel device being greater than the minimum value. Alternatively or additionally, the values of the first attribute type may be numeric values, and the first message may include a maximum value, and the selection of the tunneling device may be based on the first value associated with the selected tunneling device being less than the maximum value. Alternatively or additionally, the first message may include a maximum and a minimum value, and the selection of the tunneling device may be based on the first value associated with the selected tunneling device being less than the maximum value and greater than the minimum value.
Each method here can still be used with a second attribute type, and each of the tunneling devices in the group can be assigned a second value that relates to the second attribute type, and the method can better understand storing the second value for each associated with the tunnel devices in the group. The selection of the tunneling device may be based on the first and second values associated with the selected tunneling device, and the method may further comprise receiving the respective first and second values from each of the tunneling devices in the group. Alternatively or additionally, the first message may comprise a first set of one or more values and a second set of one or more values, and the selection of the tunneling device may be based on a comparison of the first and second sets with the first and second, respectively. second values associated with the selected tunnel device. Alternatively or additionally, the selected tunneling device may be selected such that the first value is included in the first set and the second value is included in the second set. Alternatively or additionally, the selected tunneling device may be selected such that the first value is included in the first set or the second value is included in the second set. Furthermore, the selected tunneling device may be selected such that the first value is included in the first set and the second value is not included in the second set.
Here, like the first attribute type, each attribute type may include a geographic location, and each of the first values may include a name or identifier of a continent, country, region, city, street, zip code, or time zone. Additionally, the first value of each of the tunnel devices in the group or each of the IP addresses may be based on IP geolocation, which may be based on the W3C Geolocation API. Any method with a database associating IP addresses with geographical locations can be used here, and the database can be stored on the first or second server. The method may further include receiving and storing the database by the first or second server and estimating or assigning the first value to each of the tunneling devices in the group using the database. Each attribute here may include an Internet Service Provider (ISP) identifier or an Autonomous System Number (ASN) as a first attribute type, and each of the first values may include a name or an ISP identifier, respectively. or ASN number.
Alternatively or additionally, the first attribute type may correspond to hardware or software tunneling devices. The first attribute type may include the hardware of the tunneling device as stationary or portable values based on whether the tunneling device is stationary or portable, respectively. Alternatively or additionally, the first attribute type may include a software application (such as an operating system) installed, used, or operated on tunnel devices, and the first values may include the type, make, model, or version of the software.
Alternatively or additionally, the first type of attribute may correspond to a communication property that is characteristic of a communication link of tunnel devices, such as corresponding to the respective Internet connection of the tunnel devices or the communication link of a tunnel device with the first tunnel server or the second server. . The first attribute type may correspond to a bandwidth (BW) or a round-trip delay time (RTT) of the communication link, and the first value may be the estimate or measurement of the BW or RTT, respectively. Any method herein may further include estimating or measuring the BW or RTT of the communication link by the first server or by a tunneling device. Alternatively or additionally, the first attribute type may correspond to the technology or scheme used by the tunneling devices to connect to the first server, and the first values may comprise wired or wireless values, depending on the connected tunneling device, respectively of the waiter. Internet via wired or wireless connection.
The method can be used with a DNS (Domain Name System) server, and the content identifier includes a domain name. Each method in this document may further include performing DNS resolution using the DNS server to obtain a numeric IP address, and each message in this document, such as the second message, may use the numeric IP address obtained include.
Any communication herein, such as over the Internet with the second server or with the selected tunneling device, may be based on, use, or be compatible with the Transmission Control Protocol over Internet Protocol (TCP/IP) protocol or connection. Alternatively or additionally, any Internet communication contained herein, such as with the second server or with the selected tunneling device, may be based on, use, or support an HTTP or HTTPS protocol or an HTTP or HTTPS protocol or connection, and one of Node can serve as HTTP or HTTPS server and the other node can serve as HTTP or HTTPS client. In addition, Internet communication with the selected second server or tunnel device may be based on, use or support HTTP or HTTPS protocol or connection, and the first server may serve as an HTTP or HTTPS server, respectively. 2. The selected tunnel device or the server can serve as an HTTP or HTTPS client. Any Internet communication here, such as with the second server or selected tunneling device, may be based on, use, or support the HTTPS protocol or connection, and any message here, such as the first or second message, may be accordingly on based on or using the HTTPS framework or packaging form. Any of the methods may further include extracting the content identifier using SSL detection. Each message here, such as the first or second message, may include an attribute value that corresponds to an attribute type, and any method here may further include retrieving the attribute value using SSL scanning.
Internet communication with the second server or the selected tunnel device may be based on, use or support the Secure Sockets (SOCKS) protocol or connection, and the first server may serve as the SOCKS server and the second server may serve as the selected one, respectively Each tunnel device can serve as a SOCKS client. Any SOCKS protocol or connection in this document may conform to, be based on, or compatible with SOCKS4, SOCKS4a, or SOCKS5. Alternatively or additionally, the SOCKS connection or protocol may conform to, be based on, or be compatible with IETF RFC 1928, IETF RFC 1929, IETF RFC 1961, or IETF RFC 3089. Alternatively or additionally, any communication over the Internet with the second server or with the selected tunneling device may be based on, using, or compatible with Socket Secure (SOCKS) or WebSocket (ws), which may be WebSocket Secure (wss), protocol, or connection and the second The server can serve as a SOCKS or WebSocket server, and the selected tunnel device can serve as a WebSocket client. Any WebSocket connection or protocol in this document may conform to, be based on, or be compatible with IETF RFC 6455.
In addition, any communication here over the Internet with the second server or the selected tunneling device can be based on it, can use or support the HTTP proxy protocol or connection, and the first server can serve as an HTTP proxy server, respectively, and the second server or the selected tunnel device can serve as an HTTP proxy client.
Each of the tunnel devices in the group can be assigned a unique IP address. Alternatively or additionally, multiple IP addresses can be assigned to one or more tunnel devices in the group, e.g. B. more than 1,000, 2,000, 5,000, 10,000, 20,000, 50,000 or over 100,000 different IP addresses. A primary or unique functionality of each or more of the tunneling devices may serve as a selected tunneling device.
When selecting any device (client or server), the device can be randomly selected here, e.g. B. when selecting a tunnel device. The device (e.g. a tunnel device) may be randomly selected using one or more random numbers generated by a random number generator, and the random number generator may be hardware-based and may include thermal noise, shot noise, radiation from nuclear decay, photoelectric effect, or quantum phenomena . Alternatively or additionally, the random number generator may be software based, relying on an algorithm being run to generate pseudo-random numbers.
A method of retrieving content identified by a content identifier from a web server using tunneling devices to a client device may use a set of tunneling devices that can be connected to the Internet, each connected using an IP address over the Internet addressable. A second server can be connected to the Internet and addressed via a corresponding IP address on the Internet. The method may include sending a request message that includes the content identifier to the second server; and receiving the content from the second server in response to the request message. The method can be used with a first attribute type and with a first value related to the first attribute type, each of the tunneling devices in the group can be assigned a first value related to the first attribute type, and the message can be requested from one or more be composed of values associated with the first attribute type. The first value may include a numeric value or an identifier of a resource, feature, or property of the first attribute type, and the request message may include one or more values for selecting a tunnel device from the group based on comparing one or more values to the first value associated with the selected tunnel device.
The method can be used with a second type of attribute, and each of the tunneling devices in the group can be assigned a second value related to the second type of attribute. The request message may include a first set of one or more values and a second set of one or more values for selecting the tunneling device based on each comparison of the first and second sets to the associated first and second values. to the selected tunnel device. The first attribute type may include a geographic location, and each of the first values may include a name or identifier of a continent, country, region, city, street, zip code, or time zone. Alternatively or additionally, the first value of each of the tunnel devices in the group or each of the IP addresses may be based on IP geolocation, which may be based on or using the W3C Geolocation API. The method can be used with a database that associates IP addresses with geographic locations, and the database can be stored on the first server. The method may further include the first server receiving and storing the database, and the database estimating or assigning the first value to each of the tunneling devices in the group. Alternatively or additionally, the first attribute type may include an internet service provider (ISP) or an autonomous system number (ASN), and each of the first values may include an ISP name or identifier or an ISP number, respectively. Additionally, the first attribute type may correspond to the hardware of a tunneling device and the first values may include stationary or portable values depending on whether the tunneling device is stationary or portable. Alternatively or additionally, the first attribute type may include a software application (such as an operating system) installed, used, or operated on tunnel devices, and the first values may include the type, make, model, or version of the software.
Alternatively or additionally, the first type of attribute may correspond to a communication property characteristic of a communication link of a tunnel device, such as the respective Internet connection of the tunnel device, or a communication link of a tunnel device with the web server, the first server, the second server or the client Device. The first attribute type may correspond to a bandwidth (BW) or a round-trip delay time (RTT) of the communication link, and the first value may be the estimate or measurement of the BW or RTT, respectively. The method may further include estimating or measuring the BW or RTT of the communication link by the first server or by a tunneling device. Additionally, the first attribute type can correspond to the technology or scheme used by tunneling devices to connect to the Internet, and the first values can each include wired or wireless values, depending on which tunneling device is used to connect to the Internet will connection, wired or wireless.
The method may use a DNS (Domain Name System) server and the content identifier may include a domain name, and the method may further include performing DNS resolution using the DNS server to obtain a numeric IP address and the request message contain the received numeric IP address.
The web server may use Hypertext Transfer Protocol (HTTP) or Secure HTTP (HTTPS) to respond to respective HTTP or HTTPS requests over the Internet, and the content request may be an HTTP or HTTPS request, respectively. Furthermore, Internet communication between the client device and the second server may be based on, use, or support the Transmission Control Protocol (TCP/IP) protocol (TCP/IP). Alternatively or additionally, the internet communication between the client device and the second server may be based on, using or supporting the HTTP or HTTPS protocol or connection, and one of the nodes may serve as the HTTP or HTTPS server and the other respectively the node it can serve as an HTTP or HTTPS client respectively, for example when the second server serves as an HTTP or HTTPS server and the client device serves as an HTTP or HTTPS client.
Alternatively or additionally, Internet communication between the client device and the second server may be based on, use, or be compatible with the Socket Secure (SOCKS) protocol or connection, and the second server may serve as a SOCKS server client device can serve as a SOCKS client. The SOCKS protocol or connection may conform to, be based on, or compatible with SOCKS4, SOCKS4a, or SOCKS5, or may comply with IETF RFC 1928, IETF RFC 1929, IETF RFC 1961, or IETF RFC 3089. Alternatively or additionally, any communication over the Internet based on, using or compatible with Secure Socket (SOCKS) or WebSocket (ws) between the client device and the second server, which is a Secure WebSocket (wss) protocol or connection, and the second server can be configured as a SOCKS or WebSocket server and the selected tunnel device serve as WebSocket client. Any WebSocket connection or protocol in this document may conform to, be based on, or be compatible with IETF RFC 6455.
In addition, Internet communication between the client device and the second server can be based on it, can use or support the HTTP proxy protocol or connection, and the second server can serve as an HTTP proxy server and the client device can as such serve a server HTTP proxy client
At least a portion of the steps of any method herein may be embodied in a software development kit (SDK), which may be provided as a non-transitory computer-readable medium containing instructions for the computer, and any method herein may further comprise installing SDK. A method of obtaining content identified by a content identifier from a web server using a tunnel device may use first and second servers and a tunnel device connected to the Internet and each addressable on the Internet using a respective IP address. The method by the tunneling device may include receiving a first message comprising the content identifier from the first or second server; sending a content request that includes the content identifier to the web server; receive content from the web server in response to the content request; and sending the content to the first or second server. The first message can be received by the first server and the content can be sent to the second server in response to the first message. Any delivery of the content to the first or second server may only include delivery of the content to the first server; or send the content to the second server. The first message may include the IP address of the second server.
Here each tunneling device may be addressable over the internet using a first IP address, and the method may further comprise sending a second message to the first server, which may include at least one value relating to at least one attribute type corresponding to the Tunnel is assigned from the device. The method may further include establishing a connection with the first server and responding to a communication initiated by the first server using the established connection. The established connection can be a TCP connection using 'Active OPEN', 'Passive OPEN' or TCP keep-alive mechanism, or can use or be based on a virtual private network (VPN).
The method may further include initiating communication with the second server in response to receiving the first message. Initiation of communication may use or be based on a Network Address Translator (NAT) traversal scheme, which can be customized, based on, or use Internet Engineering Task Force Request for Comments (RFC) 2663 (IETF), IETF RFC 3715, IETF RFC 3947, IETF RFC 5128, IETF RFC 5245, IETF RFC 5389, or IETF RFC 7350. In addition, the NAT traversal scheme may conform to, be based on, or use traversal (SOCKS), NAT Relays Around (TURN), Secure Socket, NAT "Punching", Session Traversal Utilities for NAT (STUN), Interactive Connectivity Establishment (ICE), UPnP Internet Gateway Device Protocol (IGDP) or Application Layer Gateway (ALG).
Communication over the Internet with the first or second server may be based on, use, or support Transmission Control Protocol over Internet Protocol (TCP/IP) protocol or connection. In addition, Internet communication with the first or second server can be based on it, can use or support the HTTP or HTTPS protocol or connection, and the first or second server can serve as an HTTP or HTTPS server, and the tunnel device can function as HTTP - or HTTPS client serve. Alternatively or additionally, Internet communication with the first or second server may be based on, using, or supporting a Secure Sockets (SOCKS) protocol or connection, and the first or second server may serve as a SOCKS server and tunnel the device serve as a SOCKS client. The SOCKS protocol or connection may conform to, be based on, or be compatible with SOCKS4, SOCKS4a, SOCKS5, IETF RFC 1928, IETF RFC 1929, IETF RFC 1961, or IETF RFC 3089. Alternatively or additionally, any communication over the Internet with the first or second server may be based on, use or be compatible with Socket Secure (SOCKS) or WebSocket (ws), which may be WebSocket Secure (wss), protocol or connection, and the second server can serve as a WebSocket server and the selected tunnel device can serve as a WebSocket client. Each WebSocket protocol or connection in this document may conform to, be based on, or be compatible with IETF RFC 6455. Alternatively or additionally, internet communication with the first or second server may be based on, using or compatible with the HTTP protocol or proxy connection, and the first or second server may serve as an HTTP proxy server, and the tunnel device may serve as an HTTP proxy client.
Each device here, like each tunnel device, can still operate in multiple states, including at least an idle state and non-idle states. The method may further include: responding to being in one of the non-idle states, determining whether an idle condition is met; in response to determining that the idle condition is met, transitioning to the idle state; in response to being in a sleep state, determining whether a sleep condition is met; and in response to determining that the idle condition is not met, transitioning to one of the non-idle states. The method may further include sending a message to the first server in response to the status of the tunneling device. Additionally, the method may further include sending a first status message to the first server in response to the change to the hibernation state; and sending a second status message to the first server in response to the change to a non-idle state.
The method may further include the operation, an operating system, or a process or program thread, and determining that the interrupt condition is met based on or in accordance with activation or execution of the process or thread by the operating system or program . The process or thread can contain any low-priority or background task, idle process, or screen saver. Alternatively or additionally, the process or thread may include using the full screen for display. The method may further include monitoring or measuring, determining that a condition of resource usage and idle time is met based on or in accordance with the monitored or measured resource usage being below a threshold. Resource utilization may include utilization of a processor in the tunneling device.
Alternatively or additionally, the tunneling device may include an input device to receive input from a human user or operator, the method further comprising detecting the input using the input device and determining the idle state to respond thereto, based on, or based on powering up without receiving input from the input device for a predefined time interval. Each input device herein may include a pointing device, keyboard, touch screen, or microphone. Alternatively or additionally, the tunnel device may include a motion sensor for detecting motion, acceleration, vibration, or change in position of the tunnel device, the method may further include detecting motion, acceleration, vibration of the tunnel device using the motion sensor or change of location, and the idle condition may be based on or determined to be satisfied in accordance with detection of motion, vibration, acceleration, or relocation below a threshold. Each motion sensor herein may include an accelerometer, gyroscope, vibration sensor, or GPS (Global Positioning System) receiver.
Alternatively or additionally, the tunnel device may comprise a network interface or a network transceiver for communicating over a network, the method may further comprise measuring an amount of data sent to or received from the network during a time interval and the downtime condition based on or in accordance with the measured Amount of data below a threshold level are determined to be repaired. Additionally, the tunneling device may include a battery, the method may further include measuring or detecting a charge level of the battery, and the idle condition may be determined to be met based on the measured or detected charge level or I agree with that. is greater than a threshold. The measurement or detection can use a battery management system (BMS) and the threshold level can be above 40%, 50%, 60%, 70%, 80% or 90% of the defined battery's full charge capacity.
Here, each tunnel device may be associated with a first value relating to a first attribute type, and the first value may comprise a numeric value or an identifier of a resource, feature or property of the first attribute type. The method may further include sending the first value to the first server to the first server. The method may use a second type of attribute, the tunneling device may be associated with a second value related to the second type of attribute, and the method may further include sending the second value to the first server. The first attribute type may include a geographic location, and each of the first values may include a name or identifier of a continent, country, region, city, street, zip code, or time zone. The first value can be based on IP geolocation, which can be based on the W3C Geolocation API. The method can use any database that associates IP addresses with geographic locations. Also, each first attribute type here may include an Internet Service Provider (ISP) or an Autonomous System Number (ASN), and the first value may include an ISP name or identifier or an ASN number.
Any method herein can be used with a plurality of servers, including the first server, and each of the plurality of servers can be connected to the Internet and addressable over the Internet using a corresponding IP address. Any method herein may further include selecting, such as randomly selecting, the first server of the plurality of servers. The first server may be randomly selected using one or more random numbers generated by a random number generator, which may be hardware based, such as thermal noise, shot noise, nuclear decay radiation, photoelectric effect, or quantum phenomena. Alternatively or additionally, the random number generator may be software-based, such as running an algorithm to generate pseudo-random numbers. Alternatively or additionally, the method can be used with multiple servers, which can include the first server, and each of the multiple servers can be connected to the internet and addressed to the internet using a corresponding IP address. The method may further include selecting the first server from the plurality of servers; and sending a second message to the first selected server. Any method herein may further include selecting, such as randomly selecting, the first server of the plurality of servers. The first server may be randomly selected using one or more random numbers generated by a random number generator, which may be hardware based, such as thermal noise, shot noise, nuclear decay radiation, photoelectric effect, or quantum phenomena. Alternatively or additionally, the random number generator may be software-based, such as running an algorithm to generate pseudo-random numbers.
Each of the plurality of servers can be associated with one or more attribute values related to an attribute type, and the first server can be selected from the plurality of servers based on or in accordance with the respective one of the plurality of values. of the attribute. . . The attribute type can be a geographic location, and one or more attribute values can include a name or identifier for a continent, country, region, city, street, zip code, or time zone. Additionally, each of the other attribute values can be based on actual geographic location or IP geolocation, such as B. the W3C Geolocation API. The first message may also include one or more attribute values.
The method can be used with a DNS (Domain Name System) server and the content identifier can include a domain name. The method may further include performing DNS resolution using the DNS server to obtain a numeric IP address, and the first message or content request may include the obtained numeric IP address. Each tunnel device here can be assigned a single IP address or multiple IP addresses. Each tunnel device here can be associated with more than 1,000, 2,000, 5,000, 10,000, 20,000, 50,000 or over 100,000 different IP addresses. Also, any tunneling device's primary or unique functionality may serve as the tunneling device by performing any method thereon. The method may further include storing, operating, or using a client operating system, which may be any of Microsoft Windows 7, Microsoft Windows XP, Microsoft Windows 8, Microsoft Windows 8.1, Linux, and Google Chrome. Operating System Alternatively or additionally, the method may further include storing, operating, or using a web browser, which may be, include, or be based on Microsoft Internet Explorer, Google Chrome, Opera™, or Mozilla Firefox®. Also, the web browser can be a mobile web browser such as Safari, Opera Mini™, or an Android web browser. Any operating system (OS) herein, like any server or client operating system, may consist of, include, or be based on a real-time operating system (RTOS) such as FreeRTOS, SafeRTOS, QNX, VxWorks, or Micro-Controller Operating. Systems (µC/OS).
In this case, each tunnel device can be partially or completely integrated into a device and a main functionality of the device can be assigned to the storage, handling or preparation of food. The main function of the device is to heat food and the device can be a microwave oven, blender, stove, oven or induction cooker. Alternatively or additionally, the device may be a refrigerator, freezer, food processor, dishwasher, blender, beverage machine, coffee maker, or ice tea maker. In addition, the primary function of the device may be related to environmental control, and the device may consist of or be part of an HVAC system. Alternatively or additionally, the main function of the device can be assigned to temperature regulation, the device can be an air conditioner or a heater. Furthermore, the main function of the device can be assigned to cleaning, the main function can be assigned to cleaning laundry and the device can be a washing machine or a tumble dryer or the device can be a vacuum cleaner. Alternatively or additionally, the main function of the device may be associated with water control or water heating. In addition, the device can be an answering machine, a telephone, a home theater system, a hi-fi system, a CD or DVD player, an electric oven, a compactor, a smoke detector, a lamp or a dehumidifier. Alternatively or additionally, the device may be a portable, battery-powered electronic device such as a laptop, notebook computer, media player, cell phone, personal digital assistant (PDA), imaging device, digital camera, video recorder, or portable computing device.
Here, as with any device, any integration can involve the sharing of a component, e.g. B. a chassis in the same cabinet, sharing the same processor or mounting on the same surface. Also, any integration here could include sharing the same port, e.g. a power jack for connecting to a power supply, and integration could involve sharing the same connector to be powered by the same power supply, or integration could involve sharing the same power supply. .
Every device here, like every tunnel device here, can be housed in a single case, which can be a portable case or portable case, and can be further integrated with at least one laptop, laptop, media player, camera, camera (DSC). a digital video camera (DVC or digital camcorder), a personal digital assistant (PDA), a mobile phone, a digital camera, a video recorder or a smartphone. Each smartphone included in this document may include or be based on an Apple iPhone 6 or Samsung Galaxy S6. Any method herein, like any method by any tunneling device, may further include storing, running or using an operating system, which may be a mobile operating system, such as Android version 2.2 (Froyo), Android version 2.3 (Gingerbread), Android version 4.0 ( Ice Cream Sandwich), Android version 4.2 (Jelly Bean), Android version 4.4 (KitKat), Apple iOS version 3, Apple iOS version 4, Apple iOS version 5, Apple iOS version 6, Apple iOS version 7, Microsoft Windows ® Phone version 7, Microsoft Windows ® Phone version 8, Microsoft Windows ® Phone version 9 or Blackberry ® operating system.
Any device here, like any tunneling device here, can work as part of any method here, connecting to the Internet over a wireless network. The wireless network may include or consist of a wireless wide area network (WWAN), which may be a broadband wireless network such as a WiMAX compliant network or an IEEE 802.16-2009 based network. Additionally, each wireless network in this document may include or consist of a cellular network, such as a third generation (3G) network using a protocol selected from the group consisting of UMTS W-CDMA, UMTS HSPA, UMTS TDD, CDMA2000 1×RTT, CDMA2000 EV-DO and GSM EDGE Evolution or the cellular network may use a protocol selected from the group consisting of fourth generation (4G) network with HSPA+, Mobile WiMAX, LTE, LTE-Advanced, MBWA or based on IEEE 802.20-2008. Alternatively or additionally, the wireless network may include or consist of a wireless personal area network (WPAN), which may be compatible with or based on Bluetooth™, Bluetooth Low Energy (BLE), or IEEE standards. 802.15.1-2005, or the WPAN may be a wireless control network that may comply with or be based on the Zigbee™, IEEE 802.15.4-2003, or Z-Wave™ standards. Alternatively or additionally, each wireless network herein may comprise or consist of a wireless local area network (WLAN), which may comply with or be based on a standard selected from the group consisting of IEEE 802.11-2012, IEEE 802.11a, IEEE 802.11b, IEEE 802.11 g, IEEE 802.11n and IEEE 802.11ac.
Any method involving virtualization may be used herein, where at least one of the steps may be performed as part of a virtualized application as part of a virtual machine (VM). Alternatively or additionally, the client device or any part thereof, the web server or any part thereof, at least one of a plurality of tunnel devices or any part thereof, the first server or any part thereof, or the second server or any part thereof may be implemented as virtual hardware . Additionally, any method herein may be used with a host computer capable of implementing the VM, and any method herein may further include the host computer running a hypervisor or virtual machine monitor (VMM) and any virtualized applications here. or any hardware here can use or communicate with virtual hardware. Any virtualization included in this document may include, be based on, or use full virtualization, para-virtualization, or hardware-assisted virtualization. At least two devices, selectable from a group consisting of the client device, the web server, at least one of multiple tunnel devices, the first server, and the second server, can be implemented as virtual hardware, and at least two devices can be virtualized by the same Host computer that implements the VM.
Any method with virtualization can be used here, and each communication can be performed between two entities selected from a group consisting of the client device, the web server, at least one of a plurality of tunnel devices, the first server and the second server. . as a virtualized network as part of a virtual machine (VM). Additionally, any method herein may be used with a host computer capable of implementing the VM, and any method herein may further include the host computer running a hypervisor or virtual machine monitor (VMM), and the virtualized network may use or with virtual hardware to interact . . . Any network or communications virtualization may include, be based on, or leverage full virtualization, para-virtualization, or hardware-assisted virtualization.
Any method herein may further include storing, operating, or using an operating system as part of the client device, the web server, at least one of a plurality of tunnel devices, the first server, the second server, or any combination thereof. The operating system can run as a guest operating system as part of a virtual machine (VM). Each method in this document can be used with a host computer that implements the VM, and the method can further include the host computer running a hypervisor or virtual machine monitor (VMM), and the guest operating system can use or run a virtual hardware interface. Such virtualization may include, be based on, or use full virtualization, para-virtualization, or hardware-assisted virtualization.
The summary above is not an exhaustive list of all aspects of the present invention. Indeed, the invention is contemplated to encompass all systems and methods practiced from all suitable combinations and derivations of the various aspects summarized above, as well as those disclosed in the detailed description below and particularly pointed out in the claims presented. together with the application. Such combinations have particular advantages not specifically mentioned in the summary above.
The invention is described here, purely by way of non-limiting example, with reference to the accompanying drawings, in which like reference numbers indicate similar elements. It is understood that these drawings only provide information about typical embodiments of the invention and therefore should not be considered as limiting its scope:
DETAILED DESCRIPTION
The principles and operation of an apparatus or method according to the present invention can be understood with reference to the figures and the accompanying description, in which identical or similar components (hardware or software) appearing in different figures are denoted by identical reference numbers . Drawings and descriptions are conceptual only. In practice, a single component can implement one or more functions; alternatively or additionally, each function can be implemented by multiple components and devices. In the figures and descriptions, identical reference numbers indicate components that are common to different embodiments or configurations. Identical reference numbers (sometimes also when using a different suffix, such as5,5A,5Bmi5C) refer to actual devices or features that are identical, substantially similar, similar, or functionally similar. It should be readily understood that the components of the present invention, as generally described herein and illustrated in the figures, can be arranged and configured in a wide variety of different configurations. Therefore, the following more detailed description of the embodiments of the apparatus, system and method of the present invention as shown in the figures herein is not intended to limit the scope of the invention as claimed, but is merely representative of embodiments of the invention . . As used in this document, the singular forms “a”, “an” and “the” should be understood to include the plural as well, unless the context clearly indicates otherwise. Thus, for example, reference to "a component surface" includes reference to one or more of those surfaces. By the term "substantially" is meant that the reported property, parameter or value does not have to be exactly achieved, but that deviations or fluctuations, including for example tolerances, measurement errors, limitations in measurement accuracy and other factors known to those skilled in the art prior art, can occur in amounts that do not preclude the effect that the trait is intended to provide.
Any equipment contained in this document may consist of, contain, be part of, or be based on a computer, part or all of it.11or the system10It is shown in it
Each of the servers contained herein may consist of, include, or be based on all or part of the functionality or structure (e.g., software) of any server described in the '044 patent, e.g. B. Web server, proxy server or The Accelerator. Server. Each of the clients or devices included in this document may consist of, include, or be based on some or all of the functionality or structure (e.g., software) of a client or device described in the '044 patent, e.g. the peer device , the customer or the agent. Each of the tunneling devices in this document may consist of, contain, or be based on some or all of the functionality or structure (e.g., software) of a peer, client, or agent tunneling device described in the '044 patent. Devices.
Any step or flowchart described in this document may be embodied as a software development kit (SDK) delivered as a non-transitory computer-readable medium containing computer instructions. The SDK can be installed on an appropriate device, client or server to be executed by a processor on that device.
Example of arrangement70to retrieve content from the requesting client device31Afrom the web server22Bis displayed
there Tuberculosis Server71Used to store a list of available tunnel devices, e.g. B. their IP addresses, along with attribute values corresponding to one or more attribute types. The list of available tunnels is stored in memory73Partial, integrated, connected or in communication with the TB server71. the SP server72receives the content request from the requesting client31A,and manage content fetching using TB server71. there Tuberculosis Server71and SP server72may be separate devices located in different geographic locations as shown in the layout70, it can reside in a single location or be integrated into a single device or server that combines the functionality of both servers.
Any device available for internet communication113it can serve as a tunnel device. Each tunnel device may consist of, contain, be a part of, or be based on part or all of the computer11or the system10It is shown in it
Furthermore, a tunnel device can be integrated into a device. The main function of the appliance may be related to the storage, handling or preparation of food, such as a microwave oven, blender, stove, oven, or induction cooktop for heating food, or the appliance may be a refrigerator, freezer, or food processor, food processor, dishwasher, blender, beverage machine, coffee maker, or ice tea maker. In addition, the main function of the device can be linked to the environmental control, such as e.g. B. Temperature control, and the device may consist of or be part of an HVAC system, an air conditioner or a heater. In addition, the main function of the device can be assigned to cleaning, for example, as a washing machine, tumble dryer or vacuum cleaner. The main function of the device can be related to water regulation or water heating. The device can be an answering machine, telephone, home theater system, hi-fi system, CD or DVD player, electric range, compactor, smoke detector, lamp or dehumidifier. The device may be a portable computing device or a battery-powered portable electronic device such as a laptop or notebook computer, a media player, a cell phone, a personal digital assistant (PDA), an imaging device, a digital camera, or a video recorder. Device integration may involve sharing a component, e.g. B. a cabinet in the same cabinet, the sharing of the same connection, e.g. B. Sharing a power connector to connect to a power source, where integration includes sharing the same connector to be powered by the same power supply. . Integration with the device may involve sharing the same power supply, the same processor, or mounting on the same surface.
Whereas in the matrix example 5 tunnel devices are shown70, any number of tunnels can be used. Preferably, the number of tunnel devices used may be greater than 5,000, 10,000, 20,000, 50,000, 100,000, 200,000, 500,000, 1,000,000, 2,000,000, 5,000,000 or 10,000,000.
A tunnel device can connect to the Internet113direct, as Tunnel #1 33Aand tunnels #2 33Bis displayed to connect directly to the Internet113as part of the arrangement70It is shown in it
In one example, the two servers were used cooperatively to help obtain content, i. H. Server SP72and the tuberculosis server71, are owned, operated, managed or controlled by the same company76, as displayed in a matrix70AIt is shown in it
Any content contained herein may consist of or include data such as files, text, numbers, audio, voice, multimedia, video, images, music, computer programs or any other sequence of instructions, as well as any other form of information represented as a character string, Bits, bytes or characters. In an example, the content may include, be part of, or all of a URL or a page on a website.
Each tunnel device can be associated with one or more attribute values corresponding to one or more attribute types. a table100It is shown in it
An attribute type may relate to the timing of an operation or activity through a tunneling device. a first column102A,Called “date-time”, it can correspond to a moment of an event related to the operation of the particular tunnel, such as: the last time the tunnel device was connected to the internet, or when the tunnel device was connected to a specific entity, such as for TB servers71or the SP server72. In the examples shown in the table100relative time information relative to the first tunnel corresponding to the first line101Ait is displayed as date 3/5 and time 19:35, time information related to the second tunnel corresponding to the second line101Bit is displayed as date 3/5 and time 19:38, time information related to the third tunnel corresponding to the third line101Cit is displayed as date 5/5 and time 00:05, time information related to the fourth tunnel corresponding to the fourth line101Ddisplayed as date 5/11 and time 00:07, time information related to the fifth tunnel corresponding to the fifth line101miit is displayed as date 12/5 and time 00:15, time information related to the sixth tunnel corresponding to the sixth line101Fit is shown as date 5/12 and time 05:38, and time information regarding the seventh tunnel corresponding to the seventh line101Grammit is shown as date 5/12 and time 22:13.
Alternatively or additionally, the attribute type can be assigned to the communication link, which involves the connection of a tunneling device to the Internet.113. For example, the connection type of the device can be used as a type attribute, e.g. B. whether it is wired or wireless. In addition, the associated attribute type may include the protocol or technology used to connect each tunnel to the Internet.113, as illustrated in the Connection Type column102miin the flesh100. In the examples shown in the table100communication protocol information related to the first tunnel corresponding to the first line101Ais displayed as VDSL (Very High Speed Subscriber Line) technology value, a communication protocol information related to the second tunnel corresponding to the second line101Bit is shown as a third generation (3G) value, communication protocol information related to the third tunnel corresponding to the third line101Cdisplayed as a Data over Cable Service Interface Specification (DOCSIS) value, communication protocol information related to the fourth tunnel corresponding to the fourth line101Ddisplayed as ADSL (Asymmetric Digital Subscriber Line) value, a communication protocol information related to the fifth tunnel corresponding to the fifth line101miIt is displayed as a WiFi value, information related to the communication protocol related to the sixth tunnel corresponding to the sixth line101Fis displayed as the value of 4G.LTE and communication protocol information related to the seventh tunnel corresponding to the seventh line101Grammis displayed as ADSL value.
Alternatively or additionally, the attribute type may be associated with the communication link involving a tunneling device communicating with another entity over the Internet.113like communicating with the TB server71, the SP server72, or the web server22B.For example, the bandwidth (BW) or RTT of this device's communication can be used as an attribute type, as illustrated by the "BW" columns.102Grammand 'RTT'102Hin the flesh100. In the examples shown in the table100communication metrics information related to the first tunnel corresponding to the first line101Aindicated as a BW value of 1000 (Kb/s) and an RTT value of 30 (ms), communication metrics information related to the second tunnel corresponding to the second line101Bis indicated as a BW value of 350 (Kb/s) and an RTT value of 70 (ms), communication metric information related to the third tunnel corresponding to the third line101Cindicated as a BW value of 2500 (Kb/s) and an RTT value of 540 (ms), communication metrics information relating to the fourth tunnel corresponding to the fourth line101Dis indicated as a BW value of 1400 (Kb/s) and an RTT value of 170 (ms), communication metric information related to the fifth tunnel corresponding to the fifth line101miis indicated as a BW value of 1200 (Kb/s) and an RTT value of 120 (ms), communication metric information related to the sixth tunnel corresponding to the sixth line101Fis displayed as a BW value of 2100 (Kb/s) and an RTT value of 230 (ms) and communication metric information regarding the seventh tunnel corresponding to the seventh line101Grammit is displayed as a BW value of 800 (Kb/s) and RTT value of 310 (ms).
Alternatively or additionally, the attribute type may be associated with the tunnel connection scheme to the Internet, such as the ISP ID or the associated ASN relating to the ISP, tunnel device or Internet connection scheme. In the examples shown in the table100, a column named "ASN"102Dused, an ASN value corresponding to the first line101Adisplayed as 3215 (equivalent to Orange France), an ASN value corresponding to the second line101Bis displayed as 3209 (equivalent to Vodafone Germany), an ASN value corresponding to the third line101Cis displayed as 12079 (equivalent to Verizon Wireless USA), an ASN value corresponding to the fourth line101Dis displayed as 16345 (equivalent to Beeline Russia), an ASN value corresponding to the fifth line101midisplayed as 30148 (equivalent to Zain Saudi Arabia), an ASN value corresponding to the sixth line101Fis displayed as 9498 (corresponding to Bharti Airtel India) and an ASN value corresponding to the seventh line101Grammis displayed as 11419 (corresponds to Telefónica Brasil).
Alternatively or additionally, the attribute type may be associated with the tunneling device itself, such as its location. The location can be based on an actual physical geographic location or IP geolocation. In the examples shown in the table100, a column called "Geolocation"102CIt can be used. A location value that corresponds to the first row101Ais displayed as "Paris, France", a location value corresponding to the second row101Bis displayed as "Munich, Germany", a location value corresponding to the third row101Cis displayed as "Boston, Mass., USA", a location value corresponding to the fourth row101Dis displayed as "Moscow, Russia", a location value corresponding to the fifth row101miis displayed as "Riyadh, Saudi Arabia", a location value corresponding to the sixth row101Fdisplayed as "Mumbai, India" and a location value corresponding to the seventh line101Grammis displayed as "San-Paulo, Brazil".
Alternatively or additionally, the attribute type can be assigned to the tunnel device itself, such as its structure, functionalities or properties. The attribute type can refer to hardware, software, or any combination thereof. For example, the type of tunnel device can be used, such as stationary or portable. In addition, the computing power or the processor type can be used. For example, the type, brand, and version of any software that may be used, such as the operating system, as exemplified in the "Operating System" column.102Fin the flesh100. In the examples shown in the table100, an operating system related to the first tunnel corresponding to the first line101Ais shown as "Chrome 2.0", an operating system related to the second tunnel corresponding to the second line101Bis shown as "iOS 3.0", an operating system related to the third tunnel corresponding to the third line101Cis displayed as "Windows 10", an operating system related to the fourth tunnel, which corresponds to the fourth line101Dis displayed as "Windows 7", an operating system related to the fifth tunnel, which corresponds to the fifth line101miis displayed as "Android 2.0", an operating system related to the sixth tunnel, which corresponds to the sixth line101Fis displayed as "iOS 4.0" and a related operating system, which refers to the seventh tunnel, corresponding to the seventh line101Grammit will show up as "Chrome 3.0".
Tunnel devices can be identified primarily by their corresponding IP address, as shown in the Tunnel IP Address column.102Bin the flesh100. In the examples shown in the table100, an IP address of the first tunnel corresponding to the first line101Ais shown as 80.12.105.150, a second tunnel IP address corresponding to the second line101Bis shown as 176.94.1.17, a third tunnel IP address corresponding to the third line101Cis shown as 162.115.192.24, an IP address related to the fourth tunnel corresponding to the fourth line101Dis displayed as 83.220.232.67, an IP address of the fifth tunnel corresponding to the fifth line101miis displayed as 185.93.228.98, an IP address of the sixth tunnel corresponding to the sixth line101Fis shown as 59.144.192.23, and a seventh tunnel IP address corresponding to the seventh line101Grammis displayed as 200,196,224.89.
The general flow of system operation for retrieving content (such as a URL) for the requesting client31Afrom the web server22BUsing array-based tunnels70It is shown in it
The connection process may involve establishing a connection (either directly or through a server) between the log tunnel device and the TB server.71. The handshake between the two devices establishes the connection by exchanging communication information. The established connection can then be used for efficient data exchange between the devices. In one example, communication between devices uses TCP, and the pre-connection is used to establish a connection that forms a "passive open," which involves the exchange of SYN, SYN-ACK, and ACK messages. In another example, a VPN is formed between the devices and a tunnel or VPN establishment is performed as part of the pre-connection phase. Tunnel endpoints are authenticated before secure VPN tunnels can be established. User-created remote access VPNs can use passwords, biometrics, two-factor authentication, or other cryptographic methods. Network-to-network tunnels typically use passwords or digital certificates and persist the key to allow a tunnel to be established automatically without user intervention.
In one example, the number of tunnel devices that have registered with the TB server71(or the number of IP addresses) and are available for use as a tunnel device at 10,000, 20,000, 50,000, 100,000, 200,000, 500,000, 1,000,000, 2,000,000, 5,000,000, or 10,000,000.
The content search scheme begins at a "content request" step82, where the requesting client sends a request message to the SP server72. The request message preferably contains the requested content, e.g. B. a URL (and/or a web server identification).22B). the client device31Amay also contain (as part of or attached to the request message) criteria for selecting tunneling devices to be used to obtain the requested content from the web server22B,as part of a "Tunnel Selection" step.83. For example, the request message may include identifying an attribute type and associated values for tunnel selection. the client device31AYou can use a single value so that only tunnel devices that map to that single value are used. Alternatively or additionally the client device31AYou can use multiple values, so only tunnel devices that map to one of those values are used. Alternatively or additionally the client device31AYou can use a range of values so that only tunnel devices that map to one of the values in the range are used. For example the client device31AYou can set a minimum value (select only tunnel devices mapped to values equal to or greater than the minimum value), you can set a maximum value (select only tunnel devices mapped to values equal to or less than the maximum value), or you can define minimum and maximum values (select only associated tunnel devices with values equal to or greater than the minimum value and equal to or less than the maximum value).
For example, if the attribute value is a city, the request message could define a city in Munich, Germany. Suppose the available tunnel devices are listed in the table100She
In addition, if the attribute value is an RTT, the request message may specify an RTT greater than 300 ms (minimum 300 ms) so that the tunnel device (e.g.3 33C) connected to the third line101C(with 540 ms) or the tunnel device assigned to the seventh line101Gramm(with 310 ms), selectable. In addition, if the attribute value is an RTT, the request message may specify an RTT below 80 ms (maximum) so that the tunnel device (e.g. tunnel #1 33A) associated with the first row101A(with 30 ms) or the tunnel device (e.g. tunnel #2 33B) associated with the second row101B(with 70 ms), selectable. If the attribute value is a BW, the request message may also define a BW below 2200 Kb/s and above 2000 Kb/s with the tunneling device associated with the sixth line101F(at 2100 Kb/s), selectable.
In the "Tunnel selection" step.83, the TB server71Select a tunnel device to use from the list of tunnels stored in memory73, according to the criteria that the requesting customer received in the "Content Request" step82. Note that some requests may not contain any criteria, in which case the TB server can choose any available tunnel device71.
Once the TB server selects a tunnel device71, the content request is routed through the TB server71, the SP server72, or a collaboration thereof, for the selected tunnel device. The tunneling device, in turn, forwards the content request to the web server using the tunneling scheme or proxy.22B,as part of a "Tunnel Use" step.84. Note that such tunneling provides anonymity and non-traceability when the web server22Bonly knows the request from the selected tunneling device and ignores the identity of the source of the request, i. H. of the requesting client31A,which is not exposed to the web server22B.For example, in the event that the requesting client31Ais located at site A, and the selected tunnel device used is located at site B, the web server22Bit may only be aware of the arrival of the request from site B (e.g. by using IP geolocation).
The requested content is sent to the selected tunnel device, which in turn sends the received content to the requesting client.31Aas part of a Get Content step.85, which completes the request-response cycle from the client device's perspective31A,and ends in an "END" step86. So the "Content Fetch" loop, which can be a "URL Fetch" flowchart87If the content is a single URL, it can be set by the requesting client device31AIssue a content request to the SP server72until the requesting client device receives the retrieved content31Aas part of the "Get Content" step.85. The retrieved content may be stored on the client device in volatile or non-volatile memory, or may be stored in a local cache, as disclosed in US Patent No. 8,135,912 to Shribman et al. entitled: "System and Method for Increasing Cache Size", which is included in its entirety for all purposes as if fully set forth in this document. Content is stored with associated metadata or other identifiers so it can be easily found and retrieved later when needed.
While retrieving a single URL (or other content) is exemplified in the flow chart80, the requesting client can also retrieve any number of URLs31A.Each URL search can be done according to the flowchart or based on it87shown as part of the flowchart80She
In an example, the same tunnel device is selected in two or all Get activities named "URL#".1search flow diagram87Afor the "URL#N Fetch" flowchart.87Norte.Alternatively or additionally, a different tunnel device is selected for each of the Get activities named "URL#".1search flow diagram87Afor the "URL#N Fetch" flowchart.87Norte,which is preferred from the standpoint of anonymity.
A schematic message flow diagram110Description of the registration phase as part of the registration and connection phase.81is displayed
As part of the "Registration and Connection" phase.81a permanent connection is established between the registered tunnel devices and the TB server71, such as B. Using the TCP keepalive mechanism. Pictorially shown in an arrangement110AIt is shown in it
The connection process involves establishing a connection (directly or through the server) where the handshake occurs between the TB server71and each of the tunnel devices includes forming the connection by exchanging information related to the communication. The established connection can then be used for efficient data exchange between the devices. In one example, communication between devices uses TCP, and the pre-connection is used to establish a connection that forms a "passive open," which involves the exchange of SYN, SYN-ACK, and ACK messages. In another example, a VPN is formed between the devices and a tunnel or VPN establishment is performed as part of the pre-connection phase. Tunnel endpoints are authenticated before secure VPN tunnels can be established. User-created remote access VPNs can use passwords, biometrics, two-factor authentication, or other cryptographic methods. Network-to-network tunnels typically use passwords or digital certificates and persist the key to allow a tunnel to be established automatically without user intervention.
The content discovery process, which corresponds to the Content Request step82which is part of the URL Fetch flowchart87, starting with the requesting customer31ASend a content request to the SP server72, as shown in a message route121Adisplayed as part of a message graphic120It is shown in it
The content request message and the attribute type and value information can be sent over the message path.121AUsing a proprietary protocol agreed between the two communicating nodes. Preferably the SOCKS protocol can be used, WebSocket (ws) which can be WebSocket Secure (wss) or HTTP Proxy where the client device31Aruns a client-side protocol and the SP server72runs a server-side log.
In response to receiving a content request through the message path121A,the SP server72Forwarding the content request along with the tunnel selection criteria to the TB server71, displayed as a message path131Ain the message graph120AIt is shown in it
As part of the "Tunnel Selection" phase.83, according to preset criteria based on the type of attributes and values received from the client device31Aas part of the message path121A,or any combination thereof, the TB server71uses the tunnel list stored in memory73, which the table may contain100to select a tunnel device to use. In one example, the attribute type is location and the value is Moscow, Russia, hence the tunnel number4 33D,which record is contained in the fourth row101Dthe table100, it is suitable for selection and is selected by the TB server71to meet the customer's device-specific content requirement31A.
In one example, the tunnel device to be used can be randomized, allowing for example load balancing. In one example, randomly selecting different tunneling devices for different content (e.g. multiple web pages on the same website) from the same content source, the web server.22Brecognizes distributed request schemes and, moreover, cannot match the requests to the client device31A,for even more anonymity and non-traceability. Randomness is commonly implemented using random numbers, which are defined as a sequence of numbers or symbols that have no pattern and therefore appear random, usually generated by a random number generator. Randomness is described in IETF RFC 1750, for example"Recommendations for Randomization for Safety Reasons"(December 1994), which is incorporated in its entirety for all purposes as if set forth herein in its entirety. A random number generator (with analog or digital output) can be hardware-based and use a physical process such as thermal noise, gunshot noise, nuclear decay radiation, photoelectric effects, or other quantum phenomena. Alternatively or additionally, the generation of random numbers may be software-based, using a processor running an algorithm to generate pseudo-random numbers that approximate the properties of random numbers.
If there are no selection criteria specified by the requesting customer31A,there Tuberculosis Server71You can randomly select a tunnel device from the group or list of all currently available tunnel devices. Similarly, in the case where multiple tunneling devices are available and they all meet the defined criteria (e.g., all being associated with a defined value or within the defined range of values relative to a particular attribute type), the server TB71You can randomly select a tunnel device from the group or list of all currently available tunnel devices that also meet the defined criteria.
After completing the tunnel selection#4 33D,there Tuberculosis Server71forwards the requested content ID to the selected tunnel number4 33D,displayed as message path131Bin the message graph120BIt is shown in it
In response to the request message131B,the selected tunnel#4 33Dsends a request for the identified content to the appropriate server that stores the requested content, for example the web server22B,displayed as message path131Cin a message graph120BShe
The requested content is then obtained from the web server.22Bto the requesting customer31A,as part of the "Content Search" phase.85, along the "opposite" path of request flow. As shown in a news graphic130It is shown in it
there Tuberculosis Server71usually runs a flowchart140It is shown in it
The request handler flowchart.140Binvolves selecting a tunnel device from those available based on a request from the SP server72and using the selected tunnel device to obtain the requested content. The request handler flowchart.140Biterates for each request for content (e.g. a URL) from the client device31Atransferred from the SP server72, so that many of these instances of this operation are running simultaneously and independently. First, a content request is received from the SP server72as part of a "Receive SP Request" step145, according to the message path131Ais displayed in the message graphic120B.Typically, the request includes a copy of the content request received from the requesting client.31A.Based on pre-established criteria and criteria that are part of the received request, the TB server71As part of the Select Tunnel step, select a tunnel device from those available146, which correspond to the Tunnel Selection phase83. As part of the Send Request to Tunnel step.147, which is the message path131Bis displayed in the message graphic120Band carried out as part of the “Tunnel Use” phase84, the ID of the requested content that is routed to the selected tunnel device, instantiated as tunnel #4 33Din the example here. After the selected tunnel device receives the content #4 33Dfrom the web server22B,is forwarded and received by the TB server71as part of the Get Tunnel Contents step.148, which is the message path131miis displayed in the message graphic130and conducted as part of the "Content Search" phase85. Processing of the requested content is completed by sending the received content to the SP server as a response.72Request as part of a Send Content to SP step.149, which is the message path131Fis displayed in the message graphic130and conducted as part of the "Content Search" phase85.
the SP server72usually runs a flowchart150It is shown in it
SSL trace. SSL (Secure Sockets Layer) certificates are used to secure online communications and transactions through encryption. SSL encryption technology creates encrypted connections between a user/web browser and a website/web server. The SSL certificate guarantees that all communication transmitted through a browser/website/server is encrypted and decrypted in such a way that only the sender and the recipient can see it in decrypted form. SSL sniffing refers to intercepting and reading SSL-encrypted traffic using a MITM (Man in the Middle) proxy.
SSL detection works in different ways. In some SSL implementations, the MITM proxy is used to redirect the end user in a communication to a non-HTTPS site and then sniff unencrypted traffic on that site. At the same time, the requests would be proxied to and from the HTTPS website. Alternatively, the broker can capture the HTTPS traffic and present a valid HTTPS certificate to the end user. The certificate should be trusted on the end user's computer. The end user's computer would need to be compromised or given a trusted certificate. The man in the middle would forward the traffic to the actual HTTPS website while also looking at the unencrypted traffic that's in the middle. There is also another option - take the encrypted traffic and record it, hoping that the technology will help decrypt the data in the future. An example implementation of SSL sniffing that extracts the SSL hostname by parsing the TLC/SNI record (sni.js) is on a web page from 'Marek's - totally not crazy - idea of the day' (dated 16 2012 ) with the title: "Analyse des SSL-Handshakes“,which is incorporated in its entirety for all purposes as if fully set forth herein. SSL sniffing is described in more detail in the Netronome Systems, Inc. white paper published in 2010 (2-10) entitled: “Examine SSL-encrypted communication",which is incorporated in its entirety for all purposes as if fully set forth herein.
A system, method and computer program product for securing a data transaction over a network using SSL tracing is disclosed in US Patent No. 7,853,795 to Dick et al. entitled: "System, Method and Computer Program Product for Security of Electronic Transactions", which is incorporated in its entirety for all purposes as if fully contemplated in this document. When a data transaction between at least one server and a client over a network is captured, data transmitted over the network between the server and the client during the data transaction is captured. At least one identifier is assigned to the recorded data. A time stamp is also generated for the recorded data. The timestamp includes information identifying at least a portion of the identifiers. The collected data, identifiers and timestamps are stored in one or more data stores. Identifiers associated with the stored captured data are also assigned to an entry in an index to enable the stored data to be retrieved from the data store via the index.
In an example, the message received from the SP server72from the client device31Aas part of the Receive Customer Request step.151It conforms to the HTTPS protocol, in which part or all of the message is encrypted using TLS or SSL. In this case the SP server72(or TB server71), you can use SSL sniffing to extract the content identifier (e.g. the requested URL), to extract all attribute values contained in the message, to extract all other information contained in the message and for the operation of the systems are required. the SP server72You can use SSL sniffing, which involves parsing the SSL handshake, e.g. B. Parsing the ClientHello and ServerHello parts of the CONNECT request into the TLS handshake. In an example where the client device31Asends an HTTPS request that includes "CONNECT amazon.com", the SP server72responds with a message consisting of: "HTTP/1.1 200 OK" and continues to apply pkg/util/tls.js Handshake:extract_sni to all subsequent messages from the client device31A.If a message contains SNI and is amazon.com, or if the message does not contain SNI, the SP server72sends ClientHello to the Amazon web server (which can be the web server22B) and start listening to ServerHello while applying Handshake:extract_cert_names to all messages it receives until the cert part is received and parsed. If the server certificate received is for amazon.com and not for another/blocked host, the SP server72sends a response to the client device31Aand starts encapsulating the data without analysis.
For each piece of information or content (e.g. a single URL) requested by a client device, as an example of a client device31A,usually runs a flowchart160It is shown in it
In one example, the client device31Ait imposes no restrictions and provides no criteria or limitations for selecting a tunnel device for a particular requested content. In this case, the selection of the tunnel by the TB server71as part of the Select Tunnel step.146is not constrained by the client, any internal selection rule or mechanism can be used. Alternatively or additionally the client device31Adefines specific restrictions or criteria for selecting a tunnel device for the specific requested content. These criteria can include the definition of attribute types and a value of values related to each attribute value. In this case, the selection of the tunnel by the TB server71as part of the Select Tunnel step.146is limited by the customer, and the limitations defined by the customer are in addition to any internal selection rules or mechanisms that may be used. Alternatively or additionally the client device31AYou can define a specific tunnel device, e.g. B. identified by a specific IP address to be used for specific requested content. For example the web server22BYou may respond differently to a device requesting content based on previous interactions with that device. In this case the client device31Acan run a flowchart160AIt is shown in it
Each of the tunnel devices, e.g. B.Tunnel#1 33A,a tunnel #2 33B,a tunnel #3 33C,a tunnel #4 33D,and tunnels #5 33mi,usually runs a flowchart170It is shown in it
If the TB server selects a tunnel device71as part of the Select Tunnel step.146, the TB server71to the selected tunnel device as part of the Send Request To Tunnel step147the content request received as part of the Receive TB Request step174, according to the message path131Bshown in tunnel selection example#4 33Din the message graph120B.The selected tunnel device #4 33DForwarding the request to the appropriate web server, for example the web server22B,as part of a Send Request to Web Server step.175, according to the message path131Cshown in tunnel selection example#4 33Din the message graph120B,thus completing the “Tunnel use” phase84in the flowchart80It is shown in it
As part of the Content Search phase.85, the content retrieved from the web server22B(in response to the request) is received by the selected tunneling device as part of the "Receive content from web server" step176(according to the message path131Din the message graph130) and is then forwarded (or "wrapped") to the TB server71as part of a Send Content to TB step.177, which are received from the TB server71as part of the Receive Tunnel Content step.148, according to the message path131miin the message graph130.
The operation of the Receive TB Request step.174to the "Send content to TB" step.177it can be repeated each time the tunnel is selected. The connection made in the Connect step173it is maintained after each content tunneling operation, allowing additional tunneling operations to be performed using the same tunnel. The same tunnel can be selected for the same web server22B,regarding different URLs of the same website stored on the web server22B.Alternatively or additionally, the same tunnel can be used for different web servers, for example to retrieve different web pages or websites assigned to different web servers.
In one example, one or more tunneling devices are used primarily for purposes other than serving as tunneling devices. In this case the functionality or the operation of the tunnel, e.g. B. Running the flowchart170It is shown in it
In an example, a tunnel device may be a dedicated device installed, used, or operated primarily to serve as a tunnel device primarily (or exclusively) to perform the tunnel-related flowchart.170It is shown in it
Although the operation of the system has been exemplified above with a single IP address associated with each tunneling device, multiple IP addresses may equally be associated with each tunneling device. In one example, the dedicated tunnel device33Adisplayed in the layout180it can be addressed via multiple IP addresses, for example through multihoming. The dedicated tunnel device33A(or any tunneling device) can perform the tunneling process170for each of the IP addresses, either in parallel or sequentially (or a combination of both), enabling the savings derived from using a single hardware device with a single internet connection running multiple tunneling functions. Alternatively, multiple internet connections can be used, with each internet connection being associated with one or more IP addresses. Dedicated tunnels can be deployed as client devices or preferably as servers as part of data centers. Preferably, dedicated tunnels, either as client devices or as servers in data centers, are installed in multiple locations around the world, allowing for better load balancing due to wide distribution and providing a variety of potential locations or IP geolocations that can be used as location attribute values by client devices are selected. More than 1,000, 2,000, 5,000, 10,000, 20,000, 50,000 or 100,000 different IP addresses can be assigned to a dedicated tunnel device.
In addition, consumers can own, use, or operate tunnel devices. In this case, its availability is controlled solely by the user. For example, if you switch off the device, e.g. B. at night, or when you are in places without an Internet connection, tunneling devices are no longer available for the tunneling function. Conversely, dedicated tunnel devices may be available for selection and use at any time of the year (commonly referred to as "twenty-four") and as such allow the service provider to do so76AProviding stable and consistent tunneling service for client devices. In addition, dedicated tunneling devices owned, operated or controlled by the service provider76A,Avoid the need to distribute tunnel functionality, such as B. the software code that implements the tunnel flow diagram170, for multiple devices.
In general, the tasks are performed by the TB server71, as part of the flowchart operation140It is shown in it
A message graph arrangement190preventing the TB server from being part of the content retrieval path is shown in FIG
The mechanism of the getting content phase85described in the message diagram190Bsurrounds the selected tunnel #4 33DRetrieving content from the web server22Dvia the message channel131D,forward the content of the selected tunnel #4 33Dvia the message channel194for SP server72, which in turn sends the received content as a response to the requesting client31Avia the message channel131Gramm.This content path is preferred by the "tunnel" through the TB server71Using message routes131mimi131Fbypassed by providing one less hop to transport information from the web server22Bto the client device31A,This provides lower latency, higher reliability, and lower costs associated with the additional traffic, hardware, and processing power required to handle unnecessary tunnels through the TB server.71. In addition, this scheme allows to optimize the structure and functionalities of the TB server.71for tunnel selection activities.
In the alternative arrangement described in
As part of processing a request for content from the client device31A,there Tuberculosis Server71received from SP server72, via the message path131Ais displayed in the message graphic190, Criteria (or a criterion) for selecting a tunnel device to be used to deliver the requested content as part of a Receive Criteria from SP step.202. As part of the Receive SP Request step.145What is part of the flowchart?140Bthere Tuberculosis Server71the requested content id was also communicated, such an id is not required in this alternative scheme as the TB server71it is no longer part of the actual content request and search data paths. In an example, the same message, also containing the content identifier, is sent from the SP server.72for TB server71via the message channel131A,so that the "Get SP Criteria" step202can be processed in the same way as the "Receive SP Request" step.145described above. After selecting a tunnel device as part of the Select Tunnel step.146, the TB server71send a message to the selected tunnel #4 33Dvia the message channel131B,tell it to initiate communication with the SP server (e.g. using NAT traversal).72, as part of the Connect and Route Tunnels step.203. Shown in the scheme in
In the alternative arrangement described in
Use existing connection192, the SP server72forward the content id to the selected tunnel#4 33Das part of a Send Request to Tunnel step.215, represented as a message path193in a message graph190AIt is shown in it
In the alternative arrangement described in
As part of the Content Search phase.85, the content retrieved from the web server22B(in response to the request) is received by the selected tunneling device as part of the "Receive content from web server" step176(according to the message path131Din the message graph130) and then forwarded (or "wrapped") to the SP server71as part of a Send Content to SP step.225and received from the SP server72as part of the Receive Tunnel Content step.216, according to the message path194in the message graph190B.
Each of the steps or flowcharts to be performed by a tunneling device may be embodied as a software development kit (SDK), provided as a non-transitory computer-readable medium containing computer instructions. The SDK can be installed on an appropriate tunnel device to be executed by a processor on that device and attached to another software program or application installed on the tunnel device.
An attribute type is used here to include any characteristic, feature, appearance, property, or other information that distinguishes one tunneling device from another tunneling device. The attribute type can be associated with the tunnel device itself, such as its hardware, software, or any combination thereof, the environment of the tunnel device, such as its location, or a connectivity-related function or capability, such as related to Internet connectivity. Each available tunnel device can be assigned a value (or multiple values, such as a range) for each attribute type. Attribute values can be stored in tunnel list storage73that is part of or connected to the TB Server71, which can have the form of the table, for example100It is shown in it
Tisch100Examples in the "Geographical location" column102Ca type of attribute related to the location of the tunnel devices, which can be a true geographic location or an IP-based location. In the example of the "Geographical location" column102C,Attribute values are in the form of cities, such as B. the city of Munich, Germany in the second row101Bwhich corresponds to a tunnel device with the IP address 176.94.1.17 and the city of Mumbai, India in the sixth row101Fwhich corresponds to a tunnel device with the IP address 59.144.192.23. Although City is instantiated as values, any other physical geographic location or region can be used, such as country, state/province, city, street address, zip code, or any combination thereof. Also, according to the table, an attribute type can correspond to the Internet connection of a tunnel device100Examples in the "ASN" column.102Dassociated with the ASN (or ISP name or other identifier). Using the example of the "ASN" column102D,Attribute values are in the form of digits representing the ASN (or ISP), e.g. B. ASN 3215 in the first line101Awhich corresponds to a tunnel device with an IP address of 80.12.105.150 and ASN 11419 on the seventh line101Grammwhich corresponds to a tunnel device with the IP address 200.196.224.89. Any other identification from ASN, ISP or other mechanisms or identities related to the Internet connection can also be used.
Another type of attribute that can correspond to the technology used to connect a tunnel device to the Internet, as shown in the table100Examples in the "Connection Type" column.102miin terms of technology or connection scheme. Additionally, the attribute type can correspond to a tunnel device's hardware or software, type, version, or any combination thereof, such as: B. a table100Examples in the "Operating System" column.102F.Alternatively or additionally, an attribute type may correspond to estimated or measured communication-related properties, such as: B. Bandwidth, as shown in the "BW" column as an example.102Grammor the "RTT" column.102H.The BW or RTT can be related to the estimated or measured communication properties of the tunnel (such as parameters measured in previous transactions) with the web server.22B(as in message routes131CÖ131D), with the server TB71(as in message routes131Bmi131mi) or with the SP server72(as in message routes191mi194).
In one example, a single attribute type is used to distinguish between the different available tunnel devices. In this case the client device31A,as part of the Send Request to SP step.161, send to SP server72via the message channel121Aa value (or values, e.g. a range) requested for the selected tunnel used to retrieve the requested content. The SP server receives the value (or multiple values, e.g. a range)72as part of the Receive Customer Request step.151and forwarded to the TB server71via the message channel131Aas part of the Send Request to TB step.152. The TB server receives the value (or multiple values, e.g. a range).71as part of "Receive SP Request"145, and is used as the criteria for selecting a tunnel device for this content-pull transaction as part of the Select Tunnel step146. In an example, a single value is requested and the TB server71Therefore, it chooses a tunnel device with a value identical to the client device's requested value31A.
For example, assuming an OS type attribute and a value of "Window 7", the tunnel is shown in the fourth row since there is only a single tunnel101Dwith an IP address of 83.220.232.67 this tunnel will be selected. If multiple tunnel devices are available in the table100associated with the requested value, one of these available tunnels is selected, for example using a random selection. In another example, few values are requested. For example, assuming an attribute type of "Connection Type" and values of "ADSL or VDSL", there are three tunnel devices that can be selected, namely the first line101A(a tunnel device with an IP address of 80.12.105.150), the fourth line101D(a tunnel device with an IP address of 83.220.232.67) and the seventh line101Gramm(a tunnel device with IP address 200.196.224.89). Each of these tunnel devices can be selected, for example by random selection. Also the client device31AYou can define a range of values, typically when dealing with numeric values, as in the column-related attribute type "BW"102Grammor the "RTT" column.102H.For example the client device31AYou can define an attribute of type "RTT" with a range between 200 ms (minimum value) and 400 ms (maximum value) and control the selection of the tunnel device represented in the six rows101F(a tunnel device with the IP address 59.144.192.23) or the tunnel device shown in the seventh line101Gramm(a tunnel device with the IP address 200.196.224.89), in the example in the table100. Also the client device31AYou can only set a minimum value or only a maximum value. For example, the maximum RTT value in the first line is 100 ms101Aand second line101B.
Alternatively or additionally, select the tunnel device to use (as part of the Select Tunnel step)146) or the priorities assigned to them may be based on available communication attributes or their history. For example, depending on the costs associated with using a network, the more expensive network may have a lower priority and be used less than the free or least expensive network. In another example, a high quality network that has, for example, higher bandwidth or transmission speed, fewer communication errors or packet loss, fewer hops to destination, or shorter transmission delay time has a higher priority than a lower quality network. The system may use Bit Error Rate (BER), Received Signal Strength Indicator (RSSI), Packet Loss Ratio (PLR), Cyclic Redundancy Check (CRC) and other related indicators or metrics with the communication channel associated with a network interface. and can be referred to in RFC 2544 entitled: "Network Connection Equipment Benchmarking Methodology”,and ITU-T Y.1564 entitled: "Test Methodology for Activation of Ethernet Services”,which are incorporated in their entirety for all purposes as if fully set forth herein. The network quality level may be influenced by the usage history of that network, for example during a predefined period of time prior to the network interface selection process. In one example, the network interface from which the last good packet was received could be selected as the interface to use to transmit the next packet. The system may use or be based on the schemes and technologies disclosed in US Patent Nos. 7,027,418 to Gan et al. entitled: "Performance-Based Approach to Communication Channel Selection," which is incorporated in its entirety for all purposes as if fully set forth herein.
Thus, for any given value or range of values, a tunnel device can be selected for use from a set of available tunnel devices that is a subset of all available tunnel devices that match the value or range of values. In one example, the client device31AYou can have two types of attributes and a value (or set of values) associated with each attribute type. In this case, two subsets are formed, one for each attribute, each subset containing all available tunnel devices that match the respective requested value (or range of values) for each attribute type. the client device31AYou can also define a subset that results from an operation on the two subsets. For example the client device31Acan be defined to select a tunnel from a set that is a union of two subsets (an "or" operation), where the union (denoted by ∪) of a collection of sets is the set of all elements in the collection, a Intersection of two sets (an 'and' operation), where the intersection A ∩ B of two sets A and B is the set that contains all elements of A that also belong to B (or, equivalently, all elements of B that also belong to A) but no other elements, set difference or complement operation (where the complement of a set A refers to elements not in A), or asymmetric difference symmetric difference operation, also known as disjunctive union, involving the set of elements is that are in one of the sentences and not at their intersection. For example, in the case of defining a bandwidth equal to or greater than 1500 Kb/s and an RTT less than 300 ms, the resulting intersection subset contains only the tunnel device shown in the sixth row101F,whereas in the case of a BW equal to or greater than 1500 Kb/s 'or' an RTT less than 300 ms, the resulting join subset contains all rows except the seventh row101Gramm.Also, three or more attribute values can be defined in terms of three or more attribute types.
In an example, the entity76Ö76Ait forms a system that can be used to provide a service to client devices. The service allows the client device (e.g. the client device31A) to retrieve content quickly and anonymously from a web server such as the web server22B.Based on the following parameters (individually or in combination), for example, the level of service can be measured or the service can be charged if necessary:
content amount. In this example, the amount of content-related data received from a data server (e.g. the web server22B) is measured and recorded by the SP server72or the TB server71. Alternatively or additionally the client device31AYou can register or submit the amount of content received. Number of Tunnels: The number of tunneling devices that were available to a client device, or the number of tunneling devices that were actually used, can be used as an indication of the level of service. Location: The level of service can be measured or calculated based on the country where the data server from which the content is obtained is located. In addition, the level of service may be metered or billed based on the country where the customer's device for which the content is sourced is located.
In the message diagram190BIt is shown in it
Any of the TB servers can run the flowchart140It is shown in it
an SP server72the operation when arranging multiple TB servers is described in a flowchart240It is shown in it
A tunnel device operation, e.g. B. the selected tunnel device #4 33D,if several TB servers are arranged, this is described in a flow chart240BIt is shown in it
In one example, DNS resolution is required to get content from the web server.22B.In one example, DNS resolution is performed by the requesting client31A,as presented in a graphical message250It is shown in it
Alternatively or additionally, the DNS resolution can be performed by the SP server.72, as shown in a message graph270It is shown in it
Alternatively or additionally, the DNS resolution can be performed by the selected tunneling device, e.g. B. Tunnel device #4 33D,as presented in a graphical message290It is shown in it
In the message chart example180It is shown in it
As used in this document, the term "idle state" refers to a state in which a device and/or one or more device resources are not being used to perform operations that are considered high priority or the device resources are not being used. used so intensively that operations should not be disrupted or courted, or in any way such resources should be diverted to one or more operations of relatively low priority. In one example, "sleep state" refers to a state in which the human user is not interacting with the device and is therefore not aware of any disruption to a process or task being performed. The term "hibernation" is used in connection with some embodiments to refer to a state that indicates whether and/or to what extent the device has entered and/or exited the hibernation state. Preferably, a tunneling device performs its tunneling-related tasks only when it is in an idle state so that the human user or operator is not affected or aware of the tunneling-related activity.
Example state diagram310from a tunnel device like tunnel#2 33B,a tunnel #3 33C,a tunnel #4 33D,or Tunnel#5 33mi,is displayed
In one example, the tunnel device connects to the TB server71as part of the Start TB Connection step.171, sends the attribute value as part of the Send Attribute Value step.172and establishes the TCP connection as part of the Establish Connection step173immediately after exiting the ENERGY state311, as part of the transition to the ACTIVE state312is displayed as a change line315A.However, in this case, the TB server may not choose the tunnel device.71as part of the Select Tunnel step.146as long as the tunnel device has not notified the TB server71in the Notify TB step.314Awhich is not an IDLE state313. In this case, the status of the available tunnel devices is saved on the TB server.71, in the form of a table330It is shown in it
During the 'IDLE' state313, an inactive condition is continuously monitored, and when that inactive condition is not met (displayed as an "ACTIVE" sense line315D), the device sends a message to the TB server71about entering an 'ACTIVE' state312in the Notify TB step.314B,how to use an established connection111D,which is followed (represented as a line315mi) re-enters the 'ACTIVE' state312. When receiving a message about changing to the ACTIVE state312via the Notify TB step.314B,there Tuberculosis Server71change the corresponding value in the IDLE column102UETon'. The best is the TB server71does not select a tunnel that is in the 'IDLE' state313, as indicated by the corresponding 'N' value in the IDLE column102UE,and the tunnel devices assigned to the second line101B,the third line101C,and the sixth line101Fin the modified table example330.
a flowchart320a tunnel device that can only be used when idle is displayed
Alternatively or additionally, the tunnel device connects to the TB server71, as part of the Start TB Connection step.171, upon entering the INACTIVE state313. For example, the Notify TB step.314Amay correspond to the Start TB Connection step171, then the TB server71can only detect the availability of the tunnel device when the tunnel device is in the IDLE state313. In this case after detecting the 'ACTIVE' detection315D,as part of the "Notify TB" phase.314B,the established connection111Dwith the selected tunnel device is disconnected, such as stopping the TCP keepalive mechanism to allow the TB server71receives a notification that the selected tunnel device is no longer available as a tunnel device.
Idle detection techniques are described in US Pat. 9,244,682 to Rowles et al. entitled: "Inactivity Detection", which is incorporated in its entirety for all purposes as if fully set forth in this document. A set of idle conditions is monitored that includes one or more conditions that are not understood or that are triggered by the lack of user input. The device is determined to be inactive based at least in part on the results of the monitoring. It can be determined that the device is not idle even if there has been no recent user input. Each of the U.S. Pat. 9,244,682 to Rowles et al. can also be used here. Additionally, in some embodiments, a set of user or administrator configurable inactivity detection conditions applicable to the specific device and/or desired by the user or administrator is used.
In one example, the idle state is based on or uses services or tasks provided by the operating system or other software applications running concurrently on the tunnel device with the tunnel-related functionality or flowchart. For example, most operating systems display an idle task, which is a special task loaded by the operating system scheduler only when the computer is idle. The idle task can be hardcoded into the scheduler or implemented as a separate task with the lowest possible priority. An advantage of the latter approach is that programs that monitor system status can see the idle task along with all other tasks; an example is the idle process of the Windows NT system.
A screensaver (or screensaver) is a computer program that blanks the screen or fills it with moving images or patterns when the computer is not in use, and is usually a computer program that displays patterns or cosmetic images when the computer is not in use. , originally intended to prevent screen burn-in. While the original purpose of screensavers was to prevent phosphor burn-in on CRT and plasma computer monitors (hence the name), although modern monitors are not prone to this problem, screensavers are still used for other purposes. Screen savers are usually set to provide a basic level of security and require a password to regain access to the device. Some screensavers use idle computer resources for useful tasks, such as B. the processing of distributed computer projects. The screen saver usually ends after receiving a message from the operating system that a key was pressed or the mouse was moved. In one example, the idle condition is deemed to be met or ended when an idle process or thread is executed (by the operating system or another software application) or when a screen saver application is running. Operation of the saver assumes that the condition of readiness is not met.
In one example, the idle condition is met when an application other than a screen saver is running in "full screen" mode (for example, movies or video games typically run in this mode), relative to a display that covers the entire screen without the typical window frame interface of the operating system or a window that occupies the entire available display area of a display. On the other hand, a screen may not turn on or be blank, indicating it is not seen by a human user. In one example, if a software application displays a full screen, the sleep condition is not considered met since the human user is assumed to be looking at that screen. However, in the case of a blank screen or a closed screen (e.g. no power), the quiescent condition is considered to be met, as it is assumed that the human user is not looking in front of the screen.
An input device, such as the input device18as part of the computer system10It is shown in it
In one example, idle detection is based on receiving any input (or change to an input) from an input device. For example, a predefined time interval can be used, measured by a dedicated timer or counter, or used as an operating system service. If no input is detected from one or more input devices during the predefined time interval, the inactivity condition is deemed to be met. In addition, the idle condition is considered unsatisfied if any input is received from one or more of the input devices. Examples include, but are not limited to, detecting the receipt of user input, such as mouse movements, touch screen interactions, button clicks, or keyboard presses. These inactivity detection methods can detect when a human interaction device, such as a mouse, keyboard, or touch screen, has not been used for a period of time.
For portable or handheld devices, the idle condition may be considered met if no motion or acceleration (or motion or acceleration below a defined threshold) is detected using an accelerometer, motion sensor, or GPS for a predefined time interval. The motion sensor can be based on a piezoelectric accelerometer, which uses the piezoelectric effect of certain materials to measure dynamic changes in mechanical variables (e.g., acceleration, vibration, and mechanical shock). Piezoelectric accelerometers are generally based on piezoceramics (e.g. lead zirconate titanate) or single crystals (e.g. quartz, tourmaline). The quartz piezoelectric accelerometer is disclosed in Zhang et al. US Pat. No. 7,716,985. entitled: "Piezoelectric Quartz Accelerometer", U.S. Beat. No. 5,578,755 to Offenberg entitled: "Crystalline Material Accelerometer Sensor and Method for Making It" and U.S. Pat. 5,962,786 to Le Traon et al. entitled: "Monolithic Accelerometric Transducer", both of which are incorporated in their entireties for all purposes as if fully set forth herein. Alternatively or additionally, the motion sensor may be based on microelectromechanical systems (MEMS, also known as micromechanical electrical systems) technology. A MEMS-based motion sensor is disclosed in US patent no. 7,617,729 to Axelrod et al. entitled: "Accelerometer", U.S. Beat. inside 6,670,212 to McNie et al. entitled: "Micro-Machining" and in US Patent In the. 7,892,876 to Mehregany entitled: "Three-Axis Accelerometers and Methods of Manufacture", which are incorporated in their entirety for all purposes as if fully set forth herein. An example of a MEMS motion sensor is LIS302DL manufactured by STMicroelectronics NV and described in the data sheet LIS302DL from STMicroelectronics NV,'MEMS motion sensor3-Axis – ±2g/±8g intelligent digital output "Piccolo" accelerometer,Rev. 4, October 2008, which is incorporated in its entirety for all purposes as if fully set forth in this document.
Alternatively or in addition, the motion sensor may be based on an electrical tilt and shake switch or any other electromechanical switch such as e.g. 7,326,866 to Whitmore et al. entitled: "Omnidirectional Tilt and Vibration Sensor," which is incorporated in its entirety for all purposes as if fully set forth herein. An example of an electromechanical switch is the SQ-SEN-200 available from SignalQuest, Inc. of Lebanon, N.H., USA as described in data sheet 'TECHNICAL SHEET Q-NEE-200Omnidirectional vibration and tilt sensorUpdated August 3, 2009, which is incorporated in its entirety for all purposes as if fully set forth herein. Other types of motion sensors can also be used, such as devices based on piezoelectric, piezoresistive, and capacitive components to convert mechanical motion into an electrical signal. The use of an accelerometer for tracking is disclosed in US Patent No. 7,774,155 to Sato et al. entitled: "Accelerometer-Based Controller", which is incorporated in its entirety for all purposes as if fully defined herein.
The Global Positioning System (GPS) is a space-based radio navigation system owned by the United States government and operated by the United States Air Force. It is a global navigation satellite system that provides geolocation and time information to a GPS receiver anywhere on or near the earth where there is an unobstructed line of sight to four or more GPS satellites. The GPS system does not require transmission of data by the user and operates independently of phone or internet service, although these technologies can increase the usefulness of GPS positioning information. The GPS system provides critical positioning capabilities for military, civilian and commercial users around the world. The US government developed the system, maintains it, and makes it freely available to anyone with a GPS receiver. Besides GPS, other systems are in use or under development, mainly due to possible denial of access by the US government. Russia's Global Navigation Satellite System (GLONASS) was developed at the same time as GPS, but suffered from incomplete coverage worldwide until the mid-2000s. GLONASS can be added to GPS devices, making more satellites available and allowing faster and more accurate determination of positions. , with an accuracy of two meters. There is also the European Union's Galileo positioning system, China's BeiDou satellite navigation system and India's NAVIC.
The GPS concept is based on the knowledge of position and time of specialized satellites that carry very stable atomic clocks, synchronized with each other and with terrestrial clocks, and any deviation from the real time kept on the ground is corrected daily. The locations of the satellites are known with great accuracy. GPS receivers also have clocks; However, they are generally not real-time synchronous and less stable. GPS satellites continuously broadcast their current time and position, and a GPS receiver monitors multiple satellites and solves equations to determine the receiver's exact position and its deviation from real time. At least four satellites must be in the receiver's line of sight for the receiver to calculate four unknowns (three position coordinates and clock offset from satellite time).
Each GPS satellite continuously transmits a signal (modulated carrier wave) containing: (a) a pseudo-random code (sequence of ones and zeros) known to the receiver. By time-aligning a receiver-generated version of the code and the receiver-measured version of the code, the time-of-arrival (TOA) of a defined point in the code sequence, called an epoch, can be found on the time scale of the receiver's code clock (b) A message , which contains the transmission time (TOT) at the time of the code (on the GPS system's time scale) and the position of the satellite at that time. Conceptually, the receiver measures the TOA (according to its own clock) of four satellite signals. The receiver forms four time-of-flight (TOF) values from the TOAs and TOTs, which (at a given speed of light) roughly correspond to the range differences between receiver and satellite. The receiver then calculates its three-dimensional position and clock skew from the four TOFs. In practice, the receiver's position (in three-dimensional Cartesian coordinates originating at the center of the earth) and the receiver's clock offset relative to GPS time are calculated simultaneously, using the navigation equations to process the TOFs. The location of the receiver's earth-centered solution is usually converted to latitude, longitude, and altitude relative to an ellipsoidal model of the earth. The elevation can be converted to an elevation relative to the geoid (e.g. EGM96) (essentially mean sea level). For example, these coordinates may be displayed on a moving map screen and/or recorded and/or used by another system (e.g., a vehicle guidance system).
In one example, the idle condition may be deemed met when communication traffic over a network interface, such as a PAN, LAN, WLAN, WAN, or WWAN, falls below a threshold.
Portable or wearable devices such as tablets, laptops, and smartphones often use a rechargeable smart battery. A smart battery or smart battery is a rechargeable battery with an integrated battery management system (BMS) typically designed for use in a portable computer such as a laptop. In addition to the more and less common terminals, it also has two or more terminals to connect to the BMS; usually less is also used as BMS "ground". Examples of BMS interfaces are SMBus, PMBus, EIA-232, EIA-485, MIN BM and Local Interconnect Network. The smartest battery can measure voltage and current internally and derive SOC and SoH (State of Health) parameters that indicate the condition of the cells. Externally, the smart battery can communicate with a smart battery charger and a "smart power user" via the bus interface. The smart battery may request that charging stop, request charging, or request the smart energy user to stop using energy from that battery. There are standard smart battery specifications: Smart Battery System and many ad hoc specifications.
A battery management system (BMS) is an electronic system that manages a rechargeable battery (cell or battery), protects the battery from operating outside its safe operating range, monitors its status, calculates secondary data, reports that data, controls its environment, authenticates, and /or equalize. An integrated battery together with a battery management system with an external communication data bus is an intelligent battery. A smart battery must be charged with a smart battery charger. A BMS can monitor the condition of the battery, represented by different elements, such as: Voltage: total voltage, individual cell voltages, minimum and maximum cell voltage or periodic touch voltage; Temperature: average temperature, coolant inlet temperature, coolant outlet temperature or individual cell temperatures; State of Charge (SOC) or Depth of Discharge (DOD) to show the state of charge of the battery; State of Health (SOH), a variably defined measure of the overall health of the battery; Coolant Flow: for air or liquid cooled coils; y Current: Current entering or leaving the battery.
In one example, the sleep condition may be considered met when the battery capacity is above a minimum threshold according to the output of the BMS. For example, the sleep condition can be considered met when the current battery capacity is greater than 40%, 50%, 60%, 70%, 80%, or 90%. If the estimated or measured capacity is below the defined threshold, the standby condition can be considered failed. Such a limitation ensures that the battery is not drained using the tunneling functionalities, rendering the device useless or powerless when the human user wants to use it after using it for tunneling.
Any of the methods described here can provide fast, powerful and fast anonymization, especially IP anonymization when retrieving resources (e.g. web pages) from a web server. Such anonymization can be used to anonymously track the activities of competitors, to obtain competitive information, to obtain price information by tracking competitors' prices, to collect data necessary for calculated investment decisions, to identify changes occurring in companies and risk management markets are important to prevent fraud by analyzing suspicious activity or destroying websites.
As described here, a web browser running on a client device, e.g. B. Client device #1 31A,can initiate a request for content (e.g. a web page identified by a URL) stored on a web server, e.g. B. the data server #1 22A.The request can be received, intercepted, or identified, and direct or indirect search schemes can be used. As used herein, the term "direct retrieval" refers to any retrieval of requested content where the web server knows the identity (such as the IP address) of the requesting client device. Usually in such an arrangement as illustrated by the arrangement50AIt is shown in it
As used herein, the term "non-direct retrieval" refers to any retrieval of requested content where the identity (eg, IP address) of the requesting client device is unknown to the web server. Typically, in such an arrangement, the request message sent by the client device (as an HTTP request) reaches one or more intermediate devices, which send the request to the web server using a different IP address than the requesting client device, i.e. the web server can use the IP -Do not identify client device address. The intermediary device may be a server, such as a proxy server.53shown as part of the arrangement50BIt is shown in it
Each non-direct search scheme in this document may include, be based on, or correspond to the example use of a proxy server as shown in the agreement50BIt is shown in it
In one example, multiple proxies, such as B. a proxy server53It is shown in it
Alternatively or additionally, the selection of a server can be based on determinism. In one example, the items to be selected are listed in order, for example based on a function, attribute or characteristic, using their assigned numeric value (e.g. IP address value), based on their alphanumeric identifier (e.g , hostname or site name). in ASCII value), based on the order in which they were added to the collection or group, or based on the order in which they were previously selected in the group or collection. In this case, the servers are selected sequentially based on the order of the list. In one example, a LIFO (last in first out) scheme may be used, where the last server selected is reselected and if unavailable, the only server selected before the last one is selected. Alternatively or additionally, a FIFO-like scheme (first in, first out) is used, in which the oldest previously selected server is selected.
In an example, selecting an IP address from the list58used by the DC proxy server56as shown in FIG
Any randomness used generally provides anonymity and non-traceability, as well as load balancing. Randomness is commonly implemented using random numbers, which are defined as a sequence of numbers or symbols that have no pattern and therefore appear random, usually generated by a random number generator. Randomness is described in IETF RFC 1750, for example"Recommendations for Randomization for Safety Reasons"(December 1994), which is incorporated in its entirety for all purposes as if set forth herein in its entirety. A random number generator (with analog or digital output) can be hardware-based and use a physical process such as thermal noise, gunshot noise, nuclear decay radiation, photoelectric effects, or other quantum phenomena. Alternatively or additionally, the generation of random numbers may be software-based, using a processor running an algorithm to generate pseudo-random numbers that approximate the properties of random numbers.
As an alternative or in addition to using randomization, server selection, such as B. Proxy server selection53It is shown in it
Alternatively or additionally, a user can select an item manually. For example, the user may be presented with a list of available alternatives, such as the user number of the client device1 31A,and the user selects items from the list of available alternatives. Additionally, an item can be selected based on past performance relative to past non-direct searches.
Generally, retrieval of Internet content typically involves sending a request for content (e.g., a URL) from a requesting device to a content storage device (or to a device that itself retrieves the content), and in response, the requested content (e.g., a web page or website content) over the Internet from the content storage device to the requesting device. In the direct lookup example shown as an array50AIt is shown in it
In an example of a non-direct get scheme, such as B. Using the proxy server53as shown as arrangement50BIt is shown in it
In most cases, a request for content as part of a search will result in the successful receipt of the requested content. However, in some cases the Get action is unsuccessful and the requested content is not received. For example, the Internet is not a guaranteed network service, but a best effort delivery, so packet loss, latency, and an unspecified variable bit rate can occur, e.g. B. due to the traffic load. Additionally, a hardware or software failure could occur in any device along the retrieval path, such as a router along the path or the web server from which the content is requested. Also, content fetching may fail due to bandwidth management or traffic shaping used to smooth out spikes in network usage. Also, a web server (program) has defined load limits and can only handle a limited number of simultaneous client connections or only serve a certain maximum number of requests per second (RPS) and in case of server overload it will not respond causing more content. requests fail. In addition, content retrieval may fail due to a denial of service (DoS) attack or a distributed denial of service (DDoS) attack, as well as a MITM attack. In addition, web servers may be unavailable due to urgent maintenance or upgrades, hardware or software failures, or back-end (e.g. database) failures.
Some websites implement technology to attempt to block access to publicly available information through automated data collection processes. However, website operators and other companies may request automated access to public information for legitimate business reasons, such as quality control, verification, price comparison, monitoring publicly posted information on company-related topics, and updating relevant news. stories. This access and processing can also be essential for the vast majority of journalists and researchers who wish to rely on the growing data source of the Internet. One or more of the methods described here can be used for such automated data collection processes.
In many cases, the failure of a content fetch action can be sporadic or temporary. In this case, a new attempt, e.g. B. a retry, the search action will be useful, and the repeated search action is expected to result in a proper content search. Such attempts can be repeated several times until they are successfully completed. The intentions can be identical to those of the original process, e.g. B. repeating the same URL and sending to the same destination. Alternatively or additionally, the intents may use different parameters, attributes, or characteristics, and may use different paths, different paths, or different brokers to obtain the content. Also, different recovery schemes can be used in repeat actions.
Flow chart example340of up to Nmax times the repetition of a content search operation is indicated
A URL (or other content identifier) to content (e.g., a page or website) is identified as part of the Identify URL step.341. This identification or interception of content or URL requests may take the form of a filter driver (or other intermediary driver) that enables interception as part of the operating system kernel. Alternatively, or in addition, the interception may take the form of an extension or plug-in for the requesting application, e.g. B. a browser plug-in or browser extension if the application is a web browser. Alternatively or additionally, intercepting the request may use a hook from the requesting application or the application related to the communication. Alternatively or additionally, the applications and steps described herein may communicate using interprocess communication (IPC), such as a file share, signal, socket, pipe, message queue, shared memory, semaphore, or allocated memory. Archive. In the Windows environment, IPC can be based on a clipboard, a Component Object Model (COM), a data copy, a DDE protocol, or mail slots.
The flowchart shows an example of a non-direct search340may be used in whole or in part as part of an intermediate device such as a e.g. a proxy server53shown as part of the arrangement50BIt is shown in it
A counter N is defined and assigned a value1as part of an "N=1" step342. A first search attempt is initiated by sending the identified URL (identified as part of the "Identify URL" step)341) as part of the Submit URL step.343. The identified URL may be sent to the destination web server as in a direct retrieval scheme or to an intermediary device as in a non-direct retrieval scheme. A response is received to the URL submitted as part of the Receive Response step.344, and as part of a "Success?" Landscape345. For example, one or more criteria can be used to decide whether the search action returns the correct content as part of "Success?". Landscape345.
In one example, it is determined that a response is not a proper response to the URL request of the "Send URL" request343, as part of the "Éxito?" Landscape345, based on checking the HTTP status code of the response. For example, if a 2xx status code is received, such as For example, if the status code is 200 OK, this can be used to indicate that the URL request was successfully received. However, if the HTTP status code received is an error-related status code, such as 4xx client errors (400 to 499) (like the HTTP 404 error message) or 5xx server errors (500 to 599), this may indicate that the request was not properly fulfilled. Alternatively or additionally, if a URL redirect is identified, as indicated by a "3xx Redirect" status code, this may be used as an indication that the request was not properly served.
Alternatively or additionally, determine that a response is not a proper response to the "send URL" URL request343, as part of the "Éxito?" Landscape345, you can use a timeout mechanism. This mechanism allows a certain amount of time before a proper response to the URL request is received from the Send URL request.343, It is used. When sending the "Send URL" request.343, a timer started and upon appropriate response to the URL request as part of the Get Response step.344, is not received before the timer expires, a timeout is declared, indicating that the request was not successfully served. This timeout mechanism can be the same, similar, or the same as the HTTP timeout mechanism, or it can be separate and different.
Alternatively or additionally, determine that a response is not a proper response to the "send URL" URL request343, as part of the "Éxito?" Landscape345, it can be based on scanning the received content (e.g. a webpage) in response to the request. A predefined criterion can be used, which refers to a resource, a parameter or a property of the received content. For example, the size of the received content can be used as a criterion, and the expected size of such content can be estimated. If the received content is significantly larger or smaller than the expected size (e.g. by 10%, 20%, 50% or more), this can be used as an indication that the request was not delivered correctly. For example, if the expected size of the retrieved content is 15MB, a received content with a size of 4MB or 50MB can be considered an error. Likewise, the criteria may relate to content type, layout, or other properties associated with content or a file.
After deciding that the search action was successful and the appropriate content was retrieved, the retrieved content is used as part of the Use/Send Content step.346. For example, if the URL was identified as part of the web browser application on a client device (e.g. client device #1 31A) as part of the Identify URL step.341, then the received content is forwarded and sent back to the browser as a response for the browser to use. If the URL was received from another requesting device, the received content is sent in response to the requesting device as part of the Use/Send Content step.346.
Upon deciding that the Get action was unsuccessful and the correct content was not retrieved, the N value is compared with the predefined Nmax value as part of an "N = Nmax?" Landscape347. In the event that N = Nmax is determined, meaning that Nmax attempts or attempts were made and none of them successfully retrieved the required content, the Get action is considered to have failed and multiple actions can be performed as part of a block. of the error"340B.If N<Nmax is determined, meaning that Nmax attempts have been made or no attempts have been made yet, the value of N is incremented by 1 as part of an "N←N+1" step.348A,and the search is repeated, returning to the Send URL step343. Hence the steps in the Submit URL step.343, step "Receive response"344, And Success?" Landscape345they are repeated until recovery is successful, but no more than Nmax times. The "N=1" step342, "Send URL" step.343, step "Receive response"344, Success?" step345, and the "N=Nmax?" Landscape347are defined as part of a Repeated Retrieval flowchart340A,which is part of the overall flowchart340and includes repeatedly retrieving an identified URL until the content is successfully received or until Nmax attempts or attempts are made.
If it is decided that the fetch action was unsuccessful and the correct content was not fetched, various actions can be taken as part of the "Error" block.340B.For example, if the URL was identified as part of the web browser application (or any other application), e.g. B. on a client device (e.g. on client device no.1 31A) as part of the Identify URL step.341, then an error message is passed and returned to the web browser (or any other application that requests it) as a response for use as part of an "Application Notification" step.349B.Alternatively or additionally, if the URL was received from another requesting device, an error message is sent to the requesting device as part of the "send error message" step.349C.In the event of an interaction with a human user, the user may be notified, for example, by displaying an error message or other notification to the user as part of the "Notify User" step.349A.
An example of multiple attempts to retrieve content in a direct fetch scheme is shown in a message flow diagram.350It is shown in it
On the first search attempt, associated with N=1 in the flowchart340, a content request message55A(as URL) will be sent to the data server #1 22A,who is replying to a message55B.In the event that the first search is successful, as indicated in the "Success?" Landscape345as part of the repeatable search flowchart340A,then the retrieval process and the requesting application, e.g. B. the web browser, uses the content on the client device #1 31A.If the first search fails, as indicated by "Success?" Landscape345as part of the repeatable search flowchart340A,then N is incremented to a value of 2 and the fetch is repeated and displayed as a content request message55C(as a URL) sent to the data server #1 22A,who is replying to a message55D.If the second search is successful, as in "Success?" Landscape345as part of the repeatable search flowchart340A,then the retrieval process and the requesting application, e.g. B. the web browser, uses the content on the client device #1 31A.If the second search attempt fails, as in "Success?" Landscape345as part of the repeatable search flowchart340A,then N is incremented to a value of 3 and the fetch is repeated, indicated as a content request message54mi(as a URL) sent to the data server #1 22A,who is replying to a message54F.If the third search attempt is successful, as shown in "Success?" Landscape345as part of the repeatable search flowchart340A,then the retrieval process and the requesting application, e.g. B. the web browser, uses the content on the client device #1 31A.In the event of a third unsuccessful search, as indicated by "Success?" Landscape345as part of the repeatable search flowchart340A,then an error340Baccepted and the associated actions taken.
A message flow diagram illustrates an example of multiple attempts to retrieve content in a non-direct retrieval scheme based on a proxy server.350AIt is shown in it
On the first search attempt, associated with N=1 in the flowchart340, a content request message54B(as URL) will be sent to the data server #1 22A,who is replying to a message54C.In the event that the first search is successful, as indicated in the "Success?" Landscape345as part of the repeatable search flowchart340A,then the retrieval process is complete and the content is streamed to the client device#1 31ABy the way54D.If the first search fails, as indicated by "Success?" Landscape345as part of the repeatable search flowchart340A,then N is incremented to a value of 2 and the fetch is repeated and displayed as a content request message54mi(as a URL) sent to the data server #1 22A,who is replying to a message54F.If the second search is successful, as in "Success?" Landscape345as part of the repeatable search flowchart340A,then the retrieval process is complete and the content is streamed to the client device#1 31ABy the way54D.If the second search attempt fails, as in "Success?" Landscape345as part of the repeatable search flowchart340A,then N is incremented to a value of 3 and the fetch is repeated, indicated as a content request message54Gramm(as a URL) sent to the data server #1 22A,who is replying to a message54H.If the third search attempt is successful, as shown in "Success?" Landscape345as part of the repeatable search flowchart340A,then the retrieval process is complete and the content is streamed to the client device#1 31ABy the way54D.In the event of a third unsuccessful search, as indicated by "Success?" Landscape345as part of the repeatable search flowchart340A,then an error340Baccepted and the associated actions taken.
the message flow350AIt is shown in it
On the first search attempt, associated with N=1 in the flowchart340, a content request message54A(as a URL) sent to the proxy server53who reply to a message54D.In the event that the first search is successful, as indicated in the "Success?" Landscape345as part of the repeatable search flowchart340A,then the get process ends and the client device uses the content #1 31A.If the first search fails, as indicated by "Success?" Landscape345as part of the repeatable search flowchart340A,then N is incremented to a value of 2 and the fetch is repeated and displayed as a content request message57A(as a URL) sent to the proxy server53who reply to a message57D.If the second search is successful, as in "Success?" Landscape345as part of the repeatable search flowchart340A,then the get process ends and the client device uses the content #1 31Aas part of the Use/Submit Content step.346. In case of a second unsuccessful search, as under "Success?" Landscape345as part of the repeatable search flowchart340A,then an error340Baccepted and the associated actions taken.
the message chart350BInstance against multiple attempts when using the non-direct content retrieval scheme with a proxy server53, with multiple attempts by the intermediary device (example like the proxy server53It is shown in it
the message chart350BExamples with multiple iterations using the scheme for indirect content fetching using a proxy server53, and the message graph350CExamples of multiple attempts using the non-direct content fetch scheme with a DC proxy server56. Also a news graphic350DIt is shown in it
the message chart350Band the message chart350CExample of multiple retries when communicating with the client device #1 31A,with data server #1 22A,or both. In one example, multiple paging attempts may be used equally, additionally or alternatively, between two devices that are part of any paging scheme between any client devices#1 31Aand all data servers #1 22A.An example of a message chart360is displayed
Multiple attempts can be used when using the non-direct content retrieval scheme with a DC proxy server56, as shown in the message diagram350CIt is shown in it
the message chart350BIt is shown in it
While the news graph380AIt is shown in it
Although the above example selects different servers to attempt discovery, you can also select client devices or tunnel devices. Such a mechanism by a client device, e.g. B. by a client device #1 31A,You can use a flowchart390what is shown in
A generic flowchart for repeatable searches401Illustrated as part of a general flowchart of various search attempts400It is shown in it
To increase the likelihood of successful content searches, it may be beneficial to try different search schemes in succession, using another scheme after one search scheme has failed. An example of this flowchart410is displayed
Web servers usually return the same response to the same URL request. However, some web servers can provide different responses to the same URL requests. For example, based on the IP address from which the URL request was received, or based on geographic location such as B. deliver different content to a country associated with the IP address of the device requesting the URL. Such web serving may render received content unreliable or suspicious, and it may be advantageous to identify such web serving. In addition, it can be advantageous to recognize that a web server serves different content, e.g. B. provides personalized content.
Flow chart example420to identify a web server that responds differently to the same URL request shown in FIG
As part of a "Same Content?" Landscape423, the content included as part of the "search schema #2" stage402Bis matched with the retrieved content as part of the "Search Schema #1" stage402Asaved as part of the "Save Content" step426. If the same content is retrieved in both operations, the web server is assumed to serve the same content for all the same URL requests, and the retrieved content is used as part of the Use/Send Content step.346. However, if a difference is found between the content received in the two lookups, it is assumed that the web server is not serving the same content for all requests for the same URLs, and therefore this notification is made as part of the Failed lookup action340CBehave.
the flowchart420It is shown in it
A counter M is used and is assigned a value of1as part of an "M=1" step421. As part of or after a URL request as part of an Identify URL step.341, the URL (or associated web server) is checked if it is identified as suspicious, e.g. if it has been included in the suspicious URLs list or the suspicious web servers list, as part of an "Identify as URL#1" stage425. The Mmax value associated with this suspicious URL is also reported as part of the "Identify as URL #1" stage425. Although for a specific URL (URL#1), the flowchart420Ait can also apply to a suspicious web server. In this case, the Mmax value refers to all URLs fetched from this suspicious web server. Retrieving content from suspicious URL#1Using any search schema as part of a "search schema #1" stage402A.As part of a "M=Mmax?" landscape347A,the number of searches performed is compared to the defined value of Mmax. If searches less than Mmax (M < Mmax) have been performed, then M is incremented by 1 as part of an "M←M+1" step.422, and the operation was delayed until the next time the URL#1must be obtained as part of "Identify as URL#".1" stage425. However, in the case of M = Mmax, meaning that the Mmax retrieval actions have been performed, the retrieved content is stored in memory as part of the "Save Content" step.426.
Another get action is then used as part of a "Get Scheme #2" stage402B.The search within the "Search Schema #2" stage402Bmay deviate from the search schema specified as part of the "Search schema #1" stage402A.For example, a different scheme can be used, e.g. B. Using the direct search schema in "Search schema #1" stage402Aand a non-direct search schema in "search schema #2" stage402B.Alternatively or additionally, the same paging scheme can be used, such as a non-direct paging scheme based on a PC proxy server, but different IP addresses are selected for use in the actions.
As part of a "Same Content?" Landscape423, the content included as part of the "search schema #2" stage402Bis matched with the retrieved content as part of the "Search Schema #1" stage402Asaved as part of the "Save Content" step426. If the same content is retrieved in both operations, the web server is assumed to serve the same content for all the same URL requests, and the retrieved content is used as part of the Use/Send Content step.346, and the M value is reset to1as part of step "M=1"421. However, if a difference is found between the content received in the two lookups, it is assumed that the web server is not serving the same content for all requests for the same URLs, and therefore this notification is made as part of the Failed lookup action340CBehave.
Any of the searches or search schemes listed here or parts thereof, such as For example, the Recurring Search flowchart.401It is shown in it
Alternatively or additionally, any of the search actions or search schemes herein, or any part thereof, such as the "Iterative Search" flowchart.401It is shown in it
Alternatively or additionally, any of the search actions or search schemes herein, or any part thereof, such as the "Iterative Search" flowchart.401It is shown in it
Alternatively or additionally, any of the search actions or search schemes herein, or any part thereof, such as the "Iterative Search" flowchart.401It is shown in it
Any identification of content or URL requests in this document may be intercepted and forwarded for treatment as part of the "client" application or process. This trap can be in the form of a filter driver (or any other intermediate driver) allowing the trap to be part of the operating system kernel. Alternatively, or in addition, the interception may take the form of an extension or plug-in for the requesting application, e.g. B. a browser plug-in or browser extension if the application is a web browser. Alternatively or additionally, intercepting the request may use a hook from the requesting application or the application related to the communication. Alternatively or additionally, the applications and steps described herein may communicate using interprocess communication (IPC), such as a file share, signal, socket, pipe, message queue, shared memory, semaphore, or allocated memory. Archive. In the Windows environment, IPC can be based on a clipboard, a Component Object Model (COM), a data copy, a DDE protocol, or mail slots.
Any IP address that is likely to be in the same range as the client device, the web server, or both can be selected. Any IP address that is approximately on the same continent, country, state, region, city, zip code, latitude, longitude, or time zone as the client device or web server can be selected. Alternatively or additionally, each IP address may be selected on the basis that it is the most recent that is selected or on the basis that it is the least recent that is selected. Alternatively or additionally, the user may manually select any IP address, and any method herein may further comprise displaying multiple IP addresses to the user and selecting the selected IP address from the pool for the user.
Each of the devices mentioned here as a server, such as e.g. B. the proxy server53, that DC-Proxy server56, the SP server72, the TB server71, the web server22B,or the dedicated tunnel33A(when implemented as a server) it can act as a server in the sense of the client/server architecture and provide services, functions and resources to other devices (clients), typically in response to client requests. Each of the server devices can also use, store, integrate or operate a server-oriented operating system such as Microsoft Windows Server® (variant 2003 R2, 2008, 2008 R2, 2012 or 2012 R2), Linux™ (or GNU/Linux). (based on Debian: Debian GNU/Linux, Debian GNU/kFreeBSD or Debian GNU/Hurd, Fedora™, Gentoo™, Linspire™, Mandriva, Red Hat® Linux available from Red Hat, Inc. of Raleigh, N.C., USA, Slackware ®, SuSE or Ubuntu®) or UNIX®, including commercial variants of UNIX® such as Solaris™ (available from Oracle Corporation located in Redwood City, California, USA), AIX® (available from IBM Corporation located in Armonk, N.Y., USA) or Mac™ OS X (available from Apple Inc. based in Cupertino, California, USA) or free variants such as FreeBSD®, OpenBSD and NetBSD®. Alternatively or additionally, each of the devices referred to here as a server can also function as a client in the sense of the client/server architecture.
Devices not listed here as servers, such as B. Client devices (e.g. the client device31A) or any of the tunnel devices (including the dedicated tunnel33Awenn es als Server implementiert ist), kann es typischerweise als Client im Sinne der Client/Server-Architektur fungieren und üblicherweise Anfragen initiieren, um Dienste, Funktionalität und Ressourcen von anderen Geräten (Servern oder Clients) zu erhalten. Jedes dieser Geräte kann auch ein Client-orientiertes (oder endgerätespezifisches) Betriebssystem wie Microsoft Windows® (einschließlich Varianten: Windows 7, Windows XP, Windows 8 und Windows 8.1, erhältlich unter) verwenden, hosten, integrieren oder betreiben Microsoft Corporation mit Sitz in Redmond, Washington, USA), Linux und Google Chrome OS erhältlich von Google Inc. mit Sitz in Mountain View, Kalifornien, USA. Darüber hinaus kann jedes dieser Geräte ein mobiles Betriebssystem wie Android (erhältlich von Google Inc. und umfasst Varianten wie Version 2.2 (Froyo), Version 2.3 (Gingerbread), Version 4.0 (Ice Cream Sandwich), Version 4.2 (Jelly Bean) und Version 4.4 (KitKat), iOS (erhältlich von Apple Inc. und enthält Varianten wie die Versionen 3 bis 7), Windows® Phone (erhältlich von Microsoft Corporation und enthält Varianten wie die Version 7, Version 8 oder Version 9) oder Blackberry® Operating System (erhältlich von BlackBerry Ltd. mit Sitz in Waterloo, Ontario, Kanada) Alternativ oder zusätzlich kann jedes hier nicht als Server bezeichnete Gerät auch als Server fungieren die Architektur.
The method and system described herein allows a client device (such as the client device31Aoperation described in the flowchart160She
Examples of web browsers are Microsoft Internet Explorer (available from Microsoft Corporation, headquartered in Redmond, Washington, USA), Google Chrome, a free web browser (developed by Google, headquartered in Googleplex, Mountain View, California, USA), Opera™ (developed by Opera Software ASA based in Oslo, Norway) and Mozilla Firefox® (developed by Mozilla Corporation based in Mountain View, California, USA). The web browser can be a mobile browser such as Safari (developed by Apple Inc. based in Apple Campus, Cupertino, California, USA), Opera Mini™ (developed by Opera Software ASA based in Oslo, Norway) and an Android browser.
Any communication between any two nodes can use Socket Secure (SOCKS), WebSocket (ws) protocol, which can be WebSocket Secure (wss) or HTTP Proxy. In addition, any communication between any two nodes can use HTTP or HTTPS protocol. In one example, a communication between the client device31Aor any tunnel device (like tunnel#1 33A,a tunnel #2 33B,a tunnel #3 33C,a tunnel #4 33D,or Tunnel#5 33mi) and any server, e.g. B. TB Server71, the SP server72, or the web server22B,You can use the SOCKS, WebSocket, or HTTP proxy protocol, using the device in question as the client device31Aor the tunnel device runs the respective client-side SOCKS, WebSocket, or HTTP proxy protocol and the respective server runs the respective server-side SOCKS, WebSocket, or HTTP proxy protocol. Alternatively or additionally, the respective device, for example the client device31Aor the tunnel device runs the respective server-side SOCKS protocol, WebSocket, or HTTP proxy, and the respective server runs the respective client-side SOCKS protocol, WebSocket, or HTTP proxy. There is also communication between the client device31Aor any tunnel device (like tunnel#1 33A,a tunnel #2 33B,a tunnel #3 33C,a tunnel #4 33D,or Tunnel#5 33mi) and any server, e.g. B. TB Server71, the SP server72, or the web server22B,You can use the HTTP (or HTTPS) protocol, whereby the respective device, e.g. B. the client device is used31Aor the tunnel device, runs the client-side HTTP (or HTTPS) protocol, and the respective server runs the server-side HTTP (or HTTPS) protocol. Alternatively or additionally, the respective device, for example the client device31Aor the tunnel device, runs the server-side HTTP (or HTTPS) protocol, and the respective server runs the client-side HTTP (or HTTPS) protocol.
The term "network element" (or "element") or "network node" (or "node") is used herein to include, but is not limited to, the client device31A,a tunnel device (e.g. tunnel device #1 33A), der Proxy-Server53, that DC-Proxy server56, the SP server72, the TB server71, or a web server (like the web server #1 22A). Any storage, memory, database, or cache mentioned herein may consist of, comprise, use, or be included in the local cache as disclosed in US Patent No. 8,135,912 to Shribman et al. entitled: "System and method to enlarge cache size".
Any device, component, or device herein may be structured, shaped, or configured to serve as a wearable device or to be incorporated into a wearable device. In one example, one or more of the tunnel devices here, such as B. Tunnel device #1 33A,the tunnel device#2 33B,the tunnel device#3 33C,it may consist of, comprise, be embedded in, or be part of a wearable device. Also one or more of the client devices here, e.g. B. Client device #1 31A,or the client device #2 31B,it may consist of, comprise, be embedded in, or be part of a wearable device. Any wearable device or device or device contained herein may be used on an organ such as a person's head, and the organ may be an eye, an ear, a face, a cheek, a nose, a mouth, a lip, a be a forehead or a chin. Alternatively or additionally, the portable device, or any device or device contained herein, may be constructed to have a substantially similar shape, may be constructed to have a shape that enables the same or similar assembly or use, or may be designed to be of a form for at least partially replacing hats, glasses or headphones. Any headgear herein may consist of, be structured as such, or a cap, headband, cap, crown, hair-band, headgear, hat, headgear, hood, mask, turban, veil, or wig include such. Any eyewear herein may consist of, be structured as, or comprise eyeglasses, sunglasses, contact lenses, a blindfold, or glasses. Any headset herein may consist of, be structured as, or comprise a hearing aid, an earphone, an earphone, or an earbud. Alternatively or additionally, any packaging contained herein may be permanently or releasably attached to, or form part of, a person's garment. The accessory may use tape, glue, pins, fasteners, encapsulation, a pin, or a fastener and hook clip, and the garment may be an undergarment, underwear, full body undergarment, or a hat, shoe, accessory, or outer garment. , a suit, a dress, a skirt or a top.
Any system or device here can use virtualization. Each system or device herein may further include a virtual machine (VM) running a virtualized application. Each device here or any part thereof, such as the client device, the web server, at least one of the tunnel devices, the first server or the second server can be implemented as virtual hardware as part of the VM. At least any action or step here by any device can be performed as part of the virtualized application.
Any network here can be used as virtualization, and any network here can be operated as a virtualized network as part of a virtual machine (VM). The virtualization can be implemented by a host computer that can implement the VM, and any method herein can further include the host computer running a hypervisor or a virtual machine monitor (VMM), and the virtualized can use virtual hardware or form an interface with it. Any virtualization included in this document may include, be based on, or use full virtualization, para-virtualization, or hardware-assisted virtualization. For example, any communication between two entities selected from a group consisting of the client device, the web server, at least one of a plurality of tunnel devices, the first server and the second server may occur as a virtualized network as part of a virtual network. machine (MV).
Any method here, step here, flowchart here or any part of it can be used with a virtualization, and at least one of the steps or methods here can be executed as part of a virtualized application as part of a virtual machine (MV)). Any device here, such as the parser device, the first device, or any part of it, can be implemented as virtual hardware. Here, any virtualization can be used with a host computer implementing the VM and can further include the host computer running a hypervisor or a virtual machine monitor (VMM). Any application or hardware virtualized here may use or interact with virtual hardware. Any virtualization included in this document may include, be based on, or use full virtualization, para-virtualization, or hardware-assisted virtualization.
Any operating system here can be used with virtualization, and any operating system here can run as a guest operating system as part of a virtual machine (VM). The virtualization can be implemented by a host computer that can implement the VM, and any method herein can further include the host computer running a hypervisor or a virtual machine monitor (VMM), and the guest operating system can use a virtual hardware interface. Any virtualization included in this document may include, be based on, or use full virtualization, para-virtualization, or hardware-assisted virtualization.
Here, any element or entity such as the client device, the web server, at least one of a plurality of tunnel devices, the first server and the second server can be implemented as a virtualized entity. Any virtualization may include, be based on, or use desktop virtualization, network virtualization, storage virtualization, application virtualization, server virtualization, or any combination thereof. In addition, any virtualization included in this document may include, be based on, or leverage full virtualization, para-virtualization, or hardware-assisted virtualization. Additionally, any virtualization included in this document may include, rely on, or use a virtual machine (VM) on a host computer running a hypervisor or virtual machine monitor (VMM), and the operating system may be a guest operating system . that can use or interact with virtual hardware.
Any method involving virtualization may be used herein, where at least one of the steps may be performed as part of a virtualized application as part of a virtual machine (VM). Alternatively or additionally, the client device or any part thereof, the web server or any part thereof, at least one of a plurality of tunnel devices or any part thereof, the first server or any part thereof, or the second server or any part thereof may be implemented as virtual hardware . Additionally, any method herein may be used with a host computer capable of implementing the VM, and any method herein may further include the host computer running a hypervisor or virtual machine monitor (VMM) and any virtualized applications here. or any hardware here can use or communicate with virtual hardware. Any virtualization included in this document may include, be based on, or use full virtualization, para-virtualization, or hardware-assisted virtualization. At least two devices, selectable from a group consisting of the client device, the web server, at least one of multiple tunnel devices, the first server, and the second server, can be implemented as virtual hardware, and at least two devices can be virtualized by the same Host computer that implements the VM.
The steps described herein may be sequential and performed in the order described. For example, if a step runs in response to another step or after another step completes, the steps run sequentially. However, in the event that two or more steps are not explicitly described as being performed sequentially, those steps may be performed in any order or concurrently. Two or more steps can be performed by two different network elements or in the same network element and can be performed in parallel using multiprocessing or multitasking.
As used in this document, the term "parallel" in the content of two periods means that the two periods at least partially overlap. In relation to the parallel execution of actions, operations, or activities (such as processes, tasks, or transfers), the term "parallel" means that the time periods associated with the actions or activities overlap, at least in part. For example, parallel actions may include a case where a second action begins before the first completes. Each action, activity, or parallel operation in this document may use multitasking, multiprocessing, or otherwise use shared or separate processing resources. Any parallel execution of actions, operations, or activities can be independent or dependent, such as B. the use of shared resources. A period of action, operation, or activity begins when the action or activity begins and ends when the action, operation, or activity is completed. In one example, termination is defined by an event, action, or event responsive to the action, operation, or activity. For example, a content retrieval action may complete when the requesting device transmits the content request to the Internet, when the content request arrives or is received by another device, or when the requested content (or an error status response) is received by the requesting device.
For example, any two sending actions or steps, any two receiving actions or steps, any two selecting actions or steps, any two processing actions or steps, or any combination thereof may be performed in whole or in part in parallel by the same entity (e.g., server, client or tunnel) or separate entities using multitasking or multiprocessing. Similarly, all steps of sending and receiving, sending and selecting, sending and processing, receiving and selecting, receiving and processing, or any combination thereof, can be performed in parallel, in whole or in part, by the same entity (e.g., client or tunnel). ) or separate entities that use multitasking or multiprocessing. The term "sequential" here means non-parallel, ie when two time periods do not overlap but follow one another without overlapping.
Any selection of an item (or items) from a collection or group of items here, such as B. Selecting a tunnel device (e.g. selecting its associated IP address) as part of the tunnel selection step.83shown as part of the flowchart80or the "Select tunnel" step.146shown as part of the flowchart140B,Like any other selection here, it can be based on random, quasi-random, or deterministic selection. Likewise, the selection of a subset or label (such as a VIP label) may be based on random, quasi-random, or deterministic selection. Even if several proxy servers are available, e.g. B. Proxy server53For example, the selection of which proxy server to use can be based on random, quasi-random, or deterministic selection. Likewise, the selection of a subset or label (such as a VIP label) may be based on random, quasi-random, or deterministic selection. Also select the IP address from the list of IP addresses58via DC proxy server56, can be based on random, quasi-random or deterministic selection. Likewise, the selection of a subset or label (such as a VIP label) may be based on random, quasi-random, or deterministic selection.
Any selection here of any IP address from any list, any selection of any device from any list, or any selection of any scheme, such as Any paging scheme can be based on or use load balancing. Also, any selection of any IP address from any list here may be based on or use a random selection. Each random selection herein may use or be based on one or more random numbers generated by a random number generator, and the random number generator may be hardware, software, or any combination thereof. Any random number generator here could use thermal noise, shot noise, nuclear decay radiation, the photoelectric effect, or quantum phenomena. Alternatively or additionally, any random number generator herein may be based on running an algorithm to generate pseudo-random numbers.
Using random selection can allow for load balancing, preferably evenly distributing the workload across elements, thereby optimizing resource utilization, maximizing performance, minimizing response time, and avoiding overloading a single resource. The randomness can be based on the use of a random signal generator. The random signal generator can be based on a digital random signal generator with a digital output. Alternatively, the random signal generator can be based on the analog random signal generator with analog output. The analog random signal generator can use a digital random signal generator whose output is converted to analog using an analog-to-digital converter, or it can use a repetitive analog signal generator (essentially unsynchronized at any other time in the system) whose output it is randomly sampled per sample and waits once. A random signal generator (with analog or digital output) can be hardware-based and use a physical process such as thermal noise, shot noise, nuclear decay radiation, photoelectric effect, or other quantum phenomena, or it can be software-based and uses a processor running an algorithm to generate pseudo-random numbers , which approximate the properties of random numbers.
Any randomness used generally provides anonymity and non-traceability, as well as load balancing. Randomness is commonly implemented using random numbers, which are defined as a sequence of numbers or symbols that have no pattern and therefore appear random, usually generated by a random number generator. For example, randomness is defined in IETF RFC 1750 "Safety Randomization Recommendations”(December 1994), which is incorporated in its entirety for all purposes as if set forth herein in its entirety. A random number generator (with analog or digital output) can be hardware-based and use a physical process such as thermal noise, gunshot noise, nuclear decay radiation, photoelectric effects, or other quantum phenomena. Alternatively or additionally, the generation of random numbers may be software-based, using a processor running an algorithm to generate pseudo-random numbers that approximate the properties of random numbers.
Alternatively or additionally, the selection may be based on determinism. In one example, the items to be selected are listed in order, for example based on a function, attribute or characteristic, using their assigned numeric value (e.g. IP address value), based on their alphanumeric identifier (e.g , hostname or site name). in ASCII value), based on the order in which they were added to the collection or group, or based on the order in which they were previously selected in the group or collection. In this case, the items are selected one by one based on the order of the list. In one example, a LIFO (last in, first out) type scheme may be used, where the last selected entity is reselected and, if unavailable, the only entity selected before the last. Alternatively or additionally, a FIFO-like scheme (first in, first out) is used, where the previously selected selected entity is selected.
Any human user input to this document may use an input component, which includes or consists of computer hardware equipment used to provide data and control signals to an information handling system, such as a computer or information appliance. such input component18it can be an integrated or peripheral input device (e.g. hard/soft keyboard, mouse, resistive or capacitive touch screen, etc.). Examples of input components include keyboards, mice, scanners, digital cameras, and joysticks. input component18They can be categorized based on the input modality (e.g. mechanical movement, audio, visual, etc.), whether the input is discrete (e.g. keystrokes) or continuous (e.g. position of a mouse although a discrete amount is scanned). is , is fast enough to be considered continuous), the number of degrees of freedom involved (e.g. traditional 2D mice or 3D browsers designed for CAD applications). Pointing devices (like the "computer mouse"), which are input components used to indicate a position in space, can be classified according to direct or indirect input. With direct input, the input area coincides with the display area, i. H. pointing occurs in the area where the visual feedback or pointer appears. Touch screens and styluses imply direct input. Examples of indirect input are the mouse and trackball and whether the positional information is absolute (e.g. on a touch screen) or relative (e.g. with a mouse that can be lifted and repositioned). Direct input is almost necessarily absolute, but indirect input can be absolute or relative. For example, pen tablets that do not have an integrated display incorporate indirect input and recognize absolute positions and generally run in an absolute input mode, but can also be configured to simulate a relative input mode such as a touchpad where the boom or puck can be raised and repositioned. Also the input component18may contain dedicated fixed controls for frequently used/accessed functions (e.g. repeat system message).
A tangible, machine-readable medium (e.g., memory) may be stored with a set of instructions detailing some (or all) of the methods and steps described in this document so that, when executed by one or more processors, they constitute a may cause one or more processors to perform some or all of the methods and steps described in this document. Each of the network elements may be a computing device that includes a processor and computer-readable memory (or any other tangible machine-readable medium), and the computer-readable memory may include computer-readable instructions such that, when read by the processor, the instructions cause the processor to specify one or more the methods or steps described in this document.
Any part or all methods described herein may be provided as part of or used as part of an application programming interface (API), defined as middleware that serves as an interface that enables the interaction and exchange of data between the application software and the application platform. through which few or all services are provided and which are commonly used to provide or use certain software features while protecting the rest of the application. The API may be based on or conform to the POSIX (Portable Operating System Interface) standard, defining the API along with command line shells and utility interfaces for software compatibility with variants of Unix and other operating systems such as POSIX.1 - 2008 at the same time IEEE STD . 1003.1™-2008 entitled: "Information technology standard: interface for portable operating systems(Posix(R))Description",and the base specifications of the Open Group Technical Standard, Edition 7, IEEE STD. 1003.1™, 2013 edition.
Any server, client, tunnel or any other device here, such as B. SP Server72, the TB server71, der Proxy-Server53, that DC-Proxy server56, the client device31A,the tunnel device#1 33A,the tunnel device#2 33B,the tunnel device#3 33C,the tunnel device#4 33D,the tunnel device#5 33mi,or any combination thereof, you may execute, in whole or in part, one or more of the JavaScript program modules, subroutines, programs, or functions disclosed in US Provisional Application Serial No. 62/809,847, filed May 25, February 2019 at the U.S. Provisional Application No. 62/855,036, filed May 31, 2019, and U.S. Provisional Application No. 62/948,265.
Each device herein, such as the first device, may consist of, may comprise, be part of, or be integrated with a server device, which may consist of, may comprise, be part of, or integrated with, a proxy server. Each proxy server can consist of an HTTP proxy server, a web proxy server, a caching proxy, an open source caching proxy server, a web-based proxy server, a cloud or an open proxy, Be part of or integrated with server, forward proxy server, reverse proxy server, transparent proxy server, non-transparent proxy server, anonymous proxy server, translation proxy server, SOCKS proxy server , CGI web proxy server, suffix proxy server, an anonymous I2P server proxy, a DNS proxy server, or any combination thereof.
Any device, such as a client or server device, or a network element included therein, may include, consist of a personal computer (PC), desktop computer, mobile computer, laptop computer, notebook computer, tablet, computer server, handheld computer or include a , handheld device, personal digital assistant (PDA), cellular phone, handheld PDA device, embedded device, external device, hybrid device, vehicle device, non-vehicle device, mobile or portable device, non-mobile or non-portable device Device. In addition, each network device or element thereof may include, consist of, or include a main device (household appliances) and may include an air conditioner, dishwasher, tumble dryer, drying cabinet, freezer, refrigerator, cooker, kettle, washing machine, trash compactor , microwave and induction cooker. The device can also be a "small" device, such as a television, CD or DVD player, camcorder, camera, clock, alarm clock, games console, hi-fi or home cinema, telephone or answering machine.
Any system or device in this document may still function to store, operate, or use an operating system. Here, each system can include a virtual machine (VM) for virtualization, and the operating system can run as a guest operating system. Each system herein may further include a host computer that implements the VM, and the host computer may be operable to run a hypervisor or virtual machine monitor (VMM), and the guest operating system may use or interact with virtual hardware. Any virtualization here, like any OS virtualization, may include, be based on, or use full virtualization, para-virtualization, or hardware-assisted virtualization.
The term "host" or "network host" is used herein to include, but is not limited to, a computer or other device connected to a computer network such as the Internet. A network host can provide information, services, and application resources to users or other nodes on the network, and is typically assigned a network-layer host address. Computers participating in networks that use the Internet Protocol Suite may also be referred to as IP hosts, and computers participating in the Internet are referred to as Internet hosts or Internet Exchanges. Internet hosts and other IP hosts have one or more IP addresses assigned to their network interfaces. Addresses are configured manually by an administrator, automatically at startup via Dynamic Host Configuration Protocol (DHCP), or through stateless address auto-configuration methods. Network hosts participating in applications that use the client-server computing model are classified as either server or client systems. Network hosts can also act as nodes in peer-to-peer applications, where all nodes share and consume resources equally.
The fixes and methods described in this document can be implemented using hardware, software, or a combination of both. The term "software integration" or any other reference to the integration of two programs or processes in this document is used herein to mean software components (e.g. programs, modules, functions, processes, etc.) that (directly or through another component) combine, work together, or function, or form a whole, usually to share a common purpose or set of goals. Such software integration may take the form of sharing the same program code, exchanging data, managed by the same manager, executed by the same processor, stored on the same media, sharing the same GUI or other user interface, and sharing peripheral hardware . (e.g. monitor, printer, keyboard and memory), share data or a database or be part of a single package. The term "hardware integration" or integration of hardware components is used in this document to include hardware components that (directly or through another component) combine, work or function together, or form a whole, generally for common use, but are not on it constrained to a common goal or set of goals. This hardware integration can take the form of sharing the same power supply (or power supplies) or sharing other resources, exchanging data or control (e.g. through communication), management by the same administrator, physical connection or connection , assume connection sharing with peripheral hardware (e.g., monitor, printer, keyboard, and memory) that is part of a single package or mounted in a single cabinet (or other physical location), shares a communications port, or used or controlled by the same software or hardware. The term "integration" as used herein includes, as appropriate, but not limited to, software integration, hardware integration, or any combination thereof.
Any network protocol can be used to exchange information between network elements (e.g. clients, tunnels, peers, servers) within the network (e.g. the Internet). For example, it is contemplated that communications may be performed using TCP/IP. In general, HTTP and HTTPS over TCP/IP are used as the message transport envelope. These two protocols can handle firewall technology better than other message processing techniques. However, partners may choose to use Message Queuing instead of HTTP and HTTPS if higher reliability of communication is required. A non-limiting example of a message queuing system is the IBM MQ suite or Microsoft Message Queue (MSMQ). The system described below is suitable for HTTP/HTTPS, message queues and other communication transport protocol technologies. In addition, the physical network may include and use different communication protocol technologies depending on the different business and technical requirements of different network partners. Each network, such as the first or second network, can be implemented as a virtualized network as part of a virtual machine (VM). Here each system may include a host computer that implements the VM. The host computer can still run a hypervisor or Virtual Machine Monitor (VMM). Each virtualized network here can use or interact with virtual hardware. Any virtualization included in this document may include, be based on, or use full virtualization, para-virtualization, or hardware-assisted virtualization.
All data identified here, e.g. B. the identification of a URL or a URL request, can be based on or use the extraction by SSL sniffing.
The term "port" refers to an access point to a device, electrical circuit, or network where power or signals can be added or removed. The term "interface" of a network device refers to a physical interface, a logical interface (e.g., part of a physical interface), or sometimes referred to in the industry as a subinterface, e.g. as, but not limited to, a particular VLAN associated with a network interface) and/or a virtual interface (e.g., traffic grouped based on a particular characteristic, such as, but not limited to, a tunnel interface ). As used herein, the term "independent" with respect to two (or more) elements, processes, or functionality refers to a scenario where one does not affect or exclude the other. For example, independent communication, as with a pair of independent datapaths, means that communication on one datapath does not affect or prevent communication on the other datapaths.
Some embodiments may be used in conjunction with multiple devices, network elements, and systems, for example, a personal computer (PC), desktop computer, mobile computer, laptop, laptop, tablet, server computer, portable device, handheld device, a personal digital assistant (PDA), cellular device, handheld PDA device, embedded device, external device, hybrid device, vehicle device, non-vehicle device, mobile or portable device, non-mobile or non-portable device, wireless communication station , wireless communication device, wireless access point (AP), wireless or wired router, wireless or wired modem, wireless or wired network, local area network (LAN), wireless LAN (WLAN), metropolitan area network (MAN), wireless MAN ( WMAN), a wide area network (WAN), a wired wireless WAN (WWAN), a personal area network (PAN), a wireless PAN (W PAN), devices and/or networks operating essentially in accordance with c and existing standards IEEE 802.11, 802.11a, 802.11b, 802.11g, 802.11k, 802.11n, 802.11r, 802.16, 802.16d, 802.16 and 802.20, 802.21 and/or future versions and/or derivatives of previous standards, units and/or devices that are part of the above networks, one-way and/or two-way radio communication systems, cellular radiotelephone communication systems, mobile telephones, cordless telephones, a Personal Communication System (PCS ) device, a PDA device that includes a wireless communication device, a mobile or handheld Global Positioning System (GPS), a device that includes a GPS receiver or transceiver or chip, a device that includes an RFID element or a chip, transceiver or input device contains a multiple output multiple (AMMO), a multiple input multiple output (SIMO) transceiver or device, a multiple input multiple output (SIMO) input single Output (MISO) transceiver or device, a device with one or more internal antennas and/or external antennas, digital video transmission (DVB) devices or ms systems, wired or wireless multistandard radio devices or systems (e.g. B. BlackBerry, Palm Treo), a WAP device (Wireless Application Protocol) or similar.
Although communication sessions between the elements described here, such as e.g. B. between servers and clients, are exemplified on the Internet113Any other communication protocol can also be used using Internet Protocol (IP) or TCP/IP, such as a Local Area Network (LAN), a Wireless LAN (WLAN), a Metropolitan Area Network (MAN), a MAN (WMAN) , a wide area network (WAN), a wireless WAN (WWAN), a personal area network (PAN), a wireless PAN (WPAN), devices and/or networks operating substantially in accordance with IEEE 802.11, Existing 802.11a, 802.11b, 802.11g, 802.11k, 802.11n, 802.11r, 802.16, 802.16d, 802.16e, 802.20, 802.21. For example, all or all communication paths111Abetween tunnel device #1 33Aand the tuberculosis server71, the communication channel111Bbetween tunnel device #2 33Band the tuberculosis server71, the communication channel111Cbetween tunnel device #3 33Cand the tuberculosis server71, the communication channel111Dbetween tunnel device #4 33Dand the tuberculosis server71and the way of communication111mibetween tunnel device #5 33miand the tuberculosis server71, you can use any of the protocols of a local area network (LAN), wireless LAN (WLAN), metropolitan area network (MAN), wireless MAN (WMAN), wide area network (WAN), wired wireless network WAN (WWAN). ), a personal area network (PAN), a wireless PAN (WPAN), devices and/or networks operating substantially in accordance with IEEE 802.11, 802.11a, 802.11b, 802.11b, 802.11g, 802.11k, 802.11n 802.11 r, 802.16, 802.16d, 802.16e, 802.20, 802.21. Also any or all means of communication121Abetween client device31Aand SP server72, the communication channel131Abetween SP servers72and the tuberculosis server71, the communication channel131CÖ131Dbetween tunnel device #4 33Dand the web server22B,and the way of communication191Ö192between SP servers72and tunnel device #4 33D,They can be Local Area Network (LAN), Wireless LAN (WLAN), Metropolitan Area Network (MAN), Wireless MAN (WMAN), Wide Area Network (WAN), Wireless WAN (WWAN), Personal Area Network (PAN), a wireless PAN (WPAN), devices and/or networks substantially compliant with IEEE 802.11, 802.11a, 802.11b, 802.11g, 802.11k, 802.11k, 802.11n, 802.11r, 802.16, 802.16d -, 802.16 and 802.20, 802.21 standards.
The terms "program", "programmable" and "computer program" as used in this document include any sequence or step recognizable by humans or machines that performs a function. Such programs are not inherently associated with any particular computer or other device and may be represented in virtually any programming language or environment, including, for example, C/C++, FORTRAN, COBOL, PASCAL, assembly language, markup languages (e.g., HTML, SGML , XML, VoXML) and the like, and object-oriented environments such as Common Object Request Broker Architecture (CORBA), Java™ (including J2ME, Java Beans, etc.) and the like, and firmware or other implementations. Program modules generally include routines, programs, objects, components, data structures, etc. that perform specific tasks or implement specific abstract data types. The term "application program" (also referred to as "application", "application software" or "application software") is used herein to include, without limitation, a computer program designed to perform a specific function for a user, directly or through another application program. Application software is typically a collection of one or more programs designed to perform operations for a specific application. Typically, application software is based on system software that manages and integrates computer resources, but does not directly perform tasks that benefit the user, such as an operating system. Examples of application software types can include accounting software, media players, and office suites. Applications may be packaged with your computer and system software, or released separately and developed and coded as proprietary or open source software. Most apps are designed to help people complete an activity.
The terms "task" and "process" are used broadly herein to describe any type of running program, including but not limited to, a computer process, task, thread, running application, operating system, process user interface, a device driver, native code, machine or other language, etc., and may be interactive and/or non-interactive, run locally and/or remotely, run in the foreground and/or background, run in user address spaces and/or run system routine, an independent program library and/or application routine, and is not limited to any particular memory partitioning technique. The steps, connections, and signal and information processing illustrated in the figures, including but not limited to block and flow diagrams and message sequence diagrams, may typically be performed in series or in parallel or in a different order and/or by different components in the same order. and/or processes, threads, etc. and/or via various connections and combined with other functions in other implementations, unless this disables the mode or a stream is explicitly or implicitly required (e.g. to a read stream of the value, Processing of the value: The value must be retrieved before it is processed, although some of the processing involved may occur before, at the same time, and/or after the read operation). When particular method steps are described in a particular order, or when alphabetic and/or alphanumeric designations are used to identify particular steps, the embodiments are not limited to any particular order for performing those steps. In particular, the labels are used only for convenient identification of steps and are not intended to imply, specify, or require any particular order in performing those steps. Other modalities may also use more or fewer steps than those discussed here. They may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may reside on local and remote storage devices.
Corresponding structures, materials, acts, and equivalents of all media elements plus function in the claims below are intended to include any structure or material to perform the function in combination with other claimed elements as specifically claimed. The description of the present invention has been presented for purposes of illustration and description, but is not intended to be exhaustive or limited to the invention as described. The present invention is not to be construed as limited to the specific embodiments described above, but is to be understood to include all aspects of the invention as set forth clearly in the appended claims. Various modifications, method equivalents, as well as numerous structures to which the present invention may be applicable will become readily apparent to those skilled in the art to which the present invention pertains after review of the present disclosure.
All publications, standards, patents, and patent applications cited in this specification are incorporated herein by reference as if each individual publication, patent, or patent application were expressly and individually incorporated by reference and incorporated herein in their entirety.
Each of the arrangements or actions described in this document (or parts thereof) can be implemented as a system, a method and/or a computer program product. The computer program product may include a computer-readable storage medium (or media) having computer-readable program instructions for causing a processor to carry out aspects of the present invention. The computer-readable storage medium may be a tangible device that can contain and store instructions for use by an instruction execution device. The computer-readable storage medium can be, for example, but not limited to, an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing. . A non-exhaustive list of more specific examples of computer-readable storage media includes the following: a laptop floppy disk, a hard drive, random access memory (RAM), read-only memory (ROM), programmable read-only memory that is erasable only Memory (EPROM or flash memory), static random access memory (SRAM), read-only memory Portable compact disc (CD-ROM), digital versatile disc (DVD), memory card, floppy disk, encoded device such as die-cut cards or embossed structures in a slot with engraved instructions; and any suitable combination of the above. A computer-readable storage medium, as used in this document, should not be interpreted per se as transient signals, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide, or other means of transmission (e.g. light propagating through a fiber optic cable) or electrical signals transmitted through a cable.
All computer-readable program instructions described in this document can be transferred from a computer-readable storage medium to the respective computing devices/processors or over a network, e.g. B. the Internet, a local network, downloaded to an external computer or an external storage device. a wide area network and/or a wireless network. Each network herein may include copper transmission cables, optical transmission cables, wireless transmission, routers, firewalls, switches, gateway computers, and/or edge servers. A network adapter card or network interface in each computing device/processor receives computer-readable program instructions from the network and forwards the computer-readable program instructions for storage on a computer-readable storage medium within the respective processing device/computer.
Computer-readable program instructions for performing operations of the present invention may be assembly language instructions, instruction set architecture (ISA) instructions, machine instructions, machine dependent instructions, microcode, firmware instructions, configuration data state, or source code, or object code written in any combination of one or more programming languages, including an object-oriented one Programming language such as Smalltalk, C++ or the like, and traditional procedural programming languages such as the "C" programming language or similar programming languages. The computer-readable program's instructions may run entirely on the user's computer, partly on the user's computer as a stand-alone software package, partly on the user's computer and partly on a remote computer, or entirely on the remote computer or server. In the latter scenario, the remote computer can be connected to the user's computer over any network type mentioned here. In some embodiments, electronic circuits, including, for example, programmable logic circuits, field programmable gate arrays (FPGAs), or programmable logic assemblies (PLAs), may execute computer-readable program instructions using instruction state information. for carrying out aspects of the present invention.
Aspects of the various arrangements described herein with reference to flowchart and/or block diagram representations of methods, apparatus (systems) and computer program products according to embodiments of the invention. Furthermore, each block of the flowchart and/or block diagram illustrations, and combinations of blocks in the flowchart and/or block diagram illustrations, may be implemented by computer readable program instructions.
Any computer-readable program instructions or steps contained in this document may be entered into a processor of a general purpose computer, special purpose computer, or other programmable data processing device to produce a machine such that the instructions being executed originate from the center of the computer processor. or other programmable data processing devices that generate means for implementing the functions/actions specified in the flowchart and/or block(s) of the block diagram. These computer-readable program instructions may also be stored on a computer-readable storage medium that may instruct a computer, programmable computing device, and/or other device to operate in a particular manner such that the computer-readable storage computer has instructions stored therein. comprises an article of manufacture containing instructions that implement aspects of the function/action specified in the flowchart and/or block diagram block(s). Computer-readable program instructions may also be loaded into a computer, other programmable data processing device, or other device to cause a series of operational steps to be performed in the computer, other programmable device, or other device to produce a process that is implemented by computer. such that the instructions executed in the computer, other programmable device, or other device implement the functions/actions specified in the flowchart and/or block(s) of the block diagram.
The flowchart and block diagrams of the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and software products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent an instruction module, segment, or fragment that includes one or more executable instructions to implement the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks displayed in succession may actually be executed substantially simultaneously, or the blocks may sometimes be executed in reverse order depending on the functionality involved. It is also noted that each block in the block diagrams and/or flowchart illustrations, and combinations of blocks in the block diagrams and/or flowchart illustrations, may be implemented by hardware-based purpose systems that perform the specified functions or actions, or combinations of them. of special hardware and computer instructions.
Each program described in this document can be identified based on the application for which it is implemented in a specific embodiment of the invention. However, it should be noted that any particular program nomenclature is used throughout this document for convenience only, and therefore the invention should not be limited to use only in any specific application identified and/or implied by such nomenclature.