-
公开(公告)号:US5956335A
公开(公告)日:1999-09-21
申请号:US151438
申请日:1993-11-12
CPC分类号: H04L45/742 , H04L12/1836 , H04L12/46 , H04L2212/00
摘要: A method for connecting a first communication system with a third communications system, by passing through a second communications system, is disclosed. A first frame is received from the first communications system, where the first frame has a multicast address as a destination address. The multicast address requires the frame to be transmitted onto the second multicast address is translated into a functional address. The functional address is written into a second frame, and the second frame is transmitted onto the second communications system. A station receiving the second frame translates the functional address into a multicast address and writes the multicast address into the destination address field of a third frame, and transmits the third frame onto the third communications system.
摘要翻译: 公开了一种通过通过第二通信系统连接第一通信系统与第三通信系统的方法。 从第一通信系统接收第一帧,其中第一帧具有多播地址作为目的地址。 组播地址要求将帧传送到第二个组播地址,转换为功能地址。 功能地址被写入第二帧,第二帧被发送到第二通信系统。 接收第二帧的站将功能地址转换成多播地址,并将组播地址写入第三帧的目的地址字段,并将第三帧发送到第三通信系统。
-
公开(公告)号:US5428615A
公开(公告)日:1995-06-27
申请号:US278686
申请日:1994-07-21
CPC分类号: H04L45/742 , H04L12/1836 , H04L12/46 , H04L2212/00
摘要: A connection apparatus for connecting a first communication system with a second communication system and a third communication system. A first frame is received from the first communication system, where the first frame has a multicast address as a destination address, and where the destination address requires the first frame to be transmitted onto the second communication system. The multicast address is translated into a functional address, and the functional address is written into a second frame transmitted onto the second communication system. The second frame is received and is transmitted onto a third communication system, and the functional address is translated into a multicast address for the third communication system, and the multicast address is written into a destination field of the frame as it is transmitted onto the third communication system. The second communication system may be a token ring system based upon an IEEE 802.5 standard, and the functional address may be written into a DSAP field and into a PROTOCOL TYPE field of an 802.5 Standard frame.
摘要翻译: 一种用于将第一通信系统与第二通信系统和第三通信系统连接的连接装置。 从第一通信系统接收第一帧,其中第一帧具有多播地址作为目的地地址,并且其中目的地地址要求将第一帧发送到第二通信系统。 将多播地址转换为功能地址,将功能地址写入发送到第二通信系统的第二帧。 第二帧被接收并被发送到第三通信系统,并且将功能地址转换为第三通信系统的多播地址,并且将多播地址写入帧的目的地字段,因为它被发送到第三通信系统 通讯系统 第二通信系统可以是基于IEEE 802.5标准的令牌环系统,并且功能地址可以被写入DSAP字段和802.5标准帧的协议类型字段中。
-
公开(公告)号:US5309437A
公开(公告)日:1994-05-03
申请号:US546619
申请日:1990-06-29
申请人: Radia J. Perlman , G. Paul Koning
发明人: Radia J. Perlman , G. Paul Koning
CPC分类号: H04L12/4625
摘要: A device and related method for coupling segments of an extended local area network (LAN) in such a way that message traffic employing inter-network protocols such as TCP/IP will be handled without the difficulties usually associated with bridges, and without the complexity and expense of full IP router capability. The device operates like a bridge for non-TCP/IP traffic. For TCP/IP traffic it operates in a bridge-like manner but maintains a database associating extended LAN segment addresses with port numbers in the device, so that packets can be automatically forwarded over a spanning tree connecting the network segments. A host computer in any network segment can address others in different network segments of the extended LAN as though all were in a single LAN. The device of the invention functions to block the flow of ARP messages and to generate ARP replies that render the device of the invention transparent to hosts within the extended LAN. The device is also transparent to true IP routers, which may still be used to effect communication with points outside the extended LAN.
摘要翻译: 一种用于耦合扩展局域网(LAN)的段的设备和相关方法,使得采用诸如TCP / IP之类的网络间协议的消息业务将被处理,而不需要通常与网桥相关联的困难,并且没有复杂性和 完全IP路由器功能的费用。 该设备像非TCP / IP流量的桥接一样运行。 对于TCP / IP流量,它以类似桥梁的方式运行,但维护数据库将扩展的LAN段地址与设备中的端口号相关联,从而可以通过连接网段的生成树自动转发数据包。 任何网段中的主机可以对扩展LAN的不同网段中的其他人进行寻址,犹如全部都在单个LAN中一样。 本发明的设备用于阻止ARP消息的流动并且产生使得本发明的设备对于扩展LAN内的主机是透明的ARP应答。 该设备对于真正的IP路由器也是透明的,这可能仍然用于与扩展LAN之外的点进行通信。
-
公开(公告)号:US20100329460A1
公开(公告)日:2010-12-30
申请号:US12494486
申请日:2009-06-30
申请人: Radia J. Perlman
发明人: Radia J. Perlman
CPC分类号: G06F21/62 , G06F21/556 , G06F21/606 , G06F2221/2107 , H04L9/0825 , H04L9/0841 , H04L9/3236 , H04L2209/04 , H04L2209/56 , H04L2209/60 , H04L2209/80
摘要: Some embodiments provide a system to assure enhanced security, e.g., by assuring that information is not revealed over a covert channel. All communications between a source system and a destination system may pass through an intermediate system. In some embodiments, the intermediate system may perform an additional level of blinding to ensure that the source system does not covertly reveal information to the destination system. In some embodiments, the intermediate system may request the source system to perform a modification operation, and then check if the source system performed the modification operation. Examples of the modification operation include a blinding operation and a cryptographic hashing operation.
摘要翻译: 一些实施例提供了一种系统,以确保增强的安全性,例如通过确保在隐蔽通道上不显示信息。 源系统和目的地系统之间的所有通信可以通过中间系统。 在一些实施例中,中间系统可以执行额外的盲目级别,以确保源系统不隐蔽地向目的地系统显露信息。 在一些实施例中,中间系统可以请求源系统执行修改操作,然后检查源系统是否执行修改操作。 修改操作的示例包括盲目操作和密码散列操作。
-
公开(公告)号:US07596696B1
公开(公告)日:2009-09-29
申请号:US11214958
申请日:2005-08-29
申请人: Radia J. Perlman
发明人: Radia J. Perlman
IPC分类号: H04L9/00
CPC分类号: H04L9/083 , H04L9/0897
摘要: One embodiment of the present invention provides a system that facilitates making the files permanently unreadable. During operation, the system encrypts a file with a key K at a file manager and then stores the encrypted file in non-volatile storage. Next, the system stores the key K in a key database located in volatile storage at the file manager. The system then encrypts the key database, and stores the encrypted key database in non-volatile storage. Additionally, a key that can be used to decrypt the encrypted key database is maintained by a key manager, and is not maintained in non-volatile form by the file manager. In this way, if the file manager crashes, losing the contents of its volatile storage, the file manager must interact with the key manager to decrypt the encrypted key database.
摘要翻译: 本发明的一个实施例提供了一种有助于使文件永久不可读的系统。 在操作过程中,系统在文件管理器中用密钥K加密文件,然后将加密的文件存储在非易失性存储器中。 接下来,系统将密钥K存储在位于文件管理器的易失性存储器中的密钥数据库中。 然后系统对密钥数据库进行加密,并将加密的密钥数据库存储在非易失性存储器中。 此外,可以用于解密加密密钥数据库的密钥由密钥管理器维护,并且文件管理器不保持非易失性形式。 这样,如果文件管理器崩溃,丢失其易失性存储器的内容,则文件管理器必须与密钥管理器进行交互以对加密的密钥数据库进行解密。
-
公开(公告)号:US07409545B2
公开(公告)日:2008-08-05
申请号:US10665386
申请日:2003-09-18
申请人: Radia J. Perlman
发明人: Radia J. Perlman
IPC分类号: H04L9/00
CPC分类号: H04L63/0428 , H04L9/002 , H04L9/088 , H04L9/3013 , H04L9/302 , H04L63/068 , H04L2209/04 , H04L2209/42
摘要: A method and system is disclosed for utilizing an ephemeral encryption or decryption agent so as to preclude access by the ephemeral encryption agent or decryption agent, respectively, to the information being ephemerally encrypted or decrypted. To preclude access by the ephemeral encryption agent, a blinding function is applied to the information prior to forwarding such information to the encryption agent for encryption. To preclude access to the information by the ephemeral decryption agent, a blinding function is applied to the encrypted information prior to forwarding the encrypted information to the decryption agent for decryption. Once the information has been returned, the information is unblinded, leaving an encrypted or decrypted message respectively.
摘要翻译: 公开了一种用于利用临时加密或解密代理的方法和系统,以便分别防止临时加密代理或解密代理人对被短时加密或解密的信息进行访问。 为了排除临时加密代理的访问,在将这些信息转发到加密代理进行加密之前,将盲目的功能应用于信息。 为了防止临时解密代理访问信息,在将加密信息转发到解密代理进行解密之前,将加密信息应用于加密信息。 一旦信息被返回,信息就被解除隐藏,分别留下加密或解密的消息。
-
7.发明授权Method and apparatus for using non-secure file servers for secure information storage 有权使用非安全文件服务器进行安全信息存储的方法和装置公开(公告)号:US07178021B1
公开(公告)日:2007-02-13
申请号:US09517410
申请日:2000-03-02
申请人: Stephen R. Hanna , Radia J. Perlman
发明人: Stephen R. Hanna , Radia J. Perlman
IPC分类号: G06F17/30
CPC分类号: G06F21/6209 , G06F2221/2107 , H04L9/0822 , H04L9/0825 , H04L9/0833 , H04L9/0894 , H04L9/321
摘要: A method and apparatus for utilizing a non-secure file server for storing and sharing data securely only among clients and groups authorized to read and modify the data. A first client that desires to store data on the file server encrypts the data with a first encryption key having an associated first decryption key. The client encrypts the first decryption key with a second encryption key having an associated second decryption key known to the first client. Additionally, the first decryption key is encrypted with respective encryption keys of other clients or groups intended to have access to the data stored on the file server and the clients and groups retain their respective decryption keys. All of the encrypted first decryption keys are stored within an access control list in association with the encrypted data on the non-secure file server. In response to an indication that the data should be transmitted to one of the clients, the file server returns to the client the encrypted data along with at least the applicable encrypted first decryption key for the respective client. The client is able to decrypt the first decryption key and decrypt the data using the unencrypted first decryption key. The data may then be modified and securely stored on the file server as described above. The first decryption key may also be encrypted with a second encryption key having a second decryption key known to members of a group or a group server. The first encryption key encrypted with the group second encryption key is stored in the access control list so that group members can obtain access to the encrypted data stored on the file server.
摘要翻译: 一种利用非安全文件服务器的方法和装置,用于仅在授权读取和修改数据的客户端和组之间安全地存储和共享数据。 希望在文件服务器上存储数据的第一客户端使用具有关联的第一解密密钥的第一加密密钥加密数据。 客户端用具有第一客户端已知的相关联的第二解密密钥的第二加密密钥来加密第一解密密钥。 此外,第一解密密钥用其他客户端或组的相应加密密钥进行加密,这些客户端或组旨在访问存储在文件服务器上的数据,并且客户端和组保留其各自的解密密钥。 所有加密的第一解密密钥与非安全文件服务器上的加密数据相关联地存储在访问控制列表内。 响应于将数据发送到客户端之一的指示,文件服务器返回客户端加密数据以及相应客户端的至少可应用的加密的第一解密密钥。 客户端能够解密第一解密密钥并使用未加密的第一解密密钥解密数据。 然后可以如上所述将数据修改并安全地存储在文件服务器上。 第一解密密钥也可以用具有组或组服务器的成员已知的第二解密密钥的第二加密密钥来加密。 利用组第二加密密钥加密的第一加密密钥存储在访问控制列表中,使得组成员可以获得对存储在文件服务器上的加密数据的访问。
-
公开(公告)号:US06996712B1
公开(公告)日:2006-02-07
申请号:US09632557
申请日:2000-08-04
申请人: Radia J. Perlman , Stephen R. Hanna
发明人: Radia J. Perlman , Stephen R. Hanna
IPC分类号: H04L9/18
CPC分类号: H04L9/3247
摘要: A data authentication system that at the sender produces for a plurality of data packets a plurality of “integrity checks” by selecting an integrity function from a family or set of integrity functions, selecting a number of bytes from a given packet and manipulating the bytes in accordance with the selected integrity function to produce the integrity check. The system then selects corresponding bytes or bytes that are offset from the corresponding bytes from a next packet and produces a next associated integrity check using the same or another selected integrity check function, and so forth. The system encrypts the integrity checks associated with the plurality of data packets using, for example, a shared secret key, and produces an integrity block. The system then sends the encrypted integrity block and the data packets to the intended recipients. A recipient decrypts the integrity block using the shared secret key and reproduces the integrity checks. It then uses the integrity checks to authenticate the associated data packets by manipulating selected data bytes in accordance with selected integrity check functions. The recipient thus authenticates a plurality of data packets by performing a single decryption operation and a plurality of relatively fast integrity check operations using a selection of integrity check functions that are unknown to an interloper. The sender may also include in a transmission one or more extraneous, or “chaff,” data packets, which are data packets that intentionally fail the associated integrity checks. The sender may, for example, include in a transmission multiple sets of packets with the same sequence numbers. The recipient readily determines which of the packets with the same sequence numbers are valid using the appropriate integrity check. However, an interloper who cannot decipher the encrypted integrity block cannot as easily determine which of the packets are valid, and thus, cannot determine which packets to alter and/or how to alter these packets without detection by the integrity checks.
-
9.发明授权Automatic selection of unique node identifiers in a distributed routing environment 有权在分布式路由环境中自动选择唯一的节点标识符公开(公告)号:US06898187B2
公开(公告)日:2005-05-24
申请号:US09726378
申请日:2000-11-30
申请人: Radia J. Perlman , Eric A. Guttman
发明人: Radia J. Perlman , Eric A. Guttman
CPC分类号: H04L45/02 , H04L29/12264 , H04L45/44 , H04L61/2046
摘要: To ensure uniqueness of a router identifier in routing protocol messages (RPMs), a router determines whether an identifier IDR in received RPMs is the same as an identifier IDS in RPMs originated by the router. For RPMs having the same identifier, sequence information such as a sequence number is compared with sequence information in the RPM most recently originated by the router, the comparison indicating whether the received RPM appears to have been originated more recently. The rate at which such RPMs are being received is monitored. If the rate is above a predetermined threshold rate, the router infers that another router is using the same identifier, and selects a different identifier for subsequent use. The sequence information preferably includes a checksum calculated over contents of the message including a random number, to ensure proper flooding of each message to other routers that may be using a duplicate identifier.
摘要翻译: 为了确保路由器标识符在路由协议消息(RPM)中的唯一性,路由器确定接收的RPM中的标识符ID R 是否与RPM中的标识符ID S 相同 由路由器发起。 对于具有相同标识符的RPM,将诸如序列号的序列信息与路由器最近发起的RPM中的序列信息进行比较,该比较指示接收的RPM是否最近似乎已经发起。 监视这些RPM的接收速率。 如果速率高于预定阈值速率,则路由器推断另一个路由器正在使用相同的标识符,并选择不同的标识符供后续使用。 序列信息优选地包括通过包括随机数的消息的内容计算的校验和,以确保每个消息适当地泛滥到可能使用重复标识符的其他路由器。
-
10.发明授权Method and apparatus for using ranking to select repair nodes in formation of a dynamic tree for multicast repair 有权用于组播修复的动态树形成中使用排名选择修复节点的方法和装置公开(公告)号:US06757843B1
公开(公告)日:2004-06-29
申请号:US09698490
申请日:2000-10-26
申请人: Joseph Wesley , Stephen A. Hurst , Miriam C. Kadansky , Stephen R. Hanna , Philip M. Rosenzweig , Dah Ming Chiu , Radia J. Perlman
发明人: Joseph Wesley , Stephen A. Hurst , Miriam C. Kadansky , Stephen R. Hanna , Philip M. Rosenzweig , Dah Ming Chiu , Radia J. Perlman
IPC分类号: G06F1100
CPC分类号: H04L45/46 , H04L12/185 , H04L12/1863 , H04L45/04 , H04L45/16
摘要: An embodiment consistent with the present invention includes a method and apparatus for forming a multicast repair tree. The methods perform by a data processor and comprises the steps of determining, for each of a plurality of potential heads in a multicast group, a ranking value associated with the potential head; advertising, by the potential heads to a plurality of potential receivers; prioritizing, by a potential receiver, the ranking values from the potential heads; and binding, by a potential receiver to the head having the highest ranking value, thereby forming a group of which the potential receiver,is a member and the potential head is the head. The ranking values may include “able”, “unable”, “willing”, and “reluctant.” The ranking value of a potential head determines in accordance with a static or a dynamic configuration. Ranking values determine dynamically based on ranges of system resource levels such as memory and available processor resources.
摘要翻译: 与本发明一致的实施例包括用于形成多播修复树的方法和装置。 所述方法由数据处理器执行并且包括以下步骤:针对多播组中的多个潜在头中的每一者,确定与所述潜在头相关联的排序值; 广告,潜在的头到多个潜在的接收者; 由潜在的接收者优先考虑来自潜在负责人的排名值; 并且由潜在的接收器绑定到具有最高排名的头部,由此形成潜在的接收者是一个成员并且潜在的头部是头部的一组。 排名值可能包括“能力”,“不能”,“愿意”和“不情愿”。 潜在头的排名值根据静态或动态配置来确定。 排名值基于诸如存储器和可用处理器资源的系统资源级别的范围动态地确定。
-
-
-
-
-
-
-
-
-
搜索结果
102 条记录 (耗时 0.026 秒)
