专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

31. 发明授权

US06363480B1 Ephemeral decryptability 有权
标题翻译：短暂可解密
公开(公告)号：US06363480B1
公开(公告)日：2002-03-26
申请号：US09395581
申请日：1999-09-14
申请人： Radia J. Perlman
发明人： Radia J. Perlman
IPC分类号： G06F1130
CPC分类号： H04L9/083 , H04L9/088
摘要： A system and method for a user to encrypt data in a way that ensures the data cannot be decrypted after a finite period. A number of ephemeral encryption keys are established by a first party, each of which will be destroyed at an associated time in the future (the “expiration time”). A second party selects or requests one of the ephemeral encryption keys for encrypting a message. The first party provides an ephemeral encryption key to the second party. Subsequently, the first party decrypts at least a portion of the message, using an ephemeral decryption key associated with the ephemeral encryption key provided to the second party. At the expiration time, the first party destroys all copies of at least the ephemeral decryption key, thus rendering any messages encrypted using the ephemeral encryption key permanently undecipherable. In an alternative embodiment, a number of ephemeral key servers provide a respective number of ephemeral encryption keys having associated expiration times. A party wishing to transmit an ephemeral message uses the provided ephemeral encryption keys to encrypt at least a portion of the message. The receiver of the message uses at least a subset of the ephemeral key servers to decrypt at least a portion of the encrypted message. At the expiration time(s), at least one of the ephemeral key servers permanently destroys at least one of the decryption keys associated with the provided ephemeral encryption keys.
摘要翻译：一种用于用户以有限周期保证数据不能被解密的方式加密数据的系统和方法。许多短暂加密密钥由第一方建立，每个将在将来的相关时间（“到期时间”）中被销毁。第二方选择或请求用于加密消息的短暂加密密钥之一。第一方向第二方提供短暂加密密钥。随后，第一方使用与提供给第二方的临时加密密钥相关联的临时解密密钥来解密消息的至少一部分。在到期时间，第一方破坏至少临时解密密钥的所有副本，从而使任何使用临时加密密钥加密的消息永久地不可解密。在替代实施例中，许多短暂密钥服务器提供具有相关联的到期时间的相应数量的临时加密密钥。希望传送短暂消息的方使用提供的临时加密密钥来加密消息的至少一部分。消息的接收者使用至少一个临时密钥服务器的子集来解密加密消息的至少一部分。在到期时间，至少一个短暂密钥服务器永久地破坏与所提供的临时加密密钥相关联的至少一个解密密钥。

32. 发明授权

US6131123A Efficient message distribution to subsets of large computer networks using multicast for near nodes and unicast for far nodes 失效
标题翻译：使用近端节点的多播和远端节点单播的大型计算机网络子集的高效消息分发
公开(公告)号：US6131123A
公开(公告)日：2000-10-10
申请号：US79505
申请日：1998-05-14
申请人： Stephen A. Hurst , Radia J. Perlman
发明人： Stephen A. Hurst , Radia J. Perlman
IPC分类号： H04L12/18 , H04L12/56 , G06F13/00
CPC分类号： H04L12/18 , H04L12/1886
摘要： A computer sends a message to each of a number of recipient computers of a computer network by sending the message as a multicast message to near ones of the recipient computers and sending the message as unicast messages to far ones of the recipient computers. The sending computer determines the circumstances under which a combination of multicast and unicast messages are efficient by determining that many recipient computers are near the sending computer and that few recipient computers are far. The sending computer makes such a determination by determining no more than a predetermined number of recipient computers are at least a predetermined distance further from the sending computer than are the others of the recipient messages. The sending computer can also determine that the burden imposed upon the computer network by a multicast message is justified by the need to deliver the message to its intended recipients. For intended recipients which are too far and too few to justify use of a multicast message, unicast messages are sent.
摘要翻译：计算机通过将消息作为多播消息发送到接近的收件人计算机的一个并且将消息作为单播消息发送到接收者计算机的远端，向计算机网络的多个收件人计算机中的每一个发送消息。发送计算机通过确定许多接收方计算机位于发送计算机附近，并且少数接收方计算机很远，来确定组播和单播消息的组合在何种情况下是有效的。发送计算机通过确定不超过预定数量的接收方计算机与发送计算机相距至少比接收方消息的其他方式更远的预定距离进行这样的确定。发送计算机还可以通过将消息传递到其预期接收者的需要来确定由多播消息施加在计算机网络上的负担是合理的。对于太多和太少以至无法证明使用多播消息的预期接收者，发送单播消息。

33. 发明授权

US5901227A Method and apparatus for implementing partial and complete optional key escrow 失效
标题翻译：用于实现部分和完整的可选密钥托管的方法和设备
公开(公告)号：US5901227A
公开(公告)日：1999-05-04
申请号：US666968
申请日：1996-06-20
申请人： Radia J. Perlman
发明人： Radia J. Perlman
IPC分类号： H04L9/08 , H04L9/32 , H04K1/00
CPC分类号： H04L9/3263 , H04L9/0894
摘要： A key escrow technique reliably notifies an encrypting principal about escrow authorities requiring access to a secret key used to encrypt information and, further, about how much of that key is required by the authorities. The technique comprises a mechanism for storing escrow instructions pertaining to the authorities' keys in a designated location accessible by the encrypting principal. For example, the designated location may comprise a licensing string of a hardware or software add-on module needed to activate a cryptographic system of a data processing system. The escrow instructions may be further stored in an escrow formation field of a certificate. Here, the certificate may be the encrypting principal's certificate, a recipient principal's certificate and/or any certificate authority's certificate needed for the encrypting principal to verify the recipient principal's certificate.
摘要翻译：密钥托管技术可靠地向加密主体通知需要访问用于加密信息的秘密密钥的托管机构，以及当局所要求的密钥的大小。该技术包括一个机构，用于将有关当局密钥的托管指令存储在加密主体可访问的指定位置。例如，指定位置可以包括激活数据处理系统的密码系统所需的硬件或软件附加模块的许可串。托管指示可以进一步存储在证书的托管形成字段中。在这里，证书可以是加密主体的证书，接收者主体的证书和/或加密主体验证接收者主体的证书所需的任何证书颁发机构的证书。

34. 发明授权

US5400333A Detecting LAN number misconfiguration 失效
标题翻译：检测LAN号码配置错误
公开(公告)号：US5400333A
公开(公告)日：1995-03-21
申请号：US147918
申请日：1993-11-04
申请人： Radia J. Perlman
发明人： Radia J. Perlman
IPC分类号： H04L12/46 , H04L29/12
CPC分类号： H04L61/2038 , H04L12/462 , H04L29/12254 , H04L29/12264 , H04L29/12839 , H04L61/2046 , H04L61/6022
摘要： Methods and apparatus for verifying--in a network comprised of LANs and bridges connected to LANs, in which the bridges associate the LANs with LAN numbers--that bridges connected to a given LAN have been configured with the same LAN number for that LAN. A first bridge encodes the LAN number configured for the given LAN into a LAN number verification message and transmits the message to a second bridge connected to the LAN. The second bridge then compares the LAN number encoded in the received LAN number verification message to the LAN number configured for the LAN at the second bridge. A bridge which performs this method includes storage for associating the LANs connected to the bridge with LAN numbers, an encoder for encoding the LAN number for a given LAN into a LAN number verification message, and a transmitter for transmitting the LAN number verification message onto the given LAN.
摘要翻译：用于验证网络的方法和装置包括连接到LAN的LAN和桥接器，其中桥接器将LAN与LAN号码相关联，桥接器连接到给定的LAN已经配置有与该LAN相同的LAN号码。第一桥接器将配置给给定LAN的LAN号码编码为LAN号码验证消息，并将该消息发送到连接到LAN的第二桥接器。然后，第二桥将在接收的LAN号码验证消息中编码的LAN号码与在第二个桥接处为LAN配置的LAN号进行比较。执行该方法的桥接器包括用于将连接到桥接器的LAN与LAN号码相关联的存储器，用于将给定LAN的LAN号码编码为LAN号码验证消息的编码器，以及用于将LAN号码验证消息发送到给定LAN。

35. 发明授权

US5323394A Selecting optimal routes in source routing bridging without exponential flooding of explorer packets 失效
标题翻译：选择源路由桥接中的优化路由，而不会引发资源管理器数据包的泛滥
公开(公告)号：US5323394A
公开(公告)日：1994-06-21
申请号：US864572
申请日：1992-04-07
申请人： Radia J. Perlman
发明人： Radia J. Perlman
IPC分类号： H04L12/46 , H04L12/56 , H04J3/02
CPC分类号： H04L45/48 , H04L12/462 , H04L45/02 , H04L45/04 , H04L45/26 , H04L45/34
摘要： To avoid exponential proliferation of explorer packets through a LAN/Bridge network, each bridge gathers information sufficient to compute routes through the network by sharing routing messages with other bridges. Then, to find a route from a particular source end system to a particular destination end system, a broadcast message identifying the desired source and destination is sent to the bridges. In response, the bridges compute the optimal route to each attached LAN, convert the broadcast message into one or more counterfeit explorer messages by incorporating these routes, and then transmit the counterfeit explorer messages to the LANs for which the incorporated route was computed. The destination end system then receives one or more of the counterfeit explorer messages and responds to the source end system as if the counterfeit explorer message was genuine.
摘要翻译：为了避免浏览器数据包通过LAN / Bridge网络发生指数增长，每个桥接器通过与其他网桥共享路由消息，收集足够的信息来计算路由。然后，为了找到从特定源端系统到特定目的地端系统的路由，将标识期望源和目的地的广播消息发送到网桥。作为响应，桥接器计算到每个附接的LAN的最佳路由，通过并入这些路由将广播消息转换成一个或多个伪冒险浏览器消息，然后将假冒的资源管理器消息发送到计算并入路由的LAN。目的地终端系统然后接收一个或多个伪冒探险者消息，并响应源端系统，仿佛仿冒资源管理器消息是真实的。

36. 发明授权

US5261002A Method of issuance and revocation of certificates of authenticity used in public key networks and other systems 失效
标题翻译：发布和撤销公钥网络等系统中使用的真实性证书的方法
公开(公告)号：US5261002A
公开(公告)日：1993-11-09
申请号：US850593
申请日：1992-03-13
申请人： Radia J. Perlman , Charles W. Kaufman
发明人： Radia J. Perlman , Charles W. Kaufman
IPC分类号： G07F7/10 , H04L9/32 , H04L9/30
CPC分类号： G07F7/1016 , H04L9/3263
摘要： A technique for issuing and revoking user certificates of authenticity in a public key cryptography system, wherein certificates do not need expiration dates, and the inconvenience and overhead associated with routine certificate renewals are minimized or avoided entirely. A Certification Authority issues certificates as required, and issues a blacklist having a start date, an expiration date, and an entry for every invalid certificate issued after the start date. Users assume that every certificate issued prior to the blacklist start date is invalid, and that invalid certificates issued after the start date will be included in the current blacklist. A new blacklist is issued prior to expiration of the current one, and the blacklist start date is changed only when the blacklist becomes unmanageably long.
摘要翻译：一种在公共密钥加密系统中发布和撤销用户证书的真实性的技术，其中证书不需要过期日期，并且与常规证书更新相关联的不便和开销被最小化或完全避免。证书颁发机构根据需要颁发证书，并发出黑名单，具有开始日期，到期日期和开始日期之后发出的每个无效证书的条目。用户假设在黑名单开始日期之前发出的每个证书无效，并且在开始日期之后发出的无效证书将被包含在当前的黑名单中。在当前黑名单到期之前发出新的黑名单，黑名单开始日期只有在黑名单变得难以控制的时候才会改变。

37. 发明授权

US5243592A Method and apparatus for distance vector routing on datagram point-to-point links 失效
标题翻译：用于距离矢量路由在数据点到点链路上的方法和装置
公开(公告)号：US5243592A
公开(公告)日：1993-09-07
申请号：US597144
申请日：1990-10-15
申请人： Radia J. Perlman , George A. Harvey
发明人： Radia J. Perlman , George A. Harvey
IPC分类号： H04L29/06 , H04L12/46 , H04L12/56
CPC分类号： H04L45/02 , H04L45/44
摘要： A technique for distributing updated distance vectors used in routers, which are connected by point-to-point links having datagram service. Distance vectors are used by routers to route messages over the most desirable paths, but must be continually modified as a result of update messages passed between routers, to reflect changes in network topology. Datagram service does not normally ensure that such update messages will reach other routers, but the technique of the invention uses unique sequence numbers on all information packets containing distance vector update messages, and achieves efficient and timely distribution of updated distance vector information with only a modest storage requirements. Unlike reliable service, which requires each message to be delivered exactly once and in the order sent, the invention allows subsequent update messages to be delivered to the same neighboring router even if previous messages have not yet been received and processed. The invention also provides for retransmission of unacknowledged distance vector information, but without the burden of having to store all transmitted packets until they are acknowledged.

38. 发明授权

US5086428A Reliable broadcast of information in a wide area network 失效
标题翻译：在广域网中可靠的广播信息
公开(公告)号：US5086428A
公开(公告)日：1992-02-04
申请号：US364470
申请日：1989-06-09
申请人： Radia J. Perlman , George Varghese , Anthony G. Lauck
发明人： Radia J. Perlman , George Varghese , Anthony G. Lauck
IPC分类号： H04L12/56 , H04L29/00
CPC分类号： H04L47/34 , H04L29/00 , H04L45/02 , H04L45/20 , H04L47/10 , H04L47/283
摘要： A method and apparatus for creating and managing databases in routers of a routing network. The databases store link state packets, each packet being originated by nodes in the network, and transmitted to other nodes through the network. Each packet contains data identifying its originating node, a sequence number in a linear space indicating its place in the sequence of packets generated by its originating node, and an age value indicating the time remaining before it expires. The contents of the databases are updated by newly received packets. In addition, the nodes themselves are reset if the packets currently in the network have later sequence numbers than new packets. Also, a mechanism is provided to purge the databases of packets from a given router by issuing a purging packet.
摘要翻译：一种用于在路由网络的路由器中创建和管理数据库的方法和装置。数据库存储链路状态分组，每个分组由网络中的节点发起，并通过网络传输到其他节点。每个分组包含标识其始发节点的数据，线性空间中的序列号，指示其在其始发节点生成的分组的序列中的位置，以及指示其到期之前的剩余时间的年龄值。新接收的数据包更新数据库的内容。另外，如果当前在网络中的分组具有比新分组更多的序列号，则节点本身被重置。此外，提供了一种机制，用于通过发出清除数据包来清除来自给定路由器的数据包的数据库。

39. 发明授权

US08200964B2 Method and apparatus for accessing an encrypted file system using non-local keys 有权
标题翻译：使用非本地密钥访问加密文件系统的方法和装置
公开(公告)号：US08200964B2
公开(公告)日：2012-06-12
申请号：US11525799
申请日：2006-09-22
申请人： Radia J. Perlman , Sunay Tripathi
发明人： Radia J. Perlman , Sunay Tripathi
IPC分类号： G06F21/00
CPC分类号： H04L9/0891 , G06F21/6209 , G06F2221/2107 , H04L9/0894
摘要： One embodiment of the present invention provides a system for accessing an encrypted file through a file system. During operation, the system receives a request to access the encrypted file. In response to the request, the system sends an encrypted file key for the encrypted file from the file system to a tamper-resistant module. Next, the tamper-resistant module uses a master secret to decrypt the encrypted file key to restore the file key, wherein the master secret is obtained from an external source by the tamper-resistant module. The system then uses the file key to access the encrypted file.
摘要翻译：本发明的一个实施例提供一种通过文件系统访问加密文件的系统。在操作期间，系统接收到访问加密文件的请求。响应该请求，系统将加密文件的加密文件密钥从文件系统发送到防篡改模块。接下来，防篡改模块使用主秘密来解密加密文件密钥以恢复文件密钥，其中通过防篡改模块从外部源获得主密钥。然后，系统使用文件密钥访问加密文件。

40. 发明申请

US20080123858A1 Method and apparatus for accessing an encrypted file system using non-local keys 有权
标题翻译：使用非本地密钥访问加密文件系统的方法和装置
公开(公告)号：US20080123858A1
公开(公告)日：2008-05-29
申请号：US11525799
申请日：2006-09-22
申请人： Radia J. Perlman , Sunay Tripathi
发明人： Radia J. Perlman , Sunay Tripathi
IPC分类号： H04L9/08 , G06F12/14 , G06F21/24
CPC分类号： H04L9/0891 , G06F21/6209 , G06F2221/2107 , H04L9/0894
摘要： One embodiment of the present invention provides a system for accessing an encrypted file through a file system. During operation, the system receives a request to access the encrypted file. In response to the request, the system sends an encrypted file key for the encrypted file from the file system to a tamper-resistant module. Next, the tamper-resistant module uses a master secret to decrypt the encrypted file key to restore the file key, wherein the master secret is obtained from an external source by the tamper-resistant module. The system then uses the file key to access the encrypted file.
摘要翻译：本发明的一个实施例提供一种通过文件系统访问加密文件的系统。在操作期间，系统接收到访问加密文件的请求。响应该请求，系统将加密文件的加密文件密钥从文件系统发送到防篡改模块。接下来，防篡改模块使用主秘密来解密加密文件密钥以恢复文件密钥，其中通过防篡改模块从外部源获得主密钥。然后，系统使用文件密钥访问加密文件。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式