专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07134019B2 Methods and systems for unilateral authentication of messages 有权
公开(公告)号：US07134019B2
公开(公告)日：2006-11-07
申请号：US10010352
申请日：2001-11-13
申请人： Art Shelest , David G. Thaler , Gregory O'Shea , Michael Roe , Brian D. Zill
发明人： Art Shelest , David G. Thaler , Gregory O'Shea , Michael Roe , Brian D. Zill
IPC分类号： H04L9/00 , H04K1/00
CPC分类号： H04L9/3247 , H04L2209/60 , H04L2209/805
摘要： Disclosed is an authentication mechanism that enables an information recipient to ascertain that the information comes from the sender it purports to be from. This mechanism integrates a private/public key pair with selection by the sender of a portion of its address. The sender derives its address from its public key, for example, by using a hash of the key. The recipient verifies the association between the address and the sender's private key. The recipient may retrieve the key from an insecure resource and know that it has the correct key because only that key can produce the sender's address in the message. The hash may be made larger than the sender-selectable portion of the address. The recipient may cache public key/address pairs and use the cache to detect brute force attacks and to survive denial of service attacks. The mechanism may be used to optimize security negotiation algorithms.

2. 发明授权

US08473744B2 Methods and systems for unilateral authentication of messages 有权
公开(公告)号：US08473744B2
公开(公告)日：2013-06-25
申请号：US11555573
申请日：2006-11-01
申请人： Art Shelest , David G. Thaler , Gregory O'Shea , Michael Roe , Brian D. Zill
发明人： Art Shelest , David G. Thaler , Gregory O'Shea , Michael Roe , Brian D. Zill
IPC分类号： H04L9/32
CPC分类号： H04L9/3247 , H04L2209/60 , H04L2209/805
摘要： Disclosed is an authentication mechanism that enables an information recipient to ascertain that the information comes from the sender it purports to be from. This mechanism integrates a private/public key pair with selection by the sender of a portion of its address. The sender derives its address from its public key, for example, by using a hash of the key. The recipient verifies the association between the address and the sender's private key. The recipient may retrieve the key from an insecure resource and know that it has the correct key because only that key can produce the sender's address in the message. The hash may be made larger than the sender-selectable portion of the address. The recipient may cache public key/address pairs and use the cache to detect brute force attacks and to survive denial of service attacks. The mechanism may be used to optimize security negotiation algorithms.

3. 发明申请

US20070061574A1 Methods and Systems for Unilateral Authentication of Messages 有权
标题翻译：消息单向认证的方法和系统
公开(公告)号：US20070061574A1
公开(公告)日：2007-03-15
申请号：US11555573
申请日：2006-11-01
申请人： Art Shelest , David Thaler , Gregory O'Shea , Michael Roe , Brian Zill
发明人： Art Shelest , David Thaler , Gregory O'Shea , Michael Roe , Brian Zill
IPC分类号： H04L9/00
CPC分类号： H04L9/3247 , H04L2209/60 , H04L2209/805
摘要： Disclosed is an authentication mechanism that enables an information recipient to ascertain that the information comes from the sender it purports to be from. This mechanism integrates a private/public key pair with selection by the sender of a portion of its address. The sender derives its address from its public key, for example, by using a hash of the key. The recipient verifies the association between the address and the sender's private key. The recipient may retrieve the key from an insecure resource and know that it has the correct key because only that key can produce the sender's address in the message. The hash may be made larger than the sender-selectable portion of the address. The recipient may cache public key/address pairs and use the cache to detect brute force attacks and to survive denial of service attacks. The mechanism may be used to optimize security negotiation algorithms.
摘要翻译：公开了一种认证机制，其使得信息接收者能够确定信息来自其看来是来自的发送者。该机制将私钥/公钥对与发送方的地址的一部分进行选择进行集成。发件人从其公钥中导出其地址，例如通过使用密钥的散列。收件人验证地址和发件人私钥之间的关联。收件人可以从不安全的资源中检索密钥，并且知道它具有正确的密钥，因为只有该密钥可以在消息中产生发送者的地址。可以使该散列大于地址的发送者可选部分。收件人可以缓存公共密钥/地址对，并使用缓存来检测暴力攻击并生存拒绝服务攻击。该机制可用于优化安全协商算法。

4. 发明授权

US07203837B2 Methods and systems for unilateral authentication of messages 有权
标题翻译：消息单向认证的方法和系统
公开(公告)号：US07203837B2
公开(公告)日：2007-04-10
申请号：US09833922
申请日：2001-04-12
申请人： Gregory O'Shea , Michael Roe
发明人： Gregory O'Shea , Michael Roe
IPC分类号： H04L9/00 , H04K1/00
CPC分类号： H04L9/3247 , H04L2209/60 , H04L2209/805
摘要： A system and method for authentication verifies the address of an information sender based on the sender's address, public key, and a digital signature. A portion of the sender's address is derived from the public key, such as by incorporating a portion of a hash of the public key with or without a modifier. The sender provides information including content data, the public key, the address, and the digital signature generated using the private key corresponding to the public key. Upon reception, the recipient verifies the address by recreating it from the public key. The signature is verified using the network address and public key. The recipient accepts the content data when both the address and signature are verified. The content data may include a communications parameter of the sender, such as a care-of address where the sender is a mobile device and the recipient is the sender's home agent.
摘要翻译：用于认证的系统和方法基于发送者的地址，公开密钥和数字签名验证信息发送者的地址。发件人地址的一部分是从公共密钥导出的，例如通过在有或没有修饰符的情况下结合公开密钥的一部分散列。发送者提供包括内容数据，公共密钥，地址和使用与公开密钥相对应的私钥生成的数字签名的信息。在接收时，接收者通过从公钥重新创建地址来验证地址。使用网络地址和公钥验证签名。当地址和签名都被验证时，收件人接受内容数据。内容数据可以包括发送者的通信参数，诸如发件人是移动设备的转交地址，并且接收者是发送者的归属代理。

5. 发明申请

US20110013516A1 Control of Background Data Transfers 有权
标题翻译：背景数据传输的控制
公开(公告)号：US20110013516A1
公开(公告)日：2011-01-20
申请号：US12503657
申请日：2009-07-15
申请人： Richard John Black , Dinan Gunawardena , Peter Key , Gregory O'Shea
发明人： Richard John Black , Dinan Gunawardena , Peter Key , Gregory O'Shea
IPC分类号： H04L12/26
CPC分类号： H04L43/0888 , H04L43/0864 , H04L67/32 , H04L69/16 , H04L69/163
摘要： Control of background data transfers is described. In an embodiment, a background data transfer is controlled at a receiver node by measuring a time period taken to receive from a sender node a data sequence of the same size as a receive window. The time period is used to evaluate available network capacity, and the network capacity used to calculate a new window size. The new window size is applied and communicated to the sender node. In another embodiment, a background data transfer is controlled at a receiver node by measuring a quantity of data received from a sender node during a first control interval. The measured quantity is used to evaluate available network capacity, and the network capacity used to calculate a new receive window size and a second control interval duration. The new window size is applied for the second control interval, and communicated to the sender node.
摘要翻译：描述背景数据传输的控制。在一个实施例中，通过测量从发送者节点接收与接收窗口相同大小的数据序列所需的时间间隔，在接收机节点处控制背景数据传输。该时间段用于评估可用网络容量，以及用于计算新窗口大小的网络容量。新窗口大小被应用并传送给发送者节点。在另一实施例中，通过在第一控制间隔期间测量从发送器节点接收的数据量，在接收器节点处控制背景数据传送。测量的数量用于评估可用的网络容量，以及用于计算新的接收窗口大小和第二个控制间隔持续时间的网络容量。新窗口大小应用于第二个控制间隔，并传送给发送者节点。

6. 发明授权

US08340099B2 Control of background data transfers 有权
标题翻译：背景数据传输的控制
公开(公告)号：US08340099B2
公开(公告)日：2012-12-25
申请号：US12503657
申请日：2009-07-15
申请人： Richard John Black , Dinan Gunawardena , Peter Key , Gregory O'Shea
发明人： Richard John Black , Dinan Gunawardena , Peter Key , Gregory O'Shea
IPC分类号： H04L12/28
CPC分类号： H04L43/0888 , H04L43/0864 , H04L67/32 , H04L69/16 , H04L69/163
摘要： Control of background data transfers is described. In an embodiment, a background data transfer is controlled at a receiver node by measuring a time period taken to receive from a sender node a data sequence of the same size as a receive window. The time period is used to evaluate available network capacity, and the network capacity used to calculate a new window size. The new window size is applied and communicated to the sender node. In another embodiment, a background data transfer is controlled at a receiver node by measuring a quantity of data received from a sender node during a first control interval. The measured quantity is used to evaluate available network capacity, and the network capacity used to calculate a new receive window size and a second control interval duration. The new window size is applied for the second control interval, and communicated to the sender node.
摘要翻译：描述背景数据传输的控制。在一个实施例中，通过测量从发送者节点接收与接收窗口相同大小的数据序列所需的时间间隔，在接收机节点处控制背景数据传输。该时间段用于评估可用网络容量，以及用于计算新窗口大小的网络容量。新窗口大小被应用并传送给发送者节点。在另一实施例中，通过在第一控制间隔期间测量从发送器节点接收的数据量，在接收器节点处控制背景数据传送。测量的数量用于评估可用的网络容量，以及用于计算新的接收窗口大小和第二个控制间隔持续时间的网络容量。新窗口大小应用于第二个控制间隔，并传送给发送者节点。

7. 发明授权

US09015345B2 API supporting server and key based networking 有权
标题翻译： API支持服务器和基于密钥的网络
公开(公告)号：US09015345B2
公开(公告)日：2015-04-21
申请号：US12969181
申请日：2010-12-15
申请人： Gregory O'Shea , Austin Donnelly , Antony Rowstron , Paolo Costa
发明人： Gregory O'Shea , Austin Donnelly , Antony Rowstron , Paolo Costa
IPC分类号： G06F15/16 , H04L29/14 , H04L29/06 , H04L29/08
CPC分类号： H04L45/122 , H04L45/26 , H04L45/72 , H04L67/1038 , H04L69/14 , H04L69/40
摘要： An application programming interface (API) supporting server and key based networking is described. In an embodiment, the API receives either a key or a server address from a service running on a server in a direct-connect topology and returns data which identifies suitable next hops for transmission of a packet of data which has a destination of the received server address or of a server address which is encoded within the received key. In another embodiment, the key also encodes information specifying alternative server addresses for use in the event that the original server is unreachable. This information may also be used to define servers for replication of the key. A further embodiment describes a method of queuing packets for transmission against multiple links, where the packet is transmitted on the first available link and at this time is removed from the queues for the other links.
摘要翻译：描述了支持服务器和基于密钥的联网的应用程序编程接口（API）。在一个实施例中，API从直接连接拓扑中的服务器上运行的服务接收密钥或服务器地址，并返回标识合适的下一跳的数据，用于发送具有所接收服务器的目的地的数据分组地址或在接收到的密钥内编码的服务器地址。在另一个实施例中，密钥还对指定替代服务器地址的信息进行编码，以在原始服务器不可达的情况下使用。此信息也可用于定义用于密钥复制的服务器。另一实施例描述了一种排队分组以对多个链路进行传输的方法，其中分组在第一可用链路上传输，并且此时从其他链路的队列中移除。

8. 发明申请

US20120158998A1 API Supporting Server and Key Based Networking 有权
标题翻译： API支持服务器和基于密钥的网络
公开(公告)号：US20120158998A1
公开(公告)日：2012-06-21
申请号：US12969181
申请日：2010-12-15
申请人： Gregory O'Shea , Austin Donnelly , Antony Rowstron , Paolo Costa
发明人： Gregory O'Shea , Austin Donnelly , Antony Rowstron , Paolo Costa
IPC分类号： G06F15/16
CPC分类号： H04L45/122 , H04L45/26 , H04L45/72 , H04L67/1038 , H04L69/14 , H04L69/40
摘要： An application programming interface (API) supporting server and key based networking is described. In an embodiment, the API receives either a key or a server address from a service running on a server in a direct-connect topology and returns data which identifies suitable next hops for transmission of a packet of data which has a destination of the received server address or of a server address which is encoded within the received key. In another embodiment, the key also encodes information specifying alternative server addresses for use in the event that the original server is unreachable. This information may also be used to define servers for replication of the key. A further embodiment describes a method of queuing packets for transmission against multiple links, where the packet is transmitted on the first available link and at this time is removed from the queues for the other links.
摘要翻译：描述了支持服务器和基于密钥的联网的应用程序编程接口（API）。在一个实施例中，API从直接连接拓扑中的服务器上运行的服务接收密钥或服务器地址，并返回标识合适的下一跳的数据，用于发送具有所接收服务器的目的地的数据分组地址或在接收到的密钥内编码的服务器地址。在另一个实施例中，密钥还对指定替代服务器地址的信息进行编码，以在原始服务器不可达的情况下使用。此信息也可用于定义用于密钥复制的服务器。另一实施例描述了一种排队分组以对多个链路进行传输的方法，其中分组在第一可用链路上传输，并且此时从其他链路的队列中移除。

9. 发明申请

US20090296685A1 User-Mode Prototypes in Kernel-Mode Protocol Stacks 审中-公开
标题翻译：内核模式协议栈中的用户模式原型
公开(公告)号：US20090296685A1
公开(公告)日：2009-12-03
申请号：US12129119
申请日：2008-05-29
申请人： Gregory O'Shea , Dinan Gunawardena
发明人： Gregory O'Shea , Dinan Gunawardena
IPC分类号： H04L12/28
CPC分类号： H04L69/32
摘要： Methods of enabling user-mode prototypes in kernel-mode protocol stacks are described. A protocol stack comprises a set of kernel-mode modules. The protocol stack defines a data path for packets. At least one interception point is defined in a kernel-mode module at which a packet can be intercepted and/or inserted. In an embodiment, each packet intercepted at the interception point, or a copy of said packet, is sent to a user-mode module. The user-mode module processes the packet in some way and then returns the packet to the same, or a different, interception point in the data path. In this way, a user-mode module (which is easier to program) can be used to prototype functionality of a kernel-mode module without requiring kernel-mode code to be written.
摘要翻译：描述了在内核模式协议栈中启用用户模式原型的方法。协议栈包括一组内核模式模块。协议栈定义数据包的数据路径。在内核模式模块中定义至少一个拦截点，在该模式下，可以拦截和/或插入数据包。在一个实施例中，在截取点截取的每个分组或所述分组的副本被发送到用户模式模块。用户模式模块以某种方式处理数据包，然后将数据包返回到数据路径中的相同或不同的拦截点。以这种方式，用户模式模块（更容易编程）可用于对内核模式模块的功能进行原型化，而不需要写入内核模式代码。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式