-
公开(公告)号:US07367054B2
公开(公告)日:2008-04-29
申请号:US10297844
申请日:2001-06-26
申请人: Andrea Soppera
发明人: Andrea Soppera
CPC分类号: H04L63/0823 , H04L63/1416 , H04L63/1458 , H04L2463/146
摘要: A Denial of Service attack received at a network node from a packet data communications network is managed by tracing the path of predominantly malicious data packets arriving at the network node. The attack may be mitigated by selecting a router along the detected path and requesting the router to alter its handling of the data traffic. In one embodiment, the selected router installs a filter for data directed at the network node. In a different embodiment, the router alters a Quality of Service setting for the data directed at the network node. The network node may also request the router to mark all data being forwarded to it, to allow the network to characterize the data and determine to what extent it consists of malicious data.
摘要翻译: 通过跟踪到达网络节点的主要恶意数据分组的路径来管理从分组数据通信网络在网络节点处接收到的拒绝服务攻击。 可以通过沿着检测到的路径选择路由器并请求路由器改变其对数据业务的处理来减轻攻击。 在一个实施例中,所选择的路由器为针对网络节点的数据安装一个过滤器。 在不同的实施例中,路由器改变针对网络节点的数据的服务质量设置。 网络节点还可以请求路由器标记正在转发给它的所有数据,以允许网络对数据进行表征,并确定其在何种程度上由恶意数据组成。
-
公开(公告)号:US20050091545A1
公开(公告)日:2005-04-28
申请号:US10506180
申请日:2003-02-24
申请人: Andrea Soppera
发明人: Andrea Soppera
CPC分类号: H04L63/0823 , G06F21/64 , H04L63/126
摘要: An authentication method for linked data is provided, which does away with the conventional requirement for secure authentication of every item of data using public key encryption or Message Access Codes. A subscriber to an indexed event announcement channel can access a first item of information which contains pointers to other items of information in which the user might be interested. A hash value of the pointed-to information is also provided in addition to the pointers themselves. In order to provide for authentication of the pointed-to information, the user authenticates the first item of information using a secure heavyweight authentication technique, and then uses the hash values of the pointed-to information contained in the first item of information to authenticate the pointed-to information when the user accesses it.
摘要翻译: 提供了一种用于链接数据的认证方法,其消除了使用公共密钥加密或消息访问代码对每个数据项的安全认证的常规要求。 索引事件通知通道的订户可以访问包含指向用户可能感兴趣的其他信息项的指针的第一信息项。 除了指针本身之外,还提供了指向信息的哈希值。 为了提供指向信息的认证,用户使用安全重量级认证技术来认证第一信息项,然后使用包含在第一信息项中的指向信息的散列值来认证 当用户访问它时指向的信息。
-
公开(公告)号:US09712422B2
公开(公告)日:2017-07-18
申请号:US14009211
申请日:2012-03-16
申请人: Trevor Burbridge , Andrea Soppera
发明人: Trevor Burbridge , Andrea Soppera
IPC分类号: G06F15/173 , H04L12/701 , H04L29/12 , H04L29/08 , H04L12/911
CPC分类号: H04L45/00 , H04L47/70 , H04L61/1511 , H04L67/1021 , H04L67/125 , H04L67/16 , H04L67/2842
摘要: Methods and apparatus are disclosed for enabling selection of a remote service node from a plurality of possible nodes, each capable of providing a service, and each associated with a service node control entity. The method comprises: receiving a user request in respect of a service required by a user, the request containing a first user device routing identifier relating to the location in the network of the user device, and a service indication indicative of an appropriate service provider; identifying from the service indication a service node control entity associated with the service provider; sending to the service node control entity a service node request containing a second user device routing identifier differing from the first user device routing identifier but selected at least partly in dependence thereon; receiving from the service node control entity an indication of a remote service node capable of providing the required service; and providing an indication of the remote service node to the user device.
-
公开(公告)号:US08391152B2
公开(公告)日:2013-03-05
申请号:US10593423
申请日:2005-03-30
申请人: Bob Briscoe , Andrea Soppera , Arnaud Jacquet , Sebastien Cazalet
发明人: Bob Briscoe , Andrea Soppera , Arnaud Jacquet , Sebastien Cazalet
IPC分类号: H04L12/26
CPC分类号: H04L12/14 , H04L12/1425 , H04L12/1489 , H04L45/02 , H04L45/123 , H04L45/22 , H04L45/26 , H04L45/70
摘要: Data networks and nodes making up parts of data networks are arranged to derive information relating to the characterization of paths taken by data travelling between nodes in the networks. Path characterization information is fed back from a receiver of data to a provider of data, and informs nodes subsequently forwarding data of characteristics of the downstream path. Also described are routing and related controlling nodes and methods for using such path characterization information to make informed routing and other decisions when forwarding data in a data network.
摘要翻译: 构成数据网络部分的数据网络和节点被安排为导出与在网络中的节点之间传播的数据所描述的路径的特征相关的信息。 路径特征信息从数据接收器反馈到数据提供者,并且通知节点随后转发下游路径特征的数据。 还描述了路由和相关控制节点以及用于在数据网络中转发数据时使用这样的路径表征信息进行通知路由和其他决定的方法。
-
公开(公告)号:US08310346B2
公开(公告)日:2012-11-13
申请号:US12531143
申请日:2008-03-11
申请人: Trevor Burbridge , Andrea Soppera
发明人: Trevor Burbridge , Andrea Soppera
CPC分类号: G06Q10/08 , H04L9/0897 , H04L9/3234 , H04L9/3247 , H04L2209/38 , H04L2209/805
摘要: Apparatus and system for verifying a route taken during movement of an RFID tag, comprising a trusted platform module; sealed storage (80) comprising one or more stores (50, 52) for storing a public key (64), a private key (68) and a policy (62); and processors arranged to: receive data (60) read-out from the RFID tag (4) and comprising an RFID tag identity and an encrypted signature (9); use the public key (64) to decrypt the encrypted signature (9); verify that the decrypted signature (9) corresponds to a first entity from which, according to the policy (62), a second entity is authorised to receive the given RFID tag (4); use the private key (68) to provide an encrypted signature (9); and forward data comprising the encrypted signature (9) to an RFID tag writer (22).
摘要翻译: 用于验证在RFID标签移动期间所采取的路线的装置和系统,包括可信平台模块; 密封存储器(80),包括用于存储公钥(64),私钥(68)和策略(62)的一个或多个存储器(50,52)。 以及处理器,被布置为:从所述RFID标签(4)接收从RFID标签识别和加密签名(9)读出的数据(60); 使用公开密钥(64)对加密的签名(9)进行解密; 验证所述解密签名(9)对应于第一实体,根据所述策略(62),第二实体被授权接收所述给定的RFID标签(4); 使用私钥(68)提供加密签名(9); 以及将包括所述加密签名(9)的数据转发到RFID标签写入器(22)。
-
公开(公告)号:US08143995B2
公开(公告)日:2012-03-27
申请号:US11794256
申请日:2005-12-23
IPC分类号: G08B21/00
CPC分类号: H04L9/3263 , G06K19/0723 , G06K19/073 , G06K2017/0045 , G06K2017/0064 , G07C9/00111 , H04L63/0853 , H04L2209/805 , H04L2209/88
摘要: A control device, method and system for controlling data exchange between entities and item identification devices associated with said control device; said entities having an associated data exchange means for exchanging data with item identification devices; said data exchange means being arranged to provide authentication data indicative of the entity with which they are associated; and said control device comprising means for enabling exchange of data between said item identification devices and the entity with which said data exchange means is associated in accordance with an applicable access policy for that entity.
摘要翻译: 一种用于控制与所述控制装置相关联的实体和物品识别装置之间的数据交换的控制装置,方法和系统; 所述实体具有用于与物品识别装置交换数据的相关联的数据交换装置; 所述数据交换装置被布置成提供指示与其相关联的实体的认证数据; 并且所述控制设备包括用于在所述物品识别装置与所述数据交换装置与之相关联的实体之间进行数据交换的装置,该数据交换装置根据该实体的适用访问策略。
-
公开(公告)号:US20110271321A1
公开(公告)日:2011-11-03
申请号:US13142677
申请日:2009-12-18
申请人: Andrea Soppera , Trevor Burbridge
发明人: Andrea Soppera , Trevor Burbridge
IPC分类号: G06F17/00
CPC分类号: G06F21/604
摘要: Methods and apparatus for updating a policy store associated with a policy decision point of an access control system, the policy decision point being arranged to provide, in response to received decision requests, access control decisions in dependence on one or more policies stored in said policy store, each policy specifying a predetermined access control decision to be provided in response to a particular access request made in respect of a particular attribute or combination of attributes, the policy decision point being associated with at least one policy enforcement point arranged to implement access control in accordance with access control decisions provided by said policy decision point in response to decision requests submitted by said policy enforcement point, said policy enforcement point having associated therewith an attribute store providing data relating to attributes in respect of which access requests have previously been made via said policy enforcement point.
摘要翻译: 用于更新与访问控制系统的策略决策点相关联的策略存储库的方法和装置,所述策略决策点被安排为响应于所接收到的决策请求,提供根据存储在所述策略中的一个或多个策略的访问控制决定 存储,每个策略指定响应于关于特定属性或属性组合而做出的特定访问请求来提供的预定访问控制决定,所述策略决策点与被布置为实现访问控制的至少一个策略执行点相关联 根据由所述策略决策点提供的响应于由所述策略执行点提交的决策请求提供的访问控制决策,所述策略执行点具有与其相关联的属性存储器,提供与先前已经通过 说政策执行点。
-
公开(公告)号:US20100111294A1
公开(公告)日:2010-05-06
申请号:US12531137
申请日:2008-03-11
申请人: Andrea Soppera , Trevor Burbridge
发明人: Andrea Soppera , Trevor Burbridge
CPC分类号: H04L9/3234 , G06Q10/08 , G06Q10/087 , H04L9/3247 , H04L2209/38 , H04L2209/805
摘要: A method, apparatus and system for verifying a route taken during movement of an RFID tag (4) between different entities of an authorized route. The method comprises: first verification apparatus (10) associated with a first entity using a first private key (68) to provide a first encrypted signature (9) that is written to an RFID tag (4); second verification apparatus (20) associated with a second entity using a public key (64) to decrypt the signature (9) from data read out from the RFID tag (4); and the second verification apparatus (20) verifying that the decrypted signature (9) corresponds to an entity from which the second entity is authorized to receive the given RFID tag identity. The second verification apparatus (20) may use a second private key (68) to provide a second encrypted signature (9) that is written to the RFID tag (4).
摘要翻译: 一种用于验证在授权路线的不同实体之间的RFID标签(4)移动期间所采取的路线的方法,装置和系统。 该方法包括:使用第一私钥(68)与第一实体相关联以提供被写入RFID标签(4)的第一加密签名(9)的第一验证装置(10); 第二验证装置(20),其使用公共密钥(64)与第二实体相关联,以从从RFID标签(4)读出的数据解密签名(9)。 以及所述第二验证装置(20)验证所述解密签名(9)对应于所述第二实体被授权接收所述给定RFID标签标识的实体。 第二验证装置(20)可以使用第二私钥(68)提供写入RFID标签(4)的第二加密签名(9)。
-
公开(公告)号:US20090273451A1
公开(公告)日:2009-11-05
申请号:US12295057
申请日:2007-03-12
申请人: Andrea Soppera , Trevor Burbridge
发明人: Andrea Soppera , Trevor Burbridge
IPC分类号: H04Q5/22
CPC分类号: G06K19/0723 , G06K2017/0045 , G06K2017/0064
摘要: Methods and devices for enabling a user to obtain item information relating to an item (10), the item having associated therewith an item identification means (12) and an RFID response means (14) arranged to provide a predetermined response on being subjected to a currently applicable trigger signal; the method comprising steps of: establishing from the item identification means (12) item identification information; using the item identification information to determine from an item information source (30) a currently applicable trigger signal for the RFID response means (14); subjecting the RFID response means (14) to the currently applicable trigger signal; receiving a predetermined response from the RFID response means (14); and using the predetermined response to obtain item information from the item information source (30); wherein the RFID response means (14) is arranged to generate a new currently applicable trigger signal and a new predetermined response associated therewith following subjecting of the RFID response means (14) to the currently applicable trigger signal.
摘要翻译: 用于使用户能够获得与项目(10)有关的项目信息的方法和装置,所述项目具有与其相关联的物品识别装置(12)和RFID应答装置(14),所述RFID应答装置被布置成在经受 当前适用的触发信号; 该方法包括以下步骤:从项目识别装置(12)建立项目识别信息; 使用所述物品识别信息,从物品信息源(30)确定当前适用于所述RFID应答装置(14)的触发信号; 使RFID应答装置(14)经受当前适用的触发信号; 从所述RFID应答装置接收预定的响应; 以及使用所述预定响应从所述物品信息源(30)获取物品信息; 其中所述RFID响应装置(14)被布置成在经过所述RFID响应装置(14)到当前可应用的触发信号之后产生新的当前可应用的触发信号和与之相关联的新的预定响应。
-
公开(公告)号:US20080091766A1
公开(公告)日:2008-04-17
申请号:US11579374
申请日:2005-05-09
申请人: Robert Briscoe , Andrea Soppera , Arnaud Jacquet
发明人: Robert Briscoe , Andrea Soppera , Arnaud Jacquet
IPC分类号: G06F15/16
CPC分类号: H04L47/10 , H04L12/5602 , H04L41/142 , H04L43/0829 , H04L47/20 , H04L47/32 , H04L67/14 , H04L67/327
摘要: A processing node for processing data items in a data network, comprising means for receiving data items, means for receiving characterisation metrics associated with the data items and identifying characteristic values in respect thereof, and a process selection means, said process selection means comprising means for deriving a collective value from characteristic values associated with a plurality of the data items, means for comparing characteristic values associated with a plurality of the data items with a predetermined target value, means for subjecting data items in respect of which the characteristic values are on a first side of the predetermined target value to a first process, means for selecting at least some of the data items in respect of which the characteristic values are on a second side of the predetermined target value, and means for subjecting the selected data items to a second process which is different from the first process.
摘要翻译: 一种用于处理数据网络中的数据项的处理节点,包括用于接收数据项的装置,用于接收与数据项相关联的表征度量和识别与其相关的特征值的装置,以及过程选择装置,所述过程选择装置包括: 从与多个数据项相关联的特征值导出集合值,用于将与多个数据项相关联的特征值与预定目标值进行比较的装置,用于对特征值在其上的数据项进行处理的装置 预定目标值的第一侧到第一处理,用于选择特征值在预定目标值的第二侧上的数据项中的至少一些的装置,以及用于使所选择的数据项到达的装置 第二个过程与第一个过程不同。
-
-
-
-
-
-
-
-
-
搜索结果
43 条记录 (耗时 0.021 秒)
