专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07418100B2 Enciphering method 有权
标题翻译：加密方法
公开(公告)号：US07418100B2
公开(公告)日：2008-08-26
申请号：US11201626
申请日：2005-08-10
申请人： David A. McGrew , Scott Fluhrer
发明人： David A. McGrew , Scott Fluhrer
IPC分类号： H04K1/06 , H04L9/28
CPC分类号： H04L9/0637 , H04L9/002 , H04L2209/12 , H04L2209/20
摘要： A block cipher mode of operation implements a block cipher with an arbitrary block length and provides output ciphertext that is always the same size as the input plaintext. The mode can provide the best possible security in systems that cannot allow data expansion, such as disk-block encryption and some network protocols. The mode accepts an additional input, which can be used to protect against attacks that manipulate the ciphertext by rearranging the ciphertext blocks. The universal hash function from Galois/Counter Mode of operation for block ciphers may be used in an embodiment for hardware and software efficiency.
摘要翻译：块密码操作模式实现具有任意块长度的块密码，并提供与输入明文总是相同大小的输出密文。该模式可以在不能允许数据扩展的系统中提供最佳的安全性，例如磁盘块加密和一些网络协议。该模式接受一个额外的输入，可以用来防止通过重新排列密文块来处理密文的攻击。用于块密码的Galois / Counter操作模式的通用散列函数可以用于硬件和软件效率的实施例中。

2. 发明申请

US20130347109A1 Techniques for Detecting Program Modifications 审中-公开
标题翻译：检测程序修改的技术
公开(公告)号：US20130347109A1
公开(公告)日：2013-12-26
申请号：US13529068
申请日：2012-06-21
申请人： Scott Fluhrer
发明人： Scott Fluhrer
IPC分类号： G06F21/24
CPC分类号： G06F21/64 , G06F21/12 , G06F21/554 , G06F21/566
摘要： Techniques are provided for detecting modifications to software instructions. At a computing apparatus configured to execute a software program comprising a plurality of instructions, at least a first check point having a first check value and a second check point having a second check value are assigned within the instructions. At least first and second portions of the instructions are identified. The first portion of the instructions comprises one or more check points other than the first check point. The second portion of the instructions comprises one or more check points other than the second check point. A first hashing operation is performed over the first portion resulting in a first equation and a second hashing operation is performed over the second portion resulting in a second equation. The first check value and the second check value are computed based on the first equation and the second equation.
摘要翻译：提供了用于检测对软件指令的修改的技术。在被配置为执行包括多个指令的软件程序的计算装置中，在指令内分配至少具有第一检查值的第一检查点和具有第二检查值的第二检查点。指示的至少第一和第二部分被识别。指令的第一部分包括除第一检查点之外的一个或多个检查点。指令的第二部分包括除第二检查点之外的一个或多个检查点。在第一部分上执行第一散列操作，得到第一等式，并且在第二部分上执行第二散列操作，得到第二等式。基于第一等式和第二等式来计算第一检查值和第二检查值。

3. 发明申请

US20070083923A1 Strong anti-replay protection for IP traffic sent point to point or multi-cast to large groups 有权
标题翻译：强大的反重放保护IP流量点播或多播到大群组
公开(公告)号：US20070083923A1
公开(公告)日：2007-04-12
申请号：US11249898
申请日：2005-10-12
申请人： Scott Fluhrer , Brian Weis
发明人： Scott Fluhrer , Brian Weis
IPC分类号： G06F15/16
CPC分类号： H04L63/1466 , H04L63/164 , H04L2463/121
摘要： A mechanism for providing strong anti-replay protection at a security gateway in a network for protection against an attacker duplicating encrypted packets. The mechanism assigns a unique sequence number to each encrypted packet and a time stamp. A receiving security gateway rejects packets that have a duplicative sequence number or that is too old to protect itself against replay attacks. Each security gateway checks off the sequence numbers as they are received knowing that the sending security gateway assigns sequence numbers in an increasing order. The receiving security gateway remembers the value of the highest sequence number that it has already seen as well as up to N additional sequence numbers. Any packet with a duplicative sequence number is discarded. In addition to the sequence number, each packet also has an associated time stamp that corresponds to an epoch during which it should be received. If the packet is received after the epoch has expired, the packet is rejected.
摘要翻译：一种用于在网络中的安全网关提供强大的反重放保护的机制，用于防止复制加密分组的攻击者。该机制为每个加密的分组和时间戳分配唯一的序列号。接收安全网关拒绝具有重复序列号或太旧的数据包，以保护自身免受重放攻击。每个安全网关检查序列号，因为它们被接收，知道发送安全网关按照递增的顺序分配序列号。接收安全网关记住其已经看到的最高序列号的值以及最多N个附加序列号。任何具有重复序列号的数据包都被丢弃。除了序列号之外，每个分组还具有对应于其应该被接收的时期的相关联的时间戳。如果在时期到期后收到数据包，则数据包被拒绝。

4. 发明授权

US07207063B1 Method and apparatus for determining secure endpoints of tunnels in a network that uses internet security protocol 有权
标题翻译：用于确定使用互联网安全协议的网络中隧道的安全端点的方法和装置
公开(公告)号：US07207063B1
公开(公告)日：2007-04-17
申请号：US09990814
申请日：2001-11-15
申请人： Scott Fluhrer
发明人： Scott Fluhrer
IPC分类号： G06F9/00 , G06F15/16 , G06F17/00 , G06F15/177 , G06F15/173 , H04L9/00
CPC分类号： H04L63/0272 , H04L63/0281 , H04L63/029 , H04L63/10 , H04L63/164
摘要： A method for establishing a secure connection between two network devices, such as a source end host and a destination end host, is disclosed. An initiator peer that sends network traffic on behalf of the source end host sends to a responder peer a first description of network traffic that is to be protected. In response, the initiator peer receives a second description of network traffic that is to be protected from the responder peer. The initiator peer then derives a third description of network traffic that is mutually acceptable to both the initiator peer and the responder peer. The third description of the network traffic is based on the first description of network traffic and the second description of the network traffic. The third description of network traffic is derived by finding the largest common subset of proxies from the first and second descriptions of network traffic.
摘要翻译：公开了一种用于在诸如源端主机和目的端终端主机之间的两个网络设备之间建立安全连接的方法。代表源端主机发送网络流量的发起方对等体向应答者对等体发送要保护的网络流量的第一个描述。作为响应，发起方对等体接收到将被保护的响应者对等体的网络流量的第二描述。发起方对等体然后得出发起者对等体和响应者对等体相互可接受的网络流量的第三描述。网络流量的第三个描述基于网络流量的第一描述和网络流量的第二描述。网络流量的第三个描述是通过从网络流量的第一和第二描述中找到代理的最大公共子集得到的。

5. 发明申请

US20120060029A1 METHOD AND SYSTEM FOR DYNAMIC SECURED GROUP COMMUNICATION 有权
标题翻译：动态安全组通信方法与系统
公开(公告)号：US20120060029A1
公开(公告)日：2012-03-08
申请号：US13235598
申请日：2011-09-19
申请人： Scott Fluhrer , Warren Scott Wainner , Sheela Rowles , Kavitha Kamarthy , Mohamed Khalid , Haseeb Niazi , Pratima Sethi
发明人： Scott Fluhrer , Warren Scott Wainner , Sheela Rowles , Kavitha Kamarthy , Mohamed Khalid , Haseeb Niazi , Pratima Sethi
IPC分类号： H04L9/00
CPC分类号： H04L41/0893 , H04L41/08 , H04L63/0272 , H04L63/0428 , H04L63/08
摘要： A system and method directed to carrying out dynamic secured group communication is provided. The method includes: obtaining a first packet that includes a first header; forming a frame that includes the first header in encrypted form; combining the first header and the frame to form a second packet and forming a second header; encapsulating the second packet with the second header to form a third packet, and communicating the third packet into the second network from the second source node for termination to the second-destination node. The first header includes a first source address of a first source node of a first network, and a first destination address of a first destination node of the first network. The second header includes a second source address of a second source node of a second network, and a second destination address of a second destination node of the second network.
摘要翻译：提供了一种旨在实现动态安全群组通信的系统和方法。该方法包括：获得包括第一报头的第一分组; 形成包括加密形式的第一标题的帧; 组合第一报头和帧以形成第二分组并形成第二报头; 将所述第二分组与所述第二报头封装以形成第三分组，并且将所述第三分组从所述第二源节点传送到所述第二网络以用于终止到所述第二目的地节点。第一标头包括第一网络的第一源节点的第一源地址和第一网络的第一目的地节点的第一目的地地址。第二标头包括第二网络的第二源节点的第二源地址和第二网络的第二目的地节点的第二目的地地址。

6. 发明授权

US08036221B2 Method and system for dynamic secured group communication 有权
标题翻译：动态安全群组通信的方法和系统
公开(公告)号：US08036221B2
公开(公告)日：2011-10-11
申请号：US12210821
申请日：2008-09-15
申请人： Scott Fluhrer , Warren Scott Wainner , Sheela Rowles , Kavitha Kamarthy , Mohamed Khalid , Haseeb Naizi , Pratima Sethi
发明人： Scott Fluhrer , Warren Scott Wainner , Sheela Rowles , Kavitha Kamarthy , Mohamed Khalid , Haseeb Naizi , Pratima Sethi
IPC分类号： H04L12/56
CPC分类号： H04L41/0893 , H04L41/08 , H04L63/0272 , H04L63/0428 , H04L63/08
摘要： A system and method directed to carrying out dynamic secured group communication is provided. The method includes obtaining a first packet that includes a first header. The first header includes a first source address of a first source node of a first network, and a first destination address of a first destination node of the first network. The method also includes forming a frame that includes the first header in encrypted form, combining the first header and the frame to form a second packet, and forming a second header. This second header includes a second source address of a second source node of a second network, and a second destination address of a second destination node of the second network. The method further includes encapsulating the second packet with the second header to form a third packet, and communicating the third packet into the second network from the second source node for termination to the second-destination node.
摘要翻译：提供了一种旨在实现动态安全群组通信的系统和方法。该方法包括获得包括第一报头的第一分组。第一标头包括第一网络的第一源节点的第一源地址和第一网络的第一目的地节点的第一目的地地址。该方法还包括以加密形式形成包括第一报头的帧，组合第一报头和帧以形成第二报文，并形成第二报头。该第二标题包括第二网络的第二源节点的第二源地址和第二网络的第二目的地节点的第二目的地地址。该方法还包括用第二报头封装第二分组以形成第三分组，并将第三分组从第二源节点传送到第二网络以用于终止到第二目的地节点。

7. 发明申请

US20090034557A1 METHOD AND SYSTEM FOR DYNAMIC SECURED GROUP COMMUNICATION 有权
标题翻译：动态安全组通信方法与系统
公开(公告)号：US20090034557A1
公开(公告)日：2009-02-05
申请号：US12210821
申请日：2008-09-15
申请人： Scott Fluhrer , Warren Scott Wainner , Sheela Rowles , Kavitha Kamarthy , Mohamed Khalid , Haseeb Naizi , Pratima Sethi
发明人： Scott Fluhrer , Warren Scott Wainner , Sheela Rowles , Kavitha Kamarthy , Mohamed Khalid , Haseeb Naizi , Pratima Sethi
IPC分类号： H04J3/24
CPC分类号： H04L41/0893 , H04L41/08 , H04L63/0272 , H04L63/0428 , H04L63/08
摘要： A system and method directed to carrying out dynamic secured group communication is provided. The method includes obtaining a first packet that includes a first header. The first header includes a first source address of a first source node of a first network, and a first destination address of a first destination node of the first network. The method also includes forming a frame that includes the first header in encrypted form, combining the first header and the frame to form a second packet, and forming a second header. This second header includes a second source address of a second source node of a second network, and a second destination address of a second destination node of the second network. The method further includes encapsulating the second packet with the second header to form a third packet, and communicating the third packet into the second network from the second source node for termination to the second-destination node.
摘要翻译：提供了一种旨在实现动态安全群组通信的系统和方法。该方法包括获得包括第一报头的第一分组。第一标头包括第一网络的第一源节点的第一源地址和第一网络的第一目的地节点的第一目的地地址。该方法还包括以加密形式形成包括第一报头的帧，组合第一报头和帧以形成第二报文，并形成第二报头。该第二标题包括第二网络的第二源节点的第二源地址和第二网络的第二目的地节点的第二目的地地址。该方法还包括用第二报头封装第二分组以形成第三分组，并将第三分组从第二源节点传送到第二网络以用于终止到第二目的地节点。

8. 发明申请

US20070271451A1 SYSTEM AND METHOD FOR PROTECTED SPOKE TO SPOKE COMMUNICATION USING AN UNPROTECTED COMPUTER NETWORK 有权
标题翻译：使用未经保护的计算机网络保护通信的系统和方法
公开(公告)号：US20070271451A1
公开(公告)日：2007-11-22
申请号：US11419583
申请日：2006-05-22
申请人： Scott Fluhrer
发明人： Scott Fluhrer
IPC分类号： H04L9/00
CPC分类号： H04L63/0442 , H04L9/0841 , H04L9/0891
摘要： Various embodiments of the disclosed subject matter provide methods and systems for improved efficiency and security in spoke-to-spoke network communication. Embodiments provide systems and methods for registering a spoke with a hub, updating a hub registration table with spoke registration information, sending the updated hub registration table to a plurality of registered spokes, using the updated hub registration table at a sending spoke to encrypt traffic to be sent to another spoke, and using the updated hub registration table at a receiving spoke to decrypt traffic received from another spoke.
摘要翻译：所公开的主题的各种实施例提供了用于提高辐射到辐射网络通信的效率和安全性的方法和系统。实施例提供了用于将轮辐与集线器进行注册的系统和方法，使用分支注册信息来更新集线器注册表，使用发送分组处的更新的集线器注册表将更新的集线器注册表发送到多个注册的轮辐，以将流量加密被发送到另一个辐条，并且在接收到的辐条处使用更新的集线器注册表来解密从另一个辐条接收到的流量。

9. 发明申请

US20070081668A1 Enciphering method 有权
标题翻译：加密方法
公开(公告)号：US20070081668A1
公开(公告)日：2007-04-12
申请号：US11201626
申请日：2005-08-10
申请人： David McGrew , Scott Fluhrer
发明人： David McGrew , Scott Fluhrer
IPC分类号： H04K1/04
CPC分类号： H04L9/0637 , H04L9/002 , H04L2209/12 , H04L2209/20
摘要： A block cipher mode of operation implements a block cipher with an arbitrary block length and provides output ciphertext that is always the same size as the input plaintext. The mode can provide the best possible security in systems that cannot allow data expansion, such as disk-block encryption and some network protocols. The mode accepts an additional input, which can be used to protect against attacks that manipulate the ciphertext by rearranging the ciphertext blocks. The universal hash function from Galois/Counter Mode of operation for block ciphers may be used in an embodiment for hardware and software efficiency.
摘要翻译：块密码操作模式实现具有任意块长度的块密码，并提供与输入明文总是相同大小的输出密文。该模式可以在不能允许数据扩展的系统中提供最佳的安全性，例如磁盘块加密和一些网络协议。该模式接受一个额外的输入，可以用来防止通过重新排列密文块来处理密文的攻击。用于块密码的Galois / Counter操作模式的通用散列函数可以用于硬件和软件效率的实施例中。

10. 发明申请

US20140044262A1 Low Latency Encryption and Authentication in Optical Transport Networks 审中-公开
标题翻译：光传输网络中的低延迟加密和认证
公开(公告)号：US20140044262A1
公开(公告)日：2014-02-13
申请号：US13570579
申请日：2012-08-09
申请人： Gilberto Loprieno , David McGrew , Fabio Maino , Scott Fluhrer
发明人： Gilberto Loprieno , David McGrew , Fabio Maino , Scott Fluhrer
IPC分类号： H04L9/28
CPC分类号： H04L9/0637 , H04L9/3242 , H04L63/123
摘要： Data to be transmitted across an Optical Transport Network (OTN) is encrypted with a non-malleable encryption algorithm. An authentication code configured to allow authentication of the data with a low latency encryption algorithm is generated. A packet is generated which is configured to be transferred across the OTN and contains the encrypted data and the authentication code. The packet is transmitted across the OTN. Non-malleable encryption, origin authentication, data integrity and anti-replay protection are provided for OTNs over Dense Wavelength Division Multiplexed (DWDM) links. In one example, XTS-AES encryption and GMAC authentication techniques are combined to secure OTN frames.
摘要翻译：要通过光传输网络（OTN）传输的数据用非可延展的加密算法进行加密。生成用于允许用低延迟加密算法认证数据的认证码。生成分组，其被配置为跨越OTN传送并包含加密数据和认证码。数据包通过OTN传输。通过密集波分复用（DWDM）链路为OTN提供不可延展的加密，源认证，数据完整性和反重放保护。在一个示例中，XTS-AES加密和GMAC认证技术被组合以保护OTN帧。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式