公开(公告)号：US20090006849A1

公开(公告)日：2009-01-01

申请号：US12138421

申请日：2008-06-13

Applicant: Rohit Gupta ,  Alexandru Gavrilescu ,  John L. Miller ,  Graham A. Wheeler

Inventor： Rohit Gupta ,  Alexandru Gavrilescu ,  John L. Miller ,  Graham A. Wheeler

IPC: H04L9/00 ,  G06F15/173

CPC classification number: H04L67/104 ,  H04L29/12009 ,  H04L29/12047 ,  H04L61/15 ,  H04L63/0823 ,  H04L63/126 ,  H04L63/1458 ,  Y10S707/99939

Abstract: A security infrastructure and methods are presented that inhibit the ability of a malicious node from disrupting the normal operations of a peer-to-peer network. The methods of the invention allow both secure and insecure identities to be used by nodes by making them self-verifying. When necessary or opportunistic, ID ownership is validated by piggybacking the validation on existing messages. The probability of connecting initially to a malicious node is reduced by randomly selecting to which node to connect. Further, information from malicious nodes is identified and can be disregarded by maintaining information about prior communications that will require a future response. Denial of service attacks are inhibited by allowing the node to disregard requests when its resource utilization exceeds a predetermined limit. The ability for a malicious node to remove a valid node is reduced by requiring that revocation certificates be signed by the node to be removed.

Abstract translation: 提出了一种防止恶意节点中断对等网络的正常操作的能力的安全基础设施和方法。 本发明的方法允许节点通过使其自我验证来使用安全和不安全的身份。 在必要或机会主义的情况下，通过捎带现有消息的验证来验证身份所有权。 通过随机选择连接到哪个节点来减少初始连接到恶意节点的概率。 此外，来自恶意节点的信息被识别，并且可以通过维护关于将要响应的先前通信的信息而被忽略。 通过允许节点在其资源利用超过预定限制时忽略请求，禁止拒绝服务攻击。 恶意节点删除有效节点的能力通过要求撤销证书由要删除的节点进行签名来减少。

公开(公告)号：US07444372B2

公开(公告)日：2008-10-28

申请号：US11375726

申请日：2006-03-15

Applicant: Rohit Gupta ,  Alexandru Gavrilescu ,  John L. Miller ,  Graham A. Wheeler

Inventor： Rohit Gupta ,  Alexandru Gavrilescu ,  John L. Miller ,  Graham A. Wheeler

IPC: G06F15/16 ,  H04L9/00

CPC classification number: H04L67/104 ,  H04L29/12009 ,  H04L29/12047 ,  H04L61/15 ,  H04L63/0823 ,  H04L63/126 ,  H04L63/1458 ,  Y10S707/99939

Abstract: A security infrastructure and methods are presented that inhibit the ability of a malicious node from disrupting the normal operations of a peer-to-peer network. The methods of the invention allow both secure and insecure identities to be used by nodes by making them self-verifying. When necessary or opportunistic, ID ownership is validated by piggybacking the validation on existing messages. The probability of connecting initially to a malicious node is reduced by randomly selecting to which node to connect. Further, information from malicious nodes is identified and can be disregarded by maintaining information about prior communications that will require a future response. Denial of service attacks are inhibited by allowing the node to disregard requests when its resource utilization exceeds a predetermined limit. The ability for a malicious node to remove a valid node is reduced by requiring that revocation certificates be signed by the node to be removed.

公开(公告)号：US08621056B2

公开(公告)日：2013-12-31

申请号：US12958426

申请日：2010-12-02

Applicant: Didier M. Coussemaeker ,  Graham A. Wheeler ,  Nicolas Mai

Inventor： Didier M. Coussemaeker ,  Graham A. Wheeler ,  Nicolas Mai

IPC: G06F15/173

CPC classification number: H04W12/08

Abstract: Functionality is described that allows plural computing devices to share a master account. In one implementation, the functionality allows any candidate device to directly communicate with a communication system using the master account, providing that the candidate device satisfies a prescribed condition with respect to a master device. For example, the functionality can allow the candidate device to communicate with the communication system if it is within a threshold distance of the master device. In another implementation, the functionality instructs the master device and the candidate device to set up a tethering relationship. The functionality can then allow the candidate device to communicate with the communication system, via the master device, using the master account. In one implementation, the functionality can set up the tethering relationship without substantial (or any) involvement of the user (or users) who operate the master device and candidate device.

Abstract translation: 描述了允许多个计算设备共享主帐户的功能。 在一个实现中，功能允许任何候选设备直接与使用主账户的通信系统进行通信，条件是候选设备相对于主设备满足规定条件。 例如，如果候选设备处于主设备的阈值距离内，则该功能可以允许候选设备与通信系统进行通信。 在另一实现中，该功能指示主设备和候选设备建立系链关系。 然后，功能可以允许候选设备通过主设备使用主帐户与通信系统通信。 在一个实施方式中，功能可以在没有实际（或任何）参与操作主设备和候选设备的用户（或用户）的情况下建立系链关系。

公开(公告)号：US20120143978A1

公开(公告)日：2012-06-07

申请号：US12958426

申请日：2010-12-02

Applicant: Didier M. Coussemaeker ,  Graham A. Wheeler ,  Nicolas Mai

Inventor： Didier M. Coussemaeker ,  Graham A. Wheeler ,  Nicolas Mai

IPC: G06F15/16

CPC classification number: H04W12/08

Abstract: Functionality is described that allows plural computing devices to share a master account. In one implementation, the functionality allows any candidate device to directly communicate with a communication system using the master account, providing that the candidate device satisfies a prescribed condition with respect to a master device. For example, the functionality can allow the candidate device to communicate with the communication system if it is within a threshold distance of the master device. In another implementation, the functionality instructs the master device and the candidate device to set up a tethering relationship. The functionality can then allow the candidate device to communicate with the communication system, via the master device, using the master account. In one implementation, the functionality can set up the tethering relationship without substantial (or any) involvement of the user (or users) who operate the master device and candidate device.

Abstract translation: 描述了允许多个计算设备共享主帐户的功能。 在一个实现中，功能允许任何候选设备直接与使用主账户的通信系统进行通信，条件是候选设备相对于主设备满足规定条件。 例如，如果候选设备处于主设备的阈值距离内，则该功能可以允许候选设备与通信系统进行通信。 在另一实现中，该功能指示主设备和候选设备建立系链关系。 然后，功能可以允许候选设备通过主设备使用主帐户与通信系统通信。 在一个实施方式中，功能可以在没有实际（或任何）参与操作主设备和候选设备的用户（或用户）的情况下建立系链关系。