-
公开(公告)号:US20160315921A1
公开(公告)日:2016-10-27
申请号:US14992112
申请日:2016-01-11
发明人: Venkata Krishna Sashank Dara , Shwetha Subray Bhandari , Andrew Yourtchenko , Eric Vyncke , Frank Brockners
CPC分类号: H04L9/32 , H04L12/4633 , H04L41/0246 , H04L41/0853 , H04L41/0866 , H04L41/28 , H04L45/26 , H04L61/6059 , H04L63/06 , H04L63/12 , H04L63/1408 , H04L69/166 , H04L69/22
摘要: A system and methods are provided for verifying proof of transit of network traffic through a plurality of network nodes in a network. In one embodiment, each network node reads a first value and a second value from in-band metadata of packet, and generates, using a cryptographic key that is unique to each respective network node, an encryption result based on the first value. An updated second value is generated based on the second value read from the packet and the encryption result. Each network node writes the updated second value to the in-band metadata of the packet, and forwards the packet in the network. In another embodiment, a secret sharing scheme is employed by each network node computes a portion of verification information using a unique share of a secret and based on the packet specific information.
摘要翻译: 提供了一种用于验证通过网络中的多个网络节点的网络流量的过境证明的系统和方法。 在一个实施例中,每个网络节点从分组的带内元数据中读取第一值和第二值,并且使用每个相应网络节点唯一的密码密钥生成基于第一值的加密结果。 基于从分组读取的第二值和加密结果生成更新的第二值。 每个网络节点将更新的第二个值写入分组的带内元数据,并转发网络中的分组。 在另一个实施例中,每个网络节点使用秘密共享方案,使用秘密的唯一共享并基于分组特定信息来计算验证信息的一部分。
-
公开(公告)号:US10211987B2
公开(公告)日:2019-02-19
申请号:US14992114
申请日:2016-01-11
发明人: Venkata Krishna Sashank Dara , Shwetha Subray Bhandari , Andrew Yourtchenko , Eric Vyncke , Frank Brockners
摘要: A system and methods are provided herein for verifying proof of transit of traffic through a plurality of network nodes in a network. In one embodiment, a method is provided in which information is obtained about a packet at a network node in a network. The information includes in-band metadata. Verification information is read from the in-band metadata. The verification information for use in verifying a path of the packet in the network. Updated verification information is generated from the verification information read from the packet. The updated verification information is written to the in-band metadata of the packet, and the packet is forwarded from the network node in the network.
-
3.发明公开公开(公告)号:US20240364669A1
公开(公告)日:2024-10-31
申请号:US18139871
申请日:2023-04-26
发明人: William Mark Townsley , Edward Albert Warnicke , Jerome Tollet , Aloys Augustin , Andrew Yourtchenko , Giles Douglas Yorke Heron
IPC分类号: H04L9/40 , H04L45/24 , H04L45/745
CPC分类号: H04L63/0485 , H04L45/24 , H04L45/745
摘要: Techniques for routing Internet Protocol security (IPsec) data packets. An index is assigned to a Security Parameter Index (SPI) header of the IPsec data packet. The index includes information for routing the data packet to a particular Encapsulating Security Payload (ESP) processor. The data packet can be routed using techniques that are analogous to conventional routing protocols such as IPv4 routing protocol. This allows the data packet to be routed using less expensive routing protocols rather than relying solely on more expensive load balancing techniques to route the data packet. This also advantageously allows the data packet to be routed employing routing techniques developed over decades of routing protocol development.
-
公开(公告)号:US20160315850A1
公开(公告)日:2016-10-27
申请号:US14992109
申请日:2016-01-11
发明人: Venkata Krishna Sashank Dara , Shwetha Subray Bhandari , Andrew Yourtchenko , Eric Vyncke , Frank Brockners
IPC分类号: H04L12/721 , H04L29/06 , H04L12/24
CPC分类号: H04L9/32 , H04L12/4633 , H04L41/0246 , H04L41/0853 , H04L41/0866 , H04L41/28 , H04L45/26 , H04L61/6059 , H04L63/06 , H04L63/12 , H04L63/1408 , H04L69/166 , H04L69/22
摘要: A system and methods are provided for verifying proof of transit of network traffic through a plurality of network nodes in a network. Information is obtained about a packet at a network node in a network. The information may include in-band metadata of the packet. Verification information is read from in-band metadata of the packet. Updated verification information is generated from the verification information read from the packet and based on configuration information associated with the network node. The updated verification information is written back to the in-band metadata in the packet. The packet is forwarded from the network node in the network.
摘要翻译: 提供了一种用于验证通过网络中的多个网络节点的网络流量的过境证明的系统和方法。 获取关于网络中的网络节点上的分组的信息。 信息可以包括分组的带内元数据。 从分组的带内元数据中读取验证信息。 根据从分组读取的验证信息,并根据与网络节点相关联的配置信息生成更新的验证信息。 更新的验证信息被写回到分组中的带内元数据。 该分组从网络中的网络节点转发。
-
公开(公告)号:US10237068B2
公开(公告)日:2019-03-19
申请号:US14992109
申请日:2016-01-11
发明人: Venkata Krishna Sashank Dara , Shwetha Subray Bhandari , Andrew Yourtchenko , Eric Vyncke , Frank Brockners
摘要: A system and methods are provided for verifying proof of transit of network traffic through a plurality of network nodes in a network. Information is obtained about a packet at a network node in a network. The information may include in-band metadata of the packet. Verification information is read from in-band metadata of the packet. Updated verification information is generated from the verification information read from the packet and based on configuration information associated with the network node. The updated verification information is written back to the in-band metadata in the packet. The packet is forwarded from the network node in the network.
-
公开(公告)号:US10187209B2
公开(公告)日:2019-01-22
申请号:US14992112
申请日:2016-01-11
发明人: Venkata Krishna Sashank Dara , Shwetha Subray Bhandari , Andrew Yourtchenko , Eric Vyncke , Frank Brockners
摘要: A system and methods are provided for verifying proof of transit of network traffic through a plurality of network nodes in a network. In one embodiment, each network node reads a first value and a second value from in-band metadata of packet, and generates, using a cryptographic key that is unique to each respective network node, an encryption result based on the first value. An updated second value is generated based on the second value read from the packet and the encryption result. Each network node writes the updated second value to the in-band metadata of the packet, and forwards the packet in the network. In another embodiment, a secret sharing scheme is employed by each network node computes a portion of verification information using a unique share of a secret and based on the packet specific information.
-
7.发明申请TRANSPORT MECHANISM FOR CARRYING IN-BAND METADATA FOR NETWORK PATH PROOF OF TRANSIT 审中-公开用于运输带内元数据的运输机制用于网络路径传递证明公开(公告)号:US20160315819A1
公开(公告)日:2016-10-27
申请号:US14992114
申请日:2016-01-11
发明人: Venkata Krishna Sashank Dara , Shwetha Subray Bhandari , Andrew Yourtchenko , Eric Vyncke , Frank Brockners
CPC分类号: H04L9/32 , H04L12/4633 , H04L41/0246 , H04L41/0853 , H04L41/0866 , H04L41/28 , H04L45/26 , H04L61/6059 , H04L63/06 , H04L63/12 , H04L63/1408 , H04L69/166 , H04L69/22
摘要: A system and methods are provided herein for verifying proof of transit of traffic through a plurality of network nodes in a network. In one embodiment, a method is provided in which information is obtained about a packet at a network node in a network. The information includes in-band metadata. Verification information is read from the in-band metadata. The verification information for use in verifying a path of the packet in the network. Updated verification information is generated from the verification information read from the packet. The updated verification information is written to the in-band metadata of the packet, and the packet is forwarded from the network node in the network.
摘要翻译: 本文提供的系统和方法用于验证通过网络中的多个网络节点的业务的传输证明。 在一个实施例中,提供了一种方法,其中获得关于网络中网络节点处的分组的信息。 该信息包括带内元数据。 从带内元数据中读取验证信息。 用于验证网络中分组路径的验证信息。 根据从数据包读取的验证信息生成更新的验证信息。 将更新的验证信息写入分组的带内元数据,并且从网络中的网络节点转发分组。
-
-
-
-
-
-
搜索结果
7 条记录 (耗时 0.017 秒)
