摘要:
A network may include network switches with network switch ports that may be coupled to end hosts. The network switches may be controlled by a controller such as a controller server. Virtual switches may be formed using the controller from groups of the network switch ports and the end hosts. Each virtual switch may include virtual interfaces associated with end hosts or network switches. Virtual links may be formed that define network connections between the virtual interfaces and end hosts or between two virtual interfaces. Virtual network policies such as selective packet forwarding, packet dropping, packet redirection, packet modification, or packet logging may be implemented at selected virtual interfaces to control traffic through the communications network. The controller may translate the virtual network policies into network switch forwarding paths that satisfy the virtual network policies.
摘要:
A network may include network switches with network switch ports that may be coupled to end hosts. The network switches may be controlled by a controller such as a controller server. Virtual switches may be formed using the controller from groups of the network switch ports and the end hosts. Each virtual switch may include virtual interfaces associated with end hosts or network switches. Virtual links may be formed that define network connections between the virtual interfaces and end hosts or between two virtual interfaces. Virtual network policies such as selective packet forwarding, packet dropping, packet redirection, packet modification, or packet logging may be implemented at selected virtual interfaces to control traffic through the communications network. The controller may translate the virtual network policies into network switch forwarding paths that satisfy the virtual network policies.
摘要:
A controller may fulfill hardware address requests that are sent by source end hosts in a network to discover hardware addresses of destination end hosts. The controller may use network topology information to determine how to process the hardware address requests. The controller may retrieve a requested hardware address from a database of end hosts. If the controller is able to retrieve the hardware address of a destination end host from the database of end hosts, the controller may provide the source end host with a reply packet that contains the requested hardware address. If the controller is unable to retrieve the requested hardware address, the controller may form request packets to discover the address of the second end host and/or to discover a packet forwarding path between the source end host and the destination end host.
摘要:
Network switches that are controlled by a controller server may contain ports through which network packets are received and forwarded. An architect may configure the controller server to create virtual switches. Each virtual switch may be formed from a subset of the ports of the network switches. The architect may assign administrators to the virtual switches. The administrators may configure the virtual switches. An administrator may use a command line interface to configure a virtual switch. The administrator may use commands such as a show port command, an access list command, a show access list command, and a membership rule command to manage the virtual switch. The controller server may prevent the administrator from logging on to virtual switches that have been assigned to other administrators.
摘要:
Network switches that are controlled by a controller server may contain ports through which network packets are received and forwarded. An architect may configure the controller server to create virtual switches. Each virtual switch may be formed from a subset of the ports of the network switches. The architect may assign administrators to the virtual switches. The administrators may configure the virtual switches. An administrator may use a command line interface to configure a virtual switch. The administrator may use commands such as a show port command, an access list command, a show access list command, and a membership rule command to manage the virtual switch. The controller server may prevent the administrator from logging on to virtual switches that have been assigned to other administrators.
摘要:
Systems and methods are provided for using digital signatures to help distinguish legitimate email from known or trusted organizations from unsolicited email or forged email. Digital signatures may be used in an email body, mail header, or embedded links. The signatures may be verified by a recipient or internet service provider and may be used in conjunction with spam filtering applications.
摘要:
Personalization images are included in email messages to combat phishing attacks in which an attacker attempts to trick a user into divulging sensitive information over the Internet. When a recipient of an email message receives a message, the recipient can visually inspect the personalization image in the message. If the personalization image is missing or if the personalization image is not valid, the email recipient is alerted to the possibility of a phishing attack. Email message content may be encrypted. A gateway associated with an email message sender may be used to perform encryption operations on the message content. The gateway may create an html version of the email by placing the encrypted message content in an html wrapper. An image reference corresponding to the personalization image may be embedded in the html version of the message.
摘要:
A system is provided that uses cryptographic techniques to support secure messaging between senders and recipients. A sender may encrypt a message for a recipient using the recipient's public key. The sender may send the encrypted message to the message address of a given recipient. A server may be used to decrypt the encrypted message for the recipient, so that the recipient need not install a decryption engine on the recipient's equipment.
摘要:
Systems and methods for secure messaging are provided. A sender may encrypt content and send the encrypted content to a recipient over a communications network. The encrypted content may be decrypted for the recipient using a remote decryption service. Encrypted message content may be placed into a markup language form. Encrypted content may be incorporated into the form as a hidden form element. Form elements for collecting recipient credential information such as username and password information may also be incorporated into the form. At the recipient, the recipient may use the form to provide recipient credential information to the remote decryption service. The recipient may also use the form to upload the encrypted content from the form to the decryption service. The decryption service may provide the recipient with access to a decrypted version of the uploaded content over the communications network.
摘要:
Cryptographic systems and methods are provided in which authentication operations, digital signature operations, and encryption operations may be performed. Authentication operations may be performed using authentication information. The authentication information may be constructed using a symmetric authentication key or a public/private pair of authentication keys. Users may digitally sign data using private signing keys. Corresponding public signing keys may be used to verify user signatures. Identity-based-encryption (IBE) arrangements may be used for encrypting messages using the identity of a recipient. IBE-encrypted messages may be decrypted using appropriate IBE private keys. A smart card, universal serial bus key, or other security device having a tamper-proof enclosure may use the authentication information to obtain secret key information. Information such as IBE private key information, private signature key information, and authentication information may be stored in the tamper-proof enclosure.