专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

21. 发明授权

US08392698B2 System and method for providing prefixes indicative of mobility properties in a network environment 有权
标题翻译：用于在网络环境中提供指示移动性的前缀的系统和方法
公开(公告)号：US08392698B2
公开(公告)日：2013-03-05
申请号：US12762204
申请日：2010-04-16
申请人： Srinath Gundavelli , Brian E. Weis
发明人： Srinath Gundavelli , Brian E. Weis
IPC分类号： H04L29/06 , G06F15/177 , G06F15/173 , G06F15/16 , H04B7/00
CPC分类号： H04L61/2007 , H04L29/12254 , H04L29/12283 , H04L29/12933 , H04L45/00 , H04L45/72 , H04L61/2038 , H04L61/2061 , H04L61/6068 , H04L63/0428 , H04L67/12 , H04W8/04 , H04W72/04
摘要： An example method includes receiving an Internet protocol (IP) address request in a network and selecting an IP address associated with a prefix that represents an IP subnet. The prefix includes a color attribute to be provided as part of a communication session that includes a plurality of packets. The prefix defines one or more properties associated with an application for the session. The prefix is communicated to a network element in a signaling plane, the prefix is configured to be used to make a routing decision for at least some of the plurality of packets. In more specific embodiments, the method can include applying one or more network policies based on the prefix associated with the IP address. The method could also include decrypting an encryption protocol in order to identify the prefix of a subsequent communication flow, and executing a routing decision based on the prefix.
摘要翻译：示例性方法包括在网络中接收因特网协议（IP）地址请求，并且选择与表示IP子网的前缀相关联的IP地址。前缀包括要作为包括多个分组的通信会话的一部分提供的颜色属性。前缀定义与会话的应用程序相关联的一个或多个属性。前缀被传送到信令平面中的网元，前缀被配置为用于为多个分组中的至少一些分组做出路由决定。在更具体的实施例中，该方法可以包括基于与IP地址相关联的前缀应用一个或多个网络策略。该方法还可以包括解密加密协议以便识别后续通信流的前缀，以及基于前缀执行路由决定。

22. 发明授权

US08307423B2 Migrating a network to tunnel-less encryption 有权
标题翻译：将网络迁移到无隧道加密
公开(公告)号：US08307423B2
公开(公告)日：2012-11-06
申请号：US12337315
申请日：2008-12-17
申请人： W. Scott Wainner , Brian E. Weis
发明人： W. Scott Wainner , Brian E. Weis
IPC分类号： G06F9/00
CPC分类号： H04L63/0272 , H04L63/0428 , H04L63/20
摘要： A method comprises, in a network comprising VPN gateway devices configured only for plaintext data communication, configuring a policy server with a security policy including DO NOT ENCRYPT statements temporarily overriding PERMIT statements defining which packets should be encrypted; selecting one sub-group of the VPN gateway devices in which tunnel-less encryption is not configured; configuring of the VPN gateway devices in the sub-group for tunnel-less encryption by: configuring each device in a passive mode of operation in which the device is configured to receive either encrypted packets or plaintext packets matching encryption policy; configuring local DO NOT ENCRYPT statements matching traffic that is currently being converted to ciphertext; removing, from the access control list of the policy server, DO NOT ENCRYPT statements referring to protected LAN CIDR blocks behind the VPN gateway devices in the selected sub-group; configuring the sub-group to send encrypted packets by removing, from each of the VPN gateway devices in the selected sub-group, the local DO NOT ENCRYPT statements for the CIDR blocks currently being converted and protected by the selected sub-group; repeating the configuring each of the VPN gateway devices in the selected sub-group for tunnel-less encryption, and the configuring the sub-group to send encrypted packets, for each other one of the sub-groups; and removing the passive mode on each of the VPN gateway devices.
摘要翻译：一种方法包括在包括仅用于明文数据通信的VPN网关设备的网络中，配置具有安全策略的策略服务器，所述安全策略包括DO NOT ENCRYPT语句临时覆盖定义哪些分组应被加密的PERMIT语句; 选择不配置无隧道加密的VPN网关设备的一个子组; 通过以下方式配置子组中的VPN网关设备：通过以下方式配置每个设备：被动模式，其中设备被配置为接收与加密策略相匹配的加密分组或明文分组; 配置当前正在转换为密文的流量的本地DO NOT ENCRYPT语句; 从策略服务器的访问控制列表中删除参考所选子组中VPN网关设备后面的受保护的LAN CIDR块的语句; 通过从所选子组中的每个VPN网关设备中移除当前被所选子组转换和保护的CIDR块的本地DO NOT ENCRYPT语句来配置子组以发送加密分组; 重复配置所选子组中的每个VPN网关设备以进行无隧道加密，并且配置子组以对彼此之一的子组发送加密分组; 并在每个VPN网关设备上删除被动模式。

23. 发明申请

US20100329463A1 GROUP KEY MANAGEMENT FOR MOBILE AD-HOC NETWORKS 有权
标题翻译：移动通信网络的集团关键管理
公开(公告)号：US20100329463A1
公开(公告)日：2010-12-30
申请号：US12491124
申请日：2009-06-24
申请人： STANLEY RATLIFF , BRIAN E. WEIS , ALVARO RETANA , MIHAIL L. SICHITIU
发明人： STANLEY RATLIFF , BRIAN E. WEIS , ALVARO RETANA , MIHAIL L. SICHITIU
IPC分类号： H04L9/08 , G06F21/20 , H04L9/32 , H04L9/28 , H04L9/00
CPC分类号： H04L9/0833 , H04L9/0891 , H04L63/065 , H04L2209/80
摘要： Group key management in a mobile ad-hoc network (MANET) may be provided. Each network node associated with the MANET may comprise a group distribution key and a list of authorized member nodes from which a group key manager may be elected. The group key manager may periodically issue a new group key to be used in protecting communications among the network nodes. A compromised node may be excluded from receiving updated group keys and thus isolated from the MANET.
摘要翻译：可以提供移动自组织网络（MANET）中的组密钥管理。与MANET相关联的每个网络节点可以包括组分配密钥和可以从其中选出组密钥管理器的授权成员节点的列表。组密钥管理器可以定期发布用于保护网络节点之间的通信的新的组密钥。受损节点可能被排除在接收更新的组密钥之外，因此与MANET隔离。

24. 发明申请

US20100246829A1 KEY GENERATION FOR NETWORKS 有权
标题翻译：网络的关键生成
公开(公告)号：US20100246829A1
公开(公告)日：2010-09-30
申请号：US12414772
申请日：2009-03-31
申请人： David A. McGREW , Brian E. WEIS
发明人： David A. McGREW , Brian E. WEIS
IPC分类号： H04L9/08
CPC分类号： H04L9/0869 , H04L9/083
摘要： Systems, methods, and other embodiments associated with key generation for networks are described. One example method includes configuring a key server with a pseudo-random function (PRF). The key server may provide keying material to gateways. The method may also include controlling the key server to generate a cryptography data structure (e.g., D-matrix) based, at least in part, on the PRF and a seed value. The method may also include controlling the key server to selectively distribute a portion of the cryptography data structure and/or data derived from the cryptography data structure to a gateway. The gateway may then encrypt communications based, at least in part, on the portion of the cryptography data structure. The method may also include selectively distributing an epoch value to members of the set of gateways that may then decrypt an encrypted communication based, at least in part, on the epoch value.
摘要翻译：描述了与网络的密钥生成相关联的系统，方法和其他实施例。一个示例性方法包括配置具有伪随机函数（PRF）的密钥服务器。密钥服务器可以向网关提供密钥材料。该方法还可以包括：至少部分地基于PRF和种子值来控制密钥服务器以生成加密数据结构（例如，D矩阵）。该方法还可以包括控制密钥服务器以选择性地将加密数据结构的一部分和/或从加密数据结构导出的数据分发到网关。网关可以至少部分地基于加密数据结构的一部分加密通信。该方法还可以包括选择性地将时代值分配到该组网关的成员，该网关组可以至少部分地基于时期值来解密加密的通信。

25. 发明申请

US20100154028A1 MIGRATING A NETWORK TO TUNNEL-LESS ENCRYPTION 有权
标题翻译：移动网络进行隧道加密
公开(公告)号：US20100154028A1
公开(公告)日：2010-06-17
申请号：US12337315
申请日：2008-12-17
申请人： W. Scott Wainner , Brian E. Weis
发明人： W. Scott Wainner , Brian E. Weis
IPC分类号： G06F21/00
CPC分类号： H04L63/0272 , H04L63/0428 , H04L63/20
摘要： A method comprises, in a network comprising VPN gateway devices configured only for plaintext data communication, configuring a policy server with a security policy including DO NOT ENCRYPT statements temporarily overriding PERMIT statements defining which packets should be encrypted; selecting one sub-group of the VPN gateway devices in which tunnel-less encryption is not configured; configuring of the VPN gateway devices in the sub-group for tunnel-less encryption by: configuring each device in a passive mode of operation in which the device is configured to receive either encrypted packets or plaintext packets matching encryption policy; configuring local DO NOT ENCRYPT statements matching traffic that is currently being converted to ciphertext; removing, from the access control list of the policy server, DO NOT ENCRYPT statements referring to protected LAN CIDR blocks behind the VPN gateway devices in the selected sub-group; configuring the sub-group to send encrypted packets by removing, from each of the VPN gateway devices in the selected sub-group, the local DO NOT ENCRYPT statements for the CIDR blocks currently being converted and protected by the selected sub-group; repeating the configuring each of the VPN gateway devices in the selected sub-group for tunnel-less encryption, and the configuring the sub-group to send encrypted packets, for each other one of the sub-groups; and removing the passive mode on each of the VPN gateway devices.
摘要翻译：一种方法包括在包括仅用于明文数据通信的VPN网关设备的网络中，配置具有安全策略的策略服务器，所述安全策略包括DO NOT ENCRYPT语句临时覆盖定义哪些分组应被加密的PERMIT语句; 选择不配置无隧道加密的VPN网关设备的一个子组; 通过以下方式配置子组中的VPN网关设备：通过以下方式配置每个设备：被动模式，其中设备被配置为接收与加密策略相匹配的加密分组或明文分组; 配置当前正在转换为密文的流量的本地DO NOT ENCRYPT语句; 从策略服务器的访问控制列表中删除参考所选子组中VPN网关设备后面的受保护的LAN CIDR块的语句; 通过从所选子组中的每个VPN网关设备中移除当前被所选子组转换和保护的CIDR块的本地DO NOT ENCRYPT语句来配置子组以发送加密分组; 重复配置所选子组中的每个VPN网关设备以进行无隧道加密，并且配置子组以对彼此之一的子组发送加密分组; 并在每个VPN网关设备上删除被动模式。

26. 发明授权

US07602737B2 Methods and apparatus for providing an enhanced dynamic multipoint virtual private network architecture 有权
标题翻译：用于提供增强的动态多点虚拟专用网络架构的方法和装置
公开(公告)号：US07602737B2
公开(公告)日：2009-10-13
申请号：US11414787
申请日：2006-05-01
申请人： Rajiv Asati , Mohamed Khalid , Brian E. Weis , Pratima Pramod Sethi
发明人： Rajiv Asati , Mohamed Khalid , Brian E. Weis , Pratima Pramod Sethi
IPC分类号： H04L12/28
CPC分类号： H04L12/4633 , H04L45/00 , H04L45/30
摘要： A system transmits, to a hub from a first spoke, first routing information associated with the first spoke. The system receives, at the first spoke, from the hub, second routing information associated with a plurality of spokes in communication with the hub. The plurality of spokes includes a second spoke. The system resolves, at the first spoke, a next hop determination for the packet based on the second routing information received from the hub. The system routes the packet from the first spoke to the second spoke using the next hop determination.
摘要翻译：系统从第一辐条向中枢发送与第一辐条相关联的第一路由信息。系统在第一辐条时从集线器接收与与集线器通信的多个辐条相关联的第二路由信息。多个辐条包括第二辐条。基于从集线器接收到的第二路由信息，系统在第一个分支处解析分组的下一跳确定。系统使用下一跳确定路由数据包从第一个辐条到第二个辐条。

27. 发明申请

US20080298592A1 TECHNIQUE FOR CHANGING GROUP MEMBER REACHABILITY INFORMATION 审中-公开
标题翻译：改变集团会员可追溯性信息的技术
公开(公告)号：US20080298592A1
公开(公告)日：2008-12-04
申请号：US11754780
申请日：2007-05-29
申请人： Mohamed Khalid , Aamer S. Akhter , Rajiv Asati , Brian E. Weis
发明人： Mohamed Khalid , Aamer S. Akhter , Rajiv Asati , Brian E. Weis
IPC分类号： H04L9/12
CPC分类号： H04L9/0833 , H04L9/0891 , H04L63/0272 , H04L63/065
摘要： In one embodiment, a technique for updating an address associated with a first entity in a communications network with a second entity in the communications network wherein the address is used to forward information to the first entity from the second entity. The first entity registers a first address associated with the first entity with the second entity. The first entity determines that a second address associated with the first entity is to be used instead of the first address to communicate with the first entity. The first entity generates an update message containing the second address, the update message obviating having to register the second address with the second entity. The first entity forwards the update message to the second entity to cause the second entity to use the second address instead of the first address to forward information to the first entity.
摘要翻译：在一个实施例中，一种用于在通信网络中与第二实体更新与通信网络中的第一实体相关联的地址的技术，其中所述地址用于将信息从所述第二实体转发到所述第一实体。第一实体将与第一实体相关联的第一地址与第二实体注册。第一实体确定将使用与第一实体相关联的第二地址而不是与第一实体进行通信的第一地址。第一实体生成包含第二地址的更新消息，更新消息消除了必须向第二实体注册第二地址。第一实体将更新消息转发给第二实体以使第二实体使用第二地址而不是第一地址来将信息转发到第一实体。

28. 发明授权

US09294270B2 Detection of stale encryption policy by group members 有权
标题翻译：群组成员检测陈旧的加密策略
公开(公告)号：US09294270B2
公开(公告)日：2016-03-22
申请号：US12652324
申请日：2010-01-05
申请人： Warren Scott Wainner , Sheela D. Rowles , Brian E. Weis , David Arthur McGrew , Scott R. Fluhrer , Kavitha Kamarthy
发明人： Warren Scott Wainner , Sheela D. Rowles , Brian E. Weis , David Arthur McGrew , Scott R. Fluhrer , Kavitha Kamarthy
IPC分类号： H04L9/08 , H04L29/06
CPC分类号： H04L63/0428 , H04L9/0833 , H04L9/0891 , H04L12/1818 , H04L63/061 , H04L63/104 , H04L63/20
摘要： Various techniques that allow group members to detect the use of stale encryption policy by other group members are disclosed. One method involves receiving a message from a first group member via a network. The message is received by a second group member. The method then detects that the first group member is not using a most recent policy update supplied by a key server, in response to information in the message. In response, a notification message can be sent from the second group member. The notification message indicates that at least one group member is not using the most recently policy update. The notification message can be sent to the key server or towards the first group member.
摘要翻译：公开了允许组成员检测到其他组成员使用过时加密策略的各种技术。一种方法涉及经由网络从第一组成员接收消息。该消息由第二组成员接收。然后该方法检测到第一组成员不响应于消息中的信息使用由密钥服务器提供的最新策略更新。作为响应，可以从第二组成员发送通知消息。通知消息表示至少有一个组成员没有使用最近的策略更新。通知消息可以发送到密钥服务器或朝向第一个组成员。

29. 发明授权

US08356177B2 Key transport in authentication or cryptography 有权
标题翻译：密钥传输在认证或加密
公开(公告)号：US08356177B2
公开(公告)日：2013-01-15
申请号：US12604221
申请日：2009-10-22
申请人： David A. McGrew , Brian E. Weis , Fabio R. Maino
发明人： David A. McGrew , Brian E. Weis , Fabio R. Maino
IPC分类号： H04L9/00
CPC分类号： H04L9/0637 , H04L9/0822 , H04L9/0833 , H04L9/3242
摘要： A computer system for authenticating, encrypting, and transmitting a secret communication, where the encryption key is transmitted along with the encrypted message, is disclosed. In an embodiment, a first transmitting processor encrypts a plaintext message to a ciphertext message using a data key, encrypts the data key using a key encrypting key, and sends a communication comprising the encrypted data key and the ciphertext message. A second receiving processor receives the communication and then decrypts the encrypted data key using the key encrypting key and decrypts the ciphertext message using the data key to recover the plaintext message.
摘要翻译：公开了一种用于认证，加密和发送秘密通信的计算机系统，其中加密密钥与加密消息一起发送。在一个实施例中，第一发送处理器使用数据密钥将明文消息加密为密文消息，使用密钥加密密钥加密数据密钥，并发送包括加密数据密钥和密文消息的通信。第二接收处理器接收通信，然后使用密钥加密密钥解密加密的数据密钥，并使用数据密钥解密密文消息以恢复明文消息。

30. 发明授权

US08347376B2 Techniques for distributing a new communication key within a virtual private network 有权
标题翻译：在虚拟专用网络内分发新的通信密钥的技术
公开(公告)号：US08347376B2
公开(公告)日：2013-01-01
申请号：US11369358
申请日：2006-03-06
申请人： Brian E. Weis , Shashi Sastry , Sheela Dixit Rowles
发明人： Brian E. Weis , Shashi Sastry , Sheela Dixit Rowles
IPC分类号： G06F15/163 , H04L9/08 , H04L9/30 , G06F17/30
CPC分类号： H04L63/062 , H04L63/0272
摘要： Techniques for distributing a new communication key within a group virtual private network (VPN) are provided. A key distribution service determines that a new communication key for a VPN is to be distributed to members of the VPN. The new communication key is sent individually in a unique and separate message to each of the members. The key distribution service also maintains records to determine which of the members have and have not successfully received the new communication key.
摘要翻译：提供了用于在组虚拟专用网（VPN）内分发新的通信密钥的技术。密钥分发服务确定将VPN的新通信密钥分发给VPN的成员。新的通信密钥是单独发送到每个成员的唯一和单独的消息。密钥分发服务还维护记录以确定哪些成员具有并且尚未成功接收到新的通信密钥。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式