公开(公告)号：US20080034201A1

公开(公告)日：2008-02-07

申请号：US11839937

申请日：2007-08-16

申请人： Edmund Munger ,  Vincent Sabio ,  Robert Short ,  Virgil Gligor

发明人： Edmund Munger ,  Vincent Sabio ,  Robert Short ,  Virgil Gligor

IPC分类号： H04L9/00 ,  G06F15/16 ,  H04K1/00

CPC分类号： H04L61/2539 ,  H04L9/065 ,  H04L29/12216 ,  H04L29/12301 ,  H04L29/1232 ,  H04L29/12801 ,  H04L45/20 ,  H04L45/24 ,  H04L61/2007 ,  H04L61/2076 ,  H04L61/2092 ,  H04L61/30 ,  H04L61/6004 ,  H04L63/0272 ,  H04L63/04 ,  H04L63/0407 ,  H04L63/0421 ,  H04L63/0428 ,  H04L63/0435 ,  H04L63/1441 ,  H04L63/1491 ,  H04M3/42008

摘要： A plurality of computer nodes communicates using seemingly random IP source and destination addresses and (optionally) a seemingly random discriminator field. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are rejected. In addition to “hopping” of IP addresses and discriminator fields, hardware addresses such as Media Access Control addresses can be hopped. The hopped addresses are generated by random number generators having non-repeating sequence lengths that are easily determined a-priori, which can quickly jump ahead in sequence by an arbitrary number of random steps and which have the property that future random numbers are difficult to guess without knowing the random number generator's parameters. Synchronization techniques can be used to re-establish synchronization between sending and receiving nodes.

摘要翻译： 多个计算机节点使用看似随意的IP源和目的地址和（可选地）看似随机的鉴别符字段进行通信。 由有效地址的移动窗口定义的数据包匹配条件被接受进一步处理，而不符合标准的数据包将被拒绝。 除了IP地址和鉴别字段的“跳”之外，还可以跳过媒体访问控制地址等硬件地址。 跳跃地址由具有非重复序列长度的随机数生成器产生，其可以先前容易地确定，其可以通过任意数量的随机步骤快速地向前跳跃，并且具有将来随机数难以猜测的性质 不知道随机数生成器的参数。 同步技术可用于重新建立发送和接收节点之间的同步。

公开(公告)号：US20060123134A1

公开(公告)日：2006-06-08

申请号：US11301022

申请日：2005-12-13

申请人： Edmund Munger ,  Vincent Sabio ,  Robert Short ,  Virgil Gligor ,  Douglas Schmidt

发明人： Edmund Munger ,  Vincent Sabio ,  Robert Short ,  Virgil Gligor ,  Douglas Schmidt

IPC分类号： G06F15/16 ,  G06F17/00

CPC分类号： H04L61/2539 ,  H04L9/065 ,  H04L29/12216 ,  H04L29/12301 ,  H04L29/1232 ,  H04L29/12801 ,  H04L45/20 ,  H04L45/24 ,  H04L61/2007 ,  H04L61/2076 ,  H04L61/2092 ,  H04L61/30 ,  H04L61/6004 ,  H04L63/0272 ,  H04L63/04 ,  H04L63/0407 ,  H04L63/0421 ,  H04L63/0428 ,  H04L63/0435 ,  H04L63/1441 ,  H04L63/1491 ,  H04M3/42008

摘要： A plurality of computer nodes communicates using seemingly random IP source and destination addresses and (optionally) a seemingly random discriminator field. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are rejected. In addition to “hopping” of IP addresses and discriminator fields, hardware addresses such as Media Access Control addresses can be hopped. The hopped addresses are generated by random number generators having non-repeating sequence lengths that are easily determined a-priori, which can quickly jump ahead in sequence by an arbitrary number of random steps and which have the property that future random numbers are difficult to guess without knowing the random number generator's parameters. Synchronization techniques can be used to re-establish synchronization between sending and receiving nodes.

摘要翻译： 多个计算机节点使用看似随意的IP源和目的地址和（可选地）看似随机的鉴别符字段进行通信。 由有效地址的移动窗口定义的数据包匹配条件被接受进一步处理，而不符合标准的数据包将被拒绝。 除了IP地址和鉴别字段的“跳”之外，还可以跳过媒体访问控制地址等硬件地址。 跳跃地址由具有非重复序列长度的随机数生成器产生，其可以先前容易地确定，其可以通过任意数量的随机步骤快速地向前跳跃，并且具有将来随机数难以猜测的性质 不知道随机数生成器的参数。 同步技术可用于重新建立发送和接收节点之间的同步。

公开(公告)号：US20060056623A1

公开(公告)日：2006-03-16

申请号：US11267146

申请日：2005-11-07

申请人： Virgil Gligor ,  Pompiliu Donescu

发明人： Virgil Gligor ,  Pompiliu Donescu

IPC分类号： H04L9/28 ,  H04L9/00 ,  H04K1/00

CPC分类号： H04L9/0637 ,  H04L9/0643 ,  H04L9/0656 ,  H04L9/3242 ,  H04L2209/08 ,  H04L2209/125 ,  H04L2209/20

摘要： A block encryption method and schemes (modes of operation) that provide both data confidentiality and integrity with a single cryptographic primitive and a single processing pass over the input plaintext string by using a non-cryptographic Manipulation Detection Code function for secure data communication over insecure channels and for secure data storage on insecure media. The present invention allows, in a further aspect, software and hardware implementations, and use in high-performance and low-power applications, and low-power, low-cost hardware devices. The block encryption method and schemes of this invention allow, in yet a further aspect, encryption and decryption in parallel or pipelined manners in addition to sequential operation. In a yet further aspect, the block encryption method and schemes of this invention are suitable for real-time applications.

摘要翻译： 通过使用非加密操作检测代码功能，通过不安全的通道进行安全数据通信，提供数据机密性和完整性的单一加密原语和输入明文串上的单个处理传递的块加密方法和方案（操作模式） 并在不安全的媒体上保护数据。 本发明在另一方面允许软件和硬件实现，并且在高性能和低功率应用以及低功率，低成本硬件设备中使用。 本发明的块加密方法和方案在另一方面允许并行或流水线的方式进行加密和解密以及顺序操作。 在另一方面，本发明的块加密方法和方案适用于实时应用。

公开(公告)号：US20050140964A1

公开(公告)日：2005-06-30

申请号：US10666207

申请日：2003-09-18

申请人： Laurent Eschenauer ,  Virgil Gligor

发明人： Laurent Eschenauer ,  Virgil Gligor

IPC分类号： G01C3/02 ,  H04L29/06

CPC分类号： H04L63/1408 ,  H04L9/0838 ,  H04L9/0891 ,  H04L2209/805 ,  H04W12/04 ,  H04W76/10 ,  H04W84/18

摘要： In a distributed sensor network, a method of key management is carried out in several phases, particularly key pre-distribution phase, shared key discovery phase, and as needed, a path key establishment phase. In the key pre-distribution phase, prior to DSN deployment, a ring of keys is distributed to each sensor node, each key ring consisting of randomly chosen keys from a large pool of keys which is generated off-line. A shared key exists between each two key rings with a predetermined probability. In the shared key discovery phase, which takes place upon deployment of the DSN, every sensor node discovers its neighbors in wireless communication range with which it shares keys, and the topology of the sensor array is established by forming secure communication links between respective sensor nodes. The path key establishment phase assigns a path key to selected pairs of sensor nodes in wireless communication range that do not share a key but are connected by two or more links at the end of the shared key discovery phase. The key management scheme also assumes a revocation phase for removal of the key ring of the compromised sensor node from the network. Also, re-keying phase is assumed for removal of those keys with the expired lifetime.

摘要翻译： 在分布式传感器网络中，密钥管理的方法分几个阶段进行，特别是关键的预分配阶段，共享密钥发现阶段，以及需要的路径密钥建立阶段。 在密钥预分发阶段，在DSN部署之前，将一个密钥环分配给每个传感器节点，每个密钥环由离线生成的大量密钥库中随机选择的密钥组成。 共享密钥以预定的概率存在于每个两个密钥环之间。 在部署DSN时发生的共享密钥发现阶段，每个传感器节点发现其与其共享密钥的无线通信范围内的邻居，并且通过在各个传感器节点之间形成安全通信链路来建立传感器阵列的拓扑结构 。 路径密钥建立阶段将路径密钥分配给在共享密钥发现阶段结束时不共享密钥但由两个或多个链路连接的无线通信范围内的选定传感器节点对。 密钥管理方案还假定用于从网络去除受感染传感器节点的密钥环的撤销阶段。 此外，假设重新键入阶段用于删除具有过期寿命的那些密钥。

公开(公告)号：US5911143A

公开(公告)日：1999-06-08

申请号：US514710

申请日：1995-08-14

申请人： Klaus Deinhart ,  Virgil Gligor ,  Christoph Lingenfelder ,  Sven Lorenz

发明人： Klaus Deinhart ,  Virgil Gligor ,  Christoph Lingenfelder ,  Sven Lorenz

IPC分类号： G06F12/14 ,  G06F1/00 ,  G06F12/00 ,  G06F21/00 ,  G06F21/20 ,  G06F21/24 ,  H04L29/08 ,  G06F17/30

CPC分类号： G06F21/604 ,  G06F21/6218 ,  G06F2221/2141 ,  G06F2221/2145 ,  Y10S707/99939 ,  Y10S707/99944 ,  Y10S707/99945

摘要： A method and system for registration, authorization, and control of access rights in a computer system. Access rights of subjects on objects in a computer system are controlled using parameterized role types that can be instantiated into role instances equivalent to roles or groups. The required parameters are provided by the subject of the computer system, e.g. by a person, a job position, or an organization unit. Furthermore, relative resource sets are instantiated into concrete resource sets and individual resources by using the same parameter values as for instantiating the role types. Authorization and control of access rights include capability lists providing the access rights of the subjects on the objects of a computer system on a per subject basis. Furthermore, access control lists are derived from capability lists, so that access rights of the subjects on the respective objects are provided.

摘要翻译： 一种用于在计算机系统中注册，授权和控制访问权限的方法和系统。 使用参数化的角色类型来控制计算机系统中的对象的访问权限，该类型可以实例化为与角色或组相当的角色实例。 所需的参数由计算机系统的主体提供，例如。 由一个人，一个工作岗位或一个组织单位。 此外，通过使用与实例化角色类型相同的参数值，将相对资源集实例化为具体资源集和单个资源。 访问权限的授权和控制包括能力列表，其以每个主题为基础在计算机系统的对象上提供主题的访问权限。 此外，从能力列表导出访问控制列表，从而提供对象上的主题的访问权限。