-
公开(公告)号:US08732324B2
公开(公告)日:2014-05-20
申请号:US12787127
申请日:2010-05-25
申请人: Brian Weis
发明人: Brian Weis
IPC分类号: G06F15/16
CPC分类号: H04L67/142 , H04L43/0811 , H04L43/10 , H04L63/062 , H04L67/145 , H04L69/40
摘要: In an embodiment, a method is performed by one or more processors and comprises obtaining a hiatus declaration that indicates that a network device will be incommunicable; suspending communication with the network device until expiration of a hiatus time period during which the network device is expected to be incommunicable; resuming communication with the network device in response to any of: determining that the hiatus time period has expired; obtaining a keep-alive message from the network device; or obtaining other indication that the network device can communicate.
摘要翻译: 在一个实施例中,一种方法由一个或多个处理器执行,并且包括获得指示网络设备将不可通信的间歇声明; 暂停与网络设备的通信,直到期望网络设备不可通信的中断时间段到期; 响应于以下任何一种恢复与所述网络设备的通信:确定所述中断时间段已经期满; 从网络设备获取保持活动消息; 或获得网络设备可以通信的其他指示。
-
公开(公告)号:US08719567B2
公开(公告)日:2014-05-06
申请号:US12579329
申请日:2009-10-14
IPC分类号: H04L29/06
CPC分类号: H04L63/0457 , H04L47/2441 , H04L63/102 , H04L63/16 , H04L63/162
摘要: Embodiments associated with enabling Quality of Service (QoS) for MACsec protected frames are described. One example method includes identifying a security indicator in an encrypted network communication and selectively forwarding the encrypted network communication according to a QoS policy. The example method may also include selectively storing a control packet security indicator sniffed from a control packet network communication in response to determining that a match exists between a control packet identification field and a QoS database entry.
摘要翻译: 描述了与启用MACsec保护帧的服务质量(QoS)相关联的实施例。 一个示例性方法包括识别加密网络通信中的安全指示符,并根据QoS策略选择性地转发加密的网络通信。 响应于确定控制分组标识字段和QoS数据库条目之间存在匹配,示例性方法还可以包括选择性地存储从控制分组网络通信中嗅探的控制分组安全性指示符。
-
3.发明授权公开(公告)号:US08050408B2
公开(公告)日:2011-11-01
申请号:US12412109
申请日:2009-03-26
申请人: Brian Weis
发明人: Brian Weis
IPC分类号: H04L9/00
CPC分类号: H04L9/083 , G06Q20/3829 , H04L63/06
摘要: The election of a key server is provided. The key server is a single device that broadcasts an encryption key to other devices in a network segment. Also, automatic reelection of a new key server is provided when a current key server becomes unavailable. Key receivers may separately detect that a new key server is needed and separately determine from state information which key receiver should be elected the new key server. The state information may have been received in previously sent messages. Thus, further messaging is not needed to elect a new key server.
摘要翻译: 提供了一个关键服务器的选择。 密钥服务器是向网段中的其他设备广播加密密钥的单个设备。 此外,当当前密钥服务器变得不可用时,提供新的密钥服务器的自动重新选择。 密钥接收机可以单独检测需要新的密钥服务器,并且从状态信息中分别确定哪个密钥接收方应该被选为新的密钥服务器。 状态信息可能已经在先前发送的消息中被接收。 因此,不需要进一步的消息传递来选择新的密钥服务器。
-
4.发明授权Approach for managing state information by a group of servers that services a group of clients 有权由一组服务于一组客户端的服务器管理状态信息的方法公开(公告)号:US07827262B2
公开(公告)日:2010-11-02
申请号:US11183278
申请日:2005-07-14
申请人: Brian Weis
发明人: Brian Weis
IPC分类号: G06F15/173 , G06F15/16 , G06F11/00
CPC分类号: G06F11/2041 , G06F11/1425 , G06F11/2028 , H04L41/0654 , H04L41/0893
摘要: An approach for managing state information by a group of servers that services a group of clients is disclosed. One server is designated as the primary server and is responsible for generating state information to be used by both the servers and the clients. The remaining servers are designated as secondary servers that help to manage the group, but which do not generate the state information. When the primary server fails or is not available due to a network partition event, one of the secondary servers changes role to become the primary server. With a network partition event, each partition can have a primary server, and when the network partition heals, one of the primary servers changes role back to being a secondary server. As a result, the group of servers maintains a consistent set of state information without being vulnerable to the single failure of a server.
摘要翻译: 公开了一组服务于一组客户端的服务器管理状态信息的方法。 一个服务器被指定为主服务器,并且负责生成要由服务器和客户端使用的状态信息。 其余的服务器被指定为辅助服务器,可帮助管理组,但不生成状态信息。 当主服务器由于网络分区事件而失败或不可用时,其中一个辅助服务器将更改角色以成为主服务器。 使用网络分区事件,每个分区可以具有主服务器,并且当网络分区恢复时,其中一个主服务器将角色更改为备用服务器。 因此,服务器组维护一组一致的状态信息,而不会容易受到服务器的单一故障的影响。
-
5.发明申请Methods and apparatus for providing an enhanced dynamic multipoint virtual private network architecture 有权用于提供增强的动态多点虚拟专用网络架构的方法和装置公开(公告)号:US20070206597A1
公开(公告)日:2007-09-06
申请号:US11414787
申请日:2006-05-01
申请人: Rajiv Asati , Mohamed Khalid , Brian Weis , Pratima Sethi
发明人: Rajiv Asati , Mohamed Khalid , Brian Weis , Pratima Sethi
IPC分类号: H04L12/56
CPC分类号: H04L12/4633 , H04L45/00 , H04L45/30
摘要: A system transmits, to a hub from a first spoke, first routing information associated with the first spoke. The system receives, at the first spoke, from the hub, second routing information associated with a plurality of spokes in communication with the hub. The plurality of spokes includes a second spoke. The system resolves, at the first spoke, a next hop determination for the packet based on the second routing information received from the hub. The system routes the packet from the first spoke to the second spoke using the next hop determination.
摘要翻译: 系统从第一辐条向中枢发送与第一辐条相关联的第一路由信息。 系统在第一辐条时从集线器接收与与集线器通信的多个辐条相关联的第二路由信息。 多个辐条包括第二辐条。 基于从集线器接收到的第二路由信息,系统在第一个分支处解析分组的下一跳确定。 系统使用下一跳确定路由数据包从第一个辐条到第二个辐条。
-
6.发明申请Method and apparatus to minimize database exchange in OSPF by using a SHA-1 digest value 有权通过使用SHA-1摘要值来最小化OSPF中的数据库交换的方法和设备公开(公告)号:US20070127457A1
公开(公告)日:2007-06-07
申请号:US11292534
申请日:2005-12-02
申请人: Sina Mirtorabi , Abhay Roy , Brian Weis , Scott Fluhrer
发明人: Sina Mirtorabi , Abhay Roy , Brian Weis , Scott Fluhrer
IPC分类号: H04L12/56
CPC分类号: H04L45/02
摘要: The present invention provides a method of determining whether database located on a first router is synchronized with the database located on a second router by performing a hash function on the values contained in a link state database to derive a SHA-1 digest value. In an embodiment, the digest value is based on LSA type. The digest value is exchanged initially during a database description packet swap between the first router and second router. If the digest values are the same, the databases are already synchronized. The routers thus skip the database description packet exchange of LSAs in the database and go directly to FULL state, indicating full synchronization between databases on the first and second router and announcing adjacency to each other. If the digest differs, normal database description packet exchange is performed as specified in OSPF.
摘要翻译: 本发明提供一种通过对包含在链路状态数据库中的值执行散列函数来确定位于第一路由器上的数据库是否与位于第二路由器上的数据库同步的方法,以导出SHA-1摘要值。 在一个实施例中,摘要值基于LSA类型。 最初在第一路由器和第二路由器之间的数据库描述包交换期间交换摘要值。 如果摘要值相同,则数据库已经同步。 因此,路由器跳过数据库中的LSA的数据库描述数据包交换,并直接进入FULL状态,表示第一和第二路由器上的数据库之间的完全同步,并宣布彼此相邻。 如果摘要不同,则按照OSPF中的规定执行正常的数据库描述数据包交换。
-
7.发明授权Restarting network reachability protocol sessions based on transport layer authentication 有权基于传输层认证重新启动网络可达性协议会话公开(公告)号:US09300642B2
公开(公告)日:2016-03-29
申请号:US12942588
申请日:2010-11-09
申请人: Brian Weis , Mahesh Jethanandani , Keyur Patel , Anantha Ramaiah
发明人: Brian Weis , Mahesh Jethanandani , Keyur Patel , Anantha Ramaiah
IPC分类号: G06F15/16 , H04L29/06 , H04L12/755 , H04L12/721 , H04L12/26 , H04L12/751 , H04L12/703 , H04L12/715
CPC分类号: H04L63/06 , H04L43/12 , H04L45/02 , H04L45/021 , H04L45/04 , H04L45/12 , H04L45/28 , H04L45/70 , H04L63/08
摘要: In an embodiment, a method comprises establishing a first data communications session with a first router. In response to receiving a first request to establish a second data communications session, a probe message that is configured to test whether the first data communications session or the first router is responsive is sent to the first router. In response to determining that the first router has not acknowledged the probe message before a probe timer has expired, and receiving a second request to establish the second data communications session, the second data communications session with the first router is established and a state for the first data communications session is deleted.
摘要翻译: 在一个实施例中,一种方法包括与第一路由器建立第一数据通信会话。 响应于接收到建立第二数据通信会话的第一请求,被配置为测试第一数据通信会话或第一路由器是否响应的探测消息被发送到第一路由器。 响应于在探测定时器期满之前确定第一路由器尚未确认探测消息,并且接收建立第二数据通信会话的第二请求,建立与第一路由器的第二数据通信会话,并且为 第一个数据通信会话被删除。
-
公开(公告)号:US08204228B2
公开(公告)日:2012-06-19
申请号:US12330688
申请日:2008-12-09
申请人: Brian Weis , David McGrew
发明人: Brian Weis , David McGrew
CPC分类号: H04L9/0833 , H04L9/0877 , H04L9/3213
摘要: In an embodiment, a fast group key management re-registration is described. One computer-implemented method comprises, at a key server: receiving a registration request from a network element to join a group of network elements managed by the key server; generating and storing a group member registration state comprising information identifying the network element within the group of network elements; generating a token using information from the group member registration state, wherein the token identifies the network element within the group; deleting the group member registration state for the network element at the key server; generating an encrypted token by encrypting the token using a secret key that is local to the key server; sending the encrypted token to the network element; receiving the encrypted token along with a re-registration request from the network element to re-join the group of network elements; and re-registering the network element using the encrypted token.
摘要翻译: 在一个实施例中,描述了快速组密钥管理重新注册。 一种计算机实现的方法包括:在密钥服务器处:从网络单元接收注册请求以加入由密钥服务器管理的一组网元; 生成和存储组成员注册状态,包括识别所述网元组内的网元的信息; 使用来自所述组成员注册状态的信息来生成令牌,其中所述令牌标识所述组内的所述网络元件; 删除密钥服务器上网元的组成员注册状态; 使用密钥服务器本地的秘密密钥加密令牌来生成加密令牌; 将加密的令牌发送到网络元件; 从所述网络单元接收所述加密的令牌以及重新注册请求以重新加入所述一组网络元件; 并使用加密的令牌重新注册网元。
-
9.发明申请Restarting Network Reachability Protocol Sessions Based on Transport Layer Authentication 有权基于传输层验证重新启动网络可达性协议会话公开(公告)号:US20120117248A1
公开(公告)日:2012-05-10
申请号:US12942588
申请日:2010-11-09
申请人: Brian Weis , Mahesh Jethanandani , Keyur Patel , Anantha Ramaiah
发明人: Brian Weis , Mahesh Jethanandani , Keyur Patel , Anantha Ramaiah
IPC分类号: G06F15/16
CPC分类号: H04L63/06 , H04L43/12 , H04L45/02 , H04L45/021 , H04L45/04 , H04L45/12 , H04L45/28 , H04L45/70 , H04L63/08
摘要: In an embodiment, a method comprises establishing a first data communications session with a first router. In response to receiving a first request to establish a second data communications session, a probe message that is configured to test whether the first data communications session or the first router is responsive is sent to the first router. In response to determining that the first router has not acknowledged the probe message before a probe timer has expired, and receiving a second request to establish the second data communications session, the second data communications session with the first router is established and a state for the first data communications session is deleted.
摘要翻译: 在一个实施例中,一种方法包括与第一路由器建立第一数据通信会话。 响应于接收到建立第二数据通信会话的第一请求,被配置为测试第一数据通信会话或第一路由器是否响应的探测消息被发送到第一路由器。 响应于在探测定时器期满之前确定第一路由器尚未确认探测消息,并且接收建立第二数据通信会话的第二请求,建立与第一路由器的第二数据通信会话,并且为 第一个数据通信会话被删除。
-
公开(公告)号:US08155130B2
公开(公告)日:2012-04-10
申请号:US12186044
申请日:2008-08-05
申请人: David McGrew , Brian Weis , W. Scott Wainner
发明人: David McGrew , Brian Weis , W. Scott Wainner
CPC分类号: H04L63/065 , H04L45/50 , H04L63/0272
摘要: Techniques for secure communication in a tunnel-less VPN are provided. A key server generates and provides, to each VPN gateway, different, yet mathematically-related keying material. A VPN gateway receives distinct keying material for each designated address block (e.g., subnet) behind the VPN gateway. In response to receiving a packet from one a source host whose address falls within one of the designated address blocks, the VPN gateway identifies the appropriate keying material. The VPN gateway determines an identifier for the address block that includes the destination address. The identifier and the identified keying material are used to generate a key. The VPN gateway encrypts the packet with the key and forwards the encrypted packet to the destination host.
摘要翻译: 提供了在无隧道VPN中进行安全通信的技术。 密钥服务器生成并向每个VPN网关提供不同但数学上相关的密钥材料。 VPN网关为VPN网关后面的每个指定的地址块(例如,子网)接收不同的密钥资料。 响应于从一个地址落在指定地址块之一的源主机接收到一个分组,VPN网关标识适当的密钥材料。 VPN网关确定包含目的地址的地址块的标识符。 标识符和识别的密钥材料用于生成密钥。 VPN网关用密钥加密数据包,并将加密的数据包转发到目标主机。
-
-
-
-
-
-
-
-
-
搜索结果
38 条记录 (耗时 0.019 秒)
