公开(公告)号：US20050108531A1

公开(公告)日：2005-05-19

申请号：US10713980

申请日：2003-11-14

申请人： Brian Swander ,  Sara Bitan ,  Christian Huitema ,  Paul Mayfield ,  Daniel Simon

发明人： Brian Swander ,  Sara Bitan ,  Christian Huitema ,  Paul Mayfield ,  Daniel Simon

IPC分类号： H04L9/00 ,  H04L9/08 ,  H04L29/06

CPC分类号： H04L63/061 ,  H04L9/0844 ,  H04L63/0823 ,  H04L63/164 ,  H04L63/20

摘要： A method for authenticating and negotiating security parameters among two or more network devices is disclosed. The method has a plurality of modes including a plurality of messages exchanged between the two or more network devices. In a main mode, the two or more network devices establish a secure channel and select security parameters to be used during a quick mode and a user mode. In the quick mode, the two or more computers derive a set of keys to secure data sent according to a security protocol. The optional user mode provides a means of authenticating one or more users associated with the two or more network devices. A portion of the quick mode is conducted during the main mode thereby minimizing the plurality of messages that need to be exchanged between the initiator and the responder.

摘要翻译： 公开了一种用于在两个或多个网络设备之间认证和协商安全参数的方法。 该方法具有多个模式，包括在两个或多个网络设备之间交换的多个消息。 在主模式中，两个或多个网络设备建立安全通道并选择在快速模式和用户模式期间使用的安全参数。 在快速模式下，两台或多台计算机派生一组密钥来保护根据安全协议发送的数据。 可选的用户模式提供了认证与两个或多个网络设备相关联的一个或多个用户的手段。 快速模式的一部分在主模式期间进行，从而最小化需要在启动器和应答器之间交换的多个消息。

公开(公告)号：US08253774B2

公开(公告)日：2012-08-28

申请号：US12413782

申请日：2009-03-30

申请人： Christian Huitema ,  William A. S. Buxton ,  John E. Paff ,  Zicheng Liu ,  Rajesh Kutpadi Hegde ,  Zhengyou Zhang ,  Kori Marie Quinn ,  Jin Li ,  Michel Pahud

发明人： Christian Huitema ,  William A. S. Buxton ,  John E. Paff ,  Zicheng Liu ,  Rajesh Kutpadi Hegde ,  Zhengyou Zhang ,  Kori Marie Quinn ,  Jin Li ,  Michel Pahud

IPC分类号： H04N7/14

CPC分类号： H04N7/147 ,  H04L12/1827 ,  H04N7/142 ,  H04N7/15 ,  H04N21/42203 ,  H04N21/4223 ,  H04N21/44213 ,  H04N21/4788 ,  H04N2007/145

摘要： The claimed subject matter provides a system and/or a method that facilitates managing one or more devices utilized for communicating data within a telepresence session. A telepresence session can be initiated within a communication framework that includes two or more virtually represented users that communicate therein. A device can be utilized by at least one virtually represented user that enables communication within the telepresence session, the device includes at least one of an input to transmit a portion of a communication to the telepresence session or an output to receive a portion of a communication from the telepresence session. A detection component can adjust at least one of the input related to the device or the output related to the device based upon the identification of a cue, the cue is at least one of a movement detected, an event detected, or an ambient variation.

摘要翻译： 所要求保护的主题提供了一种有助于管理用于在远程呈现会话内传送数据的一个或多个设备的系统和/或方法。 可以在通信框架内启动远程呈现会话，该通信框架包括在其中通信的两个或更多虚拟表示的用户。 至少一个虚拟表示的用户可以利用设备来实现远程呈现会话内的通信，该设备包括将通信的一部分传送到远程呈现会话的输入或输出以接收通信的一部分中的至少一个 从远程呈现会话。 检测部件可以基于提示的识别来调整与设备相关的输入或输出中的至少一个，所述提示是检测到的运动，检测到的事件或环境变化中的至少一个。

公开(公告)号：US20110004677A1

公开(公告)日：2011-01-06

申请号：US12883346

申请日：2010-09-16

申请人： John L. Miller ,  Manuel Costa ,  Noah Horton ,  Christian Huitema ,  Sandeep K. Singhal

发明人： John L. Miller ,  Manuel Costa ,  Noah Horton ,  Christian Huitema ,  Sandeep K. Singhal

IPC分类号： G06F15/177

CPC分类号： H04L67/104 ,  H04L43/0858 ,  H04L43/0864 ,  H04L43/12 ,  H04L67/1046 ,  H04L67/1068

摘要： A method is provided for a host node in a computer network to determine its coordinates in a d-dimensional network space, comprising discovering an address of a peer node in the network, measuring network latency between the host node and the peer node, determining whether network latency has been measured for at least d+1 peer nodes, where, if network latency has not been measured for at least d+1 peer nodes, estimating the network coordinates of the host node, and where, if network latency has been measured for at least d+1 peer nodes, calculating the network coordinates of the host node using d+1 measured latencies.

摘要翻译： 提供了一种用于计算机网络中的主机节点来确定其在d维网络空间中的坐标的方法，包括发现网络中的对等节点的地址，测量主机节点和对等节点之间的网络等待时间，确定是否 已经对至少d + 1个对等节点测量了网络延迟，其中，如果尚未对至少d + 1个对等节点进行网络延迟测量，则估计主机节点的网络坐标，以及如果已经测量了网络延迟 对于至少d + 1个对等节点，使用d + 1测量的延迟来计算主机节点的网络坐标。

公开(公告)号：US07840638B2

公开(公告)日：2010-11-23

申请号：US12147603

申请日：2008-06-27

申请人： Zhengyou Zhang ,  Xuedong David Huang ,  Zicheng Liu ,  Cha Zhang ,  Philip A. Chou ,  Christian Huitema

发明人： Zhengyou Zhang ,  Xuedong David Huang ,  Zicheng Liu ,  Cha Zhang ,  Philip A. Chou ,  Christian Huitema

IPC分类号： G06F15/16 ,  G06F12/00

CPC分类号： H04N7/142 ,  H04M3/567 ,  H04N7/147 ,  H04N7/15

摘要： A multimedia conference technique is disclosed that allows physically remote users to participate in an immersive telecollaborative environment by synchronizing multiple data, images and sounds. The multimedia conference implementation provides users with the perception of being in the same room visually as well as acoustically according to an orientation plan which reflects each remote user's position within the multimedia conference environment.

摘要翻译： 公开了一种多媒体会议技术，其允许物理上的远程用户通过同步多个数据，图像和声音来参与沉浸式的电视解码环境。 多媒体会议实现为用户提供了根据反映每个远程用户在多媒体会议环境中的位置的方向计划在视觉上和声学上在同一房间中的感觉。

公开(公告)号：US20100195812A1

公开(公告)日：2010-08-05

申请号：US12365949

申请日：2009-02-05

申请人： Dinei A. Florencio ,  Alejandro Acero ,  William Buxton ,  Phillip A. Chou ,  Ross G. Cutler ,  Jason Garms ,  Christian Huitema ,  Kori M. Quinn ,  Daniel Allen Rosenfeld ,  Zhengyou Zhang

发明人： Dinei A. Florencio ,  Alejandro Acero ,  William Buxton ,  Phillip A. Chou ,  Ross G. Cutler ,  Jason Garms ,  Christian Huitema ,  Kori M. Quinn ,  Daniel Allen Rosenfeld ,  Zhengyou Zhang

IPC分类号： H04M3/42 ,  G10L11/00

CPC分类号： H04M3/56 ,  G10L2021/0135 ,  H04M3/565

摘要： The claimed subject matter relates to an architecture that can preprocess audio portions of communications in order to enrich multiparty communication sessions or environments. In particular, the architecture can provide both a public channel for public communications that are received by substantially all connected parties and can further provide a private channel for private communications that are received by a selected subset of all connected parties. Most particularly, the architecture can apply an audio transform to communications that occur during the multiparty communication session based upon a target audience of the communication. By way of illustration, the architecture can apply a whisper transform to private communications, an emotion transform based upon relationships, an ambience or spatial transform based upon physical locations, or a pace transform based upon lack of presence.

摘要翻译： 所要求保护的主题涉及可以预处理通信的音频部分以便丰富多方通信会话或环境的架构。 特别地，该架构可以提供公共通信的公共信道，其由基本上所有连接的各方接收，并且可以进一步提供由所有连接方的所选子集接收的专用通信的专用信道。 特别地，架构可以基于通信的目标受众对音频转换应用于在多方通信会话期间发生的通信。 作为说明，架构可以对私人通信应用耳语转换，基于关系，基于物理位置的氛围或空间变换或基于缺乏存在的步调变换的情感变换。

公开(公告)号：US20090327418A1

公开(公告)日：2009-12-31

申请号：US12147603

申请日：2008-06-27

申请人： Zhengyou Zhang ,  Xuedong David Huang ,  Zicheng Liu ,  Cha Zhang ,  Philip A. Chou ,  Christian Huitema

发明人： Zhengyou Zhang ,  Xuedong David Huang ,  Zicheng Liu ,  Cha Zhang ,  Philip A. Chou ,  Christian Huitema

IPC分类号： G06F15/16

CPC分类号： H04N7/142 ,  H04M3/567 ,  H04N7/147 ,  H04N7/15

摘要： A multimedia conference technique is disclosed that allows physically remote users to participate in an immersive telecollaborative environment by synchronizing multiple data, images and sounds. The multimedia conference implementation provides users with the perception of being in the same room visually as well as acoustically according to an orientation plan which reflects each remote user's position within the multimedia conference environment.

摘要翻译： 公开了一种多媒体会议技术，其允许物理上的远程用户通过同步多个数据，图像和声音来参与沉浸式的电视解码环境。 多媒体会议实现为用户提供了根据反映每个远程用户在多媒体会议环境中的位置的方向计划在视觉上和声学上在同一房间中的感觉。

公开(公告)号：US07640338B2

公开(公告)日：2009-12-29

申请号：US11039758

申请日：2005-01-18

申请人： Christian Huitema ,  Sanjay N. Kaniyar ,  Nelamangal Krishnaswamy Srinivas

发明人： Christian Huitema ,  Sanjay N. Kaniyar ,  Nelamangal Krishnaswamy Srinivas

IPC分类号： G06F15/173

CPC分类号： H04L63/14 ,  H04L63/1433 ,  H04L63/1458

摘要： Malicious network node activity and, in particular, denial of service attacks, may be mitigated by one or more practical mitigation mechanisms and mitigation mechanism combinations. Suitable protocol messages may be challenged with a challenge probe. A response to the challenge probe may be utilized to determine if received protocol messages are illegitimate, that is, originated by a malicious network node. Received protocol messages may be classified as questionable protocol messages. For efficiency, protocol message challenges may be limited to protocol message classified as questionable. A sequence number limit may be calculated as a function of receive window size. Transmission control protocol messages may be determined to be illegitimate by comparing the acknowledgement number field with the calculated sequence number limit. Randomized selection of source port numbers for transmission control protocol connections may also mitigate malicious network node activity by resulting in legitimate protocol message field values that are less predictable.

摘要翻译： 恶意网络节点活动，特别是拒绝服务攻击可以通过一个或多个实际的缓解机制和缓解机制组合来缓解。 挑战探针可能会挑战合适的协议消息。 可以利用对挑战探测器的响应来确定接收到的协议消息是否是非法的，即由恶意网络节点发起。 接收到的协议消息可以被分类为可疑协议消息。 为了效率，协议消息挑战可能被限制为被分类为有问题的协议消息。 序列号限制可以作为接收窗口大小的函数来计算。 可以通过将确认号码字段与所计算的序列号限制进行比较来确定发送控制协议消息是不合法的。 用于传输控制协议连接的源端口号的随机选择还可以通过导致较不可预测的合法协议消息字段值来减轻恶意网络节点活动。

公开(公告)号：US07500102B2

公开(公告)日：2009-03-03

申请号：US10056889

申请日：2002-01-25

申请人： Brian Swander ,  Christian Huitema

发明人： Brian Swander ,  Christian Huitema

IPC分类号： H04L9/00 ,  H04L1/00

CPC分类号： H04L63/029 ,  H04L29/1249 ,  H04L61/256 ,  H04L63/061 ,  H04L69/16 ,  H04L69/164 ,  H04L69/166

摘要： A method and apparatus for fragmenting and reassembling IKE protocol data packets that exceed a Maximum Transmission Unit is provided. A transmitting node determines whether to fragment IKE data depending on whether the receiving node has the capability to receive and reassemble fragmented data packets. The transmitting node detects whether fragmentation is appropriate and then intercepts and fragments appropriate IKE payloads for transmission over a network. The invention further includes a method and apparatus for reassembling fragmented IKE payloads. The receiving node discards certain packets according to a set of predetermined rules that are designed to prevent denial of service attacks and other similar attacks. No modification is required to the existing IKE protocol or to other lower level networking protocols.

摘要翻译： 提供了一种用于分段和重新组合超过最大传输单元的IKE协议数据分组的方法和装置。 发送节点根据接收节点是否具有接收和重组分段数据分组的能力来确定是否分片IKE数据。 发送节点检测分段是否合适，然后拦截并分片适当的IKE有效载荷，以便通过网络进行传输。 本发明还包括用于重新组装分段的IKE有效载荷的方法和装置。 接收节点根据旨在防止拒绝服务攻击和其他类似攻击的一组预定规则来丢弃某些分组。 现有的IKE协议或其他较低级别的网络协议不需要修改。

公开(公告)号：US07493363B2

公开(公告)日：2009-02-17

申请号：US09955923

申请日：2001-09-19

申请人： Christian Huitema ,  Alexandru Gavrilescu ,  Noel W. Anderson ,  Xiaohai Zhang

发明人： Christian Huitema ,  Alexandru Gavrilescu ,  Noel W. Anderson ,  Xiaohai Zhang

IPC分类号： G06F15/16

CPC分类号： H04L29/12292 ,  H04L29/06 ,  H04L61/2069 ,  H04L67/104 ,  H04L67/1044 ,  H04L67/1046 ,  H04L67/1048 ,  H04L67/306 ,  H04L69/329

摘要： A system and method of serverless peer-to-peer group management and maintenance is presented. Group formation and discovery of private, public, and enumerated groups are provided, as is a method of joining such a peer-to-peer group. Group information management provided by the present invention ensures that each node maintains a current database from the initial joining of the group through the run phase of membership. Group graph maintenance utilizes a group signature to ensure that partitions in a graph may be detected and repaired. The utility of connections within the graph are also monitored so that non-productive connections may be dropped to increase the efficiency of the group. The diameter of the graph is also monitored and adjusted to ensure rapid information transfer throughout the group. A disconnect procedure is used to maintain the graph integrity and prevent partitions resulting from the departure of a group member.

摘要翻译： 提出了无服务器对等组群管理和维护的系统和方法。 提供私有，公共和枚举组的组合和发现，以及加入这种对等组的方法。 通过本发明提供的组信息管理确保每个节点保持从组的初始加入到成员的运行阶段的当前数据库。 组图维护使用组签名来确保图中的分区可能被检测和修复。 还监视图中连接的效用，以便可以降低非生产性连接以提高组的效率。 还会对图形的直径进行监控和调整，以确保整个组内快速的信息传递。 使用断开连接程序来维护图形的完整性，并防止由于组成员的离开导致的分区。

公开(公告)号：US07305705B2

公开(公告)日：2007-12-04

申请号：US10611832

申请日：2003-06-30

申请人： Art Shelest ,  Christian Huitema

发明人： Art Shelest ,  Christian Huitema

IPC分类号： G06F15/16

CPC分类号： H04L63/0272 ,  H04L9/3218 ,  H04L63/029 ,  H04L63/0442 ,  H04L63/08 ,  H04L63/083 ,  H04L63/0853 ,  H04L63/1458 ,  H04L63/166 ,  H04L2209/56 ,  H04L2209/76 ,  H04L2209/80

摘要： A firewall acts as a transparent gateway to a server within a private network by initiating an unsolicited challenge to a client to provide authentication credentials. After receiving the client's credentials, the firewall verifies the authentication credentials and establishes a secure channel for accessing the server. Data destined for the server from the client may be forwarded through the firewall using the secure channel. The firewall may sign, or otherwise indicate that data forwarded to the server is from a client that the firewall has authenticated. The firewall also may provide some level of authentication to the client. While connected to the server, the client may access other servers external to the private network without having the data associated with the other servers pass through the private network. The firewall reduces configuration information that a client otherwise must maintain to access various private network servers.

摘要翻译： 防火墙通过向客户端发起未经请求的挑战来提供认证凭据，作为私有网络中的服务器的透明网关。 在收到客户端凭据后，防火墙会验证身份验证凭据，并建立一个用于访问服务器的安全通道。 从客户端发往服务器的数据可以使用安全通道通过防火墙转发。 防火墙可以签署或以其他方式指示转发到服务器的数据来自防火墙已经认证的客户端。 防火墙还可以向客户端提供一定程度的认证。 当连接到服务器时，客户端可以访问专用网络外部的其他服务器，而不会使与其他服务器相关联的数据通过专用网络。 防火墙可以减少客户端必须维护的配置信息，以访问各种专用网络服务器。