专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

51. 发明授权

US5856974A Internetwork address mapping gateway 失效
标题翻译：网际地址映射网关
公开(公告)号：US5856974A
公开(公告)日：1999-01-05
申请号：US600773
申请日：1996-02-13
申请人： Joseph L. Gervais , Alampoondi E. Natarajan , Michael D. Allen , Radia J. Perlman
发明人： Joseph L. Gervais , Alampoondi E. Natarajan , Michael D. Allen , Radia J. Perlman
IPC分类号： H04L29/12 , H04L12/66
CPC分类号： H04L61/2514 , H04L29/12009 , H04L29/12367 , H04L29/12424 , H04L29/12462 , H04L61/2535 , H04L61/255
摘要： The present invention is an address mapping gateway, used in an internetwork link, that associates all nodes in a domain with a single network number (referred to as a domain network address), and provides gateway-mapped node addresses that are unique within the domain. The address mapping gateway dynamically substitutes the "globally-unique" domain network address and the "domain-unique" gateway-mapped node address for a network number and node address, respectively, of a network layer address of a packet header received from a source node in the domain. Conversely, when a packet is received for a destination node in the domain, the address mapping gateway substitutes the originally-assigned network number and node address for the domain network address and gateway-mapped node address, respectively, prior to forwarding the packet to the node. Specifically, the address mapping gateway maintains an address mapping table that provides a cross-reference between (1) a source node address and the network number of the local network in which the node resides, and (2) a gateway-mapped node address generated by the address mapping gateway. Upon receipt of a packet from the source node, the address mapping gateway creates a mapping entry in the address mapping table that node and performs an address translation to a globally-unique network layer address. On the other hand, upon receipt of a packet destined for a destination node in the domain, the address mapping gateway locates the mapping entry for the packet's gateway-mapped node address and performs a reverse address translation to the originally-assigned network layer address.
摘要翻译：本发明是在互联网络链路中使用的地址映射网关，其将域中的所有节点与单个网络号码（称为域网络地址）相关联，并且提供在域内是唯一的网关映射节点地址。地址映射网关分别动态地将“全局唯一”域网络地址和“域唯一”网关映射节点地址替换为从源接收的分组报头的网络层地址的网络号和节点地址节点在域中。相反，当为域中的目的地节点接收到分组时，地址映射网关将分组的原始分配的网络号和节点地址分别替换为域网络地址和网关映射节点地址，然后将分组转发到节点。具体地说，地址映射网关维护地址映射表，其提供（1）源节点地址与节点驻留的本地网络的网络号之间的交叉引用，以及（2）生成的网关映射节点地址由地址映射网关。在从源节点接收到分组时，地址映射网关在地址映射表中创建一个映射条目，该节点并执行地址转换为全局唯一的网络层地址。另一方面，地址映射网关在接收到目的地为目的地节点的分组时，定位分组的网关映射节点地址的映射条目，并对原始分配的网络层地址进行反向地址转换。

52. 发明授权

US5511168A Virtual circuit manager for multicast messaging 失效
标题翻译：用于组播消息的虚拟电路管理器
公开(公告)号：US5511168A
公开(公告)日：1996-04-23
申请号：US86593
申请日：1993-07-01
申请人： Radia J. Perlman , William R. Hawe
发明人： Radia J. Perlman , William R. Hawe
IPC分类号： H04L12/18 , H04L12/56 , H04Q11/04 , H04L12/46 , G06F13/00 , H04Q7/22
CPC分类号： H04L49/203 , H04L12/185 , H04L45/10 , H04L45/16 , H04Q11/0478 , H04L2012/5619
摘要： A multicast connection arrangement is provided by which a source node may establish multicast virtual circuits to a group of destination nodes of an arbitrary-topology network using a single procedure, and may subsequently modify those circuits, i.e., add or delete destination nodes, with a single, related procedure. The arrangement includes a multicast setup packet for opening the multicast virtual circuits, the packet containing a multicast identifier field, a virtual circuit field and a destination field identifying a list of desired destination node addresses. The multicast setup packet may be also used to add destination nodes to the circuits while a multicast delete packet is used to delete nodes from the circuits. When adding nodes to the multicast virtual circuits, a topology analysis process is provided to prevent the formation of an unstable network topology.
摘要翻译：提供了多播连接装置，源节点可以使用单播程序向任意拓扑网络的一组目的节点建立多播虚拟电路，然后可以修改这些电路，即，添加或删除目的地节点单一相关程序。该装置包括用于打开多播虚拟电路的组播建立分组，包含多播标识符字段的分组，虚拟电路字段和标识所需目的地节点地址列表的目的地字段。多播建立分组还可以用于向电路添加目的地节点，同时使用多播删除分组从电路中删除节点。当向组播虚拟电路添加节点时，提供拓扑分析过程以防止形成不稳定的网络拓扑。

53. 发明授权

US5428615A Many to few group address translation through a network bridge 失效
标题翻译：通过网桥很少到几组群地址转换
公开(公告)号：US5428615A
公开(公告)日：1995-06-27
申请号：US278686
申请日：1994-07-21
申请人： Floyd J. Backes , William R. Hawe , G. Paul Koning , David J. Mitton , Radia J. Perlman
发明人： Floyd J. Backes , William R. Hawe , G. Paul Koning , David J. Mitton , Radia J. Perlman
IPC分类号： H04L12/18 , H04L12/46
CPC分类号： H04L45/742 , H04L12/1836 , H04L12/46 , H04L2212/00
摘要： A connection apparatus for connecting a first communication system with a second communication system and a third communication system. A first frame is received from the first communication system, where the first frame has a multicast address as a destination address, and where the destination address requires the first frame to be transmitted onto the second communication system. The multicast address is translated into a functional address, and the functional address is written into a second frame transmitted onto the second communication system. The second frame is received and is transmitted onto a third communication system, and the functional address is translated into a multicast address for the third communication system, and the multicast address is written into a destination field of the frame as it is transmitted onto the third communication system. The second communication system may be a token ring system based upon an IEEE 802.5 standard, and the functional address may be written into a DSAP field and into a PROTOCOL TYPE field of an 802.5 Standard frame.
摘要翻译：一种用于将第一通信系统与第二通信系统和第三通信系统连接的连接装置。从第一通信系统接收第一帧，其中第一帧具有多播地址作为目的地地址，并且其中目的地地址要求将第一帧发送到第二通信系统。将多播地址转换为功能地址，将功能地址写入发送到第二通信系统的第二帧。第二帧被接收并被发送到第三通信系统，并且将功能地址转换为第三通信系统的多播地址，并且将多播地址写入帧的目的地字段，因为它被发送到第三通信系统通讯系统第二通信系统可以是基于IEEE 802.5标准的令牌环系统，并且功能地址可以被写入DSAP字段和802.5标准帧的协议类型字段中。

54. 发明授权

US5351295A Secure method of neighbor discovery over a multiaccess medium 失效
标题翻译：在多处理介质中邻居发现的安全方法
公开(公告)号：US5351295A
公开(公告)日：1994-09-27
申请号：US86596
申请日：1993-07-01
申请人： Radia J. Perlman , Charles W. Kaufman
发明人： Radia J. Perlman , Charles W. Kaufman
IPC分类号： H04L9/32 , H04L9/00
CPC分类号： H04L9/3226 , H04L9/3297
摘要： A secure arrangement in which stations in a communications network are informed of the addresses of their neighbors by means of identifying messages transmitted by the stations. To prevent the insertion of illegitimate stations into the network, the system makes use of passwords included in the station-identifying messages. In networks where eavesdropping is possible, the passwords are encrypted versions of the identities of the stations transmitting the messages and in systems where stations can also be impersonated, the encrypted passwords also include time stamps.
摘要翻译：通过识别站发送的消息，可以将通信网络中的站通知其邻居的地址。为了防止将非法站插入网络，系统利用站识别消息中包含的密码。在可能进行窃听的网络中，密码是发送消息的电台的身份的加密版本，以及在电台也可以被模拟的系统中，加密的密码也包括时间戳。

55. 发明授权

US08488782B2 Parameterizable cryptography 有权
标题翻译：可参数加密
公开(公告)号：US08488782B2
公开(公告)日：2013-07-16
申请号：US12582276
申请日：2009-10-20
申请人： Radia J. Perlman
发明人： Radia J. Perlman
IPC分类号： H04L9/20 , H04L9/34
CPC分类号： G06F21/602
摘要： Some embodiments provide systems and techniques for performing parameterizable cryptography. An encryption key can be determined based at least on a string associated with an authorization policy. The encryption key can then be used to encrypt information. The decryption key can also be determined based at least on the string associated with the authorization policy. Note that the authorization policy must be satisfied to decrypt information. In some embodiments, the systems and techniques for performing parameterizable cryptography are blindable. These blindable embodiments can be used to preserve privacy.
摘要翻译：一些实施例提供用于执行可参数化密码术的系统和技术。可以至少基于与授权策略相关联的字符串来确定加密密钥。然后可以使用加密密钥来加密信息。解密密钥也可以至少基于与授权策略关联的字符串来确定。请注意，解密信息必须满足授权策略。在一些实施例中，用于执行可参数化密码术的系统和技术是盲目的。这些不确定的实施例可用于保护隐私。

56. 发明授权

US07814318B1 Scalable file system configured to make files permanently unreadable 有权
标题翻译：可扩展文件系统配置为使文件永久不可读
公开(公告)号：US07814318B1
公开(公告)日：2010-10-12
申请号：US11237478
申请日：2005-09-27
申请人： Radia J. Perlman , Donald D. Crouse
发明人： Radia J. Perlman , Donald D. Crouse
IPC分类号： H04L9/32
CPC分类号： G06F21/6209
摘要： One embodiment of the present invention relates to a system for managing files which facilitates making the files permanently unreadable. During operation, the system maintains file-class keys at a file manager, wherein the file-class keys are associated with different classes of files. If a file belongs to a class of files, the system ensures that whenever the file is stored or updated in non-volatile storage that the file is encrypted with an associated key-manager-file-class key for the class of files. The system makes an entire class of files permanently unreadable by causing an associated key-manager-file-class key, which can be used to decrypt the class of files, to become permanently unreadable.
摘要翻译：本发明的一个实施例涉及一种用于管理文件的系统，其有助于使文件永久地不可读。在操作期间，系统在文件管理器中维护文件类密钥，其中文件类密钥与不同类别的文件相关联。如果一个文件属于一类文件，则系统会确保每当文件在非易失性存储器中存储或更新时，文件都会使用文件类的关联密钥管理器文件类密钥进行加密。该系统使整个类别的文件永久地不可读，通过使用可用于解密文件类的关联密钥管理器文件类密钥变得永久不可读。

57. 发明授权

US07660423B2 Method and apparatus for maintaining ephemeral keys in limited space 有权
标题翻译：用于在有限空间内保持短暂键的方法和装置
公开(公告)号：US07660423B2
公开(公告)日：2010-02-09
申请号：US11325203
申请日：2006-01-03
申请人： Radia J. Perlman
发明人： Radia J. Perlman
IPC分类号： H04L9/08
CPC分类号： H04L9/0897 , G06Q20/341 , G06Q20/40975 , G07F7/1008 , G07F7/1016 , H04L9/0822
摘要： One embodiment of the present invention provides a system that maintains keys using limited storage space on a computing device, such as a smart card. During operation, the system receives a request at the computing device to perform an operation involving a key. While processing the request, the system obtains an encrypted key from remote storage located outside of the computing device, wherein the encrypted key was created by encrypting the key along with an expiration time for the key. Next, the system decrypts the encrypted key to restore the key and the expiration time, wherein the encrypted key is decrypted using a computing-device key, which is maintained locally on the computing device. Finally, if the expiration time has not passed, the system uses the key to perform the requested operation. Note that by storing the encrypted key in remote storage, the computing device is able to use the key without consuming local storage space to store the key.
摘要翻译：本发明的一个实施例提供了一种使用有限的存储空间来维护密钥的系统，所述计算设备例如是智能卡。在操作期间，系统在计算设备处接收请求以执行涉及密钥的操作。在处理请求时，系统从位于计算设备外部的远程存储器获得加密密钥，其中通过对密钥加密密钥以及密钥的到期时间来创建加密的密钥。接下来，系统解密加密的密钥以恢复密钥和到期时间，其中使用计算设备密钥来解密加密的密钥，计算设备密钥在计算设备上本地维护。最后，如果到期时间尚未通过，系统将使用该键执行请求的操作。请注意，通过将加密密钥存储在远程存储中，计算设备能够使用密钥而不消耗本地存储空间来存储密钥。

58. 发明申请

US20090296926A1 KEY MANAGEMENT USING DERIVED KEYS 审中-公开
标题翻译：使用衍生键的主要管理
公开(公告)号：US20090296926A1
公开(公告)日：2009-12-03
申请号：US12131525
申请日：2008-06-02
申请人： Radia J. Perlman
发明人： Radia J. Perlman
IPC分类号： H04L9/28
CPC分类号： H04L9/0866 , H04L9/083
摘要： Some embodiments of the present invention provide a system that generates and retrieves a key derived from a master key. During operation, the system receives a request at a key manager to generate a new key, or to retrieve an existing key. To generate a new key, the system generates a key identifier and then derives the new key by cryptographically combining the generated key identifier with the master key. To retrieve an existing key, the system obtains a key identifier for the existing key from the request and then cryptographically combines the obtained key identifier with the master key to produce the existing key.
摘要翻译：本发明的一些实施例提供一种生成和检索从主密钥导出的密钥的系统。在操作期间，系统在密钥管理器处接收请求以生成新的密钥，或者检索现有密钥。为了生成新密钥，系统生成密钥标识符，然后通过将生成的密钥标识符与主密钥加密组合来导出新密钥。为了检索现有密钥，系统从请求中获取现有密钥的密钥标识符，然后将获得的密钥标识符与主密钥加密组合以产生现有密钥。

59. 发明授权

US07398322B1 System using routing bridges to transparently interconnect multiple network links to form a single virtual network link 有权
标题翻译：使用路由网络的系统透明地互连多个网络链路以形成单个虚拟网络链路
公开(公告)号：US07398322B1
公开(公告)日：2008-07-08
申请号：US10824974
申请日：2004-04-14
申请人： Radia J. Perlman
发明人： Radia J. Perlman
IPC分类号： G06F15/173
CPC分类号： H04L12/462 , H04L29/12028 , H04L45/04 , H04L45/18 , H04L45/20 , H04L45/48 , H04L45/66 , H04L61/103 , H04L69/16 , H04L2212/00
摘要： One embodiment of the present invention provides a system that transparently interconnects multiple network links into a single virtual network link. During operation, a Rbridge (Rbridge) within the system receives a packet, wherein the Rbridge belongs to a set of one or more Rbridges that transparently interconnect the multiple network links into the single virtual network link. These Rbridges automatically obtain information specifying which endnodes are located on the multiple network links without the endnodes having to proactively announce their presence to the Rbridges. If a destination for the packet resides on the same virtual network link, the Rbridge routes the packet to the destination. This route can be an optimal path to the destination, and is not constrained to lie along a spanning tree through the set of Rbridges.
摘要翻译：本发明的一个实施例提供一种将多个网络链路透明地互连成单个虚拟网络链路的系统。在运行期间，系统内的Rbridge（Rbridge）接收分组，其中Rbridge属于一组一个或多个R桥，其将多个网络链路透明地互连到单个虚拟网络链路中。这些Rbridges自动获取指定哪些终端位于多个网络链路上的信息，而终端不必主动地将其存在通知给Rbridges。如果分组的目的地位于同一个虚拟网络链路上，则Rbridge将该分组路由到目的地。该路由可以是到达目的地的最佳路径，并且不限于通过Rbridges集合沿着生成树。

60. 发明授权

US07395549B1 Method and apparatus for providing a key distribution center without storing long-term server secrets 有权
标题翻译：提供密钥分发中心而不存储长期服务器秘密的方法和装置
公开(公告)号：US07395549B1
公开(公告)日：2008-07-01
申请号：US09691278
申请日：2000-10-17
申请人： Radia J. Perlman , Stephen R. Hanna
发明人： Radia J. Perlman , Stephen R. Hanna
IPC分类号： H04L9/00
CPC分类号： H04L9/083 , H04L9/0825 , H04L9/3213 , H04L9/3265
摘要： One embodiment of the present invention provides a system for operating a key distribution center (KDC) that provides keys to facilitate secure communications between clients and servers across a computer network, wherein the system operates without having to store long-term server secrets. The system operates by receiving a communication from a server at the KDC. This communication includes an identifier for the server, as well as a temporary secret key to be used in communications between a client and the server for a limited time period. In response the communication, the system attempts to authenticate the server. If the server is successfully authenticated, the system stores the temporary secret key at the KDC, so that the temporary secret key can be subsequently used to facilitate communications with the server. Upon subsequently receiving a request at the KDC from a client that desires to communicate with the server, the system produces a session key to be used in communications between the client and server, and then creates a ticket to the server by encrypting an identifier for the client and the session key with the temporary secret key for the server. Next, the system assembles a message that includes the identifier for the server, the session key and the ticket to the server, and sends the message to the client in a secure manner. The system subsequently allows the client to forward the ticket to the server in order to initiate communications between the client and the server.
摘要翻译：本发明的一个实施例提供了一种用于操作密钥分发中心（KDC）的系统，其提供密钥以促进跨越计算机网络的客户端和服务器之间的安全通信，其中系统在不必存储长期服务器秘密的情况下操作。系统通过从KDC的服务器接收通信来进行操作。该通信包括用于服务器的标识符，以及在有限时间段内在客户端和服务器之间的通信中使用的临时秘密密钥。为响应通信，系统尝试对服务器进行身份验证。如果服务器成功认证，则系统将临时密钥存储在KDC，以便随后可以使用临时密钥来促进与服务器的通信。在随后从客户端收到希望与服务器进行通信的客户端的请求时，系统产生用于客户端与服务器之间的通信中的会话密钥，然后通过加密用于客户端和会话密钥与服务器的临时秘密密钥。接下来，系统组装包括服务器的标识符，会话密钥和到服务器的故障单的消息，并以安全的方式将消息发送给客户端。系统随后允许客户机将票转发到服务器，以便启动客户端和服务器之间的通信。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式