-
公开(公告)号:US08452885B2
公开(公告)日:2013-05-28
申请号:US11360370
申请日:2006-02-23
申请人: W. Paul Sherer , Kirk Blattman , Danny M. Nessett , David Yates
发明人: W. Paul Sherer , Kirk Blattman , Danny M. Nessett , David Yates
CPC分类号: H04L12/1881 , H04L29/06027 , H04L63/10 , H04L65/1043 , H04L65/4084 , H04L65/4092 , H04L65/605 , H04L65/80 , H04L67/14 , H04L67/142 , H04L67/145 , H04N21/238 , H04N21/262 , H04N21/6377 , H04N21/6408 , H04N21/658
摘要: A technique for managing the streaming of digital video content involves providing a unicast stream to a client in response to the playout status of the unicast stream at the client. In particular, a unicast stream is provided to a client based on whether or not the unicast stream is intended for real-time playout at the client. In order to preserve valuable network resources, if the client does not intend the unicast stream for real-time playout, the unicast stream is not provided to the client. Network resources can also be conserved by utilizing one session between a stream server and a client to support more than one active unicast stream between the stream server and the client in the case where at least one of the active unicast streams is not intended for real-time playout at the client.
摘要翻译: 一种用于管理数字视频内容流的技术包括:响应客户端上的单播流的播放状态向客户端提供单播流。 特别地,基于单播流是否用于客户端的实时播放,向客户端提供单播流。 为了保存宝贵的网络资源,如果客户端不打算单播流进行实时播放,则不向客户端提供单播流。 在流服务器和客户端之间的一个会话可以在流服务器和客户端之间支持多于一个的活动单播流的网络资源也可以被保存,在这种情况下,活动单播流中的至少一个不是用于实时的, 在客户端播放时间。
-
公开(公告)号:US08935313B2
公开(公告)日:2015-01-13
申请号:US11361302
申请日:2006-02-23
申请人: W. Paul Sherer , Kirk Blattman , Danny M. Nessett , David Yates
发明人: W. Paul Sherer , Kirk Blattman , Danny M. Nessett , David Yates
IPC分类号: G06F15/16 , H04N7/173 , H04L12/18 , H04L29/06 , H04N21/238 , H04N21/262 , H04N21/6377 , H04N21/6408 , H04N21/658 , H04L29/08
CPC分类号: H04L12/1881 , H04L29/06027 , H04L63/10 , H04L65/1043 , H04L65/4084 , H04L65/4092 , H04L65/605 , H04L65/80 , H04L67/14 , H04L67/142 , H04L67/145 , H04N21/238 , H04N21/262 , H04N21/6377 , H04N21/6408 , H04N21/658
摘要: A technique for managing session setup for video on demand sessions involves caching information related to session setup for a session manager and then utilizing the cached information to setup a video on demand session for a client in response to a session setup request that is received from the client. Because information related to session setup is cached for the session manager, the session manager can utilize the information to establish a session without having to exchange messages with other video on demand elements, in particular other servers in the video on demand network. Reducing or eliminating the number of messages exchanged between video on demand elements enables video on demand sessions to be quickly and efficiently setup.
摘要翻译: 用于管理视频点播会话的会话设置的技术涉及缓存与会话管理器的会话建立相关的信息,然后响应于从会话建立请求接收到的会话建立请求,利用缓存的信息为客户端建立视频点播会话 客户。 由于会话管理器缓存与会话建立有关的信息,会话管理器可以利用该信息来建立会话,而不必与其他视频点播元素,特别是视频点播网络中的其他服务器交换消息。 降低或消除在视频点播元素之间交换的消息数量使得能够快速高效地设置视频点播会话。
-
公开(公告)号:US6115376A
公开(公告)日:2000-09-05
申请号:US959833
申请日:1997-10-29
申请人: W. Paul Sherer , Danny M. Nessett
发明人: W. Paul Sherer , Danny M. Nessett
CPC分类号: H04L63/1466 , H04L49/351
摘要: A method for improving network security in a network that includes a star configured interconnection device such as a repeater, a bridge or a switch, that has a plurality of ports adapted for connection to respective MAC layer devices includes storing authentication data in the star configured interconnection device that maps MAC addresses of end stations in the network to particular ports on the star configured interconnection device. Upon receiving a packet on a particular port, the process involves determining whether the packet carries a source address which the authentication data maps to the particular port. If the packet carries a source address which the authentication data maps to the particular port, then the packet is accepted. If the packet does not carry a source MAC address which the authentication maps to the port, then an authentication protocol is executed on the port to determine whether the MAC address originates from an authorized sender according to the authentication protocol.
摘要翻译: 一种用于改进网络中的网络安全性的方法,其包括诸如中继器,桥接器或交换机之类的星形配置的互连设备,其具有适于连接到各个MAC层设备的多个端口,包括将认证数据存储在星形配置的互连 将网络中终端站的MAC地址映射到星形配置的互连设备上的特定端口的设备。 当在特定端口上接收到分组时,该过程涉及确定分组是否携带认证数据映射到特定端口的源地址。 如果分组携带认证数据映射到特定端口的源地址,则接收该分组。 如果报文不携带认证映射到端口的源MAC地址,则在端口上执行认证协议,以根据认证协议确定MAC地址是否来自授权发送方。
-
公开(公告)号:US06311276B1
公开(公告)日:2001-10-30
申请号:US09139625
申请日:1998-08-25
申请人: Glenn W. Connery , Danny M. Nessett
发明人: Glenn W. Connery , Danny M. Nessett
IPC分类号: G06F1214
CPC分类号: H04L63/08 , G06F1/26 , G06F1/3209 , H04L12/12 , H04L12/40032 , H04L12/413 , H04L63/0807 , H04L63/12 , Y02D50/40 , Y02D50/42
摘要: A security feature is added to the Wake On LAN packet protocol, and an extensible mechanism is provided allowing for other commands and options to be specified within the Wake On LAN packet. The protocol allows for signaling power management circuits in a host computer in response to messages received through a network interface. Logic coupled to the network interface detects a received network packet carrying a message from a source to the management circuits in the host computer. The logic includes security logic that is responsive to data in the packet to authenticate the source of the message, to accept the message and generate a signal to the management circuit in the host computer when the message passes authentication, and to discard the message when the message fails authentication. The message includes a message authentication code timestamp indicating a time at which the source produced the message and/or a random value token. The security logic includes resources to verify the message authentication code and to prevent re-use of the message.
摘要翻译: Wake on LAN包协议中增加了一项安全功能,并提供了可扩展机制,允许在LAN唤醒包内指定其他命令和选项。 该协议允许响应于通过网络接口接收的消息,在主计算机中发送信号功率管理电路。 耦合到网络接口的逻辑检测从主机到主计算机中的管理电路的接收的网络分组携带消息。 该逻辑包括响应于分组中的数据来认证消息源的安全逻辑,当消息通过认证时接受该消息并向主计算机中的管理电路生成信号,并且当该消息通过认证时丢弃该消息 消息认证失败。 消息包括指示源产生消息的时间和/或随机值令牌的消息认证码时间戳。 安全逻辑包括用于验证消息认证码并防止重新使用消息的资源。
-
公开(公告)号:US06182149B2
公开(公告)日:2001-01-30
申请号:US09228208
申请日:1999-01-11
申请人: Danny M. Nessett , Wenjun Luo
发明人: Danny M. Nessett , Wenjun Luo
IPC分类号: G06F1300
CPC分类号: H04L63/164 , H04L12/4633 , H04L63/0428 , H04L63/0471 , H04L69/04
摘要: Active networking techniques enable intermediate systems to determine whether data in a packet which is traversing the system is compressed, encrypted or otherwise dynamically processed. Based on this determination, the dynamic processing resources at the intermediate system are invoked or not. Thus, dynamic processing resources can be conserved. Active networking data is placed in packets flowing between end systems. The end system sending these packets may not know whether there are intermediate systems between it and the other end system that require knowledge about compressed data in the packet. It places the active networking data in packets so that any intermediate systems that can use knowledge of which packets contain compressed data may use the active networking data to make the determination.
摘要翻译: 主动联网技术使中间系统能够确定正在遍历系统的数据包中的数据是否被压缩,加密或以其他方式动态处理。 基于这一决定,中间系统的动态处理资源被调用。 因此,可以节省动态处理资源。 活动网络数据被放置在终端系统之间流动的数据包中。 发送这些分组的终端系统可能不知道它和另一端系统之间是否存在需要知道分组中压缩数据的知识的中间系统。 它将活动的网络数据放置在数据包中,以便可以使用哪些数据包包含压缩数据的知识的任何中间系统可以使用主动联网数据进行确定。
-
6.发明授权Method and system for distributed network address translation with network security features 有权具有网络安全特性的分布式网络地址转换方法和系统公开(公告)号:US07032242B1
公开(公告)日:2006-04-18
申请号:US09270967
申请日:1999-03-17
CPC分类号: H04L63/0407 , H04L29/12367 , H04L29/12405 , H04L61/2514 , H04L61/2528 , H04L63/0428
摘要: A method and system for distributed network address translation with security features. The method and system allow Internet Protocol security protocol (“IPsec”) to be used with distributed network address translation. The distributed network address translation is accomplished with IPsec by mapping a local Internet Protocol (“IP”) address of a given local network device and a IPsec Security Parameter Index (“SPI”) associated with an inbound IPsec Security Association (“SA”) that terminates at the local network device. A router allocates locally unique security values that are used as the IPsec SPIs. A router used for distributed network address translation is used as a local certificate authority that may vouch for identities of local network devices, allowing local network devices to bind a public key to a security name space that combines a global IP address for the router with a set of locally unique port numbers used for distributed network address translation. The router issues security certificates and may itself be authenticated by a higher certificate authority. Using a security certificate, a local network device may initiate and be a termination point of an IPsec security association to virtually any other network device on an IP network like the Internet or an intranet. The method and system may also allow distributed network address translation with security features to be used with Mobile IP or other protocols in the Internet Protocol suite.
摘要翻译: 一种具有安全特性的分布式网络地址转换方法和系统。 该方法和系统允许使用Internet协议安全协议(“IPsec”)进行分布式网络地址转换。 分布式网络地址转换通过映射给定本地网络设备的本地Internet协议(“IP”)地址和与入站IPsec安全关联(“SA”)相关联的IPsec安全参数索引(“SPI”)来实现IPsec, 终止于本地网络设备。 路由器分配用作IPsec SPI的本地唯一安全性值。 用于分布式网络地址转换的路由器被用作可以保证本地网络设备的身份的本地证书机构,允许本地网络设备将公钥绑定到安全名称空间,该安全名称空间将路由器的全局IP地址与 用于分布式网络地址转换的本地唯一端口号码集。 路由器发出安全证书,并且本身可能由较高的证书颁发机构认证。 使用安全证书,本地网络设备可以发起IPsec安全关联的终端点,并将其作为IP网络上的任何其他网络设备(如Internet或Intranet)的终止点。 该方法和系统还可以允许具有安全特征的分布式网络地址转换与移动IP或因特网协议套件中的其他协议一起使用。
-
公开(公告)号:US06606709B1
公开(公告)日:2003-08-12
申请号:US10075103
申请日:2001-10-29
申请人: Glenn W. Connery , Danny M. Nessett
发明人: Glenn W. Connery , Danny M. Nessett
IPC分类号: G06F1130
CPC分类号: H04L63/08 , G06F1/26 , G06F1/3209 , H04L12/12 , H04L12/40032 , H04L12/413 , H04L63/0807 , H04L63/12 , Y02D50/40 , Y02D50/42
摘要: A security feature is added to the Wake On LAN packet protocol, and an extensible mechanism is provided allowing for other commands and options to be specified within the Wake On LAN packet. The protocol allows for signaling power management circuits in a host computer in response to messages received through a network interface. Logic coupled to the network interface detects a received network packet carrying a message from a source to the management circuits in the host computer. The logic includes security logic that is responsive to data in the packet to authenticate the source of the message, to accept the message and generate a signal to the management circuit in the host computer when the message passes authentication, and to discard the message when the message fails authentication. The message includes a message authentication code timestamp indicating a time at which the source produced the message and/or a random value token The security logic includes resources to verify the message authentication code and to prevent re-use of the message.
摘要翻译: Wake on LAN包协议中增加了一项安全功能,并提供了可扩展机制,允许在LAN唤醒包内指定其他命令和选项。 该协议允许响应于通过网络接口接收的消息,在主计算机中发送信号功率管理电路。 耦合到网络接口的逻辑检测从主机到主计算机中的管理电路的接收的网络分组携带消息。 该逻辑包括响应于分组中的数据来认证消息源的安全逻辑,当消息通过认证时接受该消息并向主计算机中的管理电路生成信号,并且当该消息通过认证时丢弃该消息 消息认证失败。 消息包括指示源产生消息的时间和/或随机值令牌的消息认证码时间戳安全逻辑包括验证消息认证码并防止消息的重用的资源。
-
8.发明授权公开(公告)号:US06393474B1
公开(公告)日:2002-05-21
申请号:US09223829
申请日:1998-12-31
申请人: Stuart Eichert , Danny M. Nessett , Wenjun Luo , Elaine Lusher
发明人: Stuart Eichert , Danny M. Nessett , Wenjun Luo , Elaine Lusher
IPC分类号: G06F1516
CPC分类号: H04L41/0893
摘要: A system for providing policy management in a network that includes nodes operating in multiple protocol layers and having enforcement functions. Multiple network devices, such as routers, remote access equipment, switches, repeaters and network cards, and end system processes having security functions are configured to contribute to implementation of policy enforcement in the network. By distributing policy enforcement functionality to a variety of network devices and end systems, a pervasive policy management system is implemented. The policy management system includes a policy implementation component that accepts policy, i.e. instructions or rules, that define how the network device should behave when confronted with a particular situation. The management system further includes a management station interface operating pursuant to a first process capable of providing an object to the network, the object including variables and one of a method or instructions to locate a method, executable on the network to set up a second process to enforce a portion of the policy.
摘要翻译: 一种用于在网络中提供策略管理的系统,该系统包括在多个协议层中运行并具有执行功能的节点。 诸如路由器,远程访问设备,交换机,转发器和网卡的多个网络设备以及具有安全功能的终端系统进程被配置为有助于在网络中执行策略实施。 通过向各种网络设备和终端系统分发策略实施功能,实现了普遍的策略管理系统。 策略管理系统包括策略实现组件,其接受策略,即指令或规则,其定义当面对特定情况时网络设备应如何行为。 所述管理系统还包括管理站接口,所述管理站接口根据能够向所述网络提供对象的第一进程操作,所述对象包括变量,以及定位方法的方法或指令之一,所述方法或指令可在所述网络上执行以建立第二进程 执行政策的一部分。
-
9.发明授权Method and system for facilitating access control to system resources in a distributed computer system 失效用于促进对分布式计算机系统中的系统资源的访问控制的方法和系统
公开(公告)号:US5742759A
公开(公告)日:1998-04-21
申请号:US516671
申请日:1995-08-18
申请人: Danny M. Nessett , Theron D. Tock
发明人: Danny M. Nessett , Theron D. Tock
IPC分类号: G06F12/14 , G06F1/00 , G06F12/00 , G06F13/00 , G06F17/21 , G06F21/00 , G06F21/24 , G09C1/00 , H04L9/32 , G06F15/00
CPC分类号: G06F21/6218 , G06F2221/2113 , G06F2221/2141
摘要: Embodiments of the present invention provide an improved method and system for securely controlling access to resources in a distributed computer system. One embodiment of the present invention stores and binds a group identification to a target object and then uses membership checking to determine whether a client object which requests access to the target object is a member of a group with access rights to the target object. In this way, the present invention avoids performing costly cryptographic operations in order to verify access rights of requesting objects, as was common in some prior art systems. A second embodiment of the present invention stores and binds a group identification to a target object reference and then passes the target object reference to client objects in the system. Since the target object reference includes a group identification entry, a first client object is able to determine which other clients in the system are members of the identified group. This determination allows the first client object to pass the target object reference to the other members of the group without first communicating with the server for the target object. In this way, the present invention avoids the costly transaction costs of communicating with the server for the target object.
摘要翻译: 本发明的实施例提供了一种用于在分布式计算机系统中安全地控制对资源的访问的改进的方法和系统。 本发明的一个实施例将组标识存储并绑定到目标对象,然后使用成员资格检查来确定请求对目标对象的访问的客户端对象是否是具有对目标对象的访问权限的组的成员。 以这种方式,本发明避免了执行昂贵的密码操作以便验证请求对象的访问权限,如在一些现有技术系统中所常见的那样。 本发明的第二实施例将组标识存储并绑定到目标对象引用,然后将目标对象引用传递给系统中的客户端对象。 由于目标对象引用包括组标识条目,所以第一客户端对象能够确定系统中哪些其他客户端是所识别的组的成员。 该确定允许第一客户端对象将目标对象引用传递给组的其他成员,而不首先与目标对象的服务器通信。 以这种方式,本发明避免了与目标对象的服务器通信的昂贵的交易成本。
-
公开(公告)号:US07480939B1
公开(公告)日:2009-01-20
申请号:US09900617
申请日:2001-07-06
申请人: Danny M. Nessett , Albert Young
发明人: Danny M. Nessett , Albert Young
CPC分类号: H04L9/0869 , H04L9/083 , H04L9/0844 , H04L9/0891 , H04L9/3273 , H04L63/061 , H04L63/08 , H04L63/12 , H04L2209/80 , H04W12/04 , H04W12/06 , H04W12/10
摘要: A method and system for using a key lease in a secondary authentication protocol after a primary authentication protocol has been performed is described. In one embodiment, the primary authentication protocol comprises a strong, secure, computationally complex authentication protocol. Moreover, the secondary authentication protocol comprises a less complex (compared to the primary authentication protocol) and less secure (compared to the primary authentication protocol) authentication protocol which can be performed in a length of time that is shorter than a length of time required to perform the primary authentication protocol. In an embodiment, the key lease includes context information. Moreover, a new session encryption key is computed after each time a quick re-authentication is performed by executing the secondary authentication protocol using the key lease, whereas the session encryption key is used for encrypting communication traffic, providing a solution to the potential communication traffic replay threat.
摘要翻译: 描述了在执行主认证协议之后在辅助认证协议中使用密钥租赁的方法和系统。 在一个实施例中,主认证协议包括强的,安全的,计算上复杂的认证协议。 此外,辅助认证协议包括较不复杂(与主认证协议相比)和较不安全的(与主认证协议相比)认证协议,其可以在比时间长度短的时间长度执行 执行主认证协议。 在一个实施例中,密钥租赁包括上下文信息。 此外,在每次通过使用密钥租赁执行辅助认证协议来执行快速重新认证之后,计算新的会话加密密钥,而会话加密密钥用于加密通信流量,为潜在的通信流量提供解决方案 重播威胁
-
-
-
-
-
-
-
-
-
搜索结果
21 条记录 (耗时 0.029 秒)