-
101.发明授权Method and apparatus for fragmenting and reassembling internet key exchange data packets 有权将互联网密钥交换数据包分段和重组的方法和装置公开(公告)号:US07500102B2
公开(公告)日:2009-03-03
申请号:US10056889
申请日:2002-01-25
申请人: Brian Swander , Christian Huitema
发明人: Brian Swander , Christian Huitema
CPC分类号: H04L63/029 , H04L29/1249 , H04L61/256 , H04L63/061 , H04L69/16 , H04L69/164 , H04L69/166
摘要: A method and apparatus for fragmenting and reassembling IKE protocol data packets that exceed a Maximum Transmission Unit is provided. A transmitting node determines whether to fragment IKE data depending on whether the receiving node has the capability to receive and reassemble fragmented data packets. The transmitting node detects whether fragmentation is appropriate and then intercepts and fragments appropriate IKE payloads for transmission over a network. The invention further includes a method and apparatus for reassembling fragmented IKE payloads. The receiving node discards certain packets according to a set of predetermined rules that are designed to prevent denial of service attacks and other similar attacks. No modification is required to the existing IKE protocol or to other lower level networking protocols.
摘要翻译: 提供了一种用于分段和重新组合超过最大传输单元的IKE协议数据分组的方法和装置。 发送节点根据接收节点是否具有接收和重组分段数据分组的能力来确定是否分片IKE数据。 发送节点检测分段是否合适,然后拦截并分片适当的IKE有效载荷,以便通过网络进行传输。 本发明还包括用于重新组装分段的IKE有效载荷的方法和装置。 接收节点根据旨在防止拒绝服务攻击和其他类似攻击的一组预定规则来丢弃某些分组。 现有的IKE协议或其他较低级别的网络协议不需要修改。
-
102.发明授权Reducing network configuration complexity with transparent virtual private networks 有权透明虚拟专用网络降低网络配置复杂度公开(公告)号:US07305705B2
公开(公告)日:2007-12-04
申请号:US10611832
申请日:2003-06-30
申请人: Art Shelest , Christian Huitema
发明人: Art Shelest , Christian Huitema
IPC分类号: G06F15/16
CPC分类号: H04L63/0272 , H04L9/3218 , H04L63/029 , H04L63/0442 , H04L63/08 , H04L63/083 , H04L63/0853 , H04L63/1458 , H04L63/166 , H04L2209/56 , H04L2209/76 , H04L2209/80
摘要: A firewall acts as a transparent gateway to a server within a private network by initiating an unsolicited challenge to a client to provide authentication credentials. After receiving the client's credentials, the firewall verifies the authentication credentials and establishes a secure channel for accessing the server. Data destined for the server from the client may be forwarded through the firewall using the secure channel. The firewall may sign, or otherwise indicate that data forwarded to the server is from a client that the firewall has authenticated. The firewall also may provide some level of authentication to the client. While connected to the server, the client may access other servers external to the private network without having the data associated with the other servers pass through the private network. The firewall reduces configuration information that a client otherwise must maintain to access various private network servers.
摘要翻译: 防火墙通过向客户端发起未经请求的挑战来提供认证凭据,作为私有网络中的服务器的透明网关。 在收到客户端凭据后,防火墙会验证身份验证凭据,并建立一个用于访问服务器的安全通道。 从客户端发往服务器的数据可以使用安全通道通过防火墙转发。 防火墙可以签署或以其他方式指示转发到服务器的数据来自防火墙已经认证的客户端。 防火墙还可以向客户端提供一定程度的认证。 当连接到服务器时,客户端可以访问专用网络外部的其他服务器,而不会使与其他服务器相关联的数据通过专用网络。 防火墙可以减少客户端必须维护的配置信息,以访问各种专用网络服务器。
-
103.发明授权Peer-to-peer name resolution protocol (PNRP) security infrastructure and method 有权对等名称解析协议(PNRP)安全基础设施和方法公开(公告)号:US07299351B2
公开(公告)日:2007-11-20
申请号:US09956260
申请日:2001-09-19
IPC分类号: H04L9/00
CPC分类号: H04L63/04
摘要: A method for use in a peer-to-peer communication system to ensure valid connections are made in a secure manner includes the steps of receiving an address record for a peer node which includes an ID certificate. The ID certificate is validated and checked to verify that the ID certificate has not expired. Further, the method determines if the node from whom the address record was received is to be trusted, and the number of instances of the IP address included in the certificate is already stored in cache. When the foregoing are completed successfully, i.e. the certificate is valid, not expired, has been supplied by a trusted neighbor, and does not point to an IP address that already exists for different ID's multiple times, the method opportunistically verifies ownership of the ID certificate at the peer node's IP address. That is, the verification of ownership only occurs when the advertiser of the ID is the owner of that ID (or when the ID is to be used). If any of the above cannot be completed successfully, the address record is discarded.
摘要翻译: 在对等通信系统中用于确保有效连接的方法以安全的方式进行包括以下步骤:接收包括ID证书的对等节点的地址记录。 验证和检查ID证书以验证身份证明书尚未过期。 此外,该方法确定接收到地址记录的节点是否被信任,并且包括在证书中的IP地址的实例数量已经存储在高速缓存中。 当上述内容成功完成时,即证书是有效的,未过期的,由信任的邻居提供,并且不指向多次已经存在于不同ID的IP地址,该方法机会地验证身份证书的所有权 在对等节点的IP地址。 也就是说,所有权的验证仅在ID的广告商是该ID的所有者时(或当使用该ID时)发生。 如果上述任何一个都无法成功完成,地址记录将被丢弃。
-
公开(公告)号:US20070263653A1
公开(公告)日:2007-11-15
申请号:US11433804
申请日:2006-05-12
申请人: Amer Hassan , Thomas Kuehnel , Deyun Wu , Christian Huitema , D. Frost
发明人: Amer Hassan , Thomas Kuehnel , Deyun Wu , Christian Huitema , D. Frost
IPC分类号: H04J3/16
CPC分类号: H04W28/0268 , H03M1/12 , H03M9/00 , H04L5/0053 , H04L5/006 , H04L5/0064 , H04L5/1446 , H04L27/18 , H04L27/2605 , H04L27/2607 , H04L27/34 , H04L65/4069 , H04L65/80 , H04W28/24
摘要: A system for signaling an application when a requested data rate and Quality of Service cannot be achieved using OFDM wireless data transmission, and the application proceeds by either renegotiating QoS and data rate, or waiting until they requested rate and QoS are met.
摘要翻译: 当使用OFDM无线数据传输不能实现所请求的数据速率和服务质量时,用于对应用进行信令的系统,并且应用通过重新协商QoS和数据速率或者等待直到满足请求速率和QoS来进行。
-
公开(公告)号:US20070248173A1
公开(公告)日:2007-10-25
申请号:US11410969
申请日:2006-04-25
申请人: Amer Hassan , Christian Huitema
发明人: Amer Hassan , Christian Huitema
CPC分类号: H04L5/0007 , H04L5/0037 , H04L5/006 , H04L5/0064
摘要: A multiuser scheme allowing for a number of users, sets of user, or carriers to share one or more channels is provided. In the invention, the available channel bandwidth is subdivided into a number of equal-bandwidth subchannels according to standard OFDM practice. The transmitter is informed by an application that it needs to transmit data a particular rate. The transmitter determines the minimum number of subchannels and maximum energy (or noise) threshold for each subchannel necessary to achieve that data rate and selects a set of subchannels matching those requirements. The subchannels need not be contiguous in the spectrum or belong to the same channel. Once the transmitter has selected the required number of subchannels, it begins transmitting simultaneously on those subchannels across the entire bandwidth used by those subchannels.
摘要翻译: 提供允许多个用户,一组用户或运营商共享一个或多个信道的多用户方案。 在本发明中,可用信道带宽根据标准OFDM实践被细分为多个等带宽子信道。 发射机被应用程序通知它需要以特定速率传输数据。 发射机确定实现该数据速率所需的每个子信道的子信道的最小数目和最大能量(或噪声)阈值,并选择一组符合这些要求的子信道。 子信道不需要在频谱中是连续的或属于同一信道。 一旦发射机选择了所需数量的子信道,它将在这些子信道使用的整个带宽上在这些子信道上同时开始传输。
-
公开(公告)号:US20070078924A1
公开(公告)日:2007-04-05
申请号:US11239945
申请日:2005-09-30
申请人: Amer Hassan , Christian Huitema , Vishesh Parikh
发明人: Amer Hassan , Christian Huitema , Vishesh Parikh
CPC分类号: H04B1/0003 , G06F21/125 , G06F2221/2111 , H04B1/406 , H04L63/0428 , H04L63/10 , H04L2463/101
摘要: Systems and methods are provided for modularly constructing a software defined radio (“SDR”). Given an SDR kernel (i.e., a potentially platform-neutral definition of digital signal processing functionality and control operations necessary to implement the core portion of a software defined radio implementing a particular radio standard), an optional description of governmental regulations for a particular locality, and an interface harness providing the necessary components for interfacing to specific communication channels and devices (including SDR hardware components), an SDR factory component performs a process of constructing an SDR software component for implementing a particular radio standard on a particular host. The SDR software component may additionally construct components which restrict the operation of the resulting SDR software component. The SDR kernel may be protected by one or more digital rights management (“DRM”) policies which may be enforced both at the time the SDR software component is constructed and while it is operating.
摘要翻译: 提供了用于模块化构建软件定义无线电(“SDR”)的系统和方法。 给定SDR内核(即,实现特定无线电标准的软件定义无线电的核心部分所需的数字信号处理功能和控制操作的潜在平台中立定义),对特定地点的政府法规的可选描述, 以及提供用于与特定通信信道和设备(包括SDR硬件组件)接口的必要组件的接口线束,SDR工厂组件执行构建用于在特定主机上实现特定无线电标准的SDR软件组件的过程。 SDR软件组件可以另外构造限制所得到的SDR软件组件的操作的组件。 SDR内核可能受到一个或多个数字版权管理(“DRM”)策略的保护,这些策略可以在构建SDR软件组件时和在运行时都被执行。
-
公开(公告)号:US20060242227A1
公开(公告)日:2006-10-26
申请号:US10907985
申请日:2005-04-22
申请人: Ravi Rao , Tomer Weisberg , Noah Horton , Christian Huitema , Sandeep Singhal
发明人: Ravi Rao , Tomer Weisberg , Noah Horton , Christian Huitema , Sandeep Singhal
IPC分类号: G06F15/16
CPC分类号: H04L63/02 , H04L29/12066 , H04L29/12113 , H04L61/1511 , H04L61/1541
摘要: A method of discovering a community relay node within a network community wherein the community relay node is operatively coupled to an access-protected client and adapted to facilitate communication between the access-protected client and a requesting client, includes receiving a request message from a requesting client relating to a request for a community relay node, associating the request message with a serverless name resolution protocol name, selecting a community relay node from among a list of community relay nodes based on the serverless name resolution protocol name, wherein the list of community relay nodes comprises at least one internet protocol address associated with a community relay node, and returning an internet protocol address of the selected community relay node to the requesting client.
摘要翻译: 一种发现网络社区内的社区中继节点的方法,其中所述社区中继节点可操作地耦合到接入保护客户端并且适于促进所述接入保护客户端与请求客户端之间的通信,包括从请求者接收请求消息 客户端涉及对社区中继节点的请求,将请求消息与无服务器名称解析协议名称相关联,基于无服务器名称解析协议名称从社区中继节点列表中选择社区中继节点,其中,社区列表 中继节点包括与社区中继节点相关联的至少一个因特网协议地址,并且将所选择的社区中继节点的因特网协议地址返回给请求客户端。
-
公开(公告)号:US20060209704A1
公开(公告)日:2006-09-21
申请号:US11072525
申请日:2005-03-07
申请人: John Miller , Manuel Costa , Noah Horton , Christian Huitema , Sandeep Singhal
发明人: John Miller , Manuel Costa , Noah Horton , Christian Huitema , Sandeep Singhal
IPC分类号: H04L12/26
CPC分类号: H04L67/104 , H04L43/0858 , H04L43/0864 , H04L43/12 , H04L67/1046 , H04L67/1068
摘要: A method is provided for a host node in a computer network to determine its coordinates in a d-dimensional network space, comprising discovering an address of a peer node in the network, measuring network latency between the host node and the peer node, determining whether network latency has been measured for at least d+1 peer nodes, where, if network latency has not been measured for at least d+1 peer nodes, estimating the network coordinates of the host node, and where, if network latency has been measured for at least d+1 peer nodes, calculating the network coordinates of the host node using d+1 measured latencies.
摘要翻译: 提供了一种用于计算机网络中的主机节点来确定其在d维网络空间中的坐标的方法,包括发现网络中的对等节点的地址,测量主机节点和对等节点之间的网络等待时间,确定是否 已经对至少d + 1个对等节点测量了网络延迟,其中,如果尚未对至少d + 1个对等节点进行网络延迟测量,则估计主机节点的网络坐标,以及如果已经测量了网络延迟 对于至少d + 1个对等节点,使用d + 1测量的延迟来计算主机节点的网络坐标。
-
公开(公告)号:US20060161980A1
公开(公告)日:2006-07-20
申请号:US11039758
申请日:2005-01-18
CPC分类号: H04L63/14 , H04L63/1433 , H04L63/1458
摘要: Malicious network node activity and, in particular, denial of service attacks, may be mitigated by one or more practical mitigation mechanisms and mitigation mechanism combinations. Suitable protocol messages may be challenged with a challenge probe. A response to the challenge probe may be utilized to determine if received protocol messages are illegitimate, that is, originated by a malicious network node. Received protocol messages may be classified as questionable protocol messages. For efficiency, protocol message challenges may be limited to protocol message classified as questionable. A sequence number limit may be calculated as a function of receive window size. Transmission control protocol messages may be determined to be illegitimate by comparing the acknowledgement number field with the calculated sequence number limit. Randomized selection of source port numbers for transmission control protocol connections may also mitigate malicious network node activity by resulting in legitimate protocol message field values that are less predictable.
-
公开(公告)号:US20060005013A1
公开(公告)日:2006-01-05
申请号:US10882079
申请日:2004-06-30
申请人: Christian Huitema , Josh Benaloh , Kim Cameron
发明人: Christian Huitema , Josh Benaloh , Kim Cameron
IPC分类号: H04L9/00
CPC分类号: G06F21/46 , G06F21/31 , H04L9/3239
摘要: A method of generating a call sign. A method of generating a call sign comprising determining a distinguished qualifier, finding a distinguished salt, and hashing the distinguished salt with the distinguished qualifier.
摘要翻译: 一种生成呼号的方法。 一种产生呼号的方法,包括:确定一个不同的限定符,找到一个不同的盐,以及用该区别的限定符散列不同的盐。
-
-
-
-
-
-
-
-
-
搜索结果
135 条记录 (耗时 0.041 秒)
