公开(公告)号：US20060227787A1

公开(公告)日：2006-10-12

申请号：US11133039

申请日：2005-05-18

申请人： Peter Furlong ,  Daniel O'Keeffe ,  Eoghan Stack ,  Kevin Loughran

发明人： Peter Furlong ,  Daniel O'Keeffe ,  Eoghan Stack ,  Kevin Loughran

IPC分类号： H04L1/00

CPC分类号： H04L63/1408 ,  H04L63/166

摘要： A method of detecting signatures in message segments comprises employing a state machine for the detection of character strings in the message segments. The state machine executes for each input character a transition determined by a current state of the machine and a current input character. The message segments conform to TCP or other ordering transport protocol. The order of arrival of the message segments is monitored. In the event that an intermediate message segment is missing between a processed segment and an immediately subsequent message segment, the current state of said state machine at the end of the said processed segment is stored. The machine is restarted from its null or datum state for the examination of the immediately subsequent message segment, which is then temporarily stored. When the missing segment eventually arrives, it and the stored segment are successively examined for signatures by means of the state machine, beginning at the stored state. The invention allows for examination of overlapping signatures without requiring re-assembly of the segments or substantial buffering.

摘要翻译： 检测消息段中的签名的方法包括采用状态机来检测消息段中的字符串。 状态机对于每个输入字符执行由机器的当前状态和当前输入字符确定的转变。 消息段符合TCP或其他排序传输协议。 监视消息段的到达顺序。 在经处理​​段和紧随其后的消息段之间缺少中间消息段的情况下，存储所述处理段的末尾处的所述状态机的当前状态。 机器从其零或基准状态重新开始，以便检查紧随其后的消息段，然后临时存储。 当丢失段最终到达时，从存储状态开始，通过状态机连续检查存储的段和签名。 本发明允许检查重叠签名，而不需要重新组装段或基本缓冲。

公开(公告)号：US07957390B2

公开(公告)日：2011-06-07

申请号：US11133039

申请日：2005-05-18

申请人： Peter Furlong ,  Daniel Martin O'Keeffe ,  Eoghan Stack ,  Kevin Loughran

发明人： Peter Furlong ,  Daniel Martin O'Keeffe ,  Eoghan Stack ,  Kevin Loughran

IPC分类号： H04L12/28 ,  G06F11/00

CPC分类号： H04L63/1408 ,  H04L63/166

摘要： A method of detecting signatures in message segments comprises employing a state machine for the detection of character strings in the message segments. The state machine executes for each input character a transition determined by a current state of the machine and a current input character. The message segments conform to TCP or other ordering transport protocol. The order of arrival of the message segments is monitored. In the event that an intermediate message segment is missing between a processed segment and an immediately subsequent message segment, the current state of said state machine at the end of the said processed segment is stored. The machine is restarted from its null or datum state for the examination of the immediately subsequent message segment, which is then temporarily stored. When the missing segment eventually arrives, it and the stored segment are successively examined for signatures by means of the state machine, beginning at the stored state. The invention allows for examination of overlapping signatures without requiring re-assembly of the segments or substantial buffering.

摘要翻译： 检测消息段中的签名的方法包括采用状态机来检测消息段中的字符串。 状态机对于每个输入字符执行由机器的当前状态和当前输入字符确定的转变。 消息段符合TCP或其他排序传输协议。 监视消息段的到达顺序。 在经处理​​段和紧随其后的消息段之间缺少中间消息段的情况下，存储所述处理段的末尾处的所述状态机的当前状态。 机器从其零或基准状态重新开始，以便检查紧随其后的消息段，然后临时存储。 当丢失段最终到达时，从存储状态开始，通过状态机连续检查存储的段和签名。 本发明允许检查重叠签名，而不需要重新组装段或基本缓冲。

公开(公告)号：US07818564B2

公开(公告)日：2010-10-19

申请号：US11121231

申请日：2005-05-03

申请人： Kevin Loughran ,  Eoghan Stack ,  Peter Furlong ,  David John Law

发明人： Kevin Loughran ,  Eoghan Stack ,  Peter Furlong ,  David John Law

IPC分类号： H04L29/06

CPC分类号： H04L63/0485 ,  H04L63/164

摘要： The deciphering of fragmented enciphered IP packets is performed without requiring reassembly of the fragments. fragmented packets. When a first frame is deciphered a characteristic poly-tuple is saved against the state of the cipher, particularly an output vector. When the next frame comes in, the cipher would continue on from that previously saved state after a look-up of the poly-tuple. Each frame would then be sent on, deciphered, but still representing a fragment of the original packet. The poly-tuple employed for the look-up includes the identity and protocol fields from the IP header and at least one of the source IP address and the destination IP address. The deciphering process may commence with the combination of input data with an initializing vector and proceed by combining input data with a vector fed back from the output of the deciphering engine. The saved cipher state is employed as the initializing vector for the next frame.

摘要翻译： 在不需要重新组装片段的情况下执行分段加密的IP分组的解密。 碎片包 当第一帧被解密时，针对密码的状态，特别是输出向量，保存特征多元组。 当下一帧进入时，在多元组的查找之后，密码将从先前保存的状态继续。 然后，每个帧将被发送，解密，但仍然表示原始分组的片段。 用于查找的多元组包括来自IP头部的标识和协议字段以及源IP地址和目的地IP地址中的至少一个。 解密过程可以以输入数据与初始化矢量的组合开始，并且通过将输入数据与从解密引擎的输出反馈的向量组合来进行。 采用保存的密码状态作为下一帧的初始化向量。

公开(公告)号：US20060218390A1

公开(公告)日：2006-09-28

申请号：US11121231

申请日：2005-05-03

申请人： Kevin Loughran ,  Eoghan Stack ,  Peter Furlong ,  David Law

发明人： Kevin Loughran ,  Eoghan Stack ,  Peter Furlong ,  David Law

IPC分类号： H04L9/00

CPC分类号： H04L63/0485 ,  H04L63/164

摘要： The deciphering of fragmented enciphered IP packets is perfomed without requiring reassembly of the fragments fragmented packets. When a first frame is deciphered a characteristic poly-tuple is saved against the state of the cipher, particularly an output vector. When the next frame comes in, the cipher would continue on from that previously saved state after a look-up of the poly-tuple. Each frame would then be sent on, deciphered, but still representing a fragment of the original packet. The poly-tuple employed for the look-up includes the identity and protocol fields from the IP header and at least one of the source IP address and the destination IP address. The deciphering process may commence with the combination of input data with an initialising vector and proceed by combining input data with a vector fed back from the output of the deciphering engine. The saved cipher state is employed as the initialising vector for the next frame.

摘要翻译： 分片加密的IP分组的解密被完成，而不需要重新组合碎片分段的分组。 当第一帧被解密时，针对密码的状态，特别是输出向量，保存特征多元组。 当下一帧进入时，在多元组的查找之后，密码将从先前保存的状态继续。 然后，每个帧将被发送，解密，但仍然表示原始分组的片段。 用于查找的多元组包括来自IP头部的标识和协议字段以及源IP地址和目的地IP地址中的至少一个。 解密过程可以从输入数据与初始化向量的组合开始，并且通过将输入数据与从解密引擎的输出反馈的向量组合来进行。 采用保存的密码状态作为下一帧的初始化向量。

公开(公告)号：US06757279B1

公开(公告)日：2004-06-29

申请号：US09662159

申请日：2000-09-14

申请人： Peter Furlong ,  Daniel M O'Keeffe ,  Eoghan Stack ,  Neil J Clifford ,  Eoin O'Brien

发明人： Peter Furlong ,  Daniel M O'Keeffe ,  Eoghan Stack ,  Neil J Clifford ,  Eoin O'Brien

IPC分类号： H04L1250

CPC分类号： H04L45/02 ,  H04L12/4641 ,  H04L12/4645 ,  H04L45/583 ,  H04L49/351 ,  H04L49/354

摘要： In a stack of multi-port network communication units each unit has a forwarding database, the units are connected by way of a cascade, and at least some of the units are connected to links constituting a trunk. When a unicast data packet is received at a first of said units and the unicast data packet has a destination address which is not the subject of an entry in the forwarding database of the first unit, the unicast data packet is sent by way of the cascade to the other units in the stack, accompanied by a flag. When a second unit has in its forwarding database an entry, associating the destination address with forwarding data, it sends a management packet indicating said destination address and the identity of said second unit, so that the database of the first unit can be immediately updated.

摘要翻译： 在多端口网络通信单元的堆叠中，每个单元具有转发数据库，​​这些单元通过级联连接，并且至少一些单元连接到构成中继线的链路。 当在所述单元中的第一单元处接收到单播数据分组时，单播数据分组具有不是第一单元的转发数据库中的条目的主题的目的地地址时，单播数据分组通过级联发送 到堆栈中的其他单位，附有一个旗帜。 当第二单元在其转发数据库中具有将目的地地址与转发数据相关联的条目时，发送指示所述目的地地址和所述第二单元的身份的管理包，使得可以立即更新第一单元的数据库。

公开(公告)号：US20060167915A1

公开(公告)日：2006-07-27

申请号：US11064257

申请日：2005-02-22

申请人： Peter Furlong ,  Eoghan Stack ,  David Law ,  Hana Hailichova

发明人： Peter Furlong ,  Eoghan Stack ,  David Law ,  Hana Hailichova

IPC分类号： G06F17/00 ,  G06F7/00

CPC分类号： G06Q10/06

摘要： A deterministic finite state machine is operated to detect any one of a plurality of digital signatures each corresponding to a succession of characters and each defined by a sequence of states in the state machine. The machine is organized such that for each state after the first in any sequence there are not more than two allowed exit transitions of which one is to a default state. Input characters are examined to determine a transition from a current state of the machine to a next state. When the machine responds to an input character to perform a transition to the default state, the input character is reexamined to determine the next state of the state machine. The reduction in transitions saves considerable space in memory.

摘要翻译： 操作确定性有限状态机来检测多个数字签名中的每一个对应于一系列字符的数字签名，并且每个都由状态机中的状态序列定义。 机器被组织使得对于在任何顺序中的第一个之后的每个状态，不超过两个允许的退出转换，其中一个到默认状态。 检查输入字符以确定从机器的当前状态到下一状态的转换。 当机器响应输入字符以执行到默认状态的转换时，将重新检查输入字符以确定状态机的下一状态。 转换的减少节省了大量的内存空间。

公开(公告)号：US07672941B2

公开(公告)日：2010-03-02

申请号：US11064257

申请日：2005-02-22

申请人： Peter Furlong ,  Eoghan Stack ,  David John Law ,  Hana Hailichova

发明人： Peter Furlong ,  Eoghan Stack ,  David John Law ,  Hana Hailichova

IPC分类号： G06F17/30

CPC分类号： G06Q10/06

摘要： A deterministic finite state machine is operated to detect any one of a plurality of digital signatures each corresponding to a succession of characters and each defined by a sequence of states in the state machine. The machine is organized such that for each state after the first in any sequence there are not more than two allowed exit transitions of which one is to a default state. Input characters are examined to determine a transition from a current state of the machine to a next state. When the machine responds to an input character to perform a transition to the default state, the input character is re-examined to determine the next state of the state machine. The reduction in transitions saves considerable space in memory.

摘要翻译： 操作确定性有限状态机来检测多个数字签名中的每一个对应于一系列字符的数字签名，并且每个都由状态机中的状态序列定义。 机器被组织使得对于在任何顺序中的第一个之后的每个状态，不超过两个允许的退出转换，其中一个到默认状态。 检查输入字符以确定从机器的当前状态到下一状态的转换。 当机器响应输入字符以执行到默认状态的转换时，重新检查输入字符以确定状态机的下一状态。 转换的减少节省了大量的内存空间。

公开(公告)号：US20060085590A1

公开(公告)日：2006-04-20

申请号：US11014100

申请日：2004-12-15

申请人： Andrew Davy ,  Keith Robinson ,  Jerome Nolan ,  Eoghan Stack

发明人： Andrew Davy ,  Keith Robinson ,  Jerome Nolan ,  Eoghan Stack

IPC分类号： G06F12/00

CPC分类号： G11C15/00

摘要： A selected word is stored in a content addressable memory (CAM) by partitioning the word into at least two segments, the segments being individually lesser in width than the CAM but in aggregate greater than the width of the CAM. A first entry in the CAM comprises a predetermined prefix and a first of the segments and a second entry in the CAM comprises a second prefix, corresponding to the address of the first segment, and the second segment. A search key is similarly partitioned. In a first search cycle a first segment of the search key prefixed by the predetermined prefix is applied to the CAM and in the event of a matching entry a second segment of the search key, prefixed by a second prefix comprising an output address word identifying the matching entry, is applied to the CAM in a second search cycle.

摘要翻译： 所选择的单词通过将单词划分成至少两个段来存储在内容可寻址存储器（CAM）中，该区段的宽度单独地小于CAM，但是总体上大于CAM的宽度。 CAM中的第一条目包括预定的前缀和第一段，并且CAM中的第二条目包括对应于第一段的地址和第二段的第二前缀。 搜索键被类似地分割。 在第一搜索周期中，以预定前缀为前缀的搜索关键字的第一片段被应用于CAM，并且在匹配条目的情况下，搜索关键字的第二片段以第二前缀为前缀，包括标识 匹配条目在第二搜索周期中应用于CAM。