公开(公告)号：US08364949B1

公开(公告)日：2013-01-29

申请号：US11357704

申请日：2006-02-17

申请人： Ron P. Bonica ,  Andrew H. Heffernan

发明人： Ron P. Bonica ,  Andrew H. Heffernan

IPC分类号： H04L29/06

CPC分类号： H04L63/08 ,  H04L63/06

摘要： A new Transmission Control Protocol (TCP) Enhanced Authentication Option is described. An administrator configures sending and receiving devices to maintain lists of authentication elements for each protected TCP connection. Each authentication element includes an authentication element identifier, a key, a hash algorithm, and a start time. A sending device calculates a security portion, updates the new TCP option to include the security portion, calculates a checksum, and forwards the TCP segment to the receiving device. Having received the authenticated TCP segment, the receiving device scans its list of authentication elements, searching for an authentication element whose identifier matches that of the incoming TCP option. If the receiving device finds such an authentication element, the receiving device uses a key from the authentication element to calculate a security portion. If the calculated security portion matches the security portion received in the incoming TCP segment, the receiving device accepts the segment.

摘要翻译： 描述了新的传输控制协议（TCP）增强认证选项。 管理员配置发送和接收设备以维护每个受保护的TCP连接的认证元素的列表。 每个认证元素包括认证元素标识符，密钥，散列算法和开始时间。 发送设备计算安全部分，更新新的TCP选项以包括安全部分，计算校验和，并将TCP段转发到接收设备。 收到认证的TCP段后，接收设备扫描其认证元素列表，搜索其标识符与传入TCP选项的标识匹配的认证元素。 如果接收设备发现这样的认证元件，则接收设备使用来自认证元件的密钥来计算安全部分。 如果所计算的安全部分匹配在传入TCP段中接收的安全部分，则接收设备接受该段。

公开(公告)号：US09032095B1

公开(公告)日：2015-05-12

申请号：US10753026

申请日：2004-01-06

申请人： Paul S. Traina ,  Manoj Leelanivas ,  Steven Lin ,  Nischal Sheth ,  Wing Eng ,  Andrew H. Heffernan

发明人： Paul S. Traina ,  Manoj Leelanivas ,  Steven Lin ,  Nischal Sheth ,  Wing Eng ,  Andrew H. Heffernan

IPC分类号： G06F15/173 ,  H04L12/751 ,  H04L29/06 ,  H04L12/701 ,  H04L12/24

CPC分类号： H04L45/02 ,  H04J14/0227 ,  H04J14/0241 ,  H04L12/2856 ,  H04L12/2874 ,  H04L29/06 ,  H04L41/0213 ,  H04L41/0813 ,  H04L41/0893 ,  H04L45/00 ,  H04L45/44 ,  H04L45/586 ,  H04L63/0272 ,  H04L67/34

摘要： Techniques are described for implementing one or more logical routers within a single physical routing device. These logical routers, as referred to herein, are logically isolated in the sense that they achieve operational and organizational isolation within the routing device without requiring the use of additional or redundant hardware, e.g., additional hardware-based routing controllers. The routing device may, for example, include a computing platform, and a plurality of software process executing within the computing platform, wherein the software processes operate as logical routers. The routing device may include a forwarding component shared by the logical routers to forward network packets received from a network in accordance with the forwarding tables.

摘要翻译： 描述了用于在单个物理路由设备内实现一个或多个逻辑路由器的技术。 这些逻辑路由器在逻辑上是隔离的，因为它们实现路由设备内的操作和组织隔离，而不需要使用额外的或冗余的硬件，例如附加的基于硬件的路由控制器。 路由设备可以例如包括计算平台和在计算平台内执行的多个软件进程，其中软件进程作为逻辑路由器操作。 路由设备可以包括由逻辑路由器共享的转发组件，以转发根据转发表从网络接收的网络分组。