会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明授权
    • Distributed filtering and monitoring system for a computer internetwork
    • 计算机互联网分布式过滤和监控系统
    • US06658565B1
    • 2003-12-02
    • US09088348
    • 1998-06-01
    • Amit GuptaRadia Joy PerlmanDah-Ming Chiu
    • Amit GuptaRadia Joy PerlmanDah-Ming Chiu
    • H04L900
    • H04L29/06H04L41/046H04L43/028H04L63/0218H04L63/0245H04L63/1408H04L67/10
    • A system efficiently distributes processing-intensive loads among a plurality of intermediate stations in a computer internetwork. The intermediate stations include routers, bridges, switches and/or firewalls configured with monitoring and filtering agents that communicate via a defined protocol to implement the system. Those stations configured with agents and having available resources cooperate to execute the loads which generally comprise verification operations on digital signatures appended to frame and/or packet traffic traversing paths of the computer internetwork. Techniques associated with the system are directed to efficiently detecting and filtering unauthorized traffic over portions of the internetwork protected as trust domains as well as unprotected portions of the internetwork.
    • 系统在计算机互联网络中的多个中间站之间有效地分配处理密集的负载。 中间站包括配置有监视和过滤代理的路由器,网桥,交换机和/或防火墙,通过定义的协议进行通信以实现系统。 配置有代理并具有可用资源的那些站合作执行负载,其通常包括附加到跨越计算机互联网络的路径的帧和/或分组业务的数字签名的验证操作。 与系统相关的技术旨在有效地检测和过滤被保护为互信网络的互联网络的部分以及互联网络的未受保护部分的未授权业务。
    • 2. 发明授权
    • Safe processing of on-demand delete requests
    • 安全处理按需删除请求
    • US09189642B2
    • 2015-11-17
    • US11724520
    • 2007-03-14
    • Radia Joy Perlman
    • Radia Joy Perlman
    • H04L9/32G06F21/62
    • G06F21/6218G06F21/6209G06F2221/2101G06F2221/2143
    • Methods and apparatus for safe processing of on-demand delete requests are disclosed. An item is stored in a storage entity that is associated with a trusted secure device. A delete request to delete the item is received at the trusted secure device. However, the trusted secure device does not yet delete the item from the storage entity. The trusted secure device creates an audit log of the delete request. The audit log specifies the item to be deleted and includes information about the delete request. The audit log is made available to an approval source. The approval source must grant approval in the form of an approval response in order for the item to be deleted. If the trusted secure device receives an approval response from the approval source, the item is deleted.
    • 披露了按需删除请求的安全处理方法和装置。 一个项目存储在与可信任安全设备相关联的存储实体中。 在受信任的安全设备接收到删除该项目的删除请求。 但是,信任的安全设备尚未从存储实体中删除该项目。 受信任的安全设备创建删除请求的审核日志。 审计日志指定要删除的项目,并包括有关删除请求的信息。 审核日志提供给审批来源。 批准来源必须以批准响应的形式批准,以使项目被删除。 如果信任的安全设备从批准源接收到批准响应,则该项目被删除。
    • 3. 发明申请
    • Safe processing of on-demand delete requests
    • 安全处理按需删除请求
    • US20080228827A1
    • 2008-09-18
    • US11724520
    • 2007-03-14
    • Radia Joy Perlman
    • Radia Joy Perlman
    • G06F17/30
    • G06F21/6218G06F21/6209G06F2221/2101G06F2221/2143
    • Methods and apparatus for safe processing of on-demand delete requests are disclosed. An item is stored in a storage entity that is associated with a trusted secure device. A delete request to delete the item is received at the trusted secure device. However, the trusted secure device does not yet delete the item from the storage entity. The trusted secure device creates an audit log of the delete request. The audit log specifies the item to be deleted and includes information about the delete request. The audit log is made available to an approval source. The approval source must grant approval in the form of an approval response in order for the item to be deleted. If the trusted secure device receives an approval response from the approval source, the item is deleted.
    • 披露了按需删除请求的安全处理方法和装置。 一个项目存储在与可信任安全设备相关联的存储实体中。 在受信任的安全设备接收到删除该项目的删除请求。 但是,信任的安全设备尚未从存储实体中删除该项目。 受信任的安全设备创建删除请求的审核日志。 审计日志指定要删除的项目,并包括有关删除请求的信息。 审核日志提供给审批来源。 批准来源必须以批准响应的形式批准,以使项目被删除。 如果信任的安全设备从批准源接收到批准响应,则该项目被删除。
    • 4. 发明授权
    • Method and apparatus for transparently bridging traffic across wide area networks
    • 用于透明地桥接广域网的流量的方法和装置
    • US06445710B1
    • 2002-09-03
    • US09247820
    • 1999-02-09
    • Radia Joy PerlmanWilliam R. HaweJohn Harper
    • Radia Joy PerlmanWilliam R. HaweJohn Harper
    • H04L1228
    • H04L45/28H04L12/4604H04L12/462H04L12/4633H04L45/00H04L45/18H04L45/48
    • A technique for logically connecting local communications networks (CNs) that may be separated by wide area networks containing routers and other network components. A logical link is formed between two devices called tunnelers, such that, once a tunnel has been established between two CNs, other devices on the CNs can communicate. The tunneling mechanism of the invention requires that each CN have only one active tunneler at any particular time, referred to as the designated tunneler, and each of the tunnelers is configured to have knowledge of the identities of the other tunnelers. A tunnel is established after a successful exchange of messages between two tunnelers, and then traffic may be forwarded through the tunnel in a transparent manner. The tunneling mechanism permits messages to be forwarded between CNs separated by a wide area network containing routers. Moreover, the mechanism permits filtering of traffic, such that only selected types of traffic, or messages for selected destinations or from selected sources, are forwarded through tunnels. The tunneling mechanism inherently precludes the formation of closed communication loops. An alternate embodiment of the invention optimizes the configuration process for particular network topologies.
    • 用于逻辑连接本地通信网络(CN)的技术,其可以由包含路由器和其他网络组件的广域网分离。 在称为隧道传输器的两个设备之间形成逻辑链路,使得一旦在两个CN之间建立了隧道,则CN上的其他设备可以通信。 本发明的隧道机制要求每个CN在任何特定时间仅具有一个主动隧道,称为指定隧道,并且每个隧道被配置为具有其他隧道的身份知识。 在两个隧道之间成功交换消息之后建立隧道,然后可以透明地通过隧道转发流量。 隧道机制允许在由包含路由器的广域网分开的CN之间转发消息。 此外,该机制允许对流量进行过滤,使得仅选择类型的流量或者所选目的地或来自所选源的消息通过隧道转发。 隧道机制固有地阻止了封闭通信环路的形成。 本发明的替代实施例优化了特定网络拓扑的配置过程。
    • 6. 发明授权
    • Assigning multiple parallel bridge numbers to bridges having three or more ports
    • 为具有三个或更多个端口的桥分配多个并行桥号
    • US06567410B1
    • 2003-05-20
    • US09203107
    • 1998-11-30
    • Radia Joy Perlman
    • Radia Joy Perlman
    • G01R3108
    • H04L12/462
    • A bridge for simultaneous connection to n LANs, where n is greater than 2, and methods for determining whether the bridge has been connected properly. The bridge includes storage for respectively associating the (n2−n)/2 unique pairs of LANs connected by the bridge with (n2−n)/2 parallel bridge numbers. Messages received from a first LAN are forwarded to a second LAN only if the message identifies the second LAN and the parallel bridge number which is associated in the storage with the first and second LANs. To determine whether two or more ports of the bridge are connected to the same LAN, the bridge attempts to transmit messages from each of its ports to each other respective port by addressing the messages to the data link addresses of the other ports. After transmission, the bridge waits a short time interval and determines whether any of the messages are received at any of its ports. If a message is received at a port, then the port receiving the message and the port which transmitted the message must be connected to the same LAN. If the bridge is on a token ring LAN, the bridge may also determine whether a port is properly sending and receiving messages by sending a message, via the token ring, from the port to its own data link address. If the message is not received by the port during a short time interval after transmission, then there is a fault in the port.
    • 用于同时连接n个LAN的桥,其中n大于2,以及用于确定桥是否已正确连接的方法。 桥包括用于分别将由桥连接的(n2-n)/ 2个唯一的LAN对与(n2-n)/ 2个并行桥号相关联的存储。 只有当消息标识第二LAN和与存储器中的与第一和第二LAN相关联的并行桥号时,从第一LAN接收的消息被转发到第二LAN。 为了确定桥接器的两个或多个端口是否连接到同一个LAN,桥接器尝试通过将消息发送到其他端口的数据链路地址来将消息从其每个端口传送到彼此的相应端口。 传输后,网桥等待一段短时间间隔,并确定是否在其任何端口接收到任何消息。 如果在端口上收到消息,则接收消息的端口和发送消息的端口必须连接到同一个LAN。 如果桥接在令牌环LAN上,桥接器还可以通过从该端口到其自己的数据链路地址通过令牌环发送消息来确定端口是否正确地发送和接收消息。 如果端口在发送后的短时间间隔内没有收到该消息,则端口出现故障。
    • 7. 发明授权
    • Method ans system for pro-active credential refreshing
    • 方法ans系统为主动凭证刷新
    • US07058798B1
    • 2006-06-06
    • US09547183
    • 2000-04-11
    • Yassir K. ElleyAnne H. AndersonStephen R. HannaSean J. MullanRadia Joy Perlman
    • Yassir K. ElleyAnne H. AndersonStephen R. HannaSean J. MullanRadia Joy Perlman
    • G06F7/04
    • G06F21/6218
    • The basic concept is that before a resource is accessed, the entity that has the burden of gathering the credentials, pro-actively refreshes the credentials and keeps them current. In one instance, a presenter of credentials, for example, a client, pro-actively refreshes the credentials such that at the time of presentation, the credentials meet the resource-specific constraints of a recipient of credentials, for example, a resource server. For each resource that it protects, a resource server typically establishes various constraints such as a recency requirement, which specifies how recently a credential has to have been issued to be accepted as an adequate credential. Other constraints may include maximum certificate chain length, trust level and so forth. In another instance, a recipient of credentials pro-actively gathers and refreshes credentials to prevent un-authorized access to the various resources it is protecting.
    • 基本概念是,在访问资源之前,负责收集凭据的实体主动刷新凭据并保持最新状态。 在一个实例中,凭证的呈现者(例如,客户端)主动地刷新证书,使得在呈现时,证书满足凭证的接收方的资源特定约束,例如资源服务器。 对于其保护的每个资源,资源服务器通常建立各种约束,例如新近要求,其指定证书必须最近被发布以被接受为足够证书。 其他约束可能包括最大证书链长度,信任级别等。 在另一个实例中,凭据的接收方主动收集和刷新凭据,以防止对其保护的各种资源的未授权访问。
    • 8. 发明授权
    • Method and apparatus for transparently bridging traffic across wide area
networks
    • 用于透明地桥接广域网的流量的方法和装置
    • US5870386A
    • 1999-02-09
    • US816316
    • 1991-12-30
    • Radia Joy PerlmanWilliam R. HaweJohn A. Harper
    • Radia Joy PerlmanWilliam R. HaweJohn A. Harper
    • H04L12/46H04L12/701H04L12/703H04L12/705H04L12/753
    • H04L45/28H04L12/4604H04L12/462H04L12/4633H04L45/00H04L45/18H04L45/48
    • A technique for logically connecting local area networks (LANs) that may be separated by wide area networks containing routers and other network components. A logical link is formed between two bridge-like devices called tunnelers, such that, once a tunnel has been established between two LANs, other devices on the LANs can communicate as if the tunnel were a bridge. The tunneling mechanism of the invention requires that each LAN or extended LAN have only one active tunneler at any particular time, referred to as the designated tunneler, and each of the tunnelers is configured to have knowledge of the identities of the other tunnelers. A tunnel is established after a successful exchange of messages between two tunnelers, and then traffic may be forwarded through the tunnel in a transparent manner. The tunneling mechanism permits messages to be forwarded between LANs separated by a wide area network containing routers. Moreover, the mechanism permits filtering of traffic, such that only selected types of traffic, or messages for selected destinations or from selected sources, are forwarded through tunnels. The tunneling mechanism inherently precludes the formation of closed communication loops. An alternate embodiment of the invention optimizes the configuration process for particular network topologies.
    • 一种用于逻辑连接可能由包含路由器和其他网络组件的广域网分隔的局域网(LAN)的技术。 在称为隧道传输器的两个类似桥的设备之间形成逻辑链路,使得一旦在两个LAN之间建立了隧道,则LAN上的其他设备可以像隧道是桥接一样进行通信。 本发明的隧道机制要求每个LAN或扩展LAN在任何特定时间仅具有一个主动隧道,称为指定的隧道,并且每个隧道被配置为具有其他隧道的身份知识。 在两个隧道之间成功交换消息之后建立隧道,然后可以透明地通过隧道转发流量。 隧道机制允许在由包含路由器的广域网分离的LAN之间转发消息。 此外,该机制允许对流量进行过滤,使得仅选择类型的流量或者所选目的地或来自所选源的消息通过隧道转发。 隧道机制固有地阻止了封闭通信环路的形成。 本发明的替代实施例优化了特定网络拓扑的配置过程。
    • 9. 发明授权
    • Assigning multiple parallel bridge numbers to bridges
    • 为桥梁分配多个并行桥号
    • US5844902A
    • 1998-12-01
    • US695760
    • 1996-08-08
    • Radia Joy Perlman
    • Radia Joy Perlman
    • H04L12/46H04J3/02
    • H04L12/462
    • A bridge for simultaneous connection to n LANs, where n is greater than 2, and methods for determining whether the bridge has been connected properly. The bridge includes storage for respectively associating the (n.sup.2 -n)/2 unique pairs of LANs connected by the bridge with (n.sup.2 -n)/2 parallel bridge numbers. Messages received from a first LAN are forwarded to a second LAN only if the message identifies the second LAN and the parallel bridge number which is associated in the storage with the first and second LANs. To determine whether two or more ports of the bridge are connected to the same LAN, the bridge attempts to transmit messages from each of its ports to each other respective port by addressing the messages to the data link addresses of the other ports. After transmission, the bridge waits a short time interval and determines whether any of the messages are received at any of its ports. If a message is received at a port, then the port receiving the message and the port which transmitted the message must be connected to the same LAN. If the bridge is on a token ring LAN, the bridge may also determine whether a port is properly sending and receiving messages by sending a message, via the token ring, from the port to its own data link address. If the message is not received by the port during a short time interval after transmission, then there is a fault in the port.
    • 用于同时连接n个LAN的桥,其中n大于2,以及用于确定桥是否已正确连接的方法。 桥包括用于分别将由桥连接的(n2-n)/ 2个唯一的LAN对与(n2-n)/ 2个并行桥号相关联的存储。 只有当消息标识第二LAN和与存储器中的与第一和第二LAN相关联的并行桥号时,从第一LAN接收的消息被转发到第二LAN。 为了确定桥接器的两个或多个端口是否连接到同一个LAN,桥接器尝试通过将消息发送到其他端口的数据链路地址来将消息从其每个端口传送到彼此的相应端口。 传输后,网桥等待一段短时间间隔,并确定是否在其任何端口接收到任何消息。 如果在端口上收到消息,则接收消息的端口和发送消息的端口必须连接到同一个LAN。 如果桥接在令牌环LAN上,桥接器还可以通过从该端口到其自己的数据链路地址通过令牌环发送消息来确定端口是否正确地发送和接收消息。 如果端口在发送后的短时间间隔内没有收到该消息,则端口出现故障。