-
公开(公告)号:US20080229105A1
公开(公告)日:2008-09-18
申请号:US12126518
申请日:2008-05-23
IPC分类号: H04L9/00
CPC分类号: H04L9/3228 , H04L9/3242 , H04L9/3271
摘要: A remote user, two-way authentication and password change protocol that also allows parties to optionally establish a session key which can be used to protect subsequent communication. In a preferred embodiment, a challenge token is generated and exchanged which is a one-time value that includes a random value that changes from session to session. The construction and use of the challenge token avoids transmission of the password or even the transmission of a digest of the password itself. Thus the challenge token does not reveal any information about a secret password or a digest of the password.
摘要翻译: 远程用户双向认证和密码更改协议,还允许各方可选地建立可用于保护后续通信的会话密钥。 在优选实施例中,生成和交换挑战令牌,其是包括从会话到会话改变的随机值的一次值。 挑战令牌的构建和使用避免了密码的传输,甚至传输密码本身的摘要。 因此,挑战令牌不会显示关于密码的秘密密码或摘要的任何信息。
-
公开(公告)号:US07308716B2
公开(公告)日:2007-12-11
申请号:US10442008
申请日:2003-05-20
申请人: Robert William Danford , Kenneth M. Farmer , Clark Debs Jeffries , Robert B. Sisk , Michael A. Walter
发明人: Robert William Danford , Kenneth M. Farmer , Clark Debs Jeffries , Robert B. Sisk , Michael A. Walter
CPC分类号: H04L63/1458
摘要: A method of progressive response for invoking and suspending blocking measures that defend against network anomalies such as malicious network traffic so that false positives and false negatives are minimized. When an anomaly is detected, the detector notifies protective equipment such as a firewall or a router to invoke a blocking measure. The blocking measure is maintained for an initial duration, after which it is suspended while another test for the anomaly is made. If the anomaly is no longer evident, the method returns to the state of readiness. Otherwise, a loop is executed to re-applying the blocking measure for a specified duration, then suspend the blocking measure and test again for the anomaly. If the anomaly is detected, the blocking measure is re-applied, and its duration is adapted. If the anomaly is no longer detected, the method returns to the state of readiness.
摘要翻译: 一种逐步响应的方法,用于调用和中止阻止网络异常(如恶意网络流量)的阻塞措施,从而最大限度地减少误报和假阴性。 当检测到异常时,检测器通知防火墙或路由器等防护设备调用阻塞措施。 阻塞措施保持初始持续时间,之后暂停,并进行另一次异常测试。 如果异常不再明显,则返回到准备状态。 否则,执行一个循环以在特定持续时间内重新应用阻塞度量,然后暂停阻塞度量并再次测试异常。 如果检测到异常,则重新应用阻塞措施,并适应其持续时间。 如果不再检测到异常,则该方法返回到准备状态。
-
公开(公告)号:US06928162B1
公开(公告)日:2005-08-09
申请号:US09543674
申请日:2000-04-07
CPC分类号: G06F17/10
摘要: A method and system for providing a hash and a complement of the hash for an item in a computer system are disclosed. The method and system include providing a plurality of components from the item. The plurality of components include a first component and a last component. Each of the plurality of components includes a particular number of bits. The method and system also include cascading the plurality of components through at least one XOR to provide a plurality of resultants. The plurality of resultants includes a first resultant and a final resultant. The final resultant includes only the last component. The first resultant includes an XOR of the first component and remaining cascaded components of the plurality of components. The method and system also include applying an invertible hash function and an invertible hash function complement to at least the first resultant to provide the hash. The complement of the hash includes the plurality of resultants except the first resultant. In another aspect, the method and system include applying the invertible hash function and its complement to at least the first component of the plurality of components, before the plurality of components are cascaded through the at least one XOR. In this aspect, the hash includes the first resultant. The complement of the hash includes the plurality of resultants except the first resultant.
摘要翻译: 公开了一种用于为计算机系统中的项提供散列和散列的补码的方法和系统。 该方法和系统包括从该项目提供多个组件。 多个部件包括第一部件和最后部件。 多个组件中的每一个包括特定数量的位。 该方法和系统还包括通过至少一个XOR级联多个组件以提供多个结果。 多个结果包括第一结果和最终结果。 最后的结果只包括最后一个组件。 第一结果包括第一组分的XOR和多个组分的剩余级联组分。 所述方法和系统还包括对至少第一结果应用可逆散列函数和可逆散列函数补码以提供散列。 散列的补码包括除了第一个结果之外的多个结果。 在另一方面,所述方法和系统包括在通过所述至少一个XOR级联所述多个组件之前,将所述可逆散列函数及其补码应用于所述多个组件的至少第一组件。 在这方面,散列包括第一结果。 散列的补码包括除了第一个结果之外的多个结果。
-
公开(公告)号:US06918067B2
公开(公告)日:2005-07-12
申请号:US10135296
申请日:2002-04-30
CPC分类号: H04L41/0681 , H04L43/0829 , H04L43/0894 , H04L43/16
摘要: A method, system and computer program product for detecting conditions of network instability. An attribute indicative of network instability, e.g., processor and/or co-processor utilization, packet arrival rates, packet peak rates, packet size distribution, packet clustering tendencies, buffer usage patterns, occurrence of peak utilization, out-of-buffer conditions, packet discard rates, may be monitored for a network device, e.g., router. The monitored attribute may be associated with a plurality of labels (variables) where a portion of those labels may be stored in a cache. A hit ratio for the cache storing labels associated with the monitored attribute may be tracked within a period of time based on the number of requested items, i.e., labels, that are currently stored in the cache. A condition of network instability may then be detected based on the hit ratio by determining if the absolute value of the acceleration of the hit ratio exceeds a threshold.
摘要翻译: 一种用于检测网络不稳定状况的方法,系统和计算机程序产品。 指示网络不稳定性的属性,例如处理器和/或协处理器利用率,分组到达速率,分组峰值速率,分组大小分布,分组聚类倾向,缓冲器使用模式,峰值利用的发生,非缓冲条件, 可以监视网络设备(例如路由器)的分组丢弃率。 所监视的属性可以与多个标签(变量)相关联,其中这些标签的一部分可以被存储在高速缓存中。 可以基于当前存储在高速缓存中的所请求的项目(即,标签)的数量,在一段时间内跟踪与所监视的属性相关联的高速缓存存储标签的命中率。 然后可以通过确定命中率的加速度的绝对值是否超过阈值,基于命中率来检测网络不稳定性的状况。
-
公开(公告)号:US06728253B1
公开(公告)日:2004-04-27
申请号:US09405691
申请日:1999-09-24
IPC分类号: H04L1256
CPC分类号: H04L47/50 , H04L2012/5682
摘要: A method and system are disclosed for allocating data input bandwidth from a source link to a plurality of N data queues each having a variable occupancy value, Qi(t), and a constant decrement rate, Di, where i designated the ith queue among the N queues. First, a threshold occupancy value, T, is designated for the N queues. During each time step of a repeating time interval, &Dgr;t, the occupancy value, Qi, is compared with T. In response to each and every of said N data queues having occupancy values exceeding T, pausing data transmission from the source link to the N data queues, such that overflow within the data queues is minimized. In response to at least one of the N data queues having an occupancy value less than or equal to T, selecting one among the N data queues to be incremented, and incrementing the selected data queue, such that underflow of the selected queue is minimized. In the context of scheduling one cell per time step, the value of T is one. Furthermore, the method of the present invention guarantees that output port occupancy shall never, in that context, exceed two cells.
摘要翻译: 公开了一种用于将数据输入带宽从源链路分配给多个N个数据队列的方法和系统,每个N个数据队列具有可变占用值Qi(t)和常数递减率Di,其中i指定i < 排队N队列。 首先,为N个队列指定阈值占有率T。 在重复时间间隔的每个时间步长,Deltat,占用值Qi与T进行比较。响应于具有超过T的占用值的所述N个数据队列中的每一个,暂停从源链路到N的数据传输 数据队列,使数据队列中的溢出最小化。 响应于具有小于或等于T的占用值的N个数据队列中的至少一个,选择要增加的N个数据队列中的一个,并增加所选择的数据队列,使得所选队列的下溢最小化。 在每个时间步长调度一个单元格的上下文中,T的值为1。 此外,本发明的方法保证输出端口占用在这方面永远不超过两个小区。
-
86.发明授权Method and system for providing differentiated services in computer networks 失效在计算机网络中提供差异化服务的方法和系统公开(公告)号:US06657960B1
公开(公告)日:2003-12-02
申请号:US09448197
申请日:1999-11-23
IPC分类号: H04L1228
摘要: A method and system for controlling a plurality of pipes in a computer network is disclosed. The computer network includes at least one processor for a switch. The at least one processor has a queue. The plurality of pipes utilizes the queue for transmitting traffic through the switch. The method and system include allowing a minimum flow and a maximum flow to be set for each of the plurality of pipes and determining if excess bandwidth exists for the queue. The method and system also include linearly increasing a flow for a pipe of the plurality of pipes based on the minimum flow or the maximum flow if excess bandwidth exists and if the flow for the pipe of the plurality of pipes is less than the maximum flow for the pipe. The method and system also include exponentially decreasing the flow for the pipe of the plurality of pipes based on the minimum flow or the maximum flow if excess bandwidth does not exist and the flow is greater than the minimum flow for the pipe. Thus, the traffic through the queue is stable.
摘要翻译: 公开了一种用于控制计算机网络中的多个管道的方法和系统。 计算机网络包括用于交换机的至少一个处理器。 至少一个处理器具有队列。 多个管道利用队列通过交换机传输业务。 该方法和系统包括允许针对多个管道中的每个管道设置最小流量和最大流量,并确定队列是否存在超额带宽。 该方法和系统还包括如果存在多余管道时基于最小流量或最大流量线性地增加多个管道中的管道的流量,并且如果多个管道的管道流量小于最大流量 管道。 该方法和系统还包括如果超出带宽不存在并且流量大于管道的最小流量,则基于最小流量或最大流量,指数地减少多个管道的管道的流量。 因此,通过队列的流量是稳定的。
-
公开(公告)号:US06633879B1
公开(公告)日:2003-10-14
申请号:US09477517
申请日:2000-01-04
申请人: Clark Debs Jeffries
发明人: Clark Debs Jeffries
IPC分类号: G06F1730
CPC分类号: G06F17/30949 , G06F17/30952 , Y10S707/99931
摘要: A method and system for selecting a direct table and a plurality of corresponding trees in a computer system is disclosed. The method and system include selecting a plurality of widths for the direct table and probabilistically determining at least one desired property of the direct table and the plurality of corresponding trees for the plurality of widths. The method and system also include selecting a width of the plurality of widths for the direct table and the plurality of corresponding trees based on the at least one desired property of the direct table and the plurality of corresponding trees.
摘要翻译: 公开了一种用于在计算机系统中选择直接表和多个相应树的方法和系统。 该方法和系统包括为直接表选择多个宽度,并概率地确定用于多个宽度的直接表和多个相应树的至少一个期望属性。 该方法和系统还包括基于直接表和多个相应树的至少一个期望属性来选择用于直接表和多个对应树的多个宽度的宽度。
-
公开(公告)号:US06633585B1
公开(公告)日:2003-10-14
申请号:US09374349
申请日:1999-08-13
申请人: Anoop Ghanwani , Metin Aydemir , Clark Debs Jeffries , Gerald Arnold Marin , Norman Clark Strole , Ken Van Vu
发明人: Anoop Ghanwani , Metin Aydemir , Clark Debs Jeffries , Gerald Arnold Marin , Norman Clark Strole , Ken Van Vu
IPC分类号: H04J322
CPC分类号: H04L12/5601 , H04L2012/561 , H04L2012/5617 , H04L2012/5635 , H04L2012/5636
摘要: A method and system within a telecommunications network for allocating available bandwidth among a plurality of sessions that share a common data link. First, a repeating unit time interval is designated for conducting the plurality of sessions. Next, the input flow rate from the source node of each of the sessions into the common data link is monitored. Thereafter, a target flow rate is computed and assigned to each of the sessions. The sum of the target flow rates is equal to the available bandwidth of the common data link. Finally, for each of the sessions in which the monitored input flow rate exceeds the assigned target flow rate, the source node is dynamically paused during each repeating unit time interval, such that the monitored input flow rate conforms to the assigned target flow rate for each of the sessions.
摘要翻译: 一种用于在共享公共数据链路的多个会话之间分配可用带宽的电信网络内的方法和系统。 首先,指定进行多个会话的重复单位时间间隔。 接下来,监视从每个会话的源节点到公共数据链路的输入流速。 此后,计算目标流量并将其分配给每个会话。 目标流量的总和等于公共数据链路的可用带宽。 最后,对于监视的输入流量超过分配的目标流量的每个会话,源节点在每个重复单位时间间隔期间被动态地暂停,使得所监视的输入流量符合每个 的会话。
-
89.发明授权Method and system for performing variable aging to optimize a memory resource 失效执行变数老化以优化内存资源的方法和系统公开(公告)号:US06453386B1
公开(公告)日:2002-09-17
申请号:US09409574
申请日:1999-09-30
IPC分类号: G06F1200
CPC分类号: G06F12/123
摘要: A method and system for performing aging of a memory in a computer system is disclosed. The memory contains a plurality of items. The method and system include purging the memory of a portion of the plurality of items each time an epoch equal to an aging variable has expired. The method and system further include providing the aging variable for a new epoch based on a performance of the memory in a previous epoch, including the aging variable of the previous epoch.
摘要翻译: 公开了一种用于在计算机系统中执行存储器老化的方法和系统。 存储器包含多个项目。 该方法和系统包括每当等于老化变量的时期已经过期时清除多个项目的一部分的存储器。 所述方法和系统还包括基于先前时期中的存储器的性能(包括先前时期的老化变量)为新时期提供老化变量。
-
-
-
-
-
-
-
-
搜索结果
89 条记录 (耗时 0.04 秒)