摘要:
A remote user, two-way authentication and password change protocol that also allows parties to optionally establish a session key which can be used to protect subsequent communication. In a preferred embodiment, a challenge token is generated and exchanged which is a one-time value that includes a random value that changes from session to session. The construction and use of the challenge token avoids transmission of the password or even the transmission of a digest of the password itself. Thus the challenge token does not reveal any information about a secret password or a digest of the password.
摘要:
A method of progressive response for invoking and suspending blocking measures that defend against network anomalies such as malicious network traffic so that false positives and false negatives are minimized. When an anomaly is detected, the detector notifies protective equipment such as a firewall or a router to invoke a blocking measure. The blocking measure is maintained for an initial duration, after which it is suspended while another test for the anomaly is made. If the anomaly is no longer evident, the method returns to the state of readiness. Otherwise, a loop is executed to re-applying the blocking measure for a specified duration, then suspend the blocking measure and test again for the anomaly. If the anomaly is detected, the blocking measure is re-applied, and its duration is adapted. If the anomaly is no longer detected, the method returns to the state of readiness.
摘要:
A method and system for providing a hash and a complement of the hash for an item in a computer system are disclosed. The method and system include providing a plurality of components from the item. The plurality of components include a first component and a last component. Each of the plurality of components includes a particular number of bits. The method and system also include cascading the plurality of components through at least one XOR to provide a plurality of resultants. The plurality of resultants includes a first resultant and a final resultant. The final resultant includes only the last component. The first resultant includes an XOR of the first component and remaining cascaded components of the plurality of components. The method and system also include applying an invertible hash function and an invertible hash function complement to at least the first resultant to provide the hash. The complement of the hash includes the plurality of resultants except the first resultant. In another aspect, the method and system include applying the invertible hash function and its complement to at least the first component of the plurality of components, before the plurality of components are cascaded through the at least one XOR. In this aspect, the hash includes the first resultant. The complement of the hash includes the plurality of resultants except the first resultant.
摘要:
A method, system and computer program product for detecting conditions of network instability. An attribute indicative of network instability, e.g., processor and/or co-processor utilization, packet arrival rates, packet peak rates, packet size distribution, packet clustering tendencies, buffer usage patterns, occurrence of peak utilization, out-of-buffer conditions, packet discard rates, may be monitored for a network device, e.g., router. The monitored attribute may be associated with a plurality of labels (variables) where a portion of those labels may be stored in a cache. A hit ratio for the cache storing labels associated with the monitored attribute may be tracked within a period of time based on the number of requested items, i.e., labels, that are currently stored in the cache. A condition of network instability may then be detected based on the hit ratio by determining if the absolute value of the acceleration of the hit ratio exceeds a threshold.
摘要:
A method and system are disclosed for allocating data input bandwidth from a source link to a plurality of N data queues each having a variable occupancy value, Qi(t), and a constant decrement rate, Di, where i designated the ith queue among the N queues. First, a threshold occupancy value, T, is designated for the N queues. During each time step of a repeating time interval, &Dgr;t, the occupancy value, Qi, is compared with T. In response to each and every of said N data queues having occupancy values exceeding T, pausing data transmission from the source link to the N data queues, such that overflow within the data queues is minimized. In response to at least one of the N data queues having an occupancy value less than or equal to T, selecting one among the N data queues to be incremented, and incrementing the selected data queue, such that underflow of the selected queue is minimized. In the context of scheduling one cell per time step, the value of T is one. Furthermore, the method of the present invention guarantees that output port occupancy shall never, in that context, exceed two cells.
摘要:
A method and system for controlling a plurality of pipes in a computer network is disclosed. The computer network includes at least one processor for a switch. The at least one processor has a queue. The plurality of pipes utilizes the queue for transmitting traffic through the switch. The method and system include allowing a minimum flow and a maximum flow to be set for each of the plurality of pipes and determining if excess bandwidth exists for the queue. The method and system also include linearly increasing a flow for a pipe of the plurality of pipes based on the minimum flow or the maximum flow if excess bandwidth exists and if the flow for the pipe of the plurality of pipes is less than the maximum flow for the pipe. The method and system also include exponentially decreasing the flow for the pipe of the plurality of pipes based on the minimum flow or the maximum flow if excess bandwidth does not exist and the flow is greater than the minimum flow for the pipe. Thus, the traffic through the queue is stable.
摘要:
A method and system for selecting a direct table and a plurality of corresponding trees in a computer system is disclosed. The method and system include selecting a plurality of widths for the direct table and probabilistically determining at least one desired property of the direct table and the plurality of corresponding trees for the plurality of widths. The method and system also include selecting a width of the plurality of widths for the direct table and the plurality of corresponding trees based on the at least one desired property of the direct table and the plurality of corresponding trees.
摘要:
A method and system within a telecommunications network for allocating available bandwidth among a plurality of sessions that share a common data link. First, a repeating unit time interval is designated for conducting the plurality of sessions. Next, the input flow rate from the source node of each of the sessions into the common data link is monitored. Thereafter, a target flow rate is computed and assigned to each of the sessions. The sum of the target flow rates is equal to the available bandwidth of the common data link. Finally, for each of the sessions in which the monitored input flow rate exceeds the assigned target flow rate, the source node is dynamically paused during each repeating unit time interval, such that the monitored input flow rate conforms to the assigned target flow rate for each of the sessions.
摘要:
A method and system for performing aging of a memory in a computer system is disclosed. The memory contains a plurality of items. The method and system include purging the memory of a portion of the plurality of items each time an epoch equal to an aging variable has expired. The method and system further include providing the aging variable for a new epoch based on a performance of the memory in a previous epoch, including the aging variable of the previous epoch.