公开(公告)号：US5161193A

公开(公告)日：1992-11-03

申请号：US546632

申请日：1990-06-29

申请人： Butler W. Lampson ,  William R. Hawe ,  Amar Gupta ,  Barry A. Spinney

发明人： Butler W. Lampson ,  William R. Hawe ,  Amar Gupta ,  Barry A. Spinney

IPC分类号： H04L29/02

CPC分类号： H04L29/02

摘要： Cryptographic apparatus, and a related method for its operation, for in-line encryption and decryption of data packets transmitted in a communication network. A full-duplex cryptographic processor is positioned between two in-line processing entities of a network architecture. For example, in a fiber distributed data interface (FDDI) network, the processor is positioned between a media access control (MAC) sublayer and a ring memory controller (RMC). Incoming information packets are analyzed to decide whether or not they contain encrypted data and, if they do, are subject to decryption before forwarding. Outbound information packets have their data portions encrypted if called for, and are usually forwarded toward the network communication medium. Cryptographic processing in both directions is performed in real time as each packet is streamed through the processor. The processing of outbound information packets includes using optional data paths for looping of the processed information back in a reverse direction, to permit the host system to perform local encryption or decryption for various purposes.

摘要翻译： 加密装置及其操作的相关方法，用于在通信网络中发送的数据分组的在线加密和解密。 全双工加密处理器位于网络架构的两个在线处理实体之间。 例如，在光纤分布式数据接口（FDDI）网络中，处理器位于介质访问控制（MAC）子层和环形存储器控制器（RMC）之间。 分析传入信息包以决定它们是否包含加密数据，如果是，则在转发之前进行解密。 出站信息包的数据部分被加密，通常被转发给网络通信媒体。 每个数据包通过处理器流式传输，实时执行两个方向的加密处理。 出站信息包的处理包括使用可选的数据路径将处理的信息反向循环，以允许主机系统为各种目的执行本地加密或解密。

公开(公告)号：US5070528A

公开(公告)日：1991-12-03

申请号：US546629

申请日：1990-06-29

申请人： William R. Hawe ,  Joseph J. Tardo ,  Charles W. Kaufman ,  Amar Gupta ,  Barry A. Spinney ,  Gregory M. Waters

发明人： William R. Hawe ,  Joseph J. Tardo ,  Charles W. Kaufman ,  Amar Gupta ,  Barry A. Spinney ,  Gregory M. Waters

IPC分类号： H04L29/06

CPC分类号： H04L29/06

摘要： A method and related cryptographic processing apparatus for handling information packets that are to be cryptographically processed prior to transmission onto a communication network, or that are to be locally cryptographically processed and looped back to a node processor. A special cryptographic preamble is included in each information packet that is to be subject to cryptographic processing. The cryptographic preamble contains an offset value pointing to the starting location of information that is to be processed, and completely defines the type of cryptographic processing to be performed. The cryptographic processor can then perform the processing as specified in the preamble without regard to a specific protocol. If the packet is to be transmitted onto the network, the preamble is stripped from the packet after cryptographic processing, so that the formats of packets transmitted onto the network will be unaffected by the preamble. Cryptographic processing modes include encryption of data for outbound transmission, encryption of a cipher key for loopback to the node processor, encryption or decryption of data for loopback to the node processor, and computation of an integrity check value for loopback to the node processor.

公开(公告)号：US5414700A

公开(公告)日：1995-05-09

申请号：US226423

申请日：1994-04-12

申请人： Henry S. Yang ,  Barry A. Spinney ,  William R. Hawe ,  Luc A. Pariseau

发明人： Henry S. Yang ,  Barry A. Spinney ,  William R. Hawe ,  Luc A. Pariseau

IPC分类号： H04L5/14 ,  H04L12/433 ,  H04J3/02 ,  H04L12/28

CPC分类号： H04L12/433 ,  H04L5/1423

摘要： A technique for establishing and maintaining full duplex communication between two stations connected to a token ring network, without physically reconfiguring the station connections or otherwise disturbing the network. Each station continually performs a two node test to ascertain whether there are only two active stations on the network, and updates a two node flag that indicates whether or only two active stations are present. The two node test uses both upstream neighbor and downstream neighbor addresses to update the two node flag, and requires validation of either one of these addresses if the other one of them appears to have changed since the previous observation. A concurrently running full duplex control process uses the two node flag and other conditions to decide whether to initiate or continue transition to full duplex mode. The control process uses an exchange of full duplex request and acknowledgment frames and completes the transition to full duplex mode when each station has transmitted and received a Restricted Token.

摘要翻译： 一种用于在连接到令牌环网络的两个站之间建立和维持全双工通信的技术，而无需物理地重新配置站点连接或以其他方式干扰网络。 每个站连续执行两节点测试，以确定网络上是否只有两个活动站，并更新指示是否存在两个活动站的两个节点标志。 双节点测试使用上游邻居和下游邻居地址来更新两个节点标志，并且如果从上一次观察看，其中一个似乎已经改变，则需要验证这两个地址之一。 同时运行的全双工控制过程使用两个节点标志和其他条件来决定是启动还是继续转换到全双工模式。 控制过程使用全双工请求和确认帧的交换，并且当每个站已经发送和接收到限制令牌时，完成向全双工模式的转换。

公开(公告)号：US5155726A

公开(公告)日：1992-10-13

申请号：US468480

申请日：1990-01-22

申请人： Barry A. Spinney ,  Henry S. Yang ,  William R. Hawe

发明人： Barry A. Spinney ,  Henry S. Yang ,  William R. Hawe

IPC分类号： H04L5/14 ,  H04L12/433

CPC分类号： H04L12/433 ,  H04L5/1423

摘要： A technique for establishing and maintaining full duplex communication between two stations connected to a token ring network, without physically reconfiguring the station connections or otherwise disturbing the network. In an auto-configuration full duplex mode of operation, each station ascertains whether there are only two active stations on the network and, if so, performs an exchange of frames with the other station to establish full duplex communication. One way to ascertain whether only two stations are active is for each station to transmit periodically a neighbor information frame, which contains the indentities of the source station and the source station's nearest upstream neighbor. Once established, full duplex communication can proceed at a greater bandwidth than communication in a token ring network, and without latency delays and distance limitations associated with token ring networks. Periodic checks are made by each station in full duplex communication, to ascertain if the other station is still participating or if any third station has become active. In either case, stations in the auto-configuration mode revert to token ring mode automatically. In a variant form of the invention, stations can operate in a fixed full duplex mode, in which the detection of tokens or third stations are merely reported and do not necessarily result in reversion to the token ring mode.

公开(公告)号：US5305306A

公开(公告)日：1994-04-19

申请号：US23741

申请日：1993-02-25

申请人： Barry A. Spinney ,  Henry S. Yang ,  William R. Hawe

发明人： Barry A. Spinney ,  Henry S. Yang ,  William R. Hawe

IPC分类号： H04L5/14 ,  H04L12/433 ,  H04J3/02 ,  H04L12/42

CPC分类号： H04L12/433 ,  H04L5/1423

摘要： A technique for establishing and maintaining full duplex communication between two stations connected to a token ring network, without physically reconfiguring the station connections or otherwise disturbing the network. In an auto-configuration full duplex mode of operation, each station ascertains whether there are only two active stations on the network and, if so, performs an exchange of frames with the other station to establish full duplex communication. One way to ascertain whether only two stations are active is for each station to transmit periodically a neighbor information frame, which contains the identities of the source station and the source station's nearest upstream neighbor. Once established, full duplex communication can proceed at a greater bandwidth than communication in a token ring network, and without latency delays and distance limitations associated with token ring networks. Periodic checks are made by each station in full duplex communication, to ascertain if the other station is still participating or if any third station has become active. In either case, stations in the auto-configuration mode revert to token ring mode automatically. In a variant form of the invention, stations can operate in a fixed full duplex mode, in which the detection of tokens or third stations are merely reported and do not necessarily result in reversion to the token ring mode.

摘要翻译： 一种用于在连接到令牌环网络的两个站之间建立和维持全双工通信的技术，而无需物理地重新配置站点连接或以其他方式干扰网络。 在自动配置全双工操作模式下，每个站确定网络上是否只有两个活动站，如果是，则与其他站执行帧建立全双工通信。 确定只有两个站是活动的一种方式是每个站周期性地发送包含源站和源站最近的上游邻居的标识的邻居信息帧。 一旦建立，全双工通信可以以比令牌环网络中的通信更大的带宽进行，并且没有与令牌环网络相关联的延迟延迟和距离限制。 每个台站进行全双工通信进行定期检查，以确定其他站是否仍在参与，或者任何第三站是否已经活动。 在任一情况下，自动配置模式下的站自动恢复为令牌振铃模式。 在本发明的变型形式中，站可以以固定的全双工模式操作，其中仅报告令牌或第三站的检测，并且不一定导致向令牌环模式的逆转。

公开(公告)号：US5963556A

公开(公告)日：1999-10-05

申请号：US731905

申请日：1996-10-22

申请人： George Varghese ,  John Bassett ,  Robert Eugene Thomas ,  Peter Higginson ,  Graham Cobb ,  Barry A. Spinney ,  Robert Simcoe

发明人： George Varghese ,  John Bassett ,  Robert Eugene Thomas ,  Peter Higginson ,  Graham Cobb ,  Barry A. Spinney ,  Robert Simcoe

IPC分类号： H04L12/18 ,  H04L12/46 ,  H04J3/02

CPC分类号： H04L12/467 ,  H04L12/18 ,  H04L12/462 ,  H04L12/4625

摘要： A network device for interconnecting computer networks, the device including a bridge having a plurality of ports through which network communications pass to and from the bridge, the bridge also including a first interface enabling a user to partition the plurality of bridge ports into a plurality of groups, wherein each group represents a different virtual network, wherein the bridge treats all ports within a given group as part of the virtual network corresponding to that group and the bridge isolates said virtual networks from each other, whereby any communications received at a first port of the bridge are directly sent by the bridge to another bridge port only if the other bridge port and the first bridge port are part of the same group.

摘要翻译： 一种用于互连计算机网络的网络设备，所述设备包括具有多个端口的桥接器，所述网桥通过所述多个端口传递到所述桥接器，所述桥接器还包括使得用户能够将所述多个桥接端口划分成多个 组，其中每个组表示不同的虚拟网络，其中所述桥将给定组内的所有端口视为与所述组对应的所述虚拟网络的一部分，并且所述桥将所述虚拟网络彼此隔离，由此在第一端口处接收到的任何通信 的桥接器直接由桥接器发送到另一个桥接端口，只有当另一个桥接端口和第一个桥接端口是同一个组的一部分时。

公开(公告)号：US06714553B1

公开(公告)日：2004-03-30

申请号：US09060575

申请日：1998-04-15

申请人： Nigel T. Poole ,  Joseph H. Brown, IV ,  Scott William Nolan ,  Barry A. Spinney ,  Richard L. Szmauz

发明人： Nigel T. Poole ,  Joseph H. Brown, IV ,  Scott William Nolan ,  Barry A. Spinney ,  Richard L. Szmauz

IPC分类号： H04L1228

CPC分类号： H04L47/527 ,  H04L12/4625 ,  H04L41/5022 ,  H04L47/50 ,  H04L47/525 ,  H04L47/568 ,  H04L47/6225 ,  H04L47/623 ,  H04L49/3018 ,  H04L49/351 ,  H04L49/354 ,  H04L49/602 ,  H04L49/90 ,  H04L49/901 ,  H04L49/9021 ,  H04L49/9057 ,  H04L49/9094

摘要： A process and system for flexibly switching connections of data packet flows between nodes of data processing system networks by dividing data packets into cells and logically linking these cells on multiple queues of linked pointer lists.

摘要翻译： 一种用于通过将数据分组划分成单元格并在链接的指针列表的多个队列上逻辑地链接这些单元来灵活地切换数据处理系统网络的节点之间的数据分组流的连接的过程和系统。

公开(公告)号：US06430184B1

公开(公告)日：2002-08-06

申请号：US09058597

申请日：1998-04-10

申请人： Cary B. Robins ,  Krishna Narayanaswamy ,  Theodore L. Ross ,  Barry A. Spinney

发明人： Cary B. Robins ,  Krishna Narayanaswamy ,  Theodore L. Ross ,  Barry A. Spinney

IPC分类号： H04L1228

CPC分类号： H04L45/745 ,  H04L12/5601 ,  H04L49/351 ,  H04L49/354 ,  H04L49/40 ,  H04L49/602

摘要： A process and system for switching connections of data packet flows between nodes of data processing system networks operating on diverse protocols according to the application layer information on the data packets. The process retrieves and hashes the header information to from an index into memory where a flow tag pointer is stored. The flow tag points to flow switching information that directs the forwarding of the packet. The switching information is sent along with the packet data to direct the forwarding state information about the flow is updated in the flow switching information. The hash function includes a multiplication and division by polynomials forming a hash result and a signature result. Both hash and signature are used to ensure that the information retrieved is valid. If invalid, The pre hashed header information is parsed to determine the forwarding information. This forwarding information is stored for later use and the appropriate flow tag pointer is stored in the hash result index.

摘要翻译： 一种用于根据数据分组上的应用层信息，在不同协议上操作的数据处理系统网络的节点之间切换数据分组流的连接的过程和系统。 该进程检索并将标题信息从索引记录到存储流标签指针的存储器中。 流标签指向引导数据包转发的流切换信息。 切换信息与分组数据一起被发送以指示在流切换信息中更新关于流的转发状态信息。 散列函数包括通过形成散列结果和签名结果的多项式的乘法和除法。 哈希和签名都用于确保检索的信息有效。 如果无效，则解析预散列头信息以确定转发信息。 该转发信息被存储供以后使用，并且适当的流标签指针被存储在散列结果索引中。

公开(公告)号：US5920900A

公开(公告)日：1999-07-06

申请号：US775091

申请日：1996-12-30

申请人： Nigel T. Poole ,  Barry A. Spinney

发明人： Nigel T. Poole ,  Barry A. Spinney

IPC分类号： G06F12/10 ,  G06F17/30 ,  H04L12/46 ,  H04L29/06

CPC分类号： G06F17/30949 ,  H04L12/46 ,  H04L29/06 ,  H04L45/745

摘要： A translation is performed by using a programmable hashing technique on an input number to generate a hashed number. A subset of the hashed number bits are used to index a first hash table. In first hash table locations where a hash collision does not occur, the first hash table entry contains an index into an output table which contains the desired translated output number. In first hash table locations where a hash collision occurs, the first hash table entry contains a pointer to a first resolution table area in a second hash table. The first resolution table area contains entries which are indexed by additional bits selected from the hashed number in accordance with a mask field in the first hash table location. If collisions occur in the resolution table a new resolution table is created and the process is repeated. The resolution process thus proceeds in stages until all input numbers have been translated.

摘要翻译： 通过在输入号码上使用可编程散列技术来执行翻译以产生散列数。 散列数位的子集用于索引第一个散列表。 在不发生哈希冲突的第一哈希表位置中，第一哈希表条目包含输出表中包含所需转换输出数的索引。 在发生哈希冲突的第一哈希表位置中，第一散列表条目包含指向第二散列表中的第一分辨率表区域的指针。 第一分辨率表区域包含根据第一散列表位置中的掩码字段从由散列数选择的附加位索引的条目。 如果在分辨率表中发生冲突，则创建一个新的分辨率表，并重复该过程。 因此，分辨率过程分阶段进行，直到所有输入数字已经被翻译。

公开(公告)号：US06560236B1

公开(公告)日：2003-05-06

申请号：US09411773

申请日：1999-10-04

申请人： George Varghese ,  John Bassett ,  Robert Eugene Thomas ,  Peter Higginson ,  Graham Cobb ,  Barry A. Spinney ,  Robert Simcoe

发明人： George Varghese ,  John Bassett ,  Robert Eugene Thomas ,  Peter Higginson ,  Graham Cobb ,  Barry A. Spinney ,  Robert Simcoe

IPC分类号： H04L1228

CPC分类号： H04L12/467 ,  H04L12/18 ,  H04L12/462 ,  H04L12/4625

摘要： A network device for interconnecting computer networks, the device including a bridge having a plurality of ports through which network communications pass to and from the bridge, the bridge also including a first interface enabling a user to partition the plurality of bridge ports into a plurality of groups, wherein each group represents a different virtual network, wherein the bridge treats all ports within a given group as part of the virtual network corresponding to that group and the bridge isolates the virtual networks from each other, whereby any communications received at a first port of the bridge are directly sent by the bridge to another bridge port only if the other bridge port and the first bridge port are part of the same group.

摘要翻译： 一种用于互连计算机网络的网络设备，所述设备包括具有多个端口的桥接器，所述网桥通过所述多个端口传递到所述桥接器，所述桥接器还包括使得用户能够将所述多个桥接端口划分成多个 组，其中每个组表示不同的虚拟网络，其中所述桥将给定组内的所有端口视为与所述组对应的所述虚拟网络的一部分，并且所述桥将所述虚拟网络彼此隔离，由此在第一端口处接收到的任何通信 的桥接器直接由桥接器发送到另一个桥接端口，只有当另一个桥接端口和第一个桥接端口是同一个组的一部分时。