Methods and apparatus for secure routing of data packets
    1.
    发明授权
    Methods and apparatus for secure routing of data packets 失效
    数据包安全路由的方法和装置

    公开(公告)号:US08788705B2

    公开(公告)日:2014-07-22

    申请号:US13520301

    申请日:2010-01-04

    IPC分类号: G06F15/173

    CPC分类号: H04L45/00 H04L63/04 H04L63/06

    摘要: Methods and arrangements for supporting a forwarding process in routers when routing data packets through a packet-switched network, by employing hierarchical parameters in which the hops of a predetermined transmission path between a sender and a receiver are encoded. A name server generates and distributes router-associated keys to routers in the network which keys are used for computing the hierarchical parameters.

    摘要翻译: 通过采用编码发送器和接收器之间的预定传输路径的跳的层次参数来支持通过分组交换网络路由数据分组时在路由器中的转发过程的方法和装置。 名称服务器生成并将与路由器相关的密钥分发给网络中用于计算分层参数的密钥的路由器。

    Packet Forwarding In A Network
    2.
    发明申请
    Packet Forwarding In A Network 失效
    网络中的数据包转发

    公开(公告)号:US20110149973A1

    公开(公告)日:2011-06-23

    申请号:US13059958

    申请日:2008-10-10

    IPC分类号: H04L12/56

    摘要: A method of providing packet routing information comprises: encoding routing information from a source node to one or more destination nodes into a compact representation of set membership; and putting the compact representation of sets into a header of a packet that is to be sent from the source node to the destination node(s). The compact representation may be obtained by: generating d representations of a set of identifiers; generating d candidate compact representations of set membership from the d representations of the identifiers; and selecting one of the candidate compact representation of set membership. The selection may be made on the basis of which of the candidate compact representations has the lowest rate of returning false positives.

    摘要翻译: 提供分组路由信息的方法包括:将来自源节点到一个或多个目的地节点的路由信息​​编码为集合隶属的紧凑表示; 并将集合的紧凑表示放在要从源节点发送到目标节点的分组的报头中。 紧凑表示可以通过以下方式获得:生成一组标识符的d表示; 从标识符的d表示生成集合隶属的d候选紧凑表示; 并选择集合隶属的候选紧凑表示中的一个。 可以基于哪个候选紧凑表示具有最低的返回误报率来进行选择。

    Traffic Control within a Network Architecture Providing Many-to-One Transmission with Denial-of-Service Protection
    3.
    发明申请
    Traffic Control within a Network Architecture Providing Many-to-One Transmission with Denial-of-Service Protection 有权
    网络架构中的流量控制,提供具有拒绝服务保护的多对一传输

    公开(公告)号:US20110116381A1

    公开(公告)日:2011-05-19

    申请号:US13003040

    申请日:2008-07-09

    IPC分类号: H04L12/26

    摘要: A method of controlling traffic flow through a service node located within a packet network, which traffic flow originates at a plurality of sending nodes and is destined for a receiving node. The service node is one of a multiplicity of service nodes configured in a tree or other acyclic structure, e.g. of an overlay network. The method comprises receiving a challenge from said receiving node or a downstream service node, generating and caching a further challenge, and combining that further challenge with the received challenges to generate a modified challenge. The modified challenge is then sent to a sending node or to an upstream service node. Subsequently, a request is received, destined for said receiving node and originating at a sending node. A solution accompanying said request is validated using the cached further challenge, and the request forwarded towards said receiving node only if the solution is valid. Otherwise, the request is dropped.

    摘要翻译: 控制通过位于分组网络内的服务节点的业务流的方法,所述业务流在多个发送节点发起并且发往接收节点。 服务节点是以树或其他非循环结构配置的多个服务节点之一,例如, 的覆盖网络。 所述方法包括从所述接收节点或下游服务节点接收挑战,产生和缓存进一步的挑战,以及将所述进一步的挑战与所接收的挑战结合以产生经修改的挑战。 然后将修改的挑战发送到发送节点或上游服务节点。 随后,接收到发往所述接收节点并发送在发送节点的请求。 伴随所述请求的解决方案使用缓存的进一步的挑战来验证,并且仅当该解决方案有效时才向所述接收节点转发该请求。 否则,请求被删除。

    PUBLISH/SUBSCRIBE NETWORKS
    4.
    发明申请
    PUBLISH/SUBSCRIBE NETWORKS 有权
    发布/订阅网络

    公开(公告)号:US20100312898A1

    公开(公告)日:2010-12-09

    申请号:US12816442

    申请日:2010-06-16

    IPC分类号: G06F15/173 G06F15/16

    摘要: A method of making data, published on a first publication/subscribe (pubsub) network, available to hosts within a second publication/subscribe network where the networks are interconnected via the Internet. The method comprises registering a publication identity of said data within a rendezvous system located within the Internet, forwarding Subscribe requests associated with said publication identity from said second network to said rendezvous system and, at the rendezvous system, identifying a location of said data within said first network. The Subscribe request can then be forwarded to said first network, and said data delivered from said first network to said second network via the Internet.

    摘要翻译: 在第一发布/订阅(pubsub)网络上发布的制作数据的方法可用于通过因特网互连网络的第二发布/订阅网络内的主机。 该方法包括在位于因特网内的会合系统内注册所述数据的发布标识,将与所述发布身份相关联的订阅请求从所述第二网络转发到所述会合系统,并且在所述会合系统处,识别所述数据在所述 第一网络 然后可以将订阅请求转发到所述第一网络,并且所述数据经由因特网从所述第一网络传送到所述第二网络。

    Method and Apparatus for Ensuring Privacy in Communications Between Parties
    5.
    发明申请
    Method and Apparatus for Ensuring Privacy in Communications Between Parties 有权
    确保缔约方之间沟通隐私的方法和装置

    公开(公告)号:US20080187137A1

    公开(公告)日:2008-08-07

    申请号:US11883879

    申请日:2006-02-10

    IPC分类号: H04L9/30 H04L9/22 H04L9/28

    摘要: A method of improving privacy by hiding, in an ordered sequence of messages M[x(1), D(1)], M[x(2), D(2)], etc, communicated between a first and at least one second party sharing a key k, metadata x(i) descriptive of message processing, wherein D(i) denotes payload data. The method comprises the first and the second party agreeing on a pseudo random mapping depending on a shared key k, Fk, mapping at least x(i) to y(i), and the first party modifying the messages by replacing x(i) by y(i) in each message M(x(i), D(i)). The first party then transmits the modified messages maintaining their original order, and on reception of a message M(y(m), D), the second party uses a mapping Gk to retrieve position m of received value and the original value x(m).

    摘要翻译: 一种通过以有序的消息M [x(1),D(1)],M [x(2),D(2)]等的顺序隐藏来提高隐私的方法,在第一和至少一个 共享密钥k的第二方,元数据x(i)描述消息处理,其中D(i)表示有效载荷数据。 该方法包括第一方和第二方根据共享密钥k至少映射至少x(i)至y(i)的伪随机映射,并且第一方修改 通过在每个消息M(x(i),D(i))中将x(i)替换y(i)的消息。 第一方然后发送修改的消息维持其原始顺序,并且在接收消息M(y(m),D)时,第二方使用映射G 来检索所接收的位置m 值和原始值x(m)。

    Method and system for performing electronic money transactions
    6.
    发明授权
    Method and system for performing electronic money transactions 失效
    执行电子货币交易的方法和系统

    公开(公告)号:US6029151A

    公开(公告)日:2000-02-22

    申请号:US989927

    申请日:1997-12-12

    申请人: Pekka Nikander

    发明人: Pekka Nikander

    摘要: The present invention relates to electronic monetary systems in general, and in particular to measures for making their use easier for an average user. The present invention is based on the idea that the use of electronic money is greatly simplified for a non-expert user, if the Internet Service Provider of the user takes care of the payments, and adds corresponding charges on the user's telephone bill. Such functionality requires the intervention of the ISP in the transmissions between a user and a third party, i.e. intercepting the electronic payment requests sent by a merchant. According to the present invention, the ISP uses electronic money on behalf of the user, and charges the payments on the user's telephone bill. The ISP can take care of all technical details necessary for obtaining different forms of electronic money in a centralized manner, and all users of the ISP can use the electronic money obtained by the ISP simply by allowing the ISP to add corresponding charges to their telephone bills. Further, the ISP can obtain all major forms of electronic money, whereafter a user can choose the most economical way of payment, if a merchant accepts payments in more than one form of electronic money.

    摘要翻译: 本发明一般涉及电子货币系统,特别涉及一般使用者使其更容易使用的措施。 本发明基于以下思想:如果用户的因特网服务提供商负责支付,并且在用户的电话账单上增加相应的费用,则非专业用户大大简化了电子货币的使用。 这样的功能需要ISP在用户和第三方之间的传输中的干预,即拦截商家发送的电子支付请求。 根据本发明,ISP代表用户使用电子货币,并对用户电话账单支付费用。 互联网服务提供商可以全面掌握以集中的方式获取不同形式的电子货币所需的所有技术细节,ISP的所有用户都可以使用ISP获取的电子货币,只需通过允许ISP将相应的费用加入电话账单 。 此外,ISP可以获得所有主要形式的电子货币,之后如果商家以多种形式的电子货币接受付款,则用户可以选择最经济的付款方式。

    Publish/subscribe networks
    7.
    发明授权
    Publish/subscribe networks 有权
    发布/订阅网络

    公开(公告)号:US09154571B2

    公开(公告)日:2015-10-06

    申请号:US12816442

    申请日:2010-06-16

    IPC分类号: G06F15/16 H04L29/08 H04L29/06

    摘要: A method of making data, published on a first publication/subscribe (pubsub) network, available to hosts within a second publication/subscribe network where the networks are interconnected via the Internet. The method comprises registering a publication identity of said data within a rendezvous system located within the Internet, forwarding Subscribe requests associated with said publication identity from said second network to said rendezvous system and, at the rendezvous system, identifying a location of said data within said first network. The Subscribe request can then be forwarded to said first network, and said data delivered from said first network to said second network via the Internet.

    摘要翻译: 在第一发布/订阅(pubsub)网络上发布的制作数据的方法可用于通过因特网互连网络的第二发布/订阅网络内的主机。 该方法包括在位于因特网内的会合系统内注册所述数据的发布标识,将与所述发布身份相关联的订阅请求从所述第二网络转发到所述会合系统,并且在所述会合系统处,识别所述数据在所述 第一网络 然后可以将订阅请求转发到所述第一网络,并且所述数据经由因特网从所述第一网络传送到所述第二网络。

    Packet forwarding in a network
    8.
    发明授权
    Packet forwarding in a network 失效
    网络中的数据包转发

    公开(公告)号:US08559434B2

    公开(公告)日:2013-10-15

    申请号:US13059958

    申请日:2008-10-10

    IPC分类号: H04L12/28

    摘要: A method of providing packet routing information comprises: encoding routing information from a source node to one or more destination nodes into a compact representation of set membership; and putting the compact representation of sets into a header of a packet that is to be sent from the source node to the destination node(s). The compact representation may be obtained by: generating d representations of a set of identifiers; generating d candidate compact representations of set membership from the d representations of the identifiers; and selecting one of the candidate compact representation of set membership. The selection may be made on the basis of which of the candidate compact representations has the lowest rate of returning false positives.

    摘要翻译: 提供分组路由信息的方法包括:将来自源节点到一个或多个目的地节点的路由信息​​编码为集合隶属的紧凑表示; 并将集合的紧凑表示放在要从源节点发送到目的地节点的分组的报头中。 紧凑表示可以通过以下方式获得:生成一组标识符的d表示; 从标识符的d表示生成集合隶属的d候选紧凑表示; 并选择集合隶属的候选紧凑表示中的一个。 可以基于哪个候选紧凑表示具有最低的返回误报率来进行选择。

    IP Mobility Within a Communication System
    9.
    发明申请
    IP Mobility Within a Communication System 有权
    通信系统中的IP移动性

    公开(公告)号:US20110299477A1

    公开(公告)日:2011-12-08

    申请号:US12298109

    申请日:2006-04-25

    IPC分类号: H04W72/04 H04W40/00

    摘要: A method of routing IP traffic to and from a mobile terminal able to connect to the Internet via two or more gateway nodes. The method comprises implementing a multi-addressing multi-homing protocol at each gateway node on behalf of the mobile terminal, and sharing protocol state information between gateway nodes to allow gateway nodes to update state information at the corresponding node when the mobile terminal changes gateway node.

    摘要翻译: 将IP流量路由到能够通过两个或多个网关节点连接到因特网的移动终端的方法。 该方法包括代表移动终端在每个网关节点处实现多寻址多归属协议,以及在网关节点之间共享协议状态信息,以允许网关节点在移动终端改变网关节点时更新相应节点处的状态信息 。

    Routing In A Network
    10.
    发明申请
    Routing In A Network 失效
    在网络中路由

    公开(公告)号:US20100183018A1

    公开(公告)日:2010-07-22

    申请号:US12664652

    申请日:2007-06-14

    申请人: Pekka Nikander

    发明人: Pekka Nikander

    IPC分类号: H04L12/56

    摘要: A network comprises a plurality of Access Routers arranged in one or more NetLMM domains. A domain comprises distributed routing information in the form of one or more Bloom filters or Bloom filter equivalents. In one embodiment, each Access Router may have an associated Local Bloom filter or Bloom filter equivalent that provides information as to which mobile nodes are currently behind the respective Access Router. Each Access Router sends its associated Local Bloom filter or Bloom filter equivalent to every other Access Router of the domain. An Access Router uses the Bloom filters or Bloom filter equivalents received from every other Access Router of the domain to determine to which Access Router to send a packet destined to a specified Mobile Node. Another embodiment uses partly-distributed routing information.

    摘要翻译: 网络包括布置在一个或多个NetLMM域中的多个接入路由器。 域包括一个或多个Bloom过滤器或Bloom过滤器等同形式的分布式路由信息。 在一个实施例中,每个接入路由器可以具有关联的本地布隆过滤器或布隆过滤器等效物,其提供关于当前在相应的接入路由器之后的哪些移动节点的信息。 每个访问路由器都会将相关的本地Bloom过滤器或Bloom过滤器发送给域的每个其他访问路由器。 接入路由器使用从该域的每个其他接入路由器接收到的Bloom过滤器或Bloom过滤器等同物来确定哪个接入路由器发送去往指定的移动节点的分组。 另一个实施例使用部分分布的路由信息​​。