公开(公告)号：US07814318B1

公开(公告)日：2010-10-12

申请号：US11237478

申请日：2005-09-27

申请人： Radia J. Perlman ,  Donald D. Crouse

发明人： Radia J. Perlman ,  Donald D. Crouse

IPC分类号： H04L9/32

CPC分类号： G06F21/6209

摘要： One embodiment of the present invention relates to a system for managing files which facilitates making the files permanently unreadable. During operation, the system maintains file-class keys at a file manager, wherein the file-class keys are associated with different classes of files. If a file belongs to a class of files, the system ensures that whenever the file is stored or updated in non-volatile storage that the file is encrypted with an associated key-manager-file-class key for the class of files. The system makes an entire class of files permanently unreadable by causing an associated key-manager-file-class key, which can be used to decrypt the class of files, to become permanently unreadable.

摘要翻译： 本发明的一个实施例涉及一种用于管理文件的系统，其有助于使文件永久地不可读。 在操作期间，系统在文件管理器中维护文件类密钥，其中文件类密钥与不同类别的文件相关联。 如果一个文件属于一类文件，则系统会确保每当文件在非易失性存储器中存储或更新时，文件都会使用文件类的关联密钥管理器文件类密钥进行加密。 该系统使整个类别的文件永久地不可读，通过使用可用于解密文件类的关联密钥管理器文件类密钥变得永久不可读。

公开(公告)号：US20100329460A1

公开(公告)日：2010-12-30

申请号：US12494486

申请日：2009-06-30

申请人： Radia J. Perlman

发明人： Radia J. Perlman

IPC分类号： H04L9/00 ,  H04L9/06 ,  G06F21/00

CPC分类号： G06F21/62 ,  G06F21/556 ,  G06F21/606 ,  G06F2221/2107 ,  H04L9/0825 ,  H04L9/0841 ,  H04L9/3236 ,  H04L2209/04 ,  H04L2209/56 ,  H04L2209/60 ,  H04L2209/80

摘要： Some embodiments provide a system to assure enhanced security, e.g., by assuring that information is not revealed over a covert channel. All communications between a source system and a destination system may pass through an intermediate system. In some embodiments, the intermediate system may perform an additional level of blinding to ensure that the source system does not covertly reveal information to the destination system. In some embodiments, the intermediate system may request the source system to perform a modification operation, and then check if the source system performed the modification operation. Examples of the modification operation include a blinding operation and a cryptographic hashing operation.

摘要翻译： 一些实施例提供了一种系统，以确保增强的安全性，例如通过确保在隐蔽通道上不显示信息。 源系统和目的地系统之间的所有通信可以通过中间系统。 在一些实施例中，中间系统可以执行额外的盲目级别，以确保源系统不隐蔽地向目的地系统显露信息。 在一些实施例中，中间系统可以请求源系统执行修改操作，然后检查源系统是否执行修改操作。 修改操作的示例包括盲目操作和密码散列操作。

公开(公告)号：US07596696B1

公开(公告)日：2009-09-29

申请号：US11214958

申请日：2005-08-29

申请人： Radia J. Perlman

发明人： Radia J. Perlman

IPC分类号： H04L9/00

CPC分类号： H04L9/083 ,  H04L9/0897

摘要： One embodiment of the present invention provides a system that facilitates making the files permanently unreadable. During operation, the system encrypts a file with a key K at a file manager and then stores the encrypted file in non-volatile storage. Next, the system stores the key K in a key database located in volatile storage at the file manager. The system then encrypts the key database, and stores the encrypted key database in non-volatile storage. Additionally, a key that can be used to decrypt the encrypted key database is maintained by a key manager, and is not maintained in non-volatile form by the file manager. In this way, if the file manager crashes, losing the contents of its volatile storage, the file manager must interact with the key manager to decrypt the encrypted key database.

摘要翻译： 本发明的一个实施例提供了一种有助于使文件永久不可读的系统。 在操作过程中，系统在文件管理器中用密钥K加密文件，然后将加密的文件存储在非易失性存储器中。 接下来，系统将密钥K存储在位于文件管理器的易失性存储器中的密钥数据库中。 然后系统对密钥数据库进行加密，并将加密的密钥数据库存储在非易失性存储器中。 此外，可以用于解密加密密钥数据库的密钥由密钥管理器维护，并且文件管理器不保持非易失性形式。 这样，如果文件管理器崩溃，丢失其易失性存储器的内容，则文件管理器必须与密钥管理器进行交互以对加密的密钥数据库进行解密。

公开(公告)号：US07409545B2

公开(公告)日：2008-08-05

申请号：US10665386

申请日：2003-09-18

申请人： Radia J. Perlman

发明人： Radia J. Perlman

IPC分类号： H04L9/00

CPC分类号： H04L63/0428 ,  H04L9/002 ,  H04L9/088 ,  H04L9/3013 ,  H04L9/302 ,  H04L63/068 ,  H04L2209/04 ,  H04L2209/42

摘要： A method and system is disclosed for utilizing an ephemeral encryption or decryption agent so as to preclude access by the ephemeral encryption agent or decryption agent, respectively, to the information being ephemerally encrypted or decrypted. To preclude access by the ephemeral encryption agent, a blinding function is applied to the information prior to forwarding such information to the encryption agent for encryption. To preclude access to the information by the ephemeral decryption agent, a blinding function is applied to the encrypted information prior to forwarding the encrypted information to the decryption agent for decryption. Once the information has been returned, the information is unblinded, leaving an encrypted or decrypted message respectively.

摘要翻译： 公开了一种用于利用临时加密或解密代理的方法和系统，以便分别防止临时加密代理或解密代理人对被短时加密或解密的信息进行访问。 为了排除临时加密代理的访问，在将这些信息转发到加密代理进行加密之前，将盲目的功能应用于信息。 为了防止临时解密代理访问信息，在将加密信息转发到解密代理进行解密之前，将加密信息应用于加密信息。 一旦信息被返回，信息就被解除隐藏，分别留下加密或解密的消息。

公开(公告)号：US07178021B1

公开(公告)日：2007-02-13

申请号：US09517410

申请日：2000-03-02

申请人： Stephen R. Hanna ,  Radia J. Perlman

发明人： Stephen R. Hanna ,  Radia J. Perlman

IPC分类号： G06F17/30

CPC分类号： G06F21/6209 ,  G06F2221/2107 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0833 ,  H04L9/0894 ,  H04L9/321

摘要： A method and apparatus for utilizing a non-secure file server for storing and sharing data securely only among clients and groups authorized to read and modify the data. A first client that desires to store data on the file server encrypts the data with a first encryption key having an associated first decryption key. The client encrypts the first decryption key with a second encryption key having an associated second decryption key known to the first client. Additionally, the first decryption key is encrypted with respective encryption keys of other clients or groups intended to have access to the data stored on the file server and the clients and groups retain their respective decryption keys. All of the encrypted first decryption keys are stored within an access control list in association with the encrypted data on the non-secure file server. In response to an indication that the data should be transmitted to one of the clients, the file server returns to the client the encrypted data along with at least the applicable encrypted first decryption key for the respective client. The client is able to decrypt the first decryption key and decrypt the data using the unencrypted first decryption key. The data may then be modified and securely stored on the file server as described above. The first decryption key may also be encrypted with a second encryption key having a second decryption key known to members of a group or a group server. The first encryption key encrypted with the group second encryption key is stored in the access control list so that group members can obtain access to the encrypted data stored on the file server.

摘要翻译： 一种利用非安全文件服务器的方法和装置，用于仅在授权读取和修改数据的客户端和组之间安全地存储和共享数据。 希望在文件服务器上存储数据的第一客户端使用具有关联的第一解密密钥的第一加密密钥加密数据。 客户端用具有第一客户端已知的相关联的第二解密密钥的第二加密密钥来加密第一解密密钥。 此外，第一解密密钥用其他客户端或组的相应加密密钥进行加密，这些客户端或组旨在访问存储在文件服务器上的数据，并且客户端和组保留其各自的解密密钥。 所有加密的第一解密密钥与非安全文件服务器上的加密数据相关联地存储在访问控制列表内。 响应于将数据发送到客户端之一的指示，文件服务器返回客户端加密数据以及相应客户端的至少可应用的加密的第一解密密钥。 客户端能够解密第一解密密钥并使用未加密的第一解密密钥解密数据。 然后可以如上所述将数据修改并安全地存储在文件服务器上。 第一解密密钥也可以用具有组或组服务器的成员已知的第二解密密钥的第二加密密钥来加密。 利用组第二加密密钥加密的第一加密密钥存储在访问控制列表中，使得组成员可以获得对存储在文件服务器上的加密数据的访问。

公开(公告)号：US06996712B1

公开(公告)日：2006-02-07

申请号：US09632557

申请日：2000-08-04

申请人： Radia J. Perlman ,  Stephen R. Hanna

发明人： Radia J. Perlman ,  Stephen R. Hanna

IPC分类号： H04L9/18

CPC分类号： H04L9/3247

摘要： A data authentication system that at the sender produces for a plurality of data packets a plurality of “integrity checks” by selecting an integrity function from a family or set of integrity functions, selecting a number of bytes from a given packet and manipulating the bytes in accordance with the selected integrity function to produce the integrity check. The system then selects corresponding bytes or bytes that are offset from the corresponding bytes from a next packet and produces a next associated integrity check using the same or another selected integrity check function, and so forth. The system encrypts the integrity checks associated with the plurality of data packets using, for example, a shared secret key, and produces an integrity block. The system then sends the encrypted integrity block and the data packets to the intended recipients. A recipient decrypts the integrity block using the shared secret key and reproduces the integrity checks. It then uses the integrity checks to authenticate the associated data packets by manipulating selected data bytes in accordance with selected integrity check functions. The recipient thus authenticates a plurality of data packets by performing a single decryption operation and a plurality of relatively fast integrity check operations using a selection of integrity check functions that are unknown to an interloper. The sender may also include in a transmission one or more extraneous, or “chaff,” data packets, which are data packets that intentionally fail the associated integrity checks. The sender may, for example, include in a transmission multiple sets of packets with the same sequence numbers. The recipient readily determines which of the packets with the same sequence numbers are valid using the appropriate integrity check. However, an interloper who cannot decipher the encrypted integrity block cannot as easily determine which of the packets are valid, and thus, cannot determine which packets to alter and/or how to alter these packets without detection by the integrity checks.

公开(公告)号：US06898187B2

公开(公告)日：2005-05-24

申请号：US09726378

申请日：2000-11-30

申请人： Radia J. Perlman ,  Eric A. Guttman

发明人： Radia J. Perlman ,  Eric A. Guttman

IPC分类号： H04L12/56 ,  H04J1/16

CPC分类号： H04L45/02 ,  H04L29/12264 ,  H04L45/44 ,  H04L61/2046

摘要： To ensure uniqueness of a router identifier in routing protocol messages (RPMs), a router determines whether an identifier IDR in received RPMs is the same as an identifier IDS in RPMs originated by the router. For RPMs having the same identifier, sequence information such as a sequence number is compared with sequence information in the RPM most recently originated by the router, the comparison indicating whether the received RPM appears to have been originated more recently. The rate at which such RPMs are being received is monitored. If the rate is above a predetermined threshold rate, the router infers that another router is using the same identifier, and selects a different identifier for subsequent use. The sequence information preferably includes a checksum calculated over contents of the message including a random number, to ensure proper flooding of each message to other routers that may be using a duplicate identifier.

摘要翻译： 为了确保路由器标识符在路由协议消息（RPM）中的唯一性，路由器确定接收的RPM中的标识符ID _{R 是否与RPM中的标识符ID S 相同 由路由器发起。 对于具有相同标识符的RPM，将诸如序列号的序列信息与路由器最近发起的RPM中的序列信息进行比较，该比较指示接收的RPM是否最近似乎已经发起。 监视这些RPM的接收速率。 如果速率高于预定阈值速率，则路由器推断另一个路由器正在使用相同的标识符，并选择不同的标识符供后续使用。 序列信息优选地包括通过包括随机数的消息的内容计算的校验和，以确保每个消息适当地泛滥到可能使用重复标识符的其他路由器。}

公开(公告)号：US06757843B1

公开(公告)日：2004-06-29

申请号：US09698490

申请日：2000-10-26

申请人： Joseph Wesley ,  Stephen A. Hurst ,  Miriam C. Kadansky ,  Stephen R. Hanna ,  Philip M. Rosenzweig ,  Dah Ming Chiu ,  Radia J. Perlman

发明人： Joseph Wesley ,  Stephen A. Hurst ,  Miriam C. Kadansky ,  Stephen R. Hanna ,  Philip M. Rosenzweig ,  Dah Ming Chiu ,  Radia J. Perlman

IPC分类号： G06F1100

CPC分类号： H04L45/46 ,  H04L12/185 ,  H04L12/1863 ,  H04L45/04 ,  H04L45/16

摘要： An embodiment consistent with the present invention includes a method and apparatus for forming a multicast repair tree. The methods perform by a data processor and comprises the steps of determining, for each of a plurality of potential heads in a multicast group, a ranking value associated with the potential head; advertising, by the potential heads to a plurality of potential receivers; prioritizing, by a potential receiver, the ranking values from the potential heads; and binding, by a potential receiver to the head having the highest ranking value, thereby forming a group of which the potential receiver,is a member and the potential head is the head. The ranking values may include “able”, “unable”, “willing”, and “reluctant.” The ranking value of a potential head determines in accordance with a static or a dynamic configuration. Ranking values determine dynamically based on ranges of system resource levels such as memory and available processor resources.

摘要翻译： 与本发明一致的实施例包括用于形成多播修复树的方法和装置。 所述方法由数据处理器执行并且包括以下步骤：针对多播组中的多个潜在头中的每一者，确定与所述潜在头相关联的排序值; 广告，潜在的头到多个潜在的接收者; 由潜在的接收者优先考虑来自潜在负责人的排名值; 并且由潜在的接收器绑定到具有最高排名的头部，由此形成潜在的接收者是一个成员并且潜在的头部是头部的一组。 排名值可能包括“能力”，“不能”，“愿意”和“不情愿”。 潜在头的排名值根据静态或动态配置来确定。 排名值基于诸如存储器和可用处理器资源的系统资源级别的范围动态地确定。

公开(公告)号：US06526055B1

公开(公告)日：2003-02-25

申请号：US09175552

申请日：1998-10-20

申请人： Radia J. Perlman ,  Dah Ming Chiu

发明人： Radia J. Perlman ,  Dah Ming Chiu

IPC分类号： H04L1228

CPC分类号： H04L61/00 ,  H04L29/12009 ,  H04L45/742 ,  H04L45/7457

摘要： A method and apparatus that constructs a “router database” and then uses the database to determine a longest match between a piece of target data, such as an address in a packet to be routed, and the database. The database contains a comparison table having a plurality of entries. In a first embodiment, each entry has up to k values, where 2

摘要翻译： 构建“路由器数据库”的方法和装置，然后使用该数据库来确定一条目标数据（例如要路由的分组中的地址）与数据库之间的最长匹配。 数据库包含具有多个条目的比较表。 在第一实施例中，每个条目具有至多k个值，其中2 <= k <= N，其中N是数据库中的比较值的数量。 在第二实施例中，每个条目具有至多k-1个值。 在操作期间，加载比较表条目中的各种条目，并将其与地址进行比较，以确定路由器数据库中最长的匹配前缀。 比较可以并行进行。

公开(公告)号：US06275859B1

公开(公告)日：2001-08-14

申请号：US09429192

申请日：1999-10-28

申请人： Joseph S. Wesley ,  Dah Ming Chiu ,  Miriam C. Kadansky ,  Stephen A. Hurst ,  Radia J. Perlman ,  Joseph E. Provino ,  Philip M. Rosenzweig

发明人： Joseph S. Wesley ,  Dah Ming Chiu ,  Miriam C. Kadansky ,  Stephen A. Hurst ,  Radia J. Perlman ,  Joseph E. Provino ,  Philip M. Rosenzweig

IPC分类号： G06F1516

CPC分类号： H04L12/1877 ,  G06F15/16 ,  H04L9/321 ,  H04L9/3263 ,  H04L12/185 ,  H04L63/0823 ,  H04L63/104

摘要： To authenticate and authorize prospective members in a reliable multicast data distribution setup, the prospective members contact a central authority to obtain a “participation certificate” for the multicast session. The central authority authenticates each node and issues a digitally signed certificate to the node. Each certificate contains information specifying the manner in which the respective node is authorized to participate in the multicast session in addition to the respective node's public key. The nodes exchange their participation certificates with each other during session-establishment dialog to prove their identities and their authorization to participate. Each node verifies the rights of other nodes based on authorization information contained in the participation certificate received from the other node. Thus, a node is allowed to participate as a repair node only if it presents a participation certificate authorizing it to do so. Disruption in network operation is avoided by reducing the ability of malicious nodes to consume resources to the detriment of legitimate session members.

摘要翻译： 为了对可靠的组播数据分发设置中的潜在成员进行身份验证和授权，预期成员联系中央机构获取组播会话的“参与证书”。 中央机构对每个节点进行身份验证，并向节点发出数字签名的证书。 除了相应的节点的公共密钥之外，每个证书包含指定相应节点被授权参与多播会话的方式的信息。 节点在会话建立对话期间将他们的参与证书交给对方，以证明其身份和授权参与。 每个节点根据从其他节点接收到的参与证书中包含的授权信息来验证其他节点的权限。 因此，只有当一个节点呈现授权它的参与证书才可以作为修复节点参与。 通过降低恶意节点消耗资源的能力来避免网络运行中断，从而损害合法的会话成员。