Many to few group address translation through a network bridge
    51.
    发明授权
    Many to few group address translation through a network bridge 失效
    通过网桥很少到几组群地址转换

    公开(公告)号:US5428615A

    公开(公告)日:1995-06-27

    申请号:US278686

    申请日:1994-07-21

    IPC分类号: H04L12/18 H04L12/46

    摘要: A connection apparatus for connecting a first communication system with a second communication system and a third communication system. A first frame is received from the first communication system, where the first frame has a multicast address as a destination address, and where the destination address requires the first frame to be transmitted onto the second communication system. The multicast address is translated into a functional address, and the functional address is written into a second frame transmitted onto the second communication system. The second frame is received and is transmitted onto a third communication system, and the functional address is translated into a multicast address for the third communication system, and the multicast address is written into a destination field of the frame as it is transmitted onto the third communication system. The second communication system may be a token ring system based upon an IEEE 802.5 standard, and the functional address may be written into a DSAP field and into a PROTOCOL TYPE field of an 802.5 Standard frame.

    摘要翻译: 一种用于将第一通信系统与第二通信系统和第三通信系统连接的连接装置。 从第一通信系统接收第一帧,其中第一帧具有多播地址作为目的地地址,并且其中目的地地址要求将第一帧发送到第二通信系统。 将多播地址转换为功能地址,将功能地址写入发送到第二通信系统的第二帧。 第二帧被接收并被发送到第三通信系统,并且将功能地址转换为第三通信系统的多播地址,并且将多播地址写入帧的目的地字段,因为它被发送到第三通信系统 通讯系统 第二通信系统可以是基于IEEE 802.5标准的令牌环系统,并且功能地址可以被写入DSAP字段和802.5标准帧的协议类型字段中。

    Secure method of neighbor discovery over a multiaccess medium
    52.
    发明授权
    Secure method of neighbor discovery over a multiaccess medium 失效
    在多处理介质中邻居发现的安全方法

    公开(公告)号:US5351295A

    公开(公告)日:1994-09-27

    申请号:US86596

    申请日:1993-07-01

    IPC分类号: H04L9/32 H04L9/00

    CPC分类号: H04L9/3226 H04L9/3297

    摘要: A secure arrangement in which stations in a communications network are informed of the addresses of their neighbors by means of identifying messages transmitted by the stations. To prevent the insertion of illegitimate stations into the network, the system makes use of passwords included in the station-identifying messages. In networks where eavesdropping is possible, the passwords are encrypted versions of the identities of the stations transmitting the messages and in systems where stations can also be impersonated, the encrypted passwords also include time stamps.

    摘要翻译: 通过识别站发送的消息,可以将通信网络中的站通知其邻居的地址。 为了防止将非法站插入网络,系统利用站识别消息中包含的密码。 在可能进行窃听的网络中,密码是发送消息的电台的身份的加密版本,以及在电台也可以被模拟的系统中,加密的密码也包括时间戳。

    Parameterizable cryptography
    53.
    发明授权
    Parameterizable cryptography 有权
    可参数加密

    公开(公告)号:US08488782B2

    公开(公告)日:2013-07-16

    申请号:US12582276

    申请日:2009-10-20

    申请人: Radia J. Perlman

    发明人: Radia J. Perlman

    IPC分类号: H04L9/20 H04L9/34

    CPC分类号: G06F21/602

    摘要: Some embodiments provide systems and techniques for performing parameterizable cryptography. An encryption key can be determined based at least on a string associated with an authorization policy. The encryption key can then be used to encrypt information. The decryption key can also be determined based at least on the string associated with the authorization policy. Note that the authorization policy must be satisfied to decrypt information. In some embodiments, the systems and techniques for performing parameterizable cryptography are blindable. These blindable embodiments can be used to preserve privacy.

    摘要翻译: 一些实施例提供用于执行可参数化密码术的系统和技术。 可以至少基于与授权策略相关联的字符串来确定加密密钥。 然后可以使用加密密钥来加密信息。 解密密钥也可以至少基于与授权策略关联的字符串来确定。 请注意,解密信息必须满足授权策略。 在一些实施例中,用于执行可参数化密码术的系统和技术是盲目的。 这些不确定的实施例可用于保护隐私。

    Scalable file system configured to make files permanently unreadable
    54.
    发明授权
    Scalable file system configured to make files permanently unreadable 有权
    可扩展文件系统配置为使文件永久不可读

    公开(公告)号:US07814318B1

    公开(公告)日:2010-10-12

    申请号:US11237478

    申请日:2005-09-27

    IPC分类号: H04L9/32

    CPC分类号: G06F21/6209

    摘要: One embodiment of the present invention relates to a system for managing files which facilitates making the files permanently unreadable. During operation, the system maintains file-class keys at a file manager, wherein the file-class keys are associated with different classes of files. If a file belongs to a class of files, the system ensures that whenever the file is stored or updated in non-volatile storage that the file is encrypted with an associated key-manager-file-class key for the class of files. The system makes an entire class of files permanently unreadable by causing an associated key-manager-file-class key, which can be used to decrypt the class of files, to become permanently unreadable.

    摘要翻译: 本发明的一个实施例涉及一种用于管理文件的系统,其有助于使文件永久地不可读。 在操作期间,系统在文件管理器中维护文件类密钥,其中文件类密钥与不同类别的文件相关联。 如果一个文件属于一类文件,则系统会确保每当文件在非易失性存储器中存储或更新时,文件都会使用文件类的关联密钥管理器文件类密钥进行加密。 该系统使整个类别的文件永久地不可读,通过使用可用于解密文件类的关联密钥管理器文件类密钥变得永久不可读。

    Method and apparatus for maintaining ephemeral keys in limited space
    55.
    发明授权
    Method and apparatus for maintaining ephemeral keys in limited space 有权
    用于在有限空间内保持短暂键的方法和装置

    公开(公告)号:US07660423B2

    公开(公告)日:2010-02-09

    申请号:US11325203

    申请日:2006-01-03

    申请人: Radia J. Perlman

    发明人: Radia J. Perlman

    IPC分类号: H04L9/08

    摘要: One embodiment of the present invention provides a system that maintains keys using limited storage space on a computing device, such as a smart card. During operation, the system receives a request at the computing device to perform an operation involving a key. While processing the request, the system obtains an encrypted key from remote storage located outside of the computing device, wherein the encrypted key was created by encrypting the key along with an expiration time for the key. Next, the system decrypts the encrypted key to restore the key and the expiration time, wherein the encrypted key is decrypted using a computing-device key, which is maintained locally on the computing device. Finally, if the expiration time has not passed, the system uses the key to perform the requested operation. Note that by storing the encrypted key in remote storage, the computing device is able to use the key without consuming local storage space to store the key.

    摘要翻译: 本发明的一个实施例提供了一种使用有限的存储空间来维护密钥的系统,所述计算设备例如是智能卡。 在操作期间,系统在计算设备处接收请求以执行涉及密钥的操作。 在处理请求时,系统从位于计算设备外部的远程存储器获得加密密钥,其中通过对密钥加密密钥以及密钥的到期时间来创建加密的密钥。 接下来,系统解密加密的密钥以恢复密钥和到期时间,其中使用计算设备密钥来解密加密的密钥,计算设备密钥在计算设备上本地维护。 最后,如果到期时间尚未通过,系统将使用该键执行请求的操作。 请注意,通过将加密密钥存储在远程存储中,计算设备能够使用密钥而不消耗本地存储空间来存储密钥。

    KEY MANAGEMENT USING DERIVED KEYS
    56.
    发明申请
    KEY MANAGEMENT USING DERIVED KEYS 审中-公开
    使用衍生键的主要管理

    公开(公告)号:US20090296926A1

    公开(公告)日:2009-12-03

    申请号:US12131525

    申请日:2008-06-02

    申请人: Radia J. Perlman

    发明人: Radia J. Perlman

    IPC分类号: H04L9/28

    CPC分类号: H04L9/0866 H04L9/083

    摘要: Some embodiments of the present invention provide a system that generates and retrieves a key derived from a master key. During operation, the system receives a request at a key manager to generate a new key, or to retrieve an existing key. To generate a new key, the system generates a key identifier and then derives the new key by cryptographically combining the generated key identifier with the master key. To retrieve an existing key, the system obtains a key identifier for the existing key from the request and then cryptographically combines the obtained key identifier with the master key to produce the existing key.

    摘要翻译: 本发明的一些实施例提供一种生成和检索从主密钥导出的密钥的系统。 在操作期间,系统在密钥管理器处接收请求以生成新的密钥,或者检索现有密钥。 为了生成新密钥,系统生成密钥标识符,然后通过将生成的密钥标识符与主密钥加密组合来导出新密钥。 为了检索现有密钥,系统从请求中获取现有密钥的密钥标识符,然后将获得的密钥标识符与主密钥加密组合以产生现有密钥。

    System using routing bridges to transparently interconnect multiple network links to form a single virtual network link
    57.
    发明授权
    System using routing bridges to transparently interconnect multiple network links to form a single virtual network link 有权
    使用路由网络的系统透明地互连多个网络链路以形成单个虚拟网络链路

    公开(公告)号:US07398322B1

    公开(公告)日:2008-07-08

    申请号:US10824974

    申请日:2004-04-14

    申请人: Radia J. Perlman

    发明人: Radia J. Perlman

    IPC分类号: G06F15/173

    摘要: One embodiment of the present invention provides a system that transparently interconnects multiple network links into a single virtual network link. During operation, a Rbridge (Rbridge) within the system receives a packet, wherein the Rbridge belongs to a set of one or more Rbridges that transparently interconnect the multiple network links into the single virtual network link. These Rbridges automatically obtain information specifying which endnodes are located on the multiple network links without the endnodes having to proactively announce their presence to the Rbridges. If a destination for the packet resides on the same virtual network link, the Rbridge routes the packet to the destination. This route can be an optimal path to the destination, and is not constrained to lie along a spanning tree through the set of Rbridges.

    摘要翻译: 本发明的一个实施例提供一种将多个网络链路透明地互连成单个虚拟网络链路的系统。 在运行期间,系统内的Rbridge(Rbridge)接收分组,其中Rbridge属于一组一个或多个R桥,其将多个网络链路透明地互连到单个虚拟网络链路中。 这些Rbridges自动获取指定哪些终端位于多个网络链路上的信息,而终端不必主动地将其存在通知给Rbridges。 如果分组的目的地位于同一个虚拟网络链路上,则Rbridge将该分组路由到目的地。 该路由可以是到达目的地的最佳路径,并且不限于通过Rbridges集合沿着生成树。

    Method and apparatus for providing a key distribution center without storing long-term server secrets
    58.
    发明授权
    Method and apparatus for providing a key distribution center without storing long-term server secrets 有权
    提供密钥分发中心而不存储长期服务器秘密的方法和装置

    公开(公告)号:US07395549B1

    公开(公告)日:2008-07-01

    申请号:US09691278

    申请日:2000-10-17

    IPC分类号: H04L9/00

    摘要: One embodiment of the present invention provides a system for operating a key distribution center (KDC) that provides keys to facilitate secure communications between clients and servers across a computer network, wherein the system operates without having to store long-term server secrets. The system operates by receiving a communication from a server at the KDC. This communication includes an identifier for the server, as well as a temporary secret key to be used in communications between a client and the server for a limited time period. In response the communication, the system attempts to authenticate the server. If the server is successfully authenticated, the system stores the temporary secret key at the KDC, so that the temporary secret key can be subsequently used to facilitate communications with the server. Upon subsequently receiving a request at the KDC from a client that desires to communicate with the server, the system produces a session key to be used in communications between the client and server, and then creates a ticket to the server by encrypting an identifier for the client and the session key with the temporary secret key for the server. Next, the system assembles a message that includes the identifier for the server, the session key and the ticket to the server, and sends the message to the client in a secure manner. The system subsequently allows the client to forward the ticket to the server in order to initiate communications between the client and the server.

    摘要翻译: 本发明的一个实施例提供了一种用于操作密钥分发中心(KDC)的系统,其提供密钥以促进跨越计算机网络的客户端和服务器之间的安全通信,其中系统在不必存储长期服务器秘密的情况下操作。 系统通过从KDC的服务器接收通信来进行操作。 该通信包括用于服务器的标识符,以及在有限时间段内在客户端和服务器之间的通信中使用的临时秘密密钥。 为响应通信,系统尝试对服务器进行身份验证。 如果服务器成功认证,则系统将临时密钥存储在KDC,以便随后可以使用临时密钥来促进与服务器的通信。 在随后从客户端收到希望与服务器进行通信的客户端的请求时,系统产生用于客户端与服务器之间的通信中的会话密钥,然后通过加密用于 客户端和会话密钥与服务器的临时秘密密钥。 接下来,系统组装包括服务器的标识符,会话密钥和到服务器的故障单的消息,并以安全的方式将消息发送给客户端。 系统随后允许客户机将票转发到服务器,以便启动客户端和服务器之间的通信。

    Method and apparatus for preventing spanning tree loops during traffic overload conditions
    59.
    发明授权
    Method and apparatus for preventing spanning tree loops during traffic overload conditions 有权
    在交通过载条件下防止生成树环路的方法和装置

    公开(公告)号:US07339900B2

    公开(公告)日:2008-03-04

    申请号:US10671643

    申请日:2003-09-26

    申请人: Radia J. Perlman

    发明人: Radia J. Perlman

    IPC分类号: H04L12/28

    摘要: One embodiment of the present invention provides a system that prevents loops from occurring when spanning tree configuration messages are lost while executing a spanning tree protocol on bridges in a network. During operation, the system executes the spanning tree protocol on a bridge. This spanning tree protocol configures each port coupled to the bridge into either a forwarding state, in which messages are forwarded to and from the port, or a backup state, in which messages are not forwarded to or from the port. The system also monitors ports coupled to the bridge to determine when messages are lost by the ports. If one or more messages are lost on a port, the system refrains from forwarding messages to or from the port until no messages are lost by the port for an amount of time.

    摘要翻译: 本发明的一个实施例提供了一种在网络中的桥上执行生成树协议时防止生成树配置消息丢失时发生环路的系统。 在运行过程中,系统在桥上执行生成树协议。 该生成树协议将耦合到网桥的每个端口配置为转发状态,其中消息被转发到端口或从端口转发,或者备份状态,其中消息不被转发到端口或从端口转发。 系统还监视耦合到网桥的端口,以确定端口何时丢失消息。 如果端口上有一个或多个消息丢失,则系统将禁止向端口转发消息,直到端口丢失一段消息。

    Secure ephemeral decryptability
    60.
    发明授权

    公开(公告)号:US07016499B2

    公开(公告)日:2006-03-21

    申请号:US09880470

    申请日:2001-06-13

    申请人: Radia J. Perlman

    发明人: Radia J. Perlman

    IPC分类号: H04L9/00

    CPC分类号: H04L9/083 H04L9/088

    摘要: A method and apparatus for securely communicating ephemeral information from a first node to a second node. In a first embodiment, the first node encodes and transmits an ephemeral message encrypted at least in part with an ephemeral key, from the first node to the second node. Only the second node has available to it the information that is needed to achieve decryption by an ephemeral key server of a decryption key that is needed to decrypt certain encrypted payload information contained within the message communicated from the first node to the second node. In a second embodiment the first node transmits to the second node an ephemeral message that is encrypted at least in part with an ephemeral key. The ephemeral message includes enough information to permit the second node to communicate at least a portion of the message to an ephemeral key server and for the ephemeral key server to verify that the second node is an authorized decryption agent for the message. After verifying that the second node is an authorized decryption agent for the message, the ephemeral key server returns to the second node an encrypted decryption key that is needed to decrypt the encrypted message. The ephemeral message may comprise an encrypted decryption key that may be used after decryption of the decryption key to decrypt other encrypted information communicated to the second node.