公开(公告)号：US06789147B1

公开(公告)日：2004-09-07

申请号：US10025512

申请日：2001-12-19

申请人： Richard E. Kessler ,  David A. Carlson ,  Muhammad Raghib Hussain ,  Robert A. Sanzone ,  Khaja E. Ahmed ,  Michael D. Varga

发明人： Richard E. Kessler ,  David A. Carlson ,  Muhammad Raghib Hussain ,  Robert A. Sanzone ,  Khaja E. Ahmed ,  Michael D. Varga

IPC分类号： G06F900

CPC分类号： H04L63/166 ,  G06F21/602

摘要： A method and apparatus for processing security operations are described. In one embodiment, a processor includes a number of execution units to process a number of requests for security operations. The number of execution units are to output the results of the number of requests to a number of output data structures associated with the number of requests within a remote memory based on pointers stored in the number of requests. The number of execution units can output the results in an order that is different from the order of the requests in a request queue. The processor also includes a request unit coupled to the number of execution units. The request unit is to retrieve a portion of the number of requests from the request queue within the remote memory and associated input data structures for the portion of the number of requests from the remote memory. Additionally, the request unit is to distribute the retrieved requests to the number of execution units based on availability for processing by the number of execution units.

摘要翻译： 描述用于处理安全操作的方法和装置。 在一个实施例中，处理器包括多个执行单元，用于处理多个安全操作请求。 执行单元的数量是基于存储在请求数中的指针，将与多个与远程存储器内的请求数相关联的输出数据结构的请求数的结果输出。 执行单元的数量可以按照与请求队列中的请求顺序不同的顺序输出结果。 处理器还包括耦合到执行单元数量的请求单元。 请求单元从远程存储器中的请求队列中检索一部分请求数，并且从远程存储器中获取部分请求的相关联的输入数据结构。 此外，请求单元是基于执行单元的数量的处理的可用性将检索到的请求分发到执行单元的数量。

公开(公告)号：US08112477B2

公开(公告)日：2012-02-07

申请号：US13207925

申请日：2011-08-11

申请人： Ravi T. Rao ,  Khaja E. Ahmed ,  R. Scott Briggs ,  Scott A. Plant

发明人： Ravi T. Rao ,  Khaja E. Ahmed ,  R. Scott Briggs ,  Scott A. Plant

IPC分类号： G06F15/16

CPC分类号： H04L9/3236 ,  H04L2209/30 ,  H04L2209/60

摘要： Described is a technology in which client content requests to a server over a wide area network (WAN) are responded to with hash information by which the client may locate the content among one or more peer sources coupled to the client via a local area network (LAN). The hash information may be in the form of a segment hash that identifies multiple blocks of content, whereby the server can reference multiple content blocks with a single hash value. Segment boundaries may be adaptive by determining them according to criteria, by dividing streamed content into segments, and/or by processing the content based on the content data (e.g., via RDC or content/application type) to determine split points. Also described is content validation using the hash information, including by generating and walking a Merkle tree to determine higher-level segment hashes in order to match a server-provided hash value.

摘要翻译： 描述了一种技术，其中客户端内容通过广域网（WAN）向服务器请求的哈希信息被响​​应，客户端可以通过该信息来定位经由局域网耦合到客户端的一个或多个对等端点中的内容（ LAN）。 哈希信息可以是标识多个内容块的段哈希形式，由此服务器可以引用具有单个散列值的多个内容块。 通过根据标准来确定它们，通过将流内容分成段，和/或通过基于内容数据（例如，经由RDC或内容/应用程序类型）处理内容来确定分割点，来分段边界可以是自适应的。 还描述了使用散列信息的内容验证，包括通过生成和行走Merkle树来确定较高级别的段哈希，以便匹配服务器提供的哈希值。

公开(公告)号：US20090327505A1

公开(公告)日：2009-12-31

申请号：US12163024

申请日：2008-06-27

申请人： Ravi T. Rao ,  Khaja E. Ahmed ,  R. Scott Briggs ,  Scott A. Plant

发明人： Ravi T. Rao ,  Khaja E. Ahmed ,  R. Scott Briggs ,  Scott A. Plant

IPC分类号： G06F15/16

CPC分类号： H04L9/3236 ,  H04L2209/30 ,  H04L2209/60

摘要： Described is a technology in which client content requests to a server over a wide area network (WAN) are responded to with hash information by which the client may locate the content among one or more peer sources coupled to the client via a local area network (LAN). The hash information may be in the form of a segment hash that identifies multiple blocks of content, whereby the server can reference multiple content blocks with a single hash value. Segment boundaries may be adaptive by determining them according to criteria, by dividing streamed content into segments, and/or by processing the content based on the content data (e.g., via RDC or content/application type) to determine split points. Also described is content validation using the hash information, including by generating and walking a Merkle tree to determine higher-level segment hashes in order to match a server-provided hash value.

摘要翻译： 描述了一种技术，其中客户端内容通过广域网（WAN）向服务器请求的哈希信息被响​​应，客户端可以通过该信息来定位经由局域网耦合到客户端的一个或多个对等端点中的内容（ LAN）。 哈希信息可以是标识多个内容块的段哈希形式，由此服务器可以引用具有单个散列值的多个内容块。 通过根据标准来确定它们，通过将流内容分成段，和/或通过基于内容数据（例如，经由RDC或内容/应用程序类型）处理内容来确定分割点，来分段边界可以是自适应的。 还描述了使用散列信息的内容验证，包括通过生成和行走Merkle树来确定较高级别的段哈希，以便匹配服务器提供的哈希值。

公开(公告)号：US07617322B2

公开(公告)日：2009-11-10

申请号：US11540435

申请日：2006-09-29

申请人： Khaja E. Ahmed ,  Daniel R. Simon

发明人： Khaja E. Ahmed ,  Daniel R. Simon

IPC分类号： G06F15/173

CPC分类号： H04L67/104 ,  H04L63/126 ,  H04L67/1068 ,  H04L67/1091 ,  H04L67/28 ,  H04L67/2842

摘要： A system, apparatus, method, and computer-readable medium are provided for secure P2P caching. In one method, a requesting peer obtains a hash of requested data from a server. The requesting peer then transmits a request for the data to other peers. The request proves that the requesting peer has the hash. If a caching peer has the data, it generates a reply to the request that proves that it has the requested data. If the requesting peer receives a reply from a caching peer, the requesting peer establishes a connection to the caching peer and retrieves the data from the caching peer. If the requesting peer does not receive a reply to the request from any other peer, the requesting peer establishes a connection to the server and retrieves the data from the server. The requesting peer stores the data for use in responding to requests from other peers.

摘要翻译： 提供了用于安全P2P缓存的系统，装置，方法和计算机可读介质。 在一种方法中，请求对等体从服务器获取所请求数据的散列。 请求对等体然后向其他对等体发送数据请求。 该请求证明请求对等体具有散列。 如果缓存对等体具有数据，则它生成对请求的答复，证明其具有所请求的数据。 如果请求对等体从缓存对等体接收到回复，则请求对等体建立与缓存对等体的连接并从缓存对等体检索数据。 如果请求对等体没有收到来自任何其他对等体的请求的回复，则请求对等体建立与服务器的连接并从服务器检索数据。 请求对等体存储用于响应来自其他对等体的请求的数据。

公开(公告)号：US07398315B2

公开(公告)日：2008-07-08

申请号：US10684020

申请日：2003-10-10

申请人： Robert George Atkinson ,  Joshua T. Goodman ,  James M. Lyon ,  Roy Williams ,  Khaja E. Ahmed ,  Harry Simon Katz ,  Robert L. Rounthwaite

发明人： Robert George Atkinson ,  Joshua T. Goodman ,  James M. Lyon ,  Roy Williams ,  Khaja E. Ahmed ,  Harry Simon Katz ,  Robert L. Rounthwaite

IPC分类号： G06F13/00

CPC分类号： G06Q10/107 ,  H04L51/12

摘要： The present invention provides for generating inputs that can be provided to a message classification module to facilitate more reliable classification of electronic messages, such as, for example, as unwanted and/or unsolicited. In one embodiment, a sending messaging server provides an appropriate response to address verification data thereby indicating a reduced likelihood of the sending messaging server using a forged network address. In another embodiment, it is determined if a messaging server is authorized to send electronic messages for a domain. In yet another embodiment, electronic message transmission policies adhered to by a domain are identified. In yet a further embodiment, a sending computer system expends computational resources to solve a computational puzzle and includes an answer document in an electronic message. A receiving computer system receives the electronic message and verifies the answer document.

摘要翻译： 本发明提供了用于生成可以提供给消息分类模块的输入，以促进电子消息的更可靠的分类，例如，作为不期望的和/或未经请求的。 在一个实施例中，发送消息收发服务器提供对地址验证数据的适当响应，从而指示发送消息服务器使用伪造网络地址的可能性降低。 在另一个实施例中，确定消息收发服务器是否被授权发送域的电子消息。 在又一实施例中，识别由域附加的电子消息传输策略。 在又一个实施例中，发送计算机系统花费计算资源来解决计算难题，并且包括电子消息中的应答文档。 接收计算机系统接收电子消息并验证答复文件。

公开(公告)号：US07000105B2

公开(公告)日：2006-02-14

申请号：US09950315

申请日：2001-09-10

申请人： Guy S. Tallent, Jr. ,  Lawrence R. Miller ,  Khaja E. Ahmed

发明人： Guy S. Tallent, Jr. ,  Lawrence R. Miller ,  Khaja E. Ahmed

IPC分类号： H04L9/00 ,  G06F17/60 ,  H04K1/00

CPC分类号： G06Q20/3829 ,  G06Q20/02 ,  G06Q20/367 ,  G06Q20/38215 ,  G06Q20/3825 ,  G06Q20/389 ,  G06Q20/40 ,  G06Q30/06 ,  G06Q30/0609

摘要： A system and method are disclosed for transparently providing certificate validation and other services without requiring a separate service request by either a relying customer or subscribing customer. In a preferred embodiment, after the subscribing customer digitally signs a document (e.g., a commercial document such as a purchase order), it forwards the document to a trusted messaging entity which validates the certificates of both the subscribing customer and relying customer and the respective system participants of which they are customers. If the certificates are valid, the trusted messaging entity appends a validation message to the digitally-signed document and forwards the document to the relying customer. A validation message is also preferably appended to a digitally-signed receipt from the relying customer and transmitted to the subscribing customer. In this way, both the relying customer and subscribing customer obtain certification of their respective counterparty to the transaction.