公开(公告)号：US06975729B1

公开(公告)日：2005-12-13

申请号：US09640465

申请日：2000-08-15

申请人： Radia J. Perlman

发明人： Radia J. Perlman

IPC分类号： H04L9/08 ,  H04L29/06

CPC分类号： H04L9/0841 ,  H04L63/0407 ,  H04L63/061 ,  H04L2209/16

摘要： One embodiment of the present invention provides a system that facilitates a key exchange that operates with a pre-shared secret key and that hides identities of parties involved in the key exchange. The method operates by establishing a negotiated secret key between a first party and a second party by performing communications between the first party and the second party across a network in a manner that does not allow an eavesdropper to determine the negotiated secret key. Next, the system encrypts an identifier for the first party using the negotiated secret key and a group secret key to form an encrypted identifier. This group secret key is known to members of a group, including the first party and the second party, but is kept secret from parties outside of the group. Next, the system sends the encrypted identifier from the first party across the network to the second party. This allows the second party to decrypt the encrypted identifier by using the negotiated secret key and the group secret key, so that the second party can use the identifier to lookup the pre-shared secret key that was previously established between the first party and the second party. This pre-shared secret key is subsequently used in forming at least one subsequent communication between the first party and the second party.

摘要翻译： 本发明的一个实施例提供了一种系统，其有助于利用预共享秘密密钥进行密钥交换并隐藏密钥交换中涉及的各方的身份的系统。 该方法通过以不允许窃听者确定协商的秘密密钥的方式通过网络执行第一方和第二方之间的通信来在第一方和第二方之间建立协商的秘密密钥来操作。 接下来，系统使用协商的秘密密钥和组密钥对第一方的标识符进行加密，以形成加密的标识符。 该组秘密密钥是包括第一方和第二方在内的组的成员所知道的，但是对该组之外的各方保密。 接下来，系统将加密的标识符从第一方通过网络发送到第二方。 这允许第二方通过使用协商的秘密密钥和组密钥来解密加密的标识符，使得第二方可以使用标识符来查找先前在第一方和第二方之间建立的预共享密钥 派对。 该预共享密钥随后用于形成第一方和第二方之间的至少一个后续通信。

公开(公告)号：US06901076B2

公开(公告)日：2005-05-31

申请号：US09726800

申请日：2000-11-30

申请人： Radia J. Perlman ,  Eric A. Guttman

发明人： Radia J. Perlman ,  Eric A. Guttman

IPC分类号： H04L12/46 ,  H04L12/28 ,  H04L12/56

CPC分类号： H04L12/4625

摘要： A network device dynamically switches between layer 2 (data link) operation and layer 3 (network) operation. When enabled, bridging logic functions as a data link bridge, receiving data link messages from communications links forming part of a single network-layer segment and forwarding the messages to another communications link using layer-2 addresses in the messages. When enabled, routing logic functions as a network router, receiving network layer messages from different network-layer segments and forwarding the messages to other links based on a routing algorithm and the network layer addresses. Selection logic dynamically selects the desired function under different operating conditions. For a transition from router to bridge, multiple network-layer segments are merged into a single bridged network-layer segment, freeing up link numbers for use in configuring addresses for other segments. For the transition from bridge to router, a single bridged network-layer segment is divided into multiple segments having distinct routing identities.

摘要翻译： 网络设备在层2（数据链路）操作和第3层（网络）操作之间动态切换。 当启用时，桥接逻辑用作数据链桥，从形成单个网络层段的一部分的通信链路接收数据链路消息，并使用消息中的二层地址将消息转发到另一通信链路。 启用后，路由逻辑作为网络路由器，从不同的网络层接收网络层消息，并根据路由算法和网络层地址将消息转发到其他链路。 选择逻辑在不同的操作条件下动态地选择所需的功能。 对于从路由器到桥接的过渡，多个网络层段被合并到单个桥接网络层段中，释放用于配置其他段的地址的链路号。 对于从桥到路由器的过渡，单个桥接网络层段被划分成具有不同路由标识的多个段。

公开(公告)号：US06658004B1

公开(公告)日：2003-12-02

申请号：US09473402

申请日：1999-12-28

申请人： Miriam C. Kadansky ,  Dah Ming Chiu ,  Stephen R. Hanna ,  Stephen A. Hurst ,  Radia J. Perlman ,  Joseph S. Wesley

发明人： Miriam C. Kadansky ,  Dah Ming Chiu ,  Stephen R. Hanna ,  Stephen A. Hurst ,  Radia J. Perlman ,  Joseph S. Wesley

IPC分类号： H04L1228

CPC分类号： H04L12/1827 ,  H04L47/10 ,  H04L47/31 ,  H04L67/104 ,  H04L67/1063 ,  H04L67/1074 ,  H04L69/329

摘要： A method and apparatus for identifying a data message that is eligible for discard. A beacon node periodically transmits a beacon message to a plurality of client nodes communicatively coupled via a network. Each beacon message includes a beacon sequence number and preferably, the beacon sequence numbers are authenticated by the beacon, node. The client nodes, upon receipt of the beacon messages, verify the authenticity of the respective received beacon sequence numbers and generate a local sequence number derived from the received beacon sequence number. When one client in the session has data to transmit to another client in the session, the sending client assembles a data message and inserts its local sequence number in the data message prior to transmission of the data message to the other client nodes in the session. The client nodes receiving the data message discard the data message if their respective local sequence number at the time of receipt of the data message exceeds the local sequence number inserted in the data message by a predetermined value. In one embodiment, the beacon node generates sequence numbers at a periodic interval P but only transmits 1 out of every m beacon sequence numbers to the client nodes in the session. The client nodes each set a local sequence counter equal to the beacon sequence number upon receipt of the beacon message and thereafter, increment the local sequence counter periodically at interval P. The local sequence counter value is employed as the local sequence number in each client node.

摘要翻译： 一种用于识别符合丢弃资格的数据消息的方法和装置。 信标节点周期性地向经由网络通信耦合的多个客户端节点发送信标消息。 每个信标消息包括信标序列号，并且优选地，信标序列号由信标节点认证。 客户端节点在接收到信标消息后，验证相应接收到的信标序列号的真实性，并生成从接收到的信标序列号导出的本地序列号。 当会话中的一个客户端具有要在会话中传送给另一个客户端的数据时，发送客户端汇集一个数据消息，并将数据消息中的本地序列号插入到数据消息中，并传送到该会话中的其他客户机节点。 接收数据消息的客户节点如果在接收数据消息时其各自的本地序列号超过插入数据消息中的本地序列号预定值，则丢弃数据消息。 在一个实施例中，信标节点以周期性间隔P生成序列号，但是仅在每个m个信标序列号中发送1个到会话中的客户端节点。 客户端节点每接收到信标消息时都设置等于信标序列号的本地序列计数器，此后，以间隔P周期性地增加本地序列计数器。本地序列计数器值被用作每个客户端节点中的本地序列号 。

公开(公告)号：US06560705B1

公开(公告)日：2003-05-06

申请号：US09511541

申请日：2000-02-23

申请人： Radia J. Perlman ,  Stephen R. Hanna ,  Yassir K. Elley

发明人： Radia J. Perlman ,  Stephen R. Hanna ,  Yassir K. Elley

IPC分类号： H04L936

CPC分类号： H04L63/0209 ,  H04L63/0442 ,  H04L63/1408

摘要： One embodiment of the present invention provides a system that performs content screening on a message that is protected by end-to-end encryption. The system operates by receiving an encrypted message and an encrypted message key at a content screener from a firewall, the firewall having previously received the encrypted message and the encrypted message key from a source outside the firewall. The content screener decrypts the encrypted message key to restore the message key, and decrypts the encrypted message with the message key to restore the message. Next, the content screener screens the message to determine whether the message satisfies a screening criterion. If so, the system forwards the message to a destination within the firewall in a secure manner. In one embodiment of the present invention, the system decrypts the encrypted message key by sending the encrypted message key to the destination. Upon receiving the encrypted message key, the destination decrypts the encrypted message key and returns the message key to the content screener in a secure manner.

摘要翻译： 本发明的一个实施例提供一种对通过端到端加密保护的消息执行内容筛选的系统。 该系统通过从防火墙在内容筛选器处接收加密消息和加密消息密钥来操作，防火墙先前从防火墙外部的源接收到加密消息和加密消息密钥。 内容筛选器解密加密的消息密钥以恢复消息密钥，并用消息密钥解密加密的消息以恢复消息。 接下来，内容筛选器筛选消息以确定消息是否满足筛选标准。 如果是这样，系统会以安全的方式将消息转发到防火墙内的目的地。 在本发明的一个实施例中，系统通过将加密的消息密钥发送到目的地来解密加密的消息密钥。 在接收到加密的消息密钥时，目的地解密加密的消息密钥，并以安全的方式将消息密钥返回给内容筛选器。

公开(公告)号：US06507562B1

公开(公告)日：2003-01-14

申请号：US09336660

申请日：1999-06-18

申请人： Miriam C. Kadansky ,  Dah Ming Chiu ,  Stephen R. Hanna ,  Stephen A. Hurst ,  Joseph S. Wesley ,  Philip M. Rosenzweig ,  Radia J. Perlman

发明人： Miriam C. Kadansky ,  Dah Ming Chiu ,  Stephen R. Hanna ,  Stephen A. Hurst ,  Joseph S. Wesley ,  Philip M. Rosenzweig ,  Radia J. Perlman

IPC分类号： G06F1100

CPC分类号： H04L12/1877 ,  H04L12/185 ,  H04L12/1868

摘要： Receiver stations located close together in a computer network dynamically form a multicast repair tree by a plurality of receiver stations choosing a repair head station from among the closely located receiver stations. A receiver station calculates its distance from a repair head station by subtracting the decremented TTL value read from the IP header from the initial value of the TTL parameter carried in field TTL SCOPE of HELLO messages, transmitted by repair head stations. Using a criteria that a closer repair head station is a more optimum repair head station, receiver stations listen to each received HELLO message, calculate the distance to the repair head station, and reaffiliate with the closest repair head station.

摘要翻译： 位于计算机网络中的接收站由多个接收站动态地形成多播修复树，所述多个接收站从位于接近站的接收站中选择修复头站。 接收站通过从修复头站发送的HELLO消息的字段TTL SCOPE中携带的TTL参数的初始值中减去从IP报头读取的递减的TTL值来计算其与修复站的距离。 使用更接近的修理头站是更为优化的修复头站的标准，接收站收听每个接收到的HELLO消息，计算到维修站的距离，并且与最接近的维修站相连。

公开(公告)号：US06363480B1

公开(公告)日：2002-03-26

申请号：US09395581

申请日：1999-09-14

申请人： Radia J. Perlman

发明人： Radia J. Perlman

IPC分类号： G06F1130

CPC分类号： H04L9/083 ,  H04L9/088

摘要： A system and method for a user to encrypt data in a way that ensures the data cannot be decrypted after a finite period. A number of ephemeral encryption keys are established by a first party, each of which will be destroyed at an associated time in the future (the “expiration time”). A second party selects or requests one of the ephemeral encryption keys for encrypting a message. The first party provides an ephemeral encryption key to the second party. Subsequently, the first party decrypts at least a portion of the message, using an ephemeral decryption key associated with the ephemeral encryption key provided to the second party. At the expiration time, the first party destroys all copies of at least the ephemeral decryption key, thus rendering any messages encrypted using the ephemeral encryption key permanently undecipherable. In an alternative embodiment, a number of ephemeral key servers provide a respective number of ephemeral encryption keys having associated expiration times. A party wishing to transmit an ephemeral message uses the provided ephemeral encryption keys to encrypt at least a portion of the message. The receiver of the message uses at least a subset of the ephemeral key servers to decrypt at least a portion of the encrypted message. At the expiration time(s), at least one of the ephemeral key servers permanently destroys at least one of the decryption keys associated with the provided ephemeral encryption keys.

摘要翻译： 一种用于用户以有限周期保证数据不能被解密的方式加密数据的系统和方法。 许多短暂加密密钥由第一方建立，每个将在将来的相关时间（“到期时间”）中被销毁。 第二方选择或请求用于加密消息的短暂加密密钥之一。 第一方向第二方提供短暂加密密钥。 随后，第一方使用与提供给第二方的临时加密密钥相关联的临时解密密钥来解密消息的至少一部分。 在到期时间，第一方破坏至少临时解密密钥的所有副本，从而使任何使用临时加密密钥加密的消息永久地不可解密。 在替代实施例中，许多短暂密钥服务器提供具有相关联的到期时间的相应数量的临时加密密钥。 希望传送短暂消息的方使用提供的临时加密密钥来加密消息的至少一部分。 消息的接收者使用至少一个临时密钥服务器的子集来解密加密消息的至少一部分。 在到期时间，至少一个短暂密钥服务器永久地破坏与所提供的临时加密密钥相关联的至少一个解密密钥。

公开(公告)号：US6131123A

公开(公告)日：2000-10-10

申请号：US79505

申请日：1998-05-14

申请人： Stephen A. Hurst ,  Radia J. Perlman

发明人： Stephen A. Hurst ,  Radia J. Perlman

IPC分类号： H04L12/18 ,  H04L12/56 ,  G06F13/00

CPC分类号： H04L12/18 ,  H04L12/1886

摘要： A computer sends a message to each of a number of recipient computers of a computer network by sending the message as a multicast message to near ones of the recipient computers and sending the message as unicast messages to far ones of the recipient computers. The sending computer determines the circumstances under which a combination of multicast and unicast messages are efficient by determining that many recipient computers are near the sending computer and that few recipient computers are far. The sending computer makes such a determination by determining no more than a predetermined number of recipient computers are at least a predetermined distance further from the sending computer than are the others of the recipient messages. The sending computer can also determine that the burden imposed upon the computer network by a multicast message is justified by the need to deliver the message to its intended recipients. For intended recipients which are too far and too few to justify use of a multicast message, unicast messages are sent.

摘要翻译： 计算机通过将消息作为多播消息发送到接近的收件人计算机的一个并且将消息作为单播消息发送到接收者计算机的远端，向计算机网络的多个收件人计算机中的每一个发送消息。 发送计算机通过确定许多接收方计算机位于发送计算机附近，并且少数接收方计算机很远，来确定组播和单播消息的组合在何种情况下是有效的。 发送计算机通过确定不超过预定数量的接收方计算机与发送计算机相距至少比接收方消息的其他方式更远的预定距离进行这样的确定。 发送计算机还可以通过将消息传递到其预期接收者的需要来确定由多播消息施加在计算机网络上的负担是合理的。 对于太多和太少以至无法证明使用多播消息的预期接收者，发送单播消息。

公开(公告)号：US5901227A

公开(公告)日：1999-05-04

申请号：US666968

申请日：1996-06-20

申请人： Radia J. Perlman

发明人： Radia J. Perlman

IPC分类号： H04L9/08 ,  H04L9/32 ,  H04K1/00

CPC分类号： H04L9/3263 ,  H04L9/0894

摘要： A key escrow technique reliably notifies an encrypting principal about escrow authorities requiring access to a secret key used to encrypt information and, further, about how much of that key is required by the authorities. The technique comprises a mechanism for storing escrow instructions pertaining to the authorities' keys in a designated location accessible by the encrypting principal. For example, the designated location may comprise a licensing string of a hardware or software add-on module needed to activate a cryptographic system of a data processing system. The escrow instructions may be further stored in an escrow formation field of a certificate. Here, the certificate may be the encrypting principal's certificate, a recipient principal's certificate and/or any certificate authority's certificate needed for the encrypting principal to verify the recipient principal's certificate.

摘要翻译： 密钥托管技术可靠地向加密主体通知需要访问用于加密信息的秘密密钥的托管机构，以及当局所要求的密钥的大小。 该技术包括一个机构，用于将有关当局密钥的托管指令存储在加密主体可访问的指定位置。 例如，指定位置可以包括激活数据处理系统的密码系统所需的硬件或软件附加模块的许可串。 托管指示可以进一步存储在证书的托管形成字段中。 在这里，证书可以是加密主体的证书，接收者主体的证书和/或加密主体验证接收者主体的证书所需的任何证书颁发机构的证书。

公开(公告)号：US5400333A

公开(公告)日：1995-03-21

申请号：US147918

申请日：1993-11-04

申请人： Radia J. Perlman

发明人： Radia J. Perlman

IPC分类号： H04L12/46 ,  H04L29/12

CPC分类号： H04L61/2038 ,  H04L12/462 ,  H04L29/12254 ,  H04L29/12264 ,  H04L29/12839 ,  H04L61/2046 ,  H04L61/6022

摘要： Methods and apparatus for verifying--in a network comprised of LANs and bridges connected to LANs, in which the bridges associate the LANs with LAN numbers--that bridges connected to a given LAN have been configured with the same LAN number for that LAN. A first bridge encodes the LAN number configured for the given LAN into a LAN number verification message and transmits the message to a second bridge connected to the LAN. The second bridge then compares the LAN number encoded in the received LAN number verification message to the LAN number configured for the LAN at the second bridge. A bridge which performs this method includes storage for associating the LANs connected to the bridge with LAN numbers, an encoder for encoding the LAN number for a given LAN into a LAN number verification message, and a transmitter for transmitting the LAN number verification message onto the given LAN.

摘要翻译： 用于验证网络的方法和装置包括连接到LAN的LAN和桥接器，其中桥接器将LAN与LAN号码相关联，桥接器连接到给定的LAN已经配置有与该LAN相同的LAN号码。 第一桥接器将配置给给定LAN的LAN号码编码为LAN号码验证消息，并将该消息发送到连接到LAN的第二桥接器。 然后，第二桥将在接收的LAN号码验证消息中编码的LAN号码与在第二个桥接处为LAN配置的LAN号进行比较。 执行该方法的桥接器包括用于将连接到桥接器的LAN与LAN号码相关联的存储器，用于将给定LAN的LAN号码编码为LAN号码验证消息的编码器，以及用于将LAN号码验证消息发送到 给定LAN。

公开(公告)号：US5323394A

公开(公告)日：1994-06-21

申请号：US864572

申请日：1992-04-07

申请人： Radia J. Perlman

发明人： Radia J. Perlman

IPC分类号： H04L12/46 ,  H04L12/56 ,  H04J3/02

CPC分类号： H04L45/48 ,  H04L12/462 ,  H04L45/02 ,  H04L45/04 ,  H04L45/26 ,  H04L45/34

摘要： To avoid exponential proliferation of explorer packets through a LAN/Bridge network, each bridge gathers information sufficient to compute routes through the network by sharing routing messages with other bridges. Then, to find a route from a particular source end system to a particular destination end system, a broadcast message identifying the desired source and destination is sent to the bridges. In response, the bridges compute the optimal route to each attached LAN, convert the broadcast message into one or more counterfeit explorer messages by incorporating these routes, and then transmit the counterfeit explorer messages to the LANs for which the incorporated route was computed. The destination end system then receives one or more of the counterfeit explorer messages and responds to the source end system as if the counterfeit explorer message was genuine.

摘要翻译： 为了避免浏览器数据包通过LAN / Bridge网络发生指数增长，每个桥接器通过与其他网桥共享路由消息，收集足够的信息来计算路由。 然后，为了找到从特定源端系统到特定目的地端系统的路由，将标识期望源和目的地的广播消息发送到网桥。 作为响应，桥接器计算到每个附接的LAN的最佳路由，通过并入这些路由将广播消息转换成一个或多个伪冒险浏览器消息，然后将假冒的资源管理器消息发送到计算并入路由的LAN。 目的地终端系统然后接收一个或多个伪冒探险者消息，并响应源端系统，仿佛仿冒资源管理器消息是真实的。