公开(公告)号：US08713666B2

公开(公告)日：2014-04-29

申请号：US12056462

申请日：2008-03-27

申请人： Kirill Motil ,  Almog Cohen ,  Yaron Sheffer

发明人： Kirill Motil ,  Almog Cohen ,  Yaron Sheffer

IPC分类号： H04L29/06

CPC分类号： H04L63/0245 ,  H04L63/1441 ,  H04L63/164

摘要： Disclosed are methods, devices, and media for enforcing network access control, the method including the steps of: extracting a packet signature from a packet (or packet fragment) received from a network; storing the packet signature and the packet in a buffer; computing a buffer signature using a per-endpoint secret key; determining whether the packet signature and the buffer signature are identical; and upon determining the packet signature and the buffer signature are identical, transmitting the packet to a protocol stack. Preferably, the step of extracting includes extracting the packet signature from a field (e.g. identification field) of a header of the packet. Preferably, the method further includes the step of: upon determining the packet signature and the buffer signature are not identical, discarding the packet. Methods for receiving a packet from a protocol stack, and transmitting the packet to a network are disclosed as well.

摘要翻译： 公开了用于执行网络访问控制的方法，设备和媒体，该方法包括以下步骤：从从网络接收的分组（或分组片段）中提取分组签名; 将分组签名和分组存储在缓冲器中; 使用每端点秘密密钥计算缓冲区签名; 确定分组签名和缓冲器签名是否相同; 并且在确定分组签名和缓冲器签名是相同的时，将分组发送到协议栈。 优选地，提取步骤包括从分组报头的字段（例如标识字段）中提取分组签名。 优选地，该方法还包括以下步骤：在确定分组签名并且缓冲器签名不相同时，丢弃分组。 还公开了从协议栈接收分组并将分组发送到网络的方法。

公开(公告)号：US20090249466A1

公开(公告)日：2009-10-01

申请号：US12056462

申请日：2008-03-27

申请人： Kirill MOTIL ,  Almog Cohen ,  Yaron Sheffer

发明人： Kirill MOTIL ,  Almog Cohen ,  Yaron Sheffer

IPC分类号： G06F17/00 ,  G06F15/16 ,  H04L9/32

CPC分类号： H04L63/0245 ,  H04L63/1441 ,  H04L63/164

摘要： Disclosed are methods, devices, and media for enforcing network access control, the method including the steps of: extracting a packet signature from a packet (or packet fragment) received from a network; storing the packet signature and the packet in a buffer; computing a buffer signature using a per-endpoint secret key; determining whether the packet signature and the buffer signature are identical; and upon determining the packet signature and the buffer signature are identical, transmitting the packet to a protocol stack. Preferably, the step of extracting includes extracting the packet signature from a field (e.g. identification field) of a header of the packet. Preferably, the method further includes the step of: upon determining the packet signature and the buffer signature are not identical, discarding the packet. Methods for receiving a packet from a protocol stack, and transmitting the packet to a network are disclosed as well.

摘要翻译： 公开了用于执行网络访问控制的方法，设备和媒体，该方法包括以下步骤：从从网络接收的分组（或分组片段）中提取分组签名; 将分组签名和分组存储在缓冲器中; 使用每端点秘密密钥计算缓冲区签名; 确定分组签名和缓冲器签名是否相同; 并且在确定分组签名和缓冲器签名是相同的时，将分组发送到协议栈。 优选地，提取步骤包括从分组报头的字段（例如标识字段）中提取分组签名。 优选地，该方法还包括以下步骤：在确定分组签名并且缓冲器签名不相同时，丢弃分组。 还公开了从协议栈接收分组并将分组发送到网络的方法。