专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US06230266B1 Authentication system and process 有权
标题翻译：验证系统和流程
公开(公告)号：US06230266B1
公开(公告)日：2001-05-08
申请号：US09243575
申请日：1999-02-03
申请人： Radia Joy Perlman , Stephen R. Hanna
发明人： Radia Joy Perlman , Stephen R. Hanna
IPC分类号： H04L900
CPC分类号： H04L9/3268
摘要： An authentication method and process are provided. One aspect of the process of the present invention includes authorizing a first on-line revocation server (OLRS) to provide information concerning certificates issued by a certificate authority (CA) that have been revoked. If the first OLRS is compromised, a second OLRS is authorized to provide certificate revocation information, but certificates issued by the CA remain valid unless indicated by the second OLRS to be revoked.
摘要翻译：提供了认证方法和过程。本发明的方法的一个方面包括授权第一在线吊销服务器（OLRS）提供关于由已被撤销的证书颁发机构（CA）颁发的证书的信息。如果第一个OLRS受到损害，则第二个OLRS被授权提供证书吊销信息，但由CA颁发的证书仍然有效，除非第二个OLRS指示要撤销。

2. 发明授权

US07058798B1 Method ans system for pro-active credential refreshing 有权
标题翻译：方法ans系统为主动凭证刷新
公开(公告)号：US07058798B1
公开(公告)日：2006-06-06
申请号：US09547183
申请日：2000-04-11
申请人： Yassir K. Elley , Anne H. Anderson , Stephen R. Hanna , Sean J. Mullan , Radia Joy Perlman
发明人： Yassir K. Elley , Anne H. Anderson , Stephen R. Hanna , Sean J. Mullan , Radia Joy Perlman
IPC分类号： G06F7/04
CPC分类号： G06F21/6218
摘要： The basic concept is that before a resource is accessed, the entity that has the burden of gathering the credentials, pro-actively refreshes the credentials and keeps them current. In one instance, a presenter of credentials, for example, a client, pro-actively refreshes the credentials such that at the time of presentation, the credentials meet the resource-specific constraints of a recipient of credentials, for example, a resource server. For each resource that it protects, a resource server typically establishes various constraints such as a recency requirement, which specifies how recently a credential has to have been issued to be accepted as an adequate credential. Other constraints may include maximum certificate chain length, trust level and so forth. In another instance, a recipient of credentials pro-actively gathers and refreshes credentials to prevent un-authorized access to the various resources it is protecting.
摘要翻译：基本概念是，在访问资源之前，负责收集凭据的实体主动刷新凭据并保持最新状态。在一个实例中，凭证的呈现者（例如，客户端）主动地刷新证书，使得在呈现时，证书满足凭证的接收方的资源特定约束，例如资源服务器。对于其保护的每个资源，资源服务器通常建立各种约束，例如新近要求，其指定证书必须最近被发布以被接受为足够证书。其他约束可能包括最大证书链长度，信任级别等。在另一个实例中，凭据的接收方主动收集和刷新凭据，以防止对其保护的各种资源的未授权访问。

3. 发明授权

US06658004B1 Use of beacon message in a network for classifying and discarding messages 有权
标题翻译：在网络中使用信标消息来分类和丢弃消息
公开(公告)号：US06658004B1
公开(公告)日：2003-12-02
申请号：US09473402
申请日：1999-12-28
申请人： Miriam C. Kadansky , Dah Ming Chiu , Stephen R. Hanna , Stephen A. Hurst , Radia J. Perlman , Joseph S. Wesley
发明人： Miriam C. Kadansky , Dah Ming Chiu , Stephen R. Hanna , Stephen A. Hurst , Radia J. Perlman , Joseph S. Wesley
IPC分类号： H04L1228
CPC分类号： H04L12/1827 , H04L47/10 , H04L47/31 , H04L67/104 , H04L67/1063 , H04L67/1074 , H04L69/329
摘要： A method and apparatus for identifying a data message that is eligible for discard. A beacon node periodically transmits a beacon message to a plurality of client nodes communicatively coupled via a network. Each beacon message includes a beacon sequence number and preferably, the beacon sequence numbers are authenticated by the beacon, node. The client nodes, upon receipt of the beacon messages, verify the authenticity of the respective received beacon sequence numbers and generate a local sequence number derived from the received beacon sequence number. When one client in the session has data to transmit to another client in the session, the sending client assembles a data message and inserts its local sequence number in the data message prior to transmission of the data message to the other client nodes in the session. The client nodes receiving the data message discard the data message if their respective local sequence number at the time of receipt of the data message exceeds the local sequence number inserted in the data message by a predetermined value. In one embodiment, the beacon node generates sequence numbers at a periodic interval P but only transmits 1 out of every m beacon sequence numbers to the client nodes in the session. The client nodes each set a local sequence counter equal to the beacon sequence number upon receipt of the beacon message and thereafter, increment the local sequence counter periodically at interval P. The local sequence counter value is employed as the local sequence number in each client node.
摘要翻译：一种用于识别符合丢弃资格的数据消息的方法和装置。信标节点周期性地向经由网络通信耦合的多个客户端节点发送信标消息。每个信标消息包括信标序列号，并且优选地，信标序列号由信标节点认证。客户端节点在接收到信标消息后，验证相应接收到的信标序列号的真实性，并生成从接收到的信标序列号导出的本地序列号。当会话中的一个客户端具有要在会话中传送给另一个客户端的数据时，发送客户端汇集一个数据消息，并将数据消息中的本地序列号插入到数据消息中，并传送到该会话中的其他客户机节点。接收数据消息的客户节点如果在接收数据消息时其各自的本地序列号超过插入数据消息中的本地序列号预定值，则丢弃数据消息。在一个实施例中，信标节点以周期性间隔P生成序列号，但是仅在每个m个信标序列号中发送1个到会话中的客户端节点。客户端节点每接收到信标消息时都设置等于信标序列号的本地序列计数器，此后，以间隔P周期性地增加本地序列计数器。本地序列计数器值被用作每个客户端节点中的本地序列号。

4. 发明授权

US06560705B1 Content screening with end-to-end encryption prior to reaching a destination 有权
标题翻译：在到达目的地之前进行端到端加密的内容筛选
公开(公告)号：US06560705B1
公开(公告)日：2003-05-06
申请号：US09511541
申请日：2000-02-23
申请人： Radia J. Perlman , Stephen R. Hanna , Yassir K. Elley
发明人： Radia J. Perlman , Stephen R. Hanna , Yassir K. Elley
IPC分类号： H04L936
CPC分类号： H04L63/0209 , H04L63/0442 , H04L63/1408
摘要： One embodiment of the present invention provides a system that performs content screening on a message that is protected by end-to-end encryption. The system operates by receiving an encrypted message and an encrypted message key at a content screener from a firewall, the firewall having previously received the encrypted message and the encrypted message key from a source outside the firewall. The content screener decrypts the encrypted message key to restore the message key, and decrypts the encrypted message with the message key to restore the message. Next, the content screener screens the message to determine whether the message satisfies a screening criterion. If so, the system forwards the message to a destination within the firewall in a secure manner. In one embodiment of the present invention, the system decrypts the encrypted message key by sending the encrypted message key to the destination. Upon receiving the encrypted message key, the destination decrypts the encrypted message key and returns the message key to the content screener in a secure manner.
摘要翻译：本发明的一个实施例提供一种对通过端到端加密保护的消息执行内容筛选的系统。该系统通过从防火墙在内容筛选器处接收加密消息和加密消息密钥来操作，防火墙先前从防火墙外部的源接收到加密消息和加密消息密钥。内容筛选器解密加密的消息密钥以恢复消息密钥，并用消息密钥解密加密的消息以恢复消息。接下来，内容筛选器筛选消息以确定消息是否满足筛选标准。如果是这样，系统会以安全的方式将消息转发到防火墙内的目的地。在本发明的一个实施例中，系统通过将加密的消息密钥发送到目的地来解密加密的消息密钥。在接收到加密的消息密钥时，目的地解密加密的消息密钥，并以安全的方式将消息密钥返回给内容筛选器。

5. 发明授权

US06507562B1 DYNAMIC OPTIMIZATION FOR RECEIVERS USING DISTANCE BETWEEN A REPAIR HEAD AND A MEMBER STATION IN A REPAIR GROUP FOR RECEIVERS HAVING A CLOSELY KNIT TOPOLOGICAL ARRANGEMENT TO LOCATE REPAIR HEADS NEAR THE MEMBER STATIONS WHICH THEY SERVE IN TREE BASED REPAIR IN RELIABLE MULTICAST PROTOCOL 有权
标题翻译：对于接收者的动态优化使用维修组和成员站之间的距离，在修理组中，对于在可靠的多媒体协议中进行基于树的维修服务的会员站的位置修复头的接收者的接收者
公开(公告)号：US06507562B1
公开(公告)日：2003-01-14
申请号：US09336660
申请日：1999-06-18
申请人： Miriam C. Kadansky , Dah Ming Chiu , Stephen R. Hanna , Stephen A. Hurst , Joseph S. Wesley , Philip M. Rosenzweig , Radia J. Perlman
发明人： Miriam C. Kadansky , Dah Ming Chiu , Stephen R. Hanna , Stephen A. Hurst , Joseph S. Wesley , Philip M. Rosenzweig , Radia J. Perlman
IPC分类号： G06F1100
CPC分类号： H04L12/1877 , H04L12/185 , H04L12/1868
摘要： Receiver stations located close together in a computer network dynamically form a multicast repair tree by a plurality of receiver stations choosing a repair head station from among the closely located receiver stations. A receiver station calculates its distance from a repair head station by subtracting the decremented TTL value read from the IP header from the initial value of the TTL parameter carried in field TTL SCOPE of HELLO messages, transmitted by repair head stations. Using a criteria that a closer repair head station is a more optimum repair head station, receiver stations listen to each received HELLO message, calculate the distance to the repair head station, and reaffiliate with the closest repair head station.
摘要翻译：位于计算机网络中的接收站由多个接收站动态地形成多播修复树，所述多个接收站从位于接近站的接收站中选择修复头站。接收站通过从修复头站发送的HELLO消息的字段TTL SCOPE中携带的TTL参数的初始值中减去从IP报头读取的递减的TTL值来计算其与修复站的距离。使用更接近的修理头站是更为优化的修复头站的标准，接收站收听每个接收到的HELLO消息，计算到维修站的距离，并且与最接近的维修站相连。

6. 发明授权

US06295361B1 Method and apparatus for multicast indication of group key change 失效
标题翻译：组密钥改变的组播指示方法和装置
公开(公告)号：US06295361B1
公开(公告)日：2001-09-25
申请号：US09107616
申请日：1998-06-30
申请人： Miriam C. Kadansky , Stephen R. Hanna
发明人： Miriam C. Kadansky , Stephen R. Hanna
IPC分类号： H04L908
CPC分类号： H04L63/0435 , H04L29/06 , H04L63/062 , H04L63/065
摘要： A method and apparatus to allow a key manager node in a network to initiate the process of changing a group key for all nodes in a multicasting group. In the described embodiment, the key manager node initiates changing the group key by setting an indicator in a multicast packet. The indicator indicates that each of the nodes in the multicast group should obtain a new group key from the key manager node. The key manager node sets the indicator whenever the key manager node determines that the nodes in the group need to change their key. The nodes in the multicast group then obtain a key from the key manager node. In one embodiment of the present invention, the key manager node sends the group key to the members of the group and, once all nodes in the group have received their key, sends an indicator that the group members should start using the new keys. In another embodiment, the key manager node sends the new key to the group, along with instructions specifying when the new key is to take effect. For example, the new key can take effect at a certain time or when a certain packet number is received. In another embodiment, each receiver in the group uses both the new key and the old key for a predetermined time period or until all group members have received the key.
摘要翻译：一种允许网络中的密钥管理器节点发起改变多播组中所有节点的组密钥的过程的方法和装置。在所描述的实施例中，密钥管理器节点通过设置组播分组中的指示符来发起改变组密钥。指示符表示组播组中的每个节点都应从密钥管理器节点获取新的组密钥。密钥管理器节点每当密钥管理器节点确定组中的节点需要更改密钥时，就会设置该指示符。然后，组播组中的节点从密钥管理器节点获取密钥。在本发明的一个实施例中，密钥管理节点将组密钥发送给组的成员，并且一旦组中的所有节点都已经接收到它们的密钥，就发送组成员应该使用新密钥开始的指示符。在另一个实施例中，密钥管理器节点将新密钥发送到组，以及指定新密钥何时生效的指令。例如，新密钥可以在特定时间或当接收到某个分组号时生效。在另一个实施例中，组中的每个接收机在预定时间段内使用新密钥和旧密钥，或者直到所有组成员已经接收到密钥。

7. 发明授权

US06192404B1 Determination of distance between nodes in a computer network 失效
标题翻译：确定计算机网络中节点之间的距离
公开(公告)号：US06192404B1
公开(公告)日：2001-02-20
申请号：US09079504
申请日：1998-05-14
申请人： Stephen A. Hurst , Dah Ming Chiu , Stephen R. Hanna , Radia J. Pearlman
发明人： Stephen A. Hurst , Dah Ming Chiu , Stephen R. Hanna , Radia J. Pearlman
IPC分类号： G06F15173
CPC分类号： H04L45/26 , H04L45/00 , H04L45/16 , H04L45/20
摘要： A base node of a computer network sends concurrent TTL query messages using multicast to other receiving nodes of the computer network. Each of the TTL query messages has a different time-to-live (TTL) parameter value and records the TTL parameter of the TTL query message into a message body. The receiving nodes receive one or more of the TTL query messages, namely, those TTL query messages whose TTL parameter values are sufficient to allow the TTL query message to reach the receiving node. Each receiving node can determine the TTL distance to the receiving node from the base node by determining the lowest TTL parameter value of all TTL query messages which reached the receiving node. Each receiving node communicates the TTL distance by sending to the base node a TTL query response message which indicates, in the message body, the least TTL parameter value of all TTL query messages received by the receiving node. Accordingly, the base node can determine TTL distances to other nodes of the computer network very quickly.
摘要翻译：计算机网络的基础节点使用组播向计算机网络的其他接收节点发送并发TTL查询消息。每个TTL查询消息具有不同的生存时间（TTL）参数值，并将TTL查询消息的TTL参数记录到消息体中。接收节点接收一个或多个TTL查询消息，即TTL参数值足以允许TTL查询消息到达接收节点的TTL查询消息。每个接收节点可以通过确定到达接收节点的所有TTL查询消息的最低TTL参数值来确定从基本节点到接收节点的TTL距离。每个接收节点通过向基础节点发送TTL查询响应消息来传送TTL距离，TTL查询响应消息在消息体中指示接收节点接收的所有TTL查询消息的最小TTL参数值。因此，基本节点可以非常快速地确定到计算机网络的其他节点的TTL距离。

8. 发明授权

US08458462B1 Verifying integrity of network devices for secure multicast communications 有权
标题翻译：验证网络设备的安全组播通信的完整性
公开(公告)号：US08458462B1
公开(公告)日：2013-06-04
申请号：US12271555
申请日：2008-11-14
申请人： Stephen R. Hanna
发明人： Stephen R. Hanna
IPC分类号： H04L29/06 , H04L9/32
CPC分类号： H04L63/10 , H04L12/18 , H04L41/0866 , H04L63/065 , H04L63/1408 , H04L2209/16
摘要： A network device, such as an access control server, verifies the integrity of other network devices requiring access to a secure multicast. The network device receives a health status report from the other network devices and grants or denies access to the secure multicast based on a comparison of the health status report with a set of one or more stored policies. The network device then provides group keys to authorized network devices. The network device may also include a monitoring module that monitors activities of authorized network devices. Where the network device monitors authorized network devices, authorized network devices with behavior that fails to satisfy one or more behavioral policies will have their authorization revoked and will no longer have access to the secure multicast.
摘要翻译：诸如访问控制服务器的网络设备验证需要访问安全多播的其他网络设备的完整性。网络设备从其他网络设备接收健康状态报告，并且基于健康状态报告与一组一个或多个存储策略的比较来授予或拒绝对安全多播的访问。然后，网络设备向授权的网络设备提供组密钥。网络设备还可以包括监视授权网络设备的活动的监控模块。在网络设备监视授权网络设备的情况下，具有不能满足一个或多个行为策略的行为的授权网络设备将被撤销，并且将不再能够访问安全多播。

9. 发明授权

US07982595B2 Network policy evaluation 有权
标题翻译：网络政策评估
公开(公告)号：US07982595B2
公开(公告)日：2011-07-19
申请号：US12541775
申请日：2009-08-14
申请人： Stephen R. Hanna , Roger Allen Chickering
发明人： Stephen R. Hanna , Roger Allen Chickering
IPC分类号： G08B29/00
CPC分类号： H04L63/20 , H04L63/0227
摘要： A device may include an interface to send policy information to an evaluation module, where the policy information is related to a group of policies, and receive a group of results from the evaluation module, where the group of results indicates whether the status of a source device complies with the croup of policies. The interface may send an instruction to a destination device configured to implement at least a subset of the policies with respect to the source device based on the instruction.
摘要翻译：设备可以包括向评估模块发送策略信息的接口，其中策略信息与一组策略相关，并且从评估模块接收一组结果，其中所述结果组指示源的状态设备符合政策规定。接口可以向目的地设备发送指令，该目的地设备被配置为基于该指令来实现关于源设备的策略的至少一个子集。

10. 发明授权

US07592906B1 Network policy evaluation 有权
标题翻译：网络政策评估
公开(公告)号：US07592906B1
公开(公告)日：2009-09-22
申请号：US11422109
申请日：2006-06-05
申请人： Stephen R. Hanna , Roger Allen Chickering
发明人： Stephen R. Hanna , Roger Allen Chickering
IPC分类号： G08B29/00
CPC分类号： H04L63/20 , H04L63/0227
摘要： A device may include an interface to send policy information to an evaluation module, where the policy information is related to a group of policies, and receive a group of results from the evaluation module, where the group of results indicates whether the status of a source device complies with the group of policies. The interface may send an instruction to a destination device configured to implement at least a subset of the policies with respect to the source device based on the instruction.
摘要翻译：设备可以包括向评估模块发送策略信息的接口，其中策略信息与一组策略相关，并且从评估模块接收一组结果，其中所述结果组指示源的状态设备符合一组策略。接口可以向目的地设备发送指令，该目的地设备被配置为基于该指令来实现关于源设备的策略的至少一个子集。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式