-
1.发明授权Method and system for securing a network utilizing IPsec and MACsec protocols 有权使用IPsec和MACsec协议来保护网络的方法和系统公开(公告)号:US07853691B2
公开(公告)日:2010-12-14
申请号:US11934257
申请日:2007-11-02
申请人: Uri Elzur , Bora Akyol , Zheng Qi , Mark Buer , Ford Tamer , Yongbum Kim
发明人: Uri Elzur , Bora Akyol , Zheng Qi , Mark Buer , Ford Tamer , Yongbum Kim
IPC分类号: G06F15/173 , G06F15/16 , G06F7/04 , H04L9/08
CPC分类号: H04L63/0464 , H04L63/162 , H04L63/164 , H04L69/08
摘要: Aspects of a method and system for securing a network utilizing IPsec and MACsec protocols are provided. In one or more network nodes, aspects of the invention may enable conversion between Ethernet packets comprising payloads secured utilizing IPsec protocols and Ethernet packets secured utilizing MACsec protocols. For example, IPsec connections may be terminated at an ingress network node and IPsec connections may be regenerated at an egress network node. Packets secured utilizing MACsec protocols may be detected based on an Ethertype. Packets comprising payloads secured utilizing IPsec protocols may be detected based on a protocol field or a next header field. The conversion may be based on a data structure stored by and/or accessible to the network nodes. Aspects of the invention may enable securing data utilizing MACsec protocols when tunneling IPsec secured data through non-IPsec enabled nodes.
摘要翻译: 提供了使用IPsec和MACsec协议来保护网络的方法和系统的方面。 在一个或多个网络节点中,本发明的方面可以实现包括使用IPsec协议保护的有效载荷的以太网分组和利用MACsec协议来保护的以太网分组之间的转换。 例如,可以在入口网络节点处终止IPsec连接,并且可以在出口网络节点处重新生成IPsec连接。 使用MACsec协议保护的数据包可以基于以太网类型进行检测。 可以基于协议字段或下一个报头字段来检测包括利用IPsec协议保护的有效载荷的分组。 该转换可以基于由网络节点存储和/或可访问的数据结构。 当通过非启用IPsec的节点隧道化IPsec安全数据时,本发明的各方面可以实现利用MACsec协议来保护数据。
-
2.发明申请METHOD AND SYSTEM FOR SECURING A NETWORK UTILIZING IPSEC and MACSEC PROTOCOLS 有权用于保护使用IPSEC和MACSEC协议的网络的方法和系统公开(公告)号:US20080126559A1
公开(公告)日:2008-05-29
申请号:US11934257
申请日:2007-11-02
申请人: Uri Elzur , Bora Akyol , Zheng Qi , Mark Buer , Ford Tamer , Yongbum Kim
发明人: Uri Elzur , Bora Akyol , Zheng Qi , Mark Buer , Ford Tamer , Yongbum Kim
IPC分类号: G06F15/16
CPC分类号: H04L63/0464 , H04L63/162 , H04L63/164 , H04L69/08
摘要: Aspects of a method and system for securing a network utilizing IPsec and MACsec protocols are provided. In one or more network nodes, aspects of the invention may enable conversion between Ethernet packets comprising payloads secured utilizing IPsec protocols and Ethernet packets secured utilizing MACsec protocols. For example, IPsec connections may be terminated at an ingress network node and IPsec connections may be regenerated at an egress network node. Packets secured utilizing MACsec protocols may be detected based on an Ethertype. Packets comprising payloads secured utilizing IPsec protocols may be detected based on a protocol field or a next header field. The conversion may be based on a data structure stored by and/or accessible to the network nodes. Aspects of the invention may enable securing data utilizing MACsec protocols when tunneling IPsec secured data through non-IPsec enabled nodes.
摘要翻译: 提供了使用IPsec和MACsec协议来保护网络的方法和系统的方面。 在一个或多个网络节点中,本发明的方面可以实现包括使用IPsec协议保护的有效载荷的以太网分组和利用MACsec协议来保护的以太网分组之间的转换。 例如,可以在入口网络节点处终止IPsec连接,并且可以在出口网络节点处重新生成IPsec连接。 使用MACsec协议保护的数据包可以基于以太网类型进行检测。 可以基于协议字段或下一个报头字段来检测包括利用IPsec协议保护的有效载荷的分组。 该转换可以基于由网络节点存储和/或可访问的数据结构。 当通过非启用IPsec的节点隧道化IPsec安全数据时,本发明的各方面可以实现利用MACsec协议来保护数据。
-
3.发明授权Method and system for determining and securing proximity information over a network 有权用于确定和确保网络上的邻近信息的方法和系统公开(公告)号:US08717932B2
公开(公告)日:2014-05-06
申请号:US11756340
申请日:2007-05-31
申请人: Zheng Qi , Yongbum Kim
发明人: Zheng Qi , Yongbum Kim
IPC分类号: H04L12/28
CPC分类号: H04L63/08 , H04L2463/101 , H04L2463/121
摘要: Aspects of a method and system for determining and securing proximity information over a network are provided. In this regard, data transmitted over a network may be time-stamped upon entering and/or exiting a network node. By taking the total time to travel between two network nodes and subtracting out any latency internal to one or more intermediate nodes, the time to traverse the physical links (the propagation time) between the two network nodes may be determined. Accordingly, if the speed at which data propagates over each link of the network is known, then a distance from the source node to the destination node may be determined. Additionally, aspects of the invention may enable one or more of authentication, validation, and encryption of timing and/or proximity information transmitted over a network.
摘要翻译: 提供了一种通过网络确定和保护邻近信息的方法和系统的方面。 在这方面,通过网络发送的数据可以在进入和/或退出网络节点时被时间戳。 通过将总时间在两个网络节点之间行进并减去一个或多个中间节点内部的任何延迟,可以确定穿过两个网络节点之间的物理链路(传播时间)的时间。 因此,如果数据在网络的每个链路上传播的速度是已知的,则可以确定从源节点到目的地节点的距离。 另外,本发明的各方面可以实现通过网络发送的定时和/或邻近信息的认证,验证和加密中的一个或多个。
-
4.发明申请METHOD AND SYSTEM FOR DETERMINING AND SECURING PROXIMITY INFORMATION OVER A NETWORK 有权用于确定和保护网络上的临近信息的方法和系统公开(公告)号:US20080123555A1
公开(公告)日:2008-05-29
申请号:US11756340
申请日:2007-05-31
申请人: Zheng Qi , Yongbum Kim
发明人: Zheng Qi , Yongbum Kim
IPC分类号: H04L12/28
CPC分类号: H04L63/08 , H04L2463/101 , H04L2463/121
摘要: Aspects of a method and system for determining and securing proximity information over a network are provided. In this regard, data transmitted over a network may be time-stamped upon entering and/or exiting a network node. By taking the total time to travel between two network nodes and subtracting out any latency internal to one or more intermediate nodes, the time to traverse the physical links (the propagation time) between the two network nodes may be determined. Accordingly, if the speed at which data propagates over each link of the network is known, then a distance from the source node to the destination node may be determined. Additionally, aspects of the invention may enable one or more of authentication, validation, and encryption of timing and/or proximity information transmitted over a network.
摘要翻译: 提供了一种通过网络确定和保护邻近信息的方法和系统的方面。 在这方面,通过网络发送的数据可以在进入和/或退出网络节点时被时间戳。 通过将总时间在两个网络节点之间行进并减去一个或多个中间节点内部的任何延迟,可以确定穿过两个网络节点之间的物理链路(传播时间)的时间。 因此,如果数据在网络的每个链路上传播的速度是已知的,则可以确定从源节点到目的地节点的距离。 另外,本发明的各方面可以实现通过网络发送的定时和/或邻近信息的认证,验证和加密中的一个或多个。
-
公开(公告)号:US20130129087A1
公开(公告)日:2013-05-23
申请号:US13523801
申请日:2012-06-14
IPC分类号: H04L9/00
CPC分类号: G06F21/602 , G06F2221/0755 , H04L9/0869 , H04L9/3247 , H04L9/3263
摘要: Methods and systems for secure key generation are provided. In embodiments, during the manufacturing process, a device generates a primary seed for the device and stores the seed within the device. The device exports the device primary key to a secure manufacturer server. The secure manufacturer server generates a public/private root key for the device and requests a certificate for the public root key of the device from a certificate authority. The device, having the stored primary seed, is integrated into an end-user system. Upon occurrence of a condition, the device after integration into the end-user system generates the public/private root key in the field. The system also receives and installs the certificate for the public root key.
摘要翻译: 提供了安全密钥生成的方法和系统。 在实施例中,在制造过程期间,设备为设备生成主种子并将种子存储在设备内。 设备将设备主键导出到安全制造商服务器。 安全制造商服务器为设备生成公/私根密钥,并从证书颁发机构请求设备的公钥密钥证书。 具有存储的主种子的设备被集成到最终用户系统中。 一旦出现条件,设备在集成到最终用户系统之后就会在该字段中生成公/私根密钥。 该系统还接收并安装公共密钥的证书。
-
公开(公告)号:US07822797B2
公开(公告)日:2010-10-26
申请号:US10207329
申请日:2002-07-29
申请人: Mark L. Buer , Zheng Qi
发明人: Mark L. Buer , Zheng Qi
IPC分类号: G06F7/38
CPC分类号: H04L9/0662 , G06F7/584 , G06F7/588 , H04L9/0869
摘要: Methods and systems are disclosed for generating random numbers and initial vectors. A random number generator generates one or more random numbers that are used to repetitively seed pseudo random number generators so that the pseudo random number generators generate random numbers. Thus, a single random number generator may be used to simultaneously generate several random numbers. The random numbers generated by the pseudo random number generators may be used as initial vectors in encryption engines.
摘要翻译: 公开了用于产生随机数和初始向量的方法和系统。 随机数生成器生成用于重复种子伪随机数发生器的一个或多个随机数,使得伪随机数生成器生成随机数。 因此,可以使用单个随机数生成器来同时生成几个随机数。 由伪随机数生成器生成的随机数可以用作加密引擎中的初始向量。
-
公开(公告)号:US07600122B2
公开(公告)日:2009-10-06
申请号:US11593102
申请日:2006-11-06
申请人: Joseph Tardo , Mark Buer , Jianjun Luo , Don Matthews , Zheng Qi , Ronald Squires
发明人: Joseph Tardo , Mark Buer , Jianjun Luo , Don Matthews , Zheng Qi , Ronald Squires
IPC分类号: G06F9/00
CPC分类号: H04L9/0838
摘要: Methods and apparatus are provided for an entity such as a CPU to efficiently call a cryptography accelerator to perform cryptographic operations. A function call causes the cryptography accelerator to execute multiple cryptographic operations in a manner tailored for specific processing steps, such as steps during a handshake phase of a secured session. The techniques provide efficient use of hardware processing resources, data interfaces, and memory interfaces.
摘要翻译: 为诸如CPU的实体提供方法和装置,以有效地调用加密加速器来执行加密操作。 函数调用使密码加速器以针对特定处理步骤的方式执行多个加密操作,例如在安全会话的握手阶段期间的步骤。 这些技术提供了硬件处理资源,数据接口和存储器接口的有效利用。
-
公开(公告)号:US20060085640A1
公开(公告)日:2006-04-20
申请号:US11286111
申请日:2005-11-23
申请人: Joseph Tardo , Mark Buer , Jianjun Luo , Don Matthews , Zheng Qi , Ronald Squires
发明人: Joseph Tardo , Mark Buer , Jianjun Luo , Don Matthews , Zheng Qi , Ronald Squires
IPC分类号: H04L9/00
CPC分类号: H04L9/0838
摘要: Methods and apparatus are provided for an entity such as a CPU to efficiently call a cryptography accelerator to perform cryptographic operations. A function call causes the cryptography accelerator to execute multiple cryptographic operations in a manner tailored for specific processing steps, such as steps during a handshake phase of a secured session. The techniques provide efficient use of hardware processing resources, data interfaces, and memory interfaces.
-
公开(公告)号:US08953790B2
公开(公告)日:2015-02-10
申请号:US13523801
申请日:2012-06-14
CPC分类号: G06F21/602 , G06F2221/0755 , H04L9/0869 , H04L9/3247 , H04L9/3263
摘要: Methods and systems for secure key generation are provided. In embodiments, during the manufacturing process, a device generates a primary seed for the device and stores the seed within the device. The device exports the device primary key to a secure manufacturer server. The secure manufacturer server generates a public/private root key for the device and requests a certificate for the public root key of the device from a certificate authority. The device, having the stored primary seed, is integrated into an end-user system. Upon occurrence of a condition, the device after integration into the end-user system generates the public/private root key in the field. The system also receives and installs the certificate for the public root key.
摘要翻译: 提供了安全密钥生成的方法和系统。 在实施例中,在制造过程期间,设备为设备生成主种子并将种子存储在设备内。 设备将设备主键导出到安全制造商服务器。 安全制造商服务器为设备生成公/私根密钥,并从证书颁发机构请求设备的公钥根证书。 具有存储的主种子的设备被集成到最终用户系统中。 一旦出现条件,设备在集成到最终用户系统之后就会在该字段中生成公/私根密钥。 该系统还接收并安装公共密钥的证书。
-
10.发明授权公开(公告)号:US08411867B2
公开(公告)日:2013-04-02
申请号:US12418967
申请日:2009-04-06
CPC分类号: H04L63/0428 , G06F21/602 , H04L9/0822 , H04L9/083 , H04L9/3228 , H04L9/3234 , H04L63/061
摘要: A method and system for secure and scalable key management for cryptographic processing of data is described herein. In the method, a General Purpose Cryptographic Engine (GPE) receives key material via a secure channel from a key server and stores the received Key encryption keys (KEKs) and/or plain text keys in a secure key cache. When a request is received from a host to cryptographically process a block of data, the requesting entity is authenticated using an authentication tag included in the request. The GPE retrieves a plaintext key or generate a plaintext using a KEK if the authentication is successful, cryptographically processes the data using the plaintext key and transmits the processed data. The system includes a key server that securely provides encrypted keys and/or key handles to a host and key encryption keys and/or plaintext keys to the GPE.
摘要翻译: 本文描述了用于数据的密码处理的用于安全和可扩展的密钥管理的方法和系统。 在该方法中,通用密码引擎(GPE)通过密钥服务器的安全通道接收密钥资料,并将接收到的密钥加密密钥(KEK)和/或纯文本密钥存储在安全密钥缓存中。 当从主机接收到加密处理数据块的请求时,请求实体使用包含在请求中的认证标签进行认证。 如果认证成功,则GPE检索明文密钥或使用KEK生成明文密文,使用明文密钥对数据进行加密处理,并发送处理后的数据。 该系统包括安全地向主机提供加密密钥和/或密钥句柄的密钥服务器以及GPE的密钥加密密钥和/或明文密钥。
-
-
-
-
-
-
-
-
-
搜索结果
33 条记录 (耗时 0.019 秒)
