公开(公告)号：US20050265349A1

公开(公告)日：2005-12-01

申请号：US10854702

申请日：2004-05-27

Applicant: Sachin Garg ,  Navjot Singh ,  Timothy Tsai

Inventor： Sachin Garg ,  Navjot Singh ,  Timothy Tsai

IPC: H04L9/32 ,  H04L9/14 ,  H04L9/28 ,  H04L12/56 ,  H04L29/06 ,  H04M11/06

CPC classification number: H04L63/12 ,  H04L9/0662 ,  H04L9/3236 ,  H04L9/3297 ,  H04L29/06027 ,  H04L65/607 ,  H04L65/608 ,  H04L2209/38

Abstract: A method for Real-time Transport Protocol (RTP) packet authentication on a packet data network. In particular, the invention relates to a method for preventing toll fraud, privacy compromise, voice quality degradation, or denial of service (DoS) on Voice over IP networks. The Real-time Transport Protocol (RTP) is susceptible to several security attacks, including thirdparty snooping of private conversations, injection of forged content, and introduction or modification of packets to degrade voice quality. The Secure Real-time Transport Protocol (SRTP) provides confidentiality, message authentication, and replay protection for RTP traffic. However, SRTP incurs an additional overhead to verify the HMAC-SHA1 message authentication code for each packet. SRTP+ significantly decrease the verification overhead compared to SRTP and thereby increases the number of faked packets required to mount a successful denial of service attack. SRTP+ provides packet authentication but not integrity. SRTP+ is compatible with SRTP.

Abstract translation: 一种用于分组数据网络上的实时传输协议（RTP）分组认证的方法。 具体地说，本发明涉及一种用于防止IP语音上网的长途欺诈，隐私泄露，语音质量下降或拒绝服务（DoS）的方法。 实时传输协议（RTP）易受多种安全攻击，包括私有对话的第三方窥探，伪造内容的注入，以及引入或修改数据包以降低语音质量。 安全实时传输协议（SRTP）为RTP流量提供机密性，消息认证和重放保护。 然而，SRTP需要额外的开销来验证每个数据包的HMAC-SHA1消息认证码。 与SRTP相比，SRTP +显着降低了验证开销，从而增加了成功拒绝服务攻击所需的假包数量。 SRTP +提供数据包身份验证，但不提供完整性。 SRTP +与SRTP兼容。

公开(公告)号：US06732168B1

公开(公告)日：2004-05-04

申请号：US09610631

申请日：2000-07-05

Applicant: Mark Joseph Bearden ,  Sachin Garg ,  Woei-Jyh Lee ,  Aad Petrus Antonius van Moorsel

Inventor： Mark Joseph Bearden ,  Sachin Garg ,  Woei-Jyh Lee ,  Aad Petrus Antonius van Moorsel

IPC: G06F1300

CPC classification number: H04L47/20 ,  G06F21/57 ,  G06F21/577 ,  H04L41/0893 ,  H04L47/24

Abstract: A policy-based network management system is realized by enabling policy-based management programs to be defined via run-time loading of “policy packages” that are collections of reusable “policy components”. Such reusable policy components may be written by the vendor of the policy-based management system, or by system-administrators, who are the users of policy-based management systems or even by third-party people, who may be experts in the management of specific application domains such as vendors of network devices. In the latter case, these policy components can be assembled into a functionally complete policy package by system administrators. Alternatively, the system administrators can also load a pre-assembled policy package into a management server and only have to specify the desired service level goals.

Abstract translation: 通过启用基于策略的管理程序，可以通过运行时加载作为可重用“策略组件”集合的“策略包”来定义基于策略的网络管理系统。 这种可重复使用的策略组件可以由基于策略的管理系统的供应商，或由作为基于策略的管理系统的用户的系统管理员，或者甚至由第三方人员编写，他们可能是管理 具体的应用领域，如网络设备供应商。 在后一种情况下，这些策略组件可以由系统管理员组装成功能完整的策略包。 或者，系统管理员还可以将预组装的策略包加载到管理服务器中，并且只需指定所需的服务级别目标。