公开(公告)号：US07178021B1

公开(公告)日：2007-02-13

申请号：US09517410

申请日：2000-03-02

申请人： Stephen R. Hanna ,  Radia J. Perlman

发明人： Stephen R. Hanna ,  Radia J. Perlman

IPC分类号： G06F17/30

CPC分类号： G06F21/6209 ,  G06F2221/2107 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0833 ,  H04L9/0894 ,  H04L9/321

摘要： A method and apparatus for utilizing a non-secure file server for storing and sharing data securely only among clients and groups authorized to read and modify the data. A first client that desires to store data on the file server encrypts the data with a first encryption key having an associated first decryption key. The client encrypts the first decryption key with a second encryption key having an associated second decryption key known to the first client. Additionally, the first decryption key is encrypted with respective encryption keys of other clients or groups intended to have access to the data stored on the file server and the clients and groups retain their respective decryption keys. All of the encrypted first decryption keys are stored within an access control list in association with the encrypted data on the non-secure file server. In response to an indication that the data should be transmitted to one of the clients, the file server returns to the client the encrypted data along with at least the applicable encrypted first decryption key for the respective client. The client is able to decrypt the first decryption key and decrypt the data using the unencrypted first decryption key. The data may then be modified and securely stored on the file server as described above. The first decryption key may also be encrypted with a second encryption key having a second decryption key known to members of a group or a group server. The first encryption key encrypted with the group second encryption key is stored in the access control list so that group members can obtain access to the encrypted data stored on the file server.

摘要翻译： 一种利用非安全文件服务器的方法和装置，用于仅在授权读取和修改数据的客户端和组之间安全地存储和共享数据。 希望在文件服务器上存储数据的第一客户端使用具有关联的第一解密密钥的第一加密密钥加密数据。 客户端用具有第一客户端已知的相关联的第二解密密钥的第二加密密钥来加密第一解密密钥。 此外，第一解密密钥用其他客户端或组的相应加密密钥进行加密，这些客户端或组旨在访问存储在文件服务器上的数据，并且客户端和组保留其各自的解密密钥。 所有加密的第一解密密钥与非安全文件服务器上的加密数据相关联地存储在访问控制列表内。 响应于将数据发送到客户端之一的指示，文件服务器返回客户端加密数据以及相应客户端的至少可应用的加密的第一解密密钥。 客户端能够解密第一解密密钥并使用未加密的第一解密密钥解密数据。 然后可以如上所述将数据修改并安全地存储在文件服务器上。 第一解密密钥也可以用具有组或组服务器的成员已知的第二解密密钥的第二加密密钥来加密。 利用组第二加密密钥加密的第一加密密钥存储在访问控制列表中，使得组成员可以获得对存储在文件服务器上的加密数据的访问。

公开(公告)号：US06996712B1

公开(公告)日：2006-02-07

申请号：US09632557

申请日：2000-08-04

申请人： Radia J. Perlman ,  Stephen R. Hanna

发明人： Radia J. Perlman ,  Stephen R. Hanna

IPC分类号： H04L9/18

CPC分类号： H04L9/3247

摘要： A data authentication system that at the sender produces for a plurality of data packets a plurality of “integrity checks” by selecting an integrity function from a family or set of integrity functions, selecting a number of bytes from a given packet and manipulating the bytes in accordance with the selected integrity function to produce the integrity check. The system then selects corresponding bytes or bytes that are offset from the corresponding bytes from a next packet and produces a next associated integrity check using the same or another selected integrity check function, and so forth. The system encrypts the integrity checks associated with the plurality of data packets using, for example, a shared secret key, and produces an integrity block. The system then sends the encrypted integrity block and the data packets to the intended recipients. A recipient decrypts the integrity block using the shared secret key and reproduces the integrity checks. It then uses the integrity checks to authenticate the associated data packets by manipulating selected data bytes in accordance with selected integrity check functions. The recipient thus authenticates a plurality of data packets by performing a single decryption operation and a plurality of relatively fast integrity check operations using a selection of integrity check functions that are unknown to an interloper. The sender may also include in a transmission one or more extraneous, or “chaff,” data packets, which are data packets that intentionally fail the associated integrity checks. The sender may, for example, include in a transmission multiple sets of packets with the same sequence numbers. The recipient readily determines which of the packets with the same sequence numbers are valid using the appropriate integrity check. However, an interloper who cannot decipher the encrypted integrity block cannot as easily determine which of the packets are valid, and thus, cannot determine which packets to alter and/or how to alter these packets without detection by the integrity checks.

公开(公告)号：US06757843B1

公开(公告)日：2004-06-29

申请号：US09698490

申请日：2000-10-26

申请人： Joseph Wesley ,  Stephen A. Hurst ,  Miriam C. Kadansky ,  Stephen R. Hanna ,  Philip M. Rosenzweig ,  Dah Ming Chiu ,  Radia J. Perlman

发明人： Joseph Wesley ,  Stephen A. Hurst ,  Miriam C. Kadansky ,  Stephen R. Hanna ,  Philip M. Rosenzweig ,  Dah Ming Chiu ,  Radia J. Perlman

IPC分类号： G06F1100

CPC分类号： H04L45/46 ,  H04L12/185 ,  H04L12/1863 ,  H04L45/04 ,  H04L45/16

摘要： An embodiment consistent with the present invention includes a method and apparatus for forming a multicast repair tree. The methods perform by a data processor and comprises the steps of determining, for each of a plurality of potential heads in a multicast group, a ranking value associated with the potential head; advertising, by the potential heads to a plurality of potential receivers; prioritizing, by a potential receiver, the ranking values from the potential heads; and binding, by a potential receiver to the head having the highest ranking value, thereby forming a group of which the potential receiver,is a member and the potential head is the head. The ranking values may include “able”, “unable”, “willing”, and “reluctant.” The ranking value of a potential head determines in accordance with a static or a dynamic configuration. Ranking values determine dynamically based on ranges of system resource levels such as memory and available processor resources.

摘要翻译： 与本发明一致的实施例包括用于形成多播修复树的方法和装置。 所述方法由数据处理器执行并且包括以下步骤：针对多播组中的多个潜在头中的每一者，确定与所述潜在头相关联的排序值; 广告，潜在的头到多个潜在的接收者; 由潜在的接收者优先考虑来自潜在负责人的排名值; 并且由潜在的接收器绑定到具有最高排名的头部，由此形成潜在的接收者是一个成员并且潜在的头部是头部的一组。 排名值可能包括“能力”，“不能”，“愿意”和“不情愿”。 潜在头的排名值根据静态或动态配置来确定。 排名值基于诸如存储器和可用处理器资源的系统资源级别的范围动态地确定。

公开(公告)号：US06658004B1

公开(公告)日：2003-12-02

申请号：US09473402

申请日：1999-12-28

申请人： Miriam C. Kadansky ,  Dah Ming Chiu ,  Stephen R. Hanna ,  Stephen A. Hurst ,  Radia J. Perlman ,  Joseph S. Wesley

发明人： Miriam C. Kadansky ,  Dah Ming Chiu ,  Stephen R. Hanna ,  Stephen A. Hurst ,  Radia J. Perlman ,  Joseph S. Wesley

IPC分类号： H04L1228

CPC分类号： H04L12/1827 ,  H04L47/10 ,  H04L47/31 ,  H04L67/104 ,  H04L67/1063 ,  H04L67/1074 ,  H04L69/329

摘要： A method and apparatus for identifying a data message that is eligible for discard. A beacon node periodically transmits a beacon message to a plurality of client nodes communicatively coupled via a network. Each beacon message includes a beacon sequence number and preferably, the beacon sequence numbers are authenticated by the beacon, node. The client nodes, upon receipt of the beacon messages, verify the authenticity of the respective received beacon sequence numbers and generate a local sequence number derived from the received beacon sequence number. When one client in the session has data to transmit to another client in the session, the sending client assembles a data message and inserts its local sequence number in the data message prior to transmission of the data message to the other client nodes in the session. The client nodes receiving the data message discard the data message if their respective local sequence number at the time of receipt of the data message exceeds the local sequence number inserted in the data message by a predetermined value. In one embodiment, the beacon node generates sequence numbers at a periodic interval P but only transmits 1 out of every m beacon sequence numbers to the client nodes in the session. The client nodes each set a local sequence counter equal to the beacon sequence number upon receipt of the beacon message and thereafter, increment the local sequence counter periodically at interval P. The local sequence counter value is employed as the local sequence number in each client node.

摘要翻译： 一种用于识别符合丢弃资格的数据消息的方法和装置。 信标节点周期性地向经由网络通信耦合的多个客户端节点发送信标消息。 每个信标消息包括信标序列号，并且优选地，信标序列号由信标节点认证。 客户端节点在接收到信标消息后，验证相应接收到的信标序列号的真实性，并生成从接收到的信标序列号导出的本地序列号。 当会话中的一个客户端具有要在会话中传送给另一个客户端的数据时，发送客户端汇集一个数据消息，并将数据消息中的本地序列号插入到数据消息中，并传送到该会话中的其他客户机节点。 接收数据消息的客户节点如果在接收数据消息时其各自的本地序列号超过插入数据消息中的本地序列号预定值，则丢弃数据消息。 在一个实施例中，信标节点以周期性间隔P生成序列号，但是仅在每个m个信标序列号中发送1个到会话中的客户端节点。 客户端节点每接收到信标消息时都设置等于信标序列号的本地序列计数器，此后，以间隔P周期性地增加本地序列计数器。本地序列计数器值被用作每个客户端节点中的本地序列号 。

公开(公告)号：US06560705B1

公开(公告)日：2003-05-06

申请号：US09511541

申请日：2000-02-23

申请人： Radia J. Perlman ,  Stephen R. Hanna ,  Yassir K. Elley

发明人： Radia J. Perlman ,  Stephen R. Hanna ,  Yassir K. Elley

IPC分类号： H04L936

CPC分类号： H04L63/0209 ,  H04L63/0442 ,  H04L63/1408

摘要： One embodiment of the present invention provides a system that performs content screening on a message that is protected by end-to-end encryption. The system operates by receiving an encrypted message and an encrypted message key at a content screener from a firewall, the firewall having previously received the encrypted message and the encrypted message key from a source outside the firewall. The content screener decrypts the encrypted message key to restore the message key, and decrypts the encrypted message with the message key to restore the message. Next, the content screener screens the message to determine whether the message satisfies a screening criterion. If so, the system forwards the message to a destination within the firewall in a secure manner. In one embodiment of the present invention, the system decrypts the encrypted message key by sending the encrypted message key to the destination. Upon receiving the encrypted message key, the destination decrypts the encrypted message key and returns the message key to the content screener in a secure manner.

摘要翻译： 本发明的一个实施例提供一种对通过端到端加密保护的消息执行内容筛选的系统。 该系统通过从防火墙在内容筛选器处接收加密消息和加密消息密钥来操作，防火墙先前从防火墙外部的源接收到加密消息和加密消息密钥。 内容筛选器解密加密的消息密钥以恢复消息密钥，并用消息密钥解密加密的消息以恢复消息。 接下来，内容筛选器筛选消息以确定消息是否满足筛选标准。 如果是这样，系统会以安全的方式将消息转发到防火墙内的目的地。 在本发明的一个实施例中，系统通过将加密的消息密钥发送到目的地来解密加密的消息密钥。 在接收到加密的消息密钥时，目的地解密加密的消息密钥，并以安全的方式将消息密钥返回给内容筛选器。

公开(公告)号：US06507562B1

公开(公告)日：2003-01-14

申请号：US09336660

申请日：1999-06-18

申请人： Miriam C. Kadansky ,  Dah Ming Chiu ,  Stephen R. Hanna ,  Stephen A. Hurst ,  Joseph S. Wesley ,  Philip M. Rosenzweig ,  Radia J. Perlman

发明人： Miriam C. Kadansky ,  Dah Ming Chiu ,  Stephen R. Hanna ,  Stephen A. Hurst ,  Joseph S. Wesley ,  Philip M. Rosenzweig ,  Radia J. Perlman

IPC分类号： G06F1100

CPC分类号： H04L12/1877 ,  H04L12/185 ,  H04L12/1868

摘要： Receiver stations located close together in a computer network dynamically form a multicast repair tree by a plurality of receiver stations choosing a repair head station from among the closely located receiver stations. A receiver station calculates its distance from a repair head station by subtracting the decremented TTL value read from the IP header from the initial value of the TTL parameter carried in field TTL SCOPE of HELLO messages, transmitted by repair head stations. Using a criteria that a closer repair head station is a more optimum repair head station, receiver stations listen to each received HELLO message, calculate the distance to the repair head station, and reaffiliate with the closest repair head station.

摘要翻译： 位于计算机网络中的接收站由多个接收站动态地形成多播修复树，所述多个接收站从位于接近站的接收站中选择修复头站。 接收站通过从修复头站发送的HELLO消息的字段TTL SCOPE中携带的TTL参数的初始值中减去从IP报头读取的递减的TTL值来计算其与修复站的距离。 使用更接近的修理头站是更为优化的修复头站的标准，接收站收听每个接收到的HELLO消息，计算到维修站的距离，并且与最接近的维修站相连。

公开(公告)号：US07085925B2

公开(公告)日：2006-08-01

申请号：US09825100

申请日：2001-04-03

申请人： Stephen R. Hanna ,  Anne H. Anderson ,  Yassir K. Elley ,  Radia J. Perlman ,  Sean J. Mullan

发明人： Stephen R. Hanna ,  Anne H. Anderson ,  Yassir K. Elley ,  Radia J. Perlman ,  Sean J. Mullan

IPC分类号： H04L9/00 ,  H04L9/32

CPC分类号： H04L9/3263

摘要： A method and system for evaluating a set of credentials that includes at least one group credential and that may include one or more additional credentials. A trust rating is provided in association with the at least one group credential within the set of credentials and trust ratings may also be provided in other credentials within the set of credentials. Each trust rating provides an indication of the level of confidence in the information being certified in the respective credential. In response to a request for access to a resource or service, an evaluation of the group credentials is performed by an access control program to determine whether access to the requested resource or service should be provided. In one embodiment, within any given certification path a composite trust rating for the respective path is determined. An overall trust rating for the set of credentials is determined based upon the composite trust ratings. Upon a determination that a user requesting access to a resource has an acceptable set of credentials and a satisfactory trust rating, access to the requested resource or service is granted to the user.

公开(公告)号：US07054905B1

公开(公告)日：2006-05-30

申请号：US09539269

申请日：2000-03-30

申请人： Stephen R. Hanna ,  David C. Douglas ,  Yassir K. Elley ,  Radia J. Perlman ,  Sean J. Mullan ,  Anne H. Anderson

发明人： Stephen R. Hanna ,  David C. Douglas ,  Yassir K. Elley ,  Radia J. Perlman ,  Sean J. Mullan ,  Anne H. Anderson

IPC分类号： G06F15/16 ,  H04L9/00

CPC分类号： H04L51/08 ,  G06Q10/107 ,  H04L51/30

摘要： One embodiment of the present invention provides a system that replaces an attachment to an email message with a reference to a location where the attachment is stored. Upon receiving the email message, the system examines the email message to determine if the email message includes an attachment. If the email message includes the attachment, the system stores the attachment at a location on a communication network from which the attachment can be retrieved. The system also modifies the email message by replacing the attachment with a reference specifying the location of the attachment, and sends the modified email message to a recipient of the email message. In one embodiment of the present invention, the recipient receives the modified email message and uses the reference specifying the location of the attachment to retrieve the attachment across the communication network.

摘要翻译： 本发明的一个实施例提供一种系统，该系统用参考存储附件的位置来替代电子邮件消息的附件。 在接收到电子邮件消息时，系统检查电子邮件消息以确定电子邮件消息是否包括附件。 如果电子邮件消息包含附件，则系统将附件存储在通信网络上可从中检索附件的位置。 该系统还通过使用指定附件的位置的引用替换附件来修改电子邮件消息，并将修改的电子邮件消息发送给电子邮件的接收者。 在本发明的一个实施例中，接收者接收经修改的电子邮件消息，并使用指定附件的位置的引用来检索跨越通信网络的附件。

公开(公告)号：US06912656B1

公开(公告)日：2005-06-28

申请号：US09451504

申请日：1999-11-30

申请人： Radia J. Perlman ,  Stephen R. Hanna

发明人： Radia J. Perlman ,  Stephen R. Hanna

IPC分类号： H04L9/08 ,  H04L9/30 ,  H04L12/56 ,  H04L12/58 ,  H04L29/06 ,  H04L9/00 ,  G06F15/16

CPC分类号： H04L9/0833 ,  H04L9/0825 ,  H04L45/16 ,  H04L51/00 ,  H04L63/0428 ,  H04L63/0464 ,  H04L63/104 ,  H04L2463/102

摘要： One embodiment of the present invention provides a system for sending an encrypted message through a distribution list exploder in order to forward the encrypted message to recipients on a distribution list. The system operates by encrypting the message at a sender using a message key to form an encrypted message. The system also encrypts the message key with a group public key to form an encrypted message key. The group public key is associated with a group private key to form a public key-private key pair associated with a group of valid recipients for the message. Next, the system sends the encrypted message and the encrypted message key to the distribution list exploder, and the distribution list exploder forwards the encrypted message to a plurality of recipients specified in the distribution list. After receiving the encrypted message and the encrypted message key, the recipient decrypts the encrypted message key to restore the message key. Next, the recipient decrypts the encrypted message using the message key to restore the message. In a variation on the above embodiment, the recipient decrypts the encrypted message key by sending the encrypted message key from the recipient to a group server, which holds the group private key. The group server decrypts the encrypted message key using the group private key to restore the message key, and returns the message key to the recipient in a secure manner.

摘要翻译： 本发明的一个实施例提供了一种用于通过分发列表破解器发送加密消息以便将加密消息转发到分发列表上的收件人的系统。 该系统通过使用消息密钥在发送方处加密消息来形成加密消息来进行操作。 系统还使用组公钥对消息密钥进行加密，形成加密的消息密钥。 组公钥与组私钥相关联，以形成与消息的一组有效接收者相关联的公钥 - 私钥对。 接下来，系统将加密的消息和加密的消息密钥发送到分发列表扩展，并且分发列表将加密的消息转发到分发列表中指定的多个收件人。 收到加密消息和加密消息密钥后，收件人解密加密消息密钥以恢复消息密钥。 接下来，收件人使用消息密钥解密加密消息以恢复消息。 在上述实施例的变型中，接收者通过将加密的消息密钥从接收者发送到保存组私钥的组服务器来解密加密的消息密钥。 组服务器使用组私钥对加密的消息密钥进行解密，以恢复消息密钥，并以安全的方式将消息密钥返回给收件人。

公开(公告)号：US06883100B1

公开(公告)日：2005-04-19

申请号：US09309045

申请日：1999-05-10

申请人： Yassir K. Elley ,  Anne H. Anderson ,  Stephen R. Hanna ,  Sean J. Mullan ,  Radia J. Perlman

发明人： Yassir K. Elley ,  Anne H. Anderson ,  Stephen R. Hanna ,  Sean J. Mullan ,  Radia J. Perlman

IPC分类号： G06F1/00 ,  G06F21/00 ,  G06F9/00

CPC分类号： G06F21/6218 ,  G06F21/629

摘要： In accordance with the invention, on-line group servers issue group membership or group non-membership certificates upon request. Furthermore, when a requester requests a group certificate for a particular entity, the associated group server makes a dynamic decision regarding the entity's membership in the group rather than simply referring to a membership list. These capabilities provide for, among other things, the implementation of “nested” groups, wherein an entity may indirectly prove membership in a first, or nested, group by proving membership in a second group which is a member of the first group. In the nested group situation, the dynamic decision may involve the group server of the nested group obtaining proof of the entity's membership or non-membership in the second group. Proof of membership or non-membership may include a group certificate and/or a group membership list.

摘要翻译： 根据本发明，在线组服务器根据请求发布组成员或组非会员证书。 此外，当请求者请求特定实体的组证书时，相关联的组服务器就组织中的实体成员进行动态决定，而不是简单地参考会员列表。 这些功能尤其规定了“嵌套”组的实现，其中实体可以通过证明作为第一组的成员的第二组中的成员身份间接地证明第一组或嵌套组中的成员资格。 在嵌套组的情况下，动态决策可能涉及嵌套组的组服务器获得实体成员资格的证明或第二组中的非成员资格。 会籍或非会员证明可能包括团体证明和/或团体会员名单。