Method and apparatus for filtering data packets
    1.
    发明授权
    Method and apparatus for filtering data packets 有权
    数据包过滤方法和装置

    公开(公告)号:US08355324B2

    公开(公告)日:2013-01-15

    申请号:US11712716

    申请日:2007-03-01

    CPC分类号: H04L63/1458 H04L63/0428

    摘要: Disclosed is a method and apparatus for filtering received data packets. A hierarchical tree is maintained. The tree includes nodes organized in a plurality of levels. Each level above a root node of the tree has one or more of the nodes, with each of the one or more of the nodes corresponding to a particular value of a segment of an Internet Protocol (IP) address. The segment is the same for each node of a particular level of the tree. Each node at a particular level of the tree stores a number representative of the number of received packets having the same value for the segment of the IP address associated with the particular level. Some of the received data packets are filtered out based on the hierarchical tree.

    摘要翻译: 公开了一种用于过滤接收到的数据分组的方法和装置。 维护层次树。 该树包括以多个级别组织的节点。 树的根节点上方的每个级别具有一个或多个节点,其中一个或多个节点中的每一个对应于因特网协议(IP)地址的段的特定值。 该段对于树的特定级别的每个节点是相同的。 树的特定级别的每个节点存储代表与特定级别相关联的IP地址的段具有相同值的接收分组的数量的数量。 一些接收到的数据包是根据分层树过滤掉的。

    Method and apparatus for filtering data packets
    2.
    发明申请
    Method and apparatus for filtering data packets 有权
    数据包过滤方法和装置

    公开(公告)号:US20080212597A1

    公开(公告)日:2008-09-04

    申请号:US11712716

    申请日:2007-03-01

    IPC分类号: H04L12/56

    CPC分类号: H04L63/1458 H04L63/0428

    摘要: Disclosed is a method and apparatus for filtering received data packets. A hierarchical tree is maintained. The tree includes nodes organized in a plurality of levels. Each level above a root node of the tree has one or more of the nodes, with each of the one or more of the nodes corresponding to a particular value of a segment of an Internet Protocol (IP) address. The segment is the same for each node of a particular level of the tree. Each node at a particular level of the tree stores a number representative of the number of received packets having the same value for the segment of the IP address associated with the particular level. Some of the received data packets are filtered out based on the hierarchical tree.

    摘要翻译: 公开了一种用于过滤接收到的数据分组的方法和装置。 维护层次树。 该树包括以多个级别组织的节点。 树的根节点上方的每个级别具有一个或多个节点,其中一个或多个节点中的每一个对应于因特网协议(IP)地址的段的特定值。 该段对于树的特定级别的每个节点是相同的。 树的特定级别的每个节点存储代表与特定级别相关联的IP地址的段具有相同值的接收分组的数量的数量。 一些接收到的数据包是根据分层树过滤掉的。

    Methods and system for managing security keys within a wireless network
    3.
    发明授权
    Methods and system for managing security keys within a wireless network 有权
    用于管理无线网络内的安全密钥的方法和系统

    公开(公告)号:US07929703B2

    公开(公告)日:2011-04-19

    申请号:US11318481

    申请日:2005-12-28

    IPC分类号: H04L9/00

    摘要: A system for managing security keys in a wireless network includes a manufacturer certification authority (MCA) for providing a signed digital MCA certificate for installation into a new network element (NE) at the manufacturer's facility prior to the new NE being installed and initialized in the network. The MCA also provides a source of trusted authority for authenticating legacy NEs in the network. The system includes a service provider certification authority for managing certificates and files used by the NEs to communicate securely within the network, a signing server for providing signing services to NEs for authentication, an element manager for providing security key and digital certificate management, and a management agent (MA) for providing proxy functionality of the EM security key services to NEs not directly connected to the EM.

    摘要翻译: 用于管理无线网络中的安全密钥的系统包括制造商认证机构(MCA),用于在新的NE被安装和初始化之前提供用于在制造商的设施处安装到新的网络元件(NE)中的签名的数字MCA证书 网络。 MCA还为网络中的遗留网元进行身份验证提供了可信赖的权限来源。 该系统包括一个用于管理网元在网络内安全通信的证书和文件的服务提供商认证机构,用于向网元提供认证的签名服务的签名服务器,用于提供安全密钥和数字证书管理的元件管理器,以及 管理代理(MA),用于向不直接连接到EM的网元提供EM安全密钥服务的代理功能。

    Methods and apparatus for authenticating a remote service to another service on behalf of a user
    4.
    发明授权
    Methods and apparatus for authenticating a remote service to another service on behalf of a user 有权
    代表用户向其他服务验证远程服务的方法和装置

    公开(公告)号:US08112790B2

    公开(公告)日:2012-02-07

    申请号:US11171513

    申请日:2005-06-30

    IPC分类号: H04L9/32 H04L9/08

    CPC分类号: H04L63/083 H04L63/0884

    摘要: Methods and apparatus are provided for authenticating a remote service to another service on behalf of a user. A user client authorizes a remote application client to perform one or more actions with a server on behalf of the user client. The user client provides one or more keys to a remote authentication service; receives an identifier of the remote application client, where the remote authentication client is remote from the server; and notifies the remote authentication service that the remote application client is authorized to obtain a response from the remote authentication service regarding a challenge from the server, where the response is based on at least one of the one or more keys stored by the remote authentication service on behalf of the user client. The remote application client provides a challenge that is received from a server that the remote application client is attempting to access for the user client and an identifier of the user client to a remote authentication service and receives a response to the challenge from the remote authentication service, wherein the response is based on one or more keys stored by the remote authentication service on behalf of the user client.

    摘要翻译: 提供了用于代表用户对另一个服务进行远程服务验证的方法和装置。 用户客户端授权远程应用程序客户端代表用户客户端与服务器执行一个或多个操作。 用户客户端向远程认证服务提供一个或多个密钥; 接收远程认证客户端远离服务器的远程应用程序客户机的标识符; 并且向远程认证服务通知远程认证服务器被授权从远程认证服务获得关于来自服务器的质询的响应,其中响应基于由远程认证服务存储的一个或多个密钥中的至少一个 代表用户客户端。 远程应用程序客户端提供从远程应用程序客户端尝试访问用户客户端的服务器接收到的挑战,以及向远程认证服务的用户客户端的标识符,并从远程认证服务接收对挑战的响应 ,其中所述响应基于所述远程认证服务代表所述用户客户端存储的一个或多个密钥。

    Method and apparatus for providing data storage in peer-to-peer networks
    5.
    发明授权
    Method and apparatus for providing data storage in peer-to-peer networks 有权
    在对等网络中提供数据存储的方法和装置

    公开(公告)号:US07565405B2

    公开(公告)日:2009-07-21

    申请号:US10948879

    申请日:2004-09-24

    IPC分类号: G06F13/00

    摘要: A method and apparatus for enhanced data storage in peer-to-peer (P2P) networks. Users subscribe to a P2P storage network that allows each user to store files on the storage network by swapping blocks of the user's files with blocks from storage of a peer, or peers, on the network. A user desiring to utilize the storage network for a certain data block must take back an equal, or substantially equal, storage block from another peer on the network thereby insuring no net change, or minimal net change, in total storage across the P2P storage network. In addition, the diffusion of data blocks throughout the storage network is employed whereby individual peers swap data blocks on a random basis thereby further enhancing the security of the swapped blocks from direct attacks.

    摘要翻译: 一种用于在对等(P2P)网络中增强数据存储的方法和装置。 用户订阅P2P存储网络,其允许每个用户通过在网络上的对等体或对等体的存储的块中交换用户文件的块来存储文件在存储网络上。 期望利用存储网络用于特定数据块的用户必须从网络上的另一个对等端收回相等或基本上相等的存储块,从而确保在P2P存储网络中的总存储中没有净变化或最小净变化 。 此外,使用数据块在整个存储网络中的扩散,由此各个对等体随机地交换数据块,从而进一步增强了交换块的直接攻击的安全性。

    Method and apparatus for defending against denial of service attacks in IP networks based on specified source/destination IP address pairs
    6.
    发明授权
    Method and apparatus for defending against denial of service attacks in IP networks based on specified source/destination IP address pairs 有权
    基于指定的源/目的IP地址对,在IP网络中防止拒绝服务攻击的方法和装置

    公开(公告)号:US07889735B2

    公开(公告)日:2011-02-15

    申请号:US11197841

    申请日:2005-08-05

    申请人: Eric Henry Grosse

    发明人: Eric Henry Grosse

    IPC分类号: H04L12/28 H04L12/56

    摘要: A method and apparatus for defending against a Denial of Service attack wherein a target victim of an attack has recognized the existence of an attack and identified its source. The carrier network which provides service to the victim automatically receives one or more IP (Internet Protocol) source/destination IP address pairs from the victim, and then limits (e.g., blocks) the transmission of packets from the identified source address to the identified destination address. The carrier may implement this filtering capability as a stand-alone box included in the network, or as a line card incorporated into otherwise conventional network elements already present in the network. The source/destination address pairs to be blocked may be advantageously communicated from the victim with use of security signatures and with use of redundant connections from the victim to the carrier network to ensure receipt even under congested network conditions.

    摘要翻译: 用于防御拒绝服务攻击的方法和装置,其中攻击的目标受害者已经认识到攻击的存在并且识别其来源。 向受害者提供服务的运营商网络自动从受害者接收一个或多个IP(因特网协议)源/目的地IP地址对,然后限制(例如,阻塞)从所识别的源地址到所识别的目的地的分组的传输 地址。 载波可以将该滤波功能实现为网络中包含的独立盒,或者作为与已经存在于网络中的常规网络元件并入的线卡。 可以有利地使用安全签名从受害者传送要阻止的源/目的地址对,并且利用从受害者到运营商网络的冗余连接,以确保即使在拥塞的网络条件下也能接收。