专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08705348B2 Use of metadata for time based anti-replay 有权
标题翻译：使用元数据进行基于时间的反重播
公开(公告)号：US08705348B2
公开(公告)日：2014-04-22
申请号：US11737007
申请日：2007-04-18
申请人： Scott Roy Fluhrer , Lingyan Huang , Brian E. Weis , Sheela Dixit Rowles
发明人： Scott Roy Fluhrer , Lingyan Huang , Brian E. Weis , Sheela Dixit Rowles
IPC分类号： G01R31/08 , H04L12/28 , H04K1/00 , H04N7/167
CPC分类号： H04L63/04 , H04L69/28
摘要： A system and method for facilitating anti-replay protection with multi-sender traffic is disclosed. The system employs time-based anti-replay protection wherein a sender transmits a data packet with a pseudo-timestamp encapsulated in a metadata payload. At the receiving end, the receiver compares the pseudo-timestamp information received with its own pseudo-time, determines if a packet is valid, and rejects a replay packet. The pseudo-time information is transmitted through the metadata payload and new fields need not be added to the IPSec (IP Security) Protocol, thus the existing hardware can be employed without any changes or modifications.
摘要翻译：公开了一种用于促进具有多发送者业务的反重放保护的系统和方法。该系统采用基于时间的反重放保护，其中发送者发送具有封装在元数据有效载荷中的伪时间戳的数据分组。在接收端，接收机将接收的伪时间戳信息与其自己的伪时间进行比较，确定分组是否有效，并且拒绝重放分组。伪时间信息通过元数据有效载荷传输，新的字段不需要添加到IPSec（IP安全）协议中，因此现有的硬件可以在没有任何改变或修改的情况下被使用。

2. 发明申请

US20100223458A1 PAIR-WISE KEYING FOR TUNNELED VIRTUAL PRIVATE NETWORKS 有权
标题翻译：用于隧道虚拟私有网络的配对关键
公开(公告)号：US20100223458A1
公开(公告)日：2010-09-02
申请号：US12394847
申请日：2009-02-27
申请人： David McGrew , Brian E. Weis
发明人： David McGrew , Brian E. Weis
IPC分类号： H04L9/00
CPC分类号： H04L9/0827 , H04L9/0833 , H04L9/0866 , H04L9/0891 , H04L63/0272 , H04L63/062 , H04L63/065 , H04L63/164
摘要： In an embodiment, a method for generating and distributing keys retains the scalability of a group VPN, but also provides true pair-wise keying such that an attacker who compromises one of the devices in a VPN cannot use the keys gained by that compromise to decrypt the packets from the other gateways in the VPN, or spoof one of the communicating gateways. The method is resistant to collusion when co-operating attackers overtake several VPN gateways and observe the keys stored in those gateways. In an embodiment, a VPN gateway comprises a cryptographic data processor configured to encrypt and to decrypt data packets; group key management logic; and Key Generation System logic. In one approach a gateway performs, in relation to adding a group member, receiving in a security association (SA) message secret data for use in the KGS; and derives keys for secure communication with one or more peer VPN gateways using the secret data.
摘要翻译：在一个实施例中，用于生成和分发密钥的方法保持组VPN的可扩展性，但也提供真正的成对密钥，使得危及VPN中的一个设备的攻击者不能使用该妥协所获得的密钥解密 VPN中的其他网关的报文，或欺骗一个通信网关。当合作攻击者超过几个VPN网关并观察存储在那些网关中的密钥时，该方法抵抗串通。在一个实施例中，VPN网关包括被配置为加密和解密数据分组的密码数据处理器; 组密钥管理逻辑; 和密钥生成系统逻辑。在一种方法中，网关关于添加组成员，在安全关联（SA）消息中接收用于KGS的消息秘密数据; 并且导出用于使用秘密数据与一个或多个对等VPN网关进行安全通信的密钥。

3. 发明申请

US20100169645A1 KEY TRANSPORT IN AUTHENTICATION OR CRYPTOGRAPHY 有权
标题翻译：关键运输在认证或CRYPTOGRAPHY
公开(公告)号：US20100169645A1
公开(公告)日：2010-07-01
申请号：US12604221
申请日：2009-10-22
申请人： David A. McGrew , Brian E. Weis , Fabio R. Maino
发明人： David A. McGrew , Brian E. Weis , Fabio R. Maino
IPC分类号： H04L9/32 , H04L9/06 , H04L9/28
CPC分类号： H04L9/0637 , H04L9/0822 , H04L9/0833 , H04L9/3242
摘要： A computer system for authenticating, encrypting, and transmitting a secret communication, where the encryption key is transmitted along with the encrypted message, is disclosed. In an embodiment, a first transmitting processor encrypts a plaintext message to a ciphertext message using a data key, encrypts the data key using a key encrypting key, and sends a communication comprising the encrypted data key and the ciphertext message. A second receiving processor receives the communication and then decrypts the encrypted data key using the key encrypting key and decrypts the ciphertext message using the data key to recover the plaintext message.
摘要翻译：公开了一种用于认证，加密和发送秘密通信的计算机系统，其中加密密钥与加密消息一起发送。在一个实施例中，第一发送处理器使用数据密钥将明文消息加密为密文消息，使用密钥加密密钥加密数据密钥，并发送包括加密数据密钥和密文消息的通信。第二接收处理器接收通信，然后使用密钥加密密钥解密加密的数据密钥，并使用数据密钥解密密文消息以恢复明文消息。

4. 发明授权

US07724732B2 Secure multipoint internet protocol virtual private networks 有权
标题翻译：安全的多点互联网协议虚拟专用网络
公开(公告)号：US07724732B2
公开(公告)日：2010-05-25
申请号：US11072086
申请日：2005-03-04
申请人： James N. Guichard , W. Scott Wainner , John J. Mullooly , Brian E. Weis
发明人： James N. Guichard , W. Scott Wainner , John J. Mullooly , Brian E. Weis
IPC分类号： H04L12/56
CPC分类号： H04L63/0272 , H04L12/18 , H04L12/4641 , H04L63/0428
摘要： A method, apparatus and computer program product for providing secure multipoint Internet Protocol Virtual Private Networks (IPVPNs) is presented. A packet lookup is performed in order to determine a next hop. A VPN label is pushed on the packet, as is an IP tunnel header. Group encryption through the use of DGVPN is further utilized. In such a manner secure connectivity and network partitioning are provided in a single solution.
摘要翻译：提出了一种用于提供安全多点互联网协议虚拟专用网（IPVPN）的方法，装置和计算机程序产品。执行分组查找以确定下一跳。 VPN标签被推送到数据包，IP隧道头也是如此。进一步利用通过使用DGVPN进行组加密。以这种方式，在单一解决方案中提供了安全的连接和网络划分。

5. 发明授权

US07664789B2 Method and apparatus to minimize database exchange in OSPF by using a SHA-1 digest value 有权
标题翻译：通过使用SHA-1摘要值来最小化OSPF中的数据库交换的方法和设备
公开(公告)号：US07664789B2
公开(公告)日：2010-02-16
申请号：US11292534
申请日：2005-12-02
申请人： Sina Mirtorabi , Abhay Roy , Brian E. Weis , Scott Roy Fluhrer
发明人： Sina Mirtorabi , Abhay Roy , Brian E. Weis , Scott Roy Fluhrer
IPC分类号： H04L12/28 , G06F7/00 , G06F17/30 , G06F15/173
CPC分类号： H04L45/02
摘要： The present invention provides a method of determining whether database located on a first router is synchronized with the database located on a second router by performing a hash function on the values contained in a link state database to derive a SHA-1 digest value. In an embodiment, the digest value is based on LSA type. The digest value is exchanged initially during a database description packet swap between the first router and second router. If the digest values are the same, the databases are already synchronized. The routers thus skip the database description packet exchange of LSAs in the database and go directly to FULL state, indicating full synchronization between databases on the first and second router and announcing adjacency to each other. If the digest differs, normal database description packet exchange is performed as specified in OSPF.
摘要翻译：本发明提供一种通过对包含在链路状态数据库中的值执行散列函数来确定位于第一路由器上的数据库是否与位于第二路由器上的数据库同步的方法，以导出SHA-1摘要值。在一个实施例中，摘要值基于LSA类型。最初在第一路由器和第二路由器之间的数据库描述包交换期间交换摘要值。如果摘要值相同，则数据库已经同步。因此，路由器跳过数据库中的LSA的数据库描述数据包交换，并直接进入FULL状态，表示第一和第二路由器上的数据库之间的完全同步，并宣布彼此相邻。如果摘要不同，则按照OSPF中的规定执行正常的数据库描述数据包交换。

6. 发明授权

US07613826B2 Methods and apparatus for providing multiple policies for a virtual private network 有权
标题翻译：为虚拟专用网提供多种策略的方法和装置
公开(公告)号：US07613826B2
公开(公告)日：2009-11-03
申请号：US11350991
申请日：2006-02-09
申请人： James N. Guichard , W. Scott Wainner , Brian E. Weis , Mohamed Khalid
发明人： James N. Guichard , W. Scott Wainner , Brian E. Weis , Mohamed Khalid
IPC分类号： G06F15/16
CPC分类号： H04L12/4641 , H04L45/00 , H04L45/42 , H04L45/586 , H04L47/10 , H04L47/125 , H04L47/20 , H04L63/0272
摘要： A system provides a request for a policy from a policy server, and receives the policy from the policy server. The policy indicates processing to be applied to a traffic partition passing through the device. The system configures the policy within a routing structure associated with the traffic partition for the policy in the device, and routes a stream of traffic for the routing structure in accordance with the policy for that routing structure.
摘要翻译：系统从策略服务器提供对策略的请求，并从策略服务器接收策略。该策略指示要应用于通过设备的流量分区的处理。系统在与设备中策略的流量分配相关联的路由结构中配置策略，并根据路由结构的策略为路由结构路由流量流。

7. 发明申请

US20080215880A1 MULTI-DOMAIN DYNAMIC GROUP VIRTUAL PRIVATE NETWORKS 有权
标题翻译：多域动态组虚拟私有网络
公开(公告)号：US20080215880A1
公开(公告)日：2008-09-04
申请号：US11681277
申请日：2007-03-02
申请人： James Neil Guichard , Warren Scott Wainner , Brian E. Weis
发明人： James Neil Guichard , Warren Scott Wainner , Brian E. Weis
IPC分类号： H04L9/00
CPC分类号： H04L63/0272 , H04L12/4641 , H04L63/0428 , H04L63/065
摘要： Systems and/or methods of secure communication of information between multi-domain virtual private networks (VPNs) are presented. A dynamic group VPN (DGVPN) can reside in one domain and a disparate DGVPN can reside in a disparate domain. An administrative security authority (ASA) can be employed in each domain. Each ASA can generate and exchange respective keying material and crypto-policy information to be used for inter-domain communications when routing data from a member in one DGVPN to a member(s) in the disparate DGVPN, such that an ASA in one domain can facilitate encryption of data in accordance with the policy of the other domain before the data is sent to the other domain. Each ASA can establish a key server to generate the keying material and crypto-policy information associated with its local DGVPN, and such material and information can be propagated to intra-domain members.
摘要翻译：介绍了多域虚拟专用网（VPN）之间信息安全通信的系统和/或方法。动态组VPN（DGVPN）可以驻留在一个域中，并且不同的DGVPN可以驻留在不同的域中。可以在每个域中使用一个管理安全机构（ASA）。当将数据从一个DGVPN中的成员路由到不同DGVPN中的成员时，每个ASA可以生成和交换各自的密钥资料和加密策略信息，以用于域间通信，使得一个域中的ASA可以在将数据发送到其他域之前，便于根据其他域的策略对数据进行加密。每个ASA可以建立一个密钥服务器来生成与其本地DGVPN相关联的密钥资料和加密策略信息，这样的材料和信息可以传播到域内成员。

8. 发明授权

US08867747B2 Key generation for networks 有权
标题翻译：网络的关键一代
公开(公告)号：US08867747B2
公开(公告)日：2014-10-21
申请号：US12414772
申请日：2009-03-31
申请人： David A. McGrew , Brian E. Weis
发明人： David A. McGrew , Brian E. Weis
IPC分类号： H04L9/08
CPC分类号： H04L9/0869 , H04L9/083
摘要： Systems, methods, and other embodiments associated with key generation for networks are described. One example method includes configuring a key server with a pseudo-random function (PRF). The key server may provide keying material to gateways. The method may also include controlling the key server to generate a cryptography data structure (e.g., D-matrix) based, at least in part, on the PRF and a seed value. The method may also include controlling the key server to selectively distribute a portion of the cryptography data structure and/or data derived from the cryptography data structure to a gateway. The gateway may then encrypt communications based, at least in part, on the portion of the cryptography data structure. The method may also include selectively distributing an epoch value to members of the set of gateways that may then decrypt an encrypted communication based, at least in part, on the epoch value.
摘要翻译：描述了与网络的密钥生成相关联的系统，方法和其他实施例。一个示例性方法包括配置具有伪随机函数（PRF）的密钥服务器。密钥服务器可以向网关提供密钥材料。该方法还可以包括：至少部分地基于PRF和种子值来控制密钥服务器以生成加密数据结构（例如，D矩阵）。该方法还可以包括控制密钥服务器以选择性地将加密数据结构的一部分和/或从加密数据结构导出的数据分发到网关。网关可以至少部分地基于加密数据结构的一部分加密通信。该方法还可以包括选择性地将时代值分配到该组网关的成员，该网关组可以至少部分地基于时期值来解密加密的通信。

9. 发明申请

US20110258431A1 SYSTEM AND METHOD FOR PROVIDING PREFIXES INDICATIVE OF MOBILITY PROPERTIES IN A NETWORK ENVIRONMENT 有权
标题翻译：用于提供在网络环境中表示移动性的前缀的系统和方法
公开(公告)号：US20110258431A1
公开(公告)日：2011-10-20
申请号：US12762204
申请日：2010-04-16
申请人： Srinath Gundavelli , Brian E. Weis
发明人： Srinath Gundavelli , Brian E. Weis
IPC分类号： H04L12/56 , H04L29/06
CPC分类号： H04L61/2007 , H04L29/12254 , H04L29/12283 , H04L29/12933 , H04L45/00 , H04L45/72 , H04L61/2038 , H04L61/2061 , H04L61/6068 , H04L63/0428 , H04L67/12 , H04W8/04 , H04W72/04
摘要： An example method includes receiving an Internet protocol (IP) address request in a network and selecting an IP address associated with a prefix that represents an IP subnet. The prefix includes a color attribute to be provided as part of a communication session that includes a plurality of packets. The prefix defines one or more properties associated with an application for the session. The prefix is communicated to a network element in a signaling plane, the prefix is configured to be used to make a routing decision for at least some of the plurality of packets. In more specific embodiments, the method can include applying one or more network policies based on the prefix associated with the IP address. The method could also include decrypting an encryption protocol in order to identify the prefix of a subsequent communication flow, and executing a routing decision based on the prefix.
摘要翻译：示例性方法包括在网络中接收因特网协议（IP）地址请求，并且选择与表示IP子网的前缀相关联的IP地址。前缀包括要作为包括多个分组的通信会话的一部分提供的颜色属性。前缀定义与会话的应用程序相关联的一个或多个属性。前缀被传送到信令平面中的网元，前缀被配置为用于为多个分组中的至少一些分组做出路由决定。在更具体的实施例中，该方法可以包括基于与IP地址相关联的前缀应用一个或多个网络策略。该方法还可以包括解密加密协议以便识别后续通信流的前缀，以及基于前缀执行路由决定。

10. 发明申请

US20110164752A1 Detection of Stale Encryption Policy By Group Members 有权
标题翻译：按组成员检测陈旧的加密策略
公开(公告)号：US20110164752A1
公开(公告)日：2011-07-07
申请号：US12652324
申请日：2010-01-05
申请人： Warren Scott Wainner , Sheela D. Rowles , Brian E. Weis , David Arthur McGrew , Scott R. Fluhrer , Kavitha Kamarthy
发明人： Warren Scott Wainner , Sheela D. Rowles , Brian E. Weis , David Arthur McGrew , Scott R. Fluhrer , Kavitha Kamarthy
IPC分类号： H04L9/00 , G06F15/173 , G06F21/00
CPC分类号： H04L63/0428 , H04L9/0833 , H04L9/0891 , H04L12/1818 , H04L63/061 , H04L63/104 , H04L63/20
摘要： Various techniques that allow group members to detect the use of stale encryption policy by other group members are disclosed. One method involves receiving a message from a first group member via a network. The message is received by a second group member. The method then detects that the first group member is not using a most recent policy update supplied by a key server, in response to information in the message. In response, a notification message can be sent from the second group member. The notification message indicates that at least one group member is not using the most recently policy update. The notification message can be sent to the key server or towards the first group member.
摘要翻译：公开了允许组成员检测到其他组成员使用过时加密策略的各种技术。一种方法涉及经由网络从第一组成员接收消息。该消息由第二组成员接收。然后该方法检测到第一组成员不响应于消息中的信息使用由密钥服务器提供的最新策略更新。作为响应，可以从第二组成员发送通知消息。通知消息表示至少有一个组成员没有使用最近的策略更新。通知消息可以发送到密钥服务器或朝向第一个组成员。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式