Detecting LAN number misconfiguration
    31.
    发明授权
    Detecting LAN number misconfiguration 失效
    检测LAN号码配置错误

    公开(公告)号:US5400333A

    公开(公告)日:1995-03-21

    申请号:US147918

    申请日:1993-11-04

    申请人: Radia J. Perlman

    发明人: Radia J. Perlman

    IPC分类号: H04L12/46 H04L29/12

    摘要: Methods and apparatus for verifying--in a network comprised of LANs and bridges connected to LANs, in which the bridges associate the LANs with LAN numbers--that bridges connected to a given LAN have been configured with the same LAN number for that LAN. A first bridge encodes the LAN number configured for the given LAN into a LAN number verification message and transmits the message to a second bridge connected to the LAN. The second bridge then compares the LAN number encoded in the received LAN number verification message to the LAN number configured for the LAN at the second bridge. A bridge which performs this method includes storage for associating the LANs connected to the bridge with LAN numbers, an encoder for encoding the LAN number for a given LAN into a LAN number verification message, and a transmitter for transmitting the LAN number verification message onto the given LAN.

    摘要翻译: 用于验证网络的方法和装置包括连接到LAN的LAN和桥接器,其中桥接器将LAN与LAN号码相关联,桥接器连接到给定的LAN已经配置有与该LAN相同的LAN号码。 第一桥接器将配置给给定LAN的LAN号码编码为LAN号码验证消息,并将该消息发送到连接到LAN的第二桥接器。 然后,第二桥将在接收的LAN号码验证消息中编码的LAN号码与在第二个桥接处为LAN配置的LAN号进行比较。 执行该方法的桥接器包括用于将连接到桥接器的LAN与LAN号码相关联的存储器,用于将给定LAN的LAN号码编码为LAN号码验证消息的编码器,以及用于将LAN号码验证消息发送到 给定LAN。

    Selecting optimal routes in source routing bridging without exponential
flooding of explorer packets
    32.
    发明授权
    Selecting optimal routes in source routing bridging without exponential flooding of explorer packets 失效
    选择源路由桥接中的优化路由,而不会引发资源管理器数据包的泛滥

    公开(公告)号:US5323394A

    公开(公告)日:1994-06-21

    申请号:US864572

    申请日:1992-04-07

    申请人: Radia J. Perlman

    发明人: Radia J. Perlman

    IPC分类号: H04L12/46 H04L12/56 H04J3/02

    摘要: To avoid exponential proliferation of explorer packets through a LAN/Bridge network, each bridge gathers information sufficient to compute routes through the network by sharing routing messages with other bridges. Then, to find a route from a particular source end system to a particular destination end system, a broadcast message identifying the desired source and destination is sent to the bridges. In response, the bridges compute the optimal route to each attached LAN, convert the broadcast message into one or more counterfeit explorer messages by incorporating these routes, and then transmit the counterfeit explorer messages to the LANs for which the incorporated route was computed. The destination end system then receives one or more of the counterfeit explorer messages and responds to the source end system as if the counterfeit explorer message was genuine.

    摘要翻译: 为了避免浏览器数据包通过LAN / Bridge网络发生指数增长,每个桥接器通过与其他网桥共享路由消息,收集足够的信息来计算路由。 然后,为了找到从特定源端系统到特定目的地端系统的路由,将标识期望源和目的地的广播消息发送到网桥。 作为响应,桥接器计算到每个附接的LAN的最佳路由,通过并入这些路由将广播消息转换成一个或多个伪冒险浏览器消息,然后将假冒的资源管理器消息发送到计算并入路由的LAN。 目的地终端系统然后接收一个或多个伪冒探险者消息,并响应源端系统,仿佛仿冒资源管理器消息是真实的。

    Method of issuance and revocation of certificates of authenticity used
in public key networks and other systems
    33.
    发明授权
    Method of issuance and revocation of certificates of authenticity used in public key networks and other systems 失效
    发布和撤销公钥网络等系统中使用的真实性证书的方法

    公开(公告)号:US5261002A

    公开(公告)日:1993-11-09

    申请号:US850593

    申请日:1992-03-13

    IPC分类号: G07F7/10 H04L9/32 H04L9/30

    CPC分类号: G07F7/1016 H04L9/3263

    摘要: A technique for issuing and revoking user certificates of authenticity in a public key cryptography system, wherein certificates do not need expiration dates, and the inconvenience and overhead associated with routine certificate renewals are minimized or avoided entirely. A Certification Authority issues certificates as required, and issues a blacklist having a start date, an expiration date, and an entry for every invalid certificate issued after the start date. Users assume that every certificate issued prior to the blacklist start date is invalid, and that invalid certificates issued after the start date will be included in the current blacklist. A new blacklist is issued prior to expiration of the current one, and the blacklist start date is changed only when the blacklist becomes unmanageably long.

    摘要翻译: 一种在公共密钥加密系统中发布和撤销用户证书的真实性的技术,其中证书不需要过期日期,并且与常规证书更新相关联的不便和开销被最小化或完全避免。 证书颁发机构根据需要颁发证书,并发出黑名单,具有开始日期,到期日期和开始日期之后发出的每个无效证书的条目。 用户假设在黑名单开始日期之前发出的每个证书无效,并且在开始日期之后发出的无效证书将被包含在当前的黑名单中。 在当前黑名单到期之前发出新的黑名单,黑名单开始日期只有在黑名单变得难以控制的时候才会改变。

    Method and apparatus for distance vector routing on datagram
point-to-point links
    34.
    发明授权
    Method and apparatus for distance vector routing on datagram point-to-point links 失效
    用于距离矢量路由在数据点到点链路上的方法和装置

    公开(公告)号:US5243592A

    公开(公告)日:1993-09-07

    申请号:US597144

    申请日:1990-10-15

    IPC分类号: H04L29/06 H04L12/46 H04L12/56

    CPC分类号: H04L45/02 H04L45/44

    摘要: A technique for distributing updated distance vectors used in routers, which are connected by point-to-point links having datagram service. Distance vectors are used by routers to route messages over the most desirable paths, but must be continually modified as a result of update messages passed between routers, to reflect changes in network topology. Datagram service does not normally ensure that such update messages will reach other routers, but the technique of the invention uses unique sequence numbers on all information packets containing distance vector update messages, and achieves efficient and timely distribution of updated distance vector information with only a modest storage requirements. Unlike reliable service, which requires each message to be delivered exactly once and in the order sent, the invention allows subsequent update messages to be delivered to the same neighboring router even if previous messages have not yet been received and processed. The invention also provides for retransmission of unacknowledged distance vector information, but without the burden of having to store all transmitted packets until they are acknowledged.

    Reliable broadcast of information in a wide area network
    35.
    发明授权
    Reliable broadcast of information in a wide area network 失效
    在广域网中可靠的广播信息

    公开(公告)号:US5086428A

    公开(公告)日:1992-02-04

    申请号:US364470

    申请日:1989-06-09

    IPC分类号: H04L12/56 H04L29/00

    摘要: A method and apparatus for creating and managing databases in routers of a routing network. The databases store link state packets, each packet being originated by nodes in the network, and transmitted to other nodes through the network. Each packet contains data identifying its originating node, a sequence number in a linear space indicating its place in the sequence of packets generated by its originating node, and an age value indicating the time remaining before it expires. The contents of the databases are updated by newly received packets. In addition, the nodes themselves are reset if the packets currently in the network have later sequence numbers than new packets. Also, a mechanism is provided to purge the databases of packets from a given router by issuing a purging packet.

    摘要翻译: 一种用于在路由网络的路由器中创建和管理数据库的方法和装置。 数据库存储链路状态分组,每个分组由网络中的节点发起,并通过网络传输到其他节点。 每个分组包含标识其始发节点的数据,线性空间中的序列号,指示其在其始发节点生成的分组的序列中的位置,以及指示其到期之前的剩余时间的年龄值。 新接收的数据包更新数据库的内容。 另外,如果当前在网络中的分组具有比新分组更多的序列号,则节点本身被重置。 此外,提供了一种机制,用于通过发出清除数据包来清除来自给定路由器的数据包的数据库。

    Method and apparatus for accessing an encrypted file system using non-local keys
    36.
    发明授权
    Method and apparatus for accessing an encrypted file system using non-local keys 有权
    使用非本地密钥访问加密文件系统的方法和装置

    公开(公告)号:US08200964B2

    公开(公告)日:2012-06-12

    申请号:US11525799

    申请日:2006-09-22

    IPC分类号: G06F21/00

    摘要: One embodiment of the present invention provides a system for accessing an encrypted file through a file system. During operation, the system receives a request to access the encrypted file. In response to the request, the system sends an encrypted file key for the encrypted file from the file system to a tamper-resistant module. Next, the tamper-resistant module uses a master secret to decrypt the encrypted file key to restore the file key, wherein the master secret is obtained from an external source by the tamper-resistant module. The system then uses the file key to access the encrypted file.

    摘要翻译: 本发明的一个实施例提供一种通过文件系统访问加密文件的系统。 在操作期间,系统接收到访问加密文件的请求。 响应该请求,系统将加密文件的加密文件密钥从文件系统发送到防篡改模块。 接下来,防篡改模块使用主秘密来解密加密文件密钥以恢复文件密钥,其中通过防篡改模块从外部源获得主密钥。 然后,系统使用文件密钥访问加密文件。

    Method and apparatus for accessing an encrypted file system using non-local keys
    37.
    发明申请
    Method and apparatus for accessing an encrypted file system using non-local keys 有权
    使用非本地密钥访问加密文件系统的方法和装置

    公开(公告)号:US20080123858A1

    公开(公告)日:2008-05-29

    申请号:US11525799

    申请日:2006-09-22

    IPC分类号: H04L9/08 G06F12/14 G06F21/24

    摘要: One embodiment of the present invention provides a system for accessing an encrypted file through a file system. During operation, the system receives a request to access the encrypted file. In response to the request, the system sends an encrypted file key for the encrypted file from the file system to a tamper-resistant module. Next, the tamper-resistant module uses a master secret to decrypt the encrypted file key to restore the file key, wherein the master secret is obtained from an external source by the tamper-resistant module. The system then uses the file key to access the encrypted file.

    摘要翻译: 本发明的一个实施例提供一种通过文件系统访问加密文件的系统。 在操作期间,系统接收到访问加密文件的请求。 响应该请求,系统将加密文件的加密文件密钥从文件系统发送到防篡改模块。 接下来,防篡改模块使用主秘密来解密加密文件密钥以恢复文件密钥,其中通过防篡改模块从外部源获得主密钥。 然后,系统使用文件密钥访问加密文件。

    Calculation of layered routes in a distributed manner
    39.
    发明授权
    Calculation of layered routes in a distributed manner 有权
    以分布式方式计算分层路由

    公开(公告)号:US07096251B2

    公开(公告)日:2006-08-22

    申请号:US10209077

    申请日:2002-07-31

    IPC分类号: G06F15/16

    摘要: A distributed system and method generate “layered routes” that reflect a layered representation of a network, which representation provides deadlock-free routes. The layered representation consists of an ordered set of layers, where each layer is a deadlock-free sub-topology of the network. In determining routes, the links used in each route are constrained to be taken from layers of non-decreasing order as the route extends from source to destination. A device that determines a better or equal cost path to a destination node with respect to its current path to that node sends a route information message to its neighbor devices. The receiver of a route information message may then accept the message and begin using the new path described by the message, or reject the message without using the new path.

    摘要翻译: 分布式系统和方法生成反映网络的分层表示的“分层路由”,该表示提供无死锁路由。 分层表示由有序的一组层组成,其中每个层是网络的无死锁子拓扑。 在确定路由时,当路由从源到目的地延伸时,每个路由中使用的链路被限制为从非递减顺序的层获取。 确定目的地节点相对于其到该节点的当前路径的更好或相等的成本路径的设备向其相邻设备发送路由信息消息。 然后,路由信息消息的接收者可接受该消息并开始使用该消息描述的新路径,或拒绝该消息而不使用该新路径。

    Trust ratings in group credentials
    40.
    发明授权

    公开(公告)号:US07085925B2

    公开(公告)日:2006-08-01

    申请号:US09825100

    申请日:2001-04-03

    IPC分类号: H04L9/00 H04L9/32

    CPC分类号: H04L9/3263

    摘要: A method and system for evaluating a set of credentials that includes at least one group credential and that may include one or more additional credentials. A trust rating is provided in association with the at least one group credential within the set of credentials and trust ratings may also be provided in other credentials within the set of credentials. Each trust rating provides an indication of the level of confidence in the information being certified in the respective credential. In response to a request for access to a resource or service, an evaluation of the group credentials is performed by an access control program to determine whether access to the requested resource or service should be provided. In one embodiment, within any given certification path a composite trust rating for the respective path is determined. An overall trust rating for the set of credentials is determined based upon the composite trust ratings. Upon a determination that a user requesting access to a resource has an acceptable set of credentials and a satisfactory trust rating, access to the requested resource or service is granted to the user.