公开(公告)号：US5742820A

公开(公告)日：1998-04-21

申请号：US499029

申请日：1995-07-06

申请人： Radia J. Perlman ,  Neal D. Castagnoli

发明人： Radia J. Perlman ,  Neal D. Castagnoli

IPC分类号： G06F13/00 ,  H04L12/56 ,  G06F17/30

CPC分类号： H04L45/02 ,  Y10S707/959 ,  Y10S707/966 ,  Y10S707/99952

摘要： A novel mechanism efficiently synchronizes the contents of databases stored on nodes of a computer network to-ensure that those contents are consistent. The mechanism comprises a database identifier generated by a node of the computer network and distributed to other receiving nodes coupled to the network. The database identifier is uniquely representative of the contents of the distributing node's database and the receiving nodes compare this unique identifier with their own generated database identifiers to determine if the identifiers, and thus their databases, are consistent and synchronized.

摘要翻译： 一种新颖的机制有效地同步存储在计算机网络的节点上的数据库的内容，以确保这些内容是一致的。 该机制包括由计算机网络的节点生成并分发给耦合到网络的其他接收节点的数据库标识符。 数据库标识符唯一地代表分发节点的数据库的内容，并且接收节点将该唯一标识符与其自己生成的数据库标识符进行比较，以确定标识符以及因此它们的数据库是否一致和同步。

公开(公告)号：US5596574A

公开(公告)日：1997-01-21

申请号：US498640

申请日：1995-07-06

申请人： Radia J. Perlman ,  Neal D. Castagnoli

发明人： Radia J. Perlman ,  Neal D. Castagnoli

IPC分类号： H04L29/08 ,  H04L12/56 ,  H04L12/66 ,  H04L29/06

CPC分类号： H04L47/10 ,  H04L12/66 ,  H04L29/06

摘要： A novel synchronization mechanism synchronizes delivery of data packets over on-demand links of a computer network in a manner that efficiently utilizes those links. The mechanism comprises control information generated by a source node and stored in a network layer header of a data packet transmitted to a destination node via at least one router coupled to an on-demand link of the network. Depending upon the state of the control information the router is instructed whether to immediately dial the link to establish a connection for delivery of the packet to the destination node.

摘要翻译： 新颖的同步机制以有效地利用这些链路的方式使计算机网络的按需链路同步数据分组的传送。 该机制包括由源节点生成并存储在通过耦合到网络的点播链路的至少一个路由器发送到目的地节点的数据分组的网络层报头中的控制信息。 根据控制信息的状态，指示路由器是否立即拨打链路以建立用于将分组传送到目的地节点的连接。

公开(公告)号：US5574860A

公开(公告)日：1996-11-12

申请号：US29815

申请日：1993-03-11

申请人： Radia J. Perlman ,  Charles W. Kaufman ,  Christopher W. Gunner

发明人： Radia J. Perlman ,  Charles W. Kaufman ,  Christopher W. Gunner

IPC分类号： H04L12/751 ,  H04B3/00 ,  H04J3/00 ,  H04J13/00

CPC分类号： H04L45/02

摘要： A technique for generating, distributing and maintaining a list of operational nodes in a network using a nonbroadcast communication medium, wherein the nodes first collectively agree on the identity of a designated node. Once the designated node is agreed on, the other nodes periodically send Hello messages to it and the designated nodes compiles a list of operational nodes based in part on the Hello messages it receives, and periodically sends a Hello message to each node on the list. The Hello message from the designated node includes a list of addresses of active neighbor nodes, so that every node periodically receives a list of operational neighbor nodes. The number of messages needed to implement this scheme is proportional to the number of nodes, rather than the square of the number of nodes as in a conventional approach in which each node advised every other node of its presence. Selection of the designated node can be on the basis of some unique property of each node, such as identification number or an encoded priority.

摘要翻译： 一种用于使用非广播通信介质来生成，分发和维护网络中的操作节点的列表的技术，其中节点首先共同地就所指定的节点的身份达成一致。 一旦指定节点达成一致，其他节点就会定期向其发送Hello消息，并且指定的节点将根据接收到的Hello消息编译一个操作节点列表，并定期向列表中的每个节点发送一个Hello消息。 来自指定节点的Hello消息包括活动邻居节点的地址列表，使得每个节点周期性地接收操作的邻居节点的列表。 实现该方案所需的消息数量与节点数量成比例，而不是像常规方法中节点数量的平方，其中每个节点建议其存在的每个其他节点。 指定节点的选择可以基于每个节点的某些独特属性，例如标识号或编码优先级。

公开(公告)号：US5483598A

公开(公告)日：1996-01-09

申请号：US86746

申请日：1993-07-01

申请人： Charles W. Kaufman ,  Radia J. Perlman

发明人： Charles W. Kaufman ,  Radia J. Perlman

IPC分类号： H04L9/18 ,  H04L9/20 ,  H04L9/22

CPC分类号： H04L9/0662 ,  H04L2209/12

摘要： An encryption system employing a one-time key-pad uses a shared secret number and a one-way hash function with which both the originator and recipient of a message generate successive segments of a key-pad to encrypt and decrypt the message respectively. In one arrangement each key-pad segment is generated by applying the hash function to a combination of the secret number and the previous key-pad segment. In the other embodiment of the invention, each key-pad section is generated by applying the one-way hash function to a combination of the secret number and a corresponding segment of the ciphertext version of the message.

摘要翻译： 使用一次性键盘的加密系统使用共享密码和单向哈希函数，消息的发起者和接收者都同时生成键盘的连续段来分别加密和解密该消息。 在一种布置中，通过将散列函数应用于秘密号码和先前的键盘片段的组合来产生每个键盘片段。 在本发明的另一实施例中，通过将单向散列函数应用于秘密数字和消息的密文版本的相应段的组合来生成每个键盘部分。

公开(公告)号：US5475763A

公开(公告)日：1995-12-12

申请号：US203740

申请日：1994-02-28

申请人： Charles W. Kaufman ,  Radia J. Perlman

发明人： Charles W. Kaufman ,  Radia J. Perlman

IPC分类号： H04L9/32 ,  H04L9/30 ,  H04L9/00

CPC分类号： H04L9/3252

摘要： A signature system, such as an El Gamal or DSS system, involving the use of a long-term secret number and a per-message secret number generates the per-message secret number without the use of a random number generator or non-volatile storage. The per-message secret number is generated by applying a one-way hash function to a combination of the long-term secret number and the message itself.

摘要翻译： 诸如El Gamal或DSS系统的签名系统涉及使用长期秘密号码和每消息密钥号码，而不使用随机数字生成器或非易失性存储器产生每消息密码 。 通过将单向散列函数应用于长期密码和消息本身的组合来生成每消息密码。

公开(公告)号：US5418781A

公开(公告)日：1995-05-23

申请号：US284913

申请日：1994-08-02

申请人： Charles W. Kaufman ,  Radia J. Perlman

发明人： Charles W. Kaufman ,  Radia J. Perlman

IPC分类号： H04L12/56 ,  H04Q11/04

CPC分类号： H04L49/203 ,  H04L49/1553 ,  H04L49/201 ,  H04Q11/0478 ,  H04L2012/5651 ,  H04L49/103 ,  H04L49/30

摘要： A novel switch architecture maintains the sequence of packet cells, received at one port of a multicast port group, during subsequent transfer of the cells to the remaining ports of the group. The novel architecture includes a 2-stage buffering arrangement whereby the first stage comprises a plurality of local buffers, each associated with a port of the switch, and the second stage comprises a single, global buffer. Each local buffer services its associated port of the multicast port group by temporarily storing incoming packet cells until a complete packet is received at that port, at which time the packet cells may be passed to the global buffer as outgoing cells. The global buffer services the remaining ports of the multicast port group by forwarding copies of the outgoing cells, in sequence, to those ports.

摘要翻译： 一种新颖的交换机架构在将小区随后传送到该组的其余端口的过程中维护在多播端口组的一个端口处接收到的分组小区的序列。 该新颖的架构包括2级缓冲装置，其中第一级包括多个本地缓冲器，每个本地缓冲器与开关的端口相关联，并且第二级包括单个全局缓冲器。 每个本地缓冲区通过临时存储进入的分组信元来为该组播端口组的相关端口服务，直到在该端口接收到完整分组，此时分组小区可以作为传出小区被传递到全局缓冲区。 全局缓冲区通过将输出单元的副本顺序转发到这些端口来为多播端口组的其余端口服务。

公开(公告)号：US5309437A

公开(公告)日：1994-05-03

申请号：US546619

申请日：1990-06-29

申请人： Radia J. Perlman ,  G. Paul Koning

发明人： Radia J. Perlman ,  G. Paul Koning

IPC分类号： H04L12/46 ,  H04J3/02

CPC分类号： H04L12/4625

摘要： A device and related method for coupling segments of an extended local area network (LAN) in such a way that message traffic employing inter-network protocols such as TCP/IP will be handled without the difficulties usually associated with bridges, and without the complexity and expense of full IP router capability. The device operates like a bridge for non-TCP/IP traffic. For TCP/IP traffic it operates in a bridge-like manner but maintains a database associating extended LAN segment addresses with port numbers in the device, so that packets can be automatically forwarded over a spanning tree connecting the network segments. A host computer in any network segment can address others in different network segments of the extended LAN as though all were in a single LAN. The device of the invention functions to block the flow of ARP messages and to generate ARP replies that render the device of the invention transparent to hosts within the extended LAN. The device is also transparent to true IP routers, which may still be used to effect communication with points outside the extended LAN.

摘要翻译： 一种用于耦合扩展局域网（LAN）的段的设备和相关方法，使得采用诸如TCP / IP之类的网络间协议的消息业务将被处理，而不需要通常与网桥相关联的困难，并且没有复杂性和 完全IP路由器功能的费用。 该设备像非TCP / IP流量的桥接一样运行。 对于TCP / IP流量，它以类似桥梁的方式运行，但维护数据库将扩展的LAN段地址与设备中的端口号相关联，从而可以通过连接网段的生成树自动转发数据包。 任何网段中的主机可以对扩展LAN的不同网段中的其他人进行寻址，犹如全部都在单个LAN中一样。 本发明的设备用于阻止ARP消息的流动并且产生使得本发明的设备对于扩展LAN内的主机是透明的ARP应答。 该设备对于真正的IP路由器也是透明的，这可能仍然用于与扩展LAN之外的点进行通信。

公开(公告)号：US5128926A

公开(公告)日：1992-07-07

申请号：US496632

申请日：1990-03-21

申请人： Radia J. Perlman ,  Ross Callon ,  Charles W. Kaufman

发明人： Radia J. Perlman ,  Ross Callon ,  Charles W. Kaufman

IPC分类号： G06F13/00 ,  H04L12/56 ,  H04L29/00

CPC分类号： H04L45/02 ,  H04L29/00

摘要： Stored information used for routing packets of a network of nodes interconnected by links. A link state packet is sent to the first node indicating the states of links connected to some given node in the network. At the first node, an attempt is made to derive from the link state packet sent in step (a), the states of the links. If the states of fewer than all of the links connected to the given node are derived in step (b), the stored information used for routing packets is updated using the derived link states without regard to other link state packets sent to the first node. Another aspect features organizing, at a node in a network of nodes interconnected by links, a database of entries concerning respective links, by (a) providing indicators associated with the entries, (b) when a link becomes inoperable, setting or clearing the indicator associated with the entry related to the link, and (c) when the link becomes operable, clearing or setting the indicator. Another aspect features organizing information concerning the states of links interconnecting nodes of a network of nodes, the information being grouped in link state packets indicating the states of links connected to respective source nodes. The link state packets are ordered, a range of the link state packets in the order is selected, and a summary is formed including information indicating the boundaries of the selected range, and information identifying each link state packet in the selected range.

公开(公告)号：US08315395B2

公开(公告)日：2012-11-20

申请号：US12331848

申请日：2008-12-10

申请人： Radia J. Perlman

发明人： Radia J. Perlman

IPC分类号： H04L9/08 ,  H04L9/00 ,  G06F7/04

CPC分类号： H04L9/0869 ,  H04L9/0894

摘要： Some embodiments provide a system to generate a key pair. During operation, the system can receive a request to generate the key pair, wherein the key pair is generated by a key assigner, and wherein the key pair is associated with a user. Next, the system can determine a secret associated with the key assigner. Specifically, the system can determine the secret by determining an initial secret associated with the key assigner, and by applying a one-way hash function to the initial secret one or more times. The system can then determine a seed based on the secret. Specifically, the system can determine the seed by cryptographically combining the secret with information associated with the user. Next, the system can generate the key pair by using the seed as an input to a key generator. The system can then return the key pair to a requestor.

摘要翻译： 一些实施例提供了一种生成密钥对的系统。 在操作期间，系统可以接收生成密钥对的请求，其中密钥对由密钥分配器生成，并且其中密钥对与用户相关联。 接下来，系统可以确定与密钥分配器相关联的秘密。 具体地，系统可以通过确定与密钥分配器相关联的初始秘密来确定秘密，并且通过将单向散列函数应用于初始秘密一次或多次。 然后，系统可以基于秘密来确定种子。 具体地说，系统可以通过密码地将秘密与与用户相关的信息进行组合来确定种子。 接下来，系统可以通过使用种子作为密钥生成器的输入来生成密钥对。 然后，系统可以将密钥对返回给请求者。

公开(公告)号：US07874010B1

公开(公告)日：2011-01-18

申请号：US10959928

申请日：2004-10-05

申请人： Radia J. Perlman

发明人： Radia J. Perlman

IPC分类号： G06F7/04 ,  G06F17/30 ,  H04N7/16

CPC分类号： H04L9/0643 ,  G06F21/6209 ,  G06F2221/2137 ,  H04L9/083 ,  H04L9/088 ,  H04L2209/08

摘要： One embodiment of the present invention provides a system that manages secret keys for messages. During operation, the system receives a desired expiration time T from an encrypter, and possibly a nonce N, at a server that manages keys. If N is not sent by the encrypter, it is generated by a key managing server. Next, the system chooses a secret ST, with an expiration time close to T, and an identifier IDS from a database for which secret ST can be retrieved using the identifier IDS. If such an ST is not already in the database, the server generates a new ST and IDS. The system then calculates a hash H=h(N,ST), and sends H and IDS from the server to the encrypter. The encrypter then encrypts M with H to form {M}H, and communicates ({M}H, N, IDS) to a message reader. The message reader then sends N and IDS to the server. The server then uses IDS to lookup ST, recalculates H=h(N,ST), and sends H to the message reader, thereby enabling the message reader to decrypt {M}H to obtain M. Note that by using the secret ST associated with the expiration time T and the nonce N, the server is able to reconstruct the secret key H for the message M without having to maintain per-message state information.

摘要翻译： 本发明的一个实施例提供一种管理消息的秘密密钥的系统。 在操作期间，系统在管理密钥的服务器处从加密器接收期望的到期时间T，并且可能接收随机数N。 如果N不是由加密器发送的，则由密钥管理服务器生成。 接下来，系统选择秘密ST，终止时间接近T，并且使用标识符IDS从可以检索秘密ST的数据库中选择标识符IDS。 如果这样的ST不在数据库中，则服务器生成新的ST和IDS。 系统然后计算哈希H = h（N，ST），并将H和IDS从服务器发送到加密器。 加密器然后用H加密M形成{M} H，并将（{M} H，N，IDS）通信给消息阅读器。 消息读取器然后将N和IDS发送到服务器。 服务器然后使用IDS查找ST，重新计算H = h（N，ST），并将H发送到消息阅读器，从而使消息读取器解密{M} H以获得M.注意，通过使用秘密ST相关联 随着到期时间T和随机数N，服务器能够重建消息M的秘密密钥H，而不必维护每消息状态信息。