公开(公告)号：US07640215B2

公开(公告)日：2009-12-29

申请号：US11064677

申请日：2005-02-24

申请人： Yi-Min Wang ,  Qixiang Sun ,  Daniel R. Simon ,  Wilfred Russell ,  Lili Qiu ,  Venkata N. Padmanabhan

发明人： Yi-Min Wang ,  Qixiang Sun ,  Daniel R. Simon ,  Wilfred Russell ,  Lili Qiu ,  Venkata N. Padmanabhan

IPC分类号： G06F17/30

CPC分类号： H04L63/0407 ,  G06F2221/2107 ,  G06F2221/2119 ,  G06Q20/10 ,  G06Q20/102 ,  G06Q20/1085 ,  G06Q20/40 ,  H04L63/1408

摘要： A system and method is provided for evaluating the effectiveness of data encryption for hiding the identity of the source of Web traffic. A signature is constructed from encrypted Web traffic for a Web page sent by a target Web site, and the signature is compared with archived traffic signatures obtained by accessing various Web pages of interest in advance. If the signature of the detected encrypted Web traffic matches a stored traffic signature beyond a pre-set statistical threshold, a positive match is found, and the source of the traffic is identified. Countermeasures for reducing the reliability of source identification based on traffic signature matching are provided.

摘要翻译： 提供了一种系统和方法，用于评估数据加密的有效性，以隐藏Web流量来源的身份。 由目标网站发送的网页的加密Web流量构建签名，并将签名与通过预先访问各种感兴趣的网页获得的归档流量签名进行比较。 如果检测到的加密Web流量的签名与存储的流量签名匹配超过预定的统计阈值，则找到正匹配，并且识别流量的来源。 提供了基于流量特征匹配降低源识别可靠性的对策。

公开(公告)号：US07096200B2

公开(公告)日：2006-08-22

申请号：US10127893

申请日：2002-04-23

申请人： Yi-Min Wang ,  Qixiang Sun ,  Daniel R. Simon ,  Wilfred Russell ,  Lili Qiu ,  Venkata N. Padmanabhan

发明人： Yi-Min Wang ,  Qixiang Sun ,  Daniel R. Simon ,  Wilfred Russell ,  Lili Qiu ,  Venkata N. Padmanabhan

IPC分类号： G06Q99/00 ,  H04K1/00 ,  H04L9/00

CPC分类号： H04L63/0407 ,  G06F2221/2107 ,  G06F2221/2119 ,  G06Q20/10 ,  G06Q20/102 ,  G06Q20/1085 ,  G06Q20/40 ,  H04L63/1408

摘要： A system and method is provided for evaluating the effectiveness of data encryption for hiding the identity of the source of Web traffic. A signature is constructed from encrypted Web traffic for a Web page sent by a target Web site, and the signature is compared with archived traffic signatures obtained by accessing various Web pages of interest in advance. If the signature of the detected encrypted Web traffic matches a stored traffic signature beyond a pre-set statistical threshold, a positive match is found, and the source of the traffic is identified. Countermeasures for reducing the reliability of source identification based on traffic signature matching are provided.

公开(公告)号：US07669049B2

公开(公告)日：2010-02-23

申请号：US11072143

申请日：2005-03-04

申请人： Yi-Min Wang ,  Qixiang Sun ,  Daniel R. Simon ,  Wilfred Russell

发明人： Yi-Min Wang ,  Qixiang Sun ,  Daniel R. Simon ,  Wilfred Russell

IPC分类号： G06F9/00

CPC分类号： H04L63/0442 ,  G06Q20/3821 ,  H04L29/06 ,  H04L63/062 ,  H04L67/02 ,  H04L67/327 ,  H04L69/329

摘要： A system and method is provided for handling network communications between a client and a target server on the Internet to protect the privacy and anonymity of the client.For a session between the client and the target server, a routing control server sets up a routing chain using a plurality of Web servers randomly selected from a pool of participating Web servers as routers for routing messages between the client and the target server. To prevent traffic analysis, an “onion encryption” scheme is applied to the messages as they are forwarded along the routing chain.A payment service cooperating with the routing control server allows a user to pay for the privacy protection service without revealing her real identity.

摘要翻译： 提供了一种用于处理因特网上的客户机和目标服务器之间的网络通信以保护客户端的隐私和匿名性的系统和方法。 对于客户端和目标服务器之间的会话，路由控制服务器使用从参与的Web服务器池中随机选择的多个Web服务器设置路由链，作为用于在客户端和目标服务器之间路由消息的路由器。 为了防止流量分析，当消息沿着路由链转发时，“洋葱加密”方案被应用于消息。 与路由控制服务器协作的支付服务器允许用户支付隐私保护服务，而不暴露她的真实身份。

公开(公告)号：US06986036B2

公开(公告)日：2006-01-10

申请号：US10102036

申请日：2002-03-20

申请人： Yi-Min Wang ,  Qixiang Sun ,  Daniel R. Simon ,  Wilfred Russell

发明人： Yi-Min Wang ,  Qixiang Sun ,  Daniel R. Simon ,  Wilfred Russell

IPC分类号： G06F1/26

CPC分类号： H04L63/0442 ,  G06Q20/3821 ,  H04L29/06 ,  H04L63/062 ,  H04L67/02 ,  H04L67/327 ,  H04L69/329

摘要： A system and method is provided for handling network communications between a client and a target server on the Internet to protect the privacy and anonymity of the client. For a session between the client and the target server, a routing control server sets up a routing chain using a plurality of Web servers randomly selected from a pool of participating Web servers as routers for routing messages between the client and the target server. To prevent traffic analysis, an “onion encryption” scheme is applied to the messages as they are forwarded along the routing chain. A payment service cooperating with the routing control server allows a user to pay for the privacy protection service without revealing her real identity.

公开(公告)号：US08001605B2

公开(公告)日：2011-08-16

申请号：US12193277

申请日：2008-08-18

申请人： Venkata N. Padmanabhan ,  Daniel R. Simon

发明人： Venkata N. Padmanabhan ,  Daniel R. Simon

IPC分类号： G06F11/22

CPC分类号： H04L63/12

摘要： A computer in a network runs a verification procedure in which it sends data packets to another computer in the network. Some or all of the data packets contain, either individually or collectively, a secret piece of information, such as a secret code. The computer then makes a determination regarding the network links between it and the other computer. If, for example, the other computer is able to respond by providing the secret piece of information back, then the computer sending the data packets concludes that the devices along the network links en route to the other computer are properly forwarding data packets.

摘要翻译： 网络中的计算机运行验证过程，其中将数据包发送到网络中的另一台计算机。 一些或全部数据包单独地或共同地包含诸如密码的秘密信息。 然后，计算机确定其与另一台计算机之间的网络链路。 例如，如果另一计算机能够通过提供秘密的信息来响应，则发送数据分组的计算机的结论是，沿着网络链路的设备路由到另一台计算机正在正确转发数据分组。

公开(公告)号：US20080320152A1

公开(公告)日：2008-12-25

申请号：US12193277

申请日：2008-08-18

申请人： Venkata N. Padmanabhan ,  Daniel R. Simon

发明人： Venkata N. Padmanabhan ,  Daniel R. Simon

IPC分类号： G06F15/16

CPC分类号： H04L63/12

摘要： A computer in a network runs a verification procedure in which it sends data packets to another computer in the network. Some or all of the data packets contain, either individually or collectively, a secret piece of information, such as a secret code. The computer then makes a determination regarding the network links between it and the other computer. If, for example, the other computer is able to respond by providing the secret piece of information back, then the computer sending the data packets concludes that the devices along the network links en route to the other computer are properly forwarding data packets.

摘要翻译： 网络中的计算机运行验证过程，其中将数据包发送到网络中的另一台计算机。 一些或全部数据包单独地或共同地包含诸如密码的秘密信息。 然后，计算机确定其与另一台计算机之间的网络链路。 例如，如果另一计算机能够通过提供秘密的信息来响应，则发送数据分组的计算机的结论是，沿着网络链路的设备路由到另一台计算机正在正确转发数据分组。

公开(公告)号：US08681995B2

公开(公告)日：2014-03-25

申请号：US12974590

申请日：2010-12-21

申请人： Shyam Seshadri ,  Jeffrey J. Westhead ,  Vamshi Krishna Kancharla ,  Daniel R. Simon ,  Anthony G. Jones ,  Frank Ronneburg ,  Guillaume V. Bailey

发明人： Shyam Seshadri ,  Jeffrey J. Westhead ,  Vamshi Krishna Kancharla ,  Daniel R. Simon ,  Anthony G. Jones ,  Frank Ronneburg ,  Guillaume V. Bailey

IPC分类号： H04L29/06

CPC分类号： H04L29/12066 ,  H04L9/083 ,  H04L9/3247 ,  H04L29/12132 ,  H04L29/12301 ,  H04L61/1511 ,  H04L61/1552 ,  H04L61/2076 ,  H04L63/1416

摘要： Multiple peer domain name system (DNS) servers are included in a multi-master DNS environment. One of the multiple peer DNS servers is a key master peer DNS server that generates one or more keys for a DNS zone serviced by the multiple peer DNS servers. The key master peer DNS server can also generate a signing key descriptor that identifies the set of one or more keys for the DNS zone, and communicate the signing key descriptor to the other ones of the multiple peer DNS servers.

摘要翻译： 多个对等域名系统（DNS）服务器包含在多主机DNS环境中。 多个对等DNS服务器之一是主要对等DNS服务器，为多个对等DNS服务器所服务的DNS区域生成一个或多个密钥。 关键的主对等DNS服务器还可以生成标识DNS区域的一个或多个密钥的集合的签名密钥描述符，并将签名密钥描述符传送到多个对等DNS服务器中的其他密钥描述符。

公开(公告)号：US08380841B2

公开(公告)日：2013-02-19

申请号：US11608126

申请日：2006-12-07

申请人： John Dunagan ,  Gregory D. Hartrell ,  Daniel R. Simon

发明人： John Dunagan ,  Gregory D. Hartrell ,  Daniel R. Simon

IPC分类号： G06F15/173 ,  G06F11/00

CPC分类号： H04L63/1433 ,  G06F21/577 ,  G06F2221/2101

摘要： A strategy is described for assessing and mitigating vulnerabilities within a data processing environment. The strategy collects access data that reflects actual log-in behavior exhibited by users in the environment. The strategy also collects rights data that reflects the rights possessed by one or more administrators within the environment. Based on the access data and rights data, the strategy identifies how a user or other entity that gains access to one part of the environment can potentially compromise additional parts of the environment. The strategy can recommend and implement steps aimed at reducing any identified vulnerabilities.

摘要翻译： 描述了一种用于评估和减轻数据处理环境中的漏洞的策略。 该策略收集反映用户在环境中展示的实际登录行为的访问数据。 该策略还收集反映环境中一个或多个管理员拥有的权利的权限数据。 根据访问数据和权限数据，该策略将识别获得对环境一部分访问权限的用户或其他实体如何潜在地危及环境的其他部分。 该策略可以推荐并实施旨在减少任何已识别的漏洞的步骤。

公开(公告)号：US08205252B2

公开(公告)日：2012-06-19

申请号：US11460929

申请日：2006-07-28

申请人： Daniel R. Simon ,  Sharad Agarwal ,  David A. Maltz

发明人： Daniel R. Simon ,  Sharad Agarwal ,  David A. Maltz

IPC分类号： H04L29/06

CPC分类号： H04L63/1433 ,  H04L12/66 ,  H04L45/74 ,  H04L63/0227 ,  H04L63/0236 ,  H04L63/0263 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1441 ,  H04L63/1458 ,  H04L2463/146

摘要： Accountability among Autonomous Systems (ASs) in a network ensures reliable identification of various customers within the ASs and provides defensibility against malicious customers within the ASs. In one implementation, reliable identification is achieved by implementing ingress filtering on data packets originating within individual ASs and defensibility is provided by filtering data packets on request. To facilitate on-request filtering, individual ASs are equipped with a Filter Request Server (FRS) to filter data packets from certain customers identified in a filter request. Thus, when a requesting customer makes a filter request against an offending customer, the FRS within the AS to which the offending customer belongs conducts on-request filtering and installs an on-request filter on a first-hop network infrastructure device for the offending customer. Consequently, the first-hop network infrastructure device filters any data packet sent from the offending customer to the requesting customer.

摘要翻译： 网络中的自治系统（AS）的责任确保对AS内各种客户的可靠识别，并为AS内的恶意客户提供防御性。 在一个实现中，通过对源自各个AS的数据分组进行入口过滤来实现可靠的识别，并且通过根据请求过滤数据分组来提供防御性。 为了便于按需请求过滤，单个AS配备了过滤器请求服务器（FRS），用于过滤来自过滤请求中标识的某些客户端的数据包。 因此，当请求客户对违规客户进行过滤请求时，违规客户所属的AS内的FRS进行按需请求过滤，并在违规客户的第一跳网络基础设施设备上安装请求过滤器 。 因此，第一跳网络基础设施设备将从违规客户发送的任何数据包过滤到请求的客户。

公开(公告)号：US07676840B2

公开(公告)日：2010-03-09

申请号：US11030825

申请日：2005-01-07

申请人： Dinarte Morais ,  Jon Lange ,  Daniel R. Simon ,  Ling Tony Chen ,  Josh D. Benaloh

发明人： Dinarte Morais ,  Jon Lange ,  Daniel R. Simon ,  Ling Tony Chen ,  Josh D. Benaloh

IPC分类号： G06F11/00

CPC分类号： G06F21/575

摘要： Machine instructions comprising a bootstrap code are buried within a critical component of an electronic game console where they cannot readily be accessed or modified. A preloader portion in a read only memory (ROM) is hashed by the bootstrap code and the result is compared to an expected hash value maintained in the bootstrap code. Further verification of the boot-up process is carried out by the preloader, which hashes the code in ROM to obtain a hash value for the code. The result is verified against a digital signature value that defines an expected value for this hash. Failure to obtain any expected result terminates the boot-up process. Since the bootstrap code confirms the preloader, and the preloader confirms the remainder of the code in ROM, this technique is useful for ensuring that the code used for booting up the device has not been modified or replaced.

摘要翻译： 包括引导代码的机器指令被埋在电子游戏控制台的关键部件内，在这些部件中它们不能容易地被访问或修改。 只读存储器（ROM）中的预加载器部分由引导代码散列，并将结果与​​引导代码中维护的预期散列值进行比较。 启动过程的进一步验证由预加载器执行，预加载器将ROM中的代码散列，以获得代码的哈希值。 结果是针对定义此散列值的期望值的数字签名值进行验证。 无法获得任何预期的结果将终止启动过程。 由于引导代码确认了预加载器，并且预加载器确认了ROM中的其余代码，所以该技术对于确保用于引导设备的代码未被修改或替换是有用的。