会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 2. 发明授权
    • Method ans system for pro-active credential refreshing
    • 方法ans系统为主动凭证刷新
    • US07058798B1
    • 2006-06-06
    • US09547183
    • 2000-04-11
    • Yassir K. ElleyAnne H. AndersonStephen R. HannaSean J. MullanRadia Joy Perlman
    • Yassir K. ElleyAnne H. AndersonStephen R. HannaSean J. MullanRadia Joy Perlman
    • G06F7/04
    • G06F21/6218
    • The basic concept is that before a resource is accessed, the entity that has the burden of gathering the credentials, pro-actively refreshes the credentials and keeps them current. In one instance, a presenter of credentials, for example, a client, pro-actively refreshes the credentials such that at the time of presentation, the credentials meet the resource-specific constraints of a recipient of credentials, for example, a resource server. For each resource that it protects, a resource server typically establishes various constraints such as a recency requirement, which specifies how recently a credential has to have been issued to be accepted as an adequate credential. Other constraints may include maximum certificate chain length, trust level and so forth. In another instance, a recipient of credentials pro-actively gathers and refreshes credentials to prevent un-authorized access to the various resources it is protecting.
    • 基本概念是,在访问资源之前,负责收集凭据的实体主动刷新凭据并保持最新状态。 在一个实例中,凭证的呈现者(例如,客户端)主动地刷新证书,使得在呈现时,证书满足凭证的接收方的资源特定约束,例如资源服务器。 对于其保护的每个资源,资源服务器通常建立各种约束,例如新近要求,其指定证书必须最近被发布以被接受为足够证书。 其他约束可能包括最大证书链长度,信任级别等。 在另一个实例中,凭据的接收方主动收集和刷新凭据,以防止对其保护的各种资源的未授权访问。
    • 3. 发明授权
    • Use of beacon message in a network for classifying and discarding messages
    • 在网络中使用信标消息来分类和丢弃消息
    • US06658004B1
    • 2003-12-02
    • US09473402
    • 1999-12-28
    • Miriam C. KadanskyDah Ming ChiuStephen R. HannaStephen A. HurstRadia J. PerlmanJoseph S. Wesley
    • Miriam C. KadanskyDah Ming ChiuStephen R. HannaStephen A. HurstRadia J. PerlmanJoseph S. Wesley
    • H04L1228
    • H04L12/1827H04L47/10H04L47/31H04L67/104H04L67/1063H04L67/1074H04L69/329
    • A method and apparatus for identifying a data message that is eligible for discard. A beacon node periodically transmits a beacon message to a plurality of client nodes communicatively coupled via a network. Each beacon message includes a beacon sequence number and preferably, the beacon sequence numbers are authenticated by the beacon, node. The client nodes, upon receipt of the beacon messages, verify the authenticity of the respective received beacon sequence numbers and generate a local sequence number derived from the received beacon sequence number. When one client in the session has data to transmit to another client in the session, the sending client assembles a data message and inserts its local sequence number in the data message prior to transmission of the data message to the other client nodes in the session. The client nodes receiving the data message discard the data message if their respective local sequence number at the time of receipt of the data message exceeds the local sequence number inserted in the data message by a predetermined value. In one embodiment, the beacon node generates sequence numbers at a periodic interval P but only transmits 1 out of every m beacon sequence numbers to the client nodes in the session. The client nodes each set a local sequence counter equal to the beacon sequence number upon receipt of the beacon message and thereafter, increment the local sequence counter periodically at interval P. The local sequence counter value is employed as the local sequence number in each client node.
    • 一种用于识别符合丢弃资格的数据消息的方法和装置。 信标节点周期性地向经由网络通信耦合的多个客户端节点发送信标消息。 每个信标消息包括信标序列号,并且优选地,信标序列号由信标节点认证。 客户端节点在接收到信标消息后,验证相应接收到的信标序列号的真实性,并生成从接收到的信标序列号导出的本地序列号。 当会话中的一个客户端具有要在会话中传送给另一个客户端的数据时,发送客户端汇集一个数据消息,并将数据消息中的本地序列号插入到数据消息中,并传送到该会话中的其他客户机节点。 接收数据消息的客户节点如果在接收数据消息时其各自的本地序列号超过插入数据消息中的本地序列号预定值,则丢弃数据消息。 在一个实施例中,信标节点以周期性间隔P生成序列号,但是仅在每个m个信标序列号中发送1个到会话中的客户端节点。 客户端节点每接收到信标消息时都设置等于信标序列号的本地序列计数器,此后,以间隔P周期性地增加本地序列计数器。本地序列计数器值被用作每个客户端节点中的本地序列号 。
    • 4. 发明授权
    • Content screening with end-to-end encryption prior to reaching a destination
    • 在到达目的地之前进行端到端加密的内容筛选
    • US06560705B1
    • 2003-05-06
    • US09511541
    • 2000-02-23
    • Radia J. PerlmanStephen R. HannaYassir K. Elley
    • Radia J. PerlmanStephen R. HannaYassir K. Elley
    • H04L936
    • H04L63/0209H04L63/0442H04L63/1408
    • One embodiment of the present invention provides a system that performs content screening on a message that is protected by end-to-end encryption. The system operates by receiving an encrypted message and an encrypted message key at a content screener from a firewall, the firewall having previously received the encrypted message and the encrypted message key from a source outside the firewall. The content screener decrypts the encrypted message key to restore the message key, and decrypts the encrypted message with the message key to restore the message. Next, the content screener screens the message to determine whether the message satisfies a screening criterion. If so, the system forwards the message to a destination within the firewall in a secure manner. In one embodiment of the present invention, the system decrypts the encrypted message key by sending the encrypted message key to the destination. Upon receiving the encrypted message key, the destination decrypts the encrypted message key and returns the message key to the content screener in a secure manner.
    • 本发明的一个实施例提供一种对通过端到端加密保护的消息执行内容筛选的系统。 该系统通过从防火墙在内容筛选器处接收加密消息和加密消息密钥来操作,防火墙先前从防火墙外部的源接收到加密消息和加密消息密钥。 内容筛选器解密加密的消息密钥以恢复消息密钥,并用消息密钥解密加密的消息以恢复消息。 接下来,内容筛选器筛选消息以确定消息是否满足筛选标准。 如果是这样,系统会以安全的方式将消息转发到防火墙内的目的地。 在本发明的一个实施例中,系统通过将加密的消息密钥发送到目的地来解密加密的消息密钥。 在接收到加密的消息密钥时,目的地解密加密的消息密钥,并以安全的方式将消息密钥返回给内容筛选器。
    • 6. 发明授权
    • Method and apparatus for multicast indication of group key change
    • 组密钥改变的组播指示方法和装置
    • US06295361B1
    • 2001-09-25
    • US09107616
    • 1998-06-30
    • Miriam C. KadanskyStephen R. Hanna
    • Miriam C. KadanskyStephen R. Hanna
    • H04L908
    • H04L63/0435H04L29/06H04L63/062H04L63/065
    • A method and apparatus to allow a key manager node in a network to initiate the process of changing a group key for all nodes in a multicasting group. In the described embodiment, the key manager node initiates changing the group key by setting an indicator in a multicast packet. The indicator indicates that each of the nodes in the multicast group should obtain a new group key from the key manager node. The key manager node sets the indicator whenever the key manager node determines that the nodes in the group need to change their key. The nodes in the multicast group then obtain a key from the key manager node. In one embodiment of the present invention, the key manager node sends the group key to the members of the group and, once all nodes in the group have received their key, sends an indicator that the group members should start using the new keys. In another embodiment, the key manager node sends the new key to the group, along with instructions specifying when the new key is to take effect. For example, the new key can take effect at a certain time or when a certain packet number is received. In another embodiment, each receiver in the group uses both the new key and the old key for a predetermined time period or until all group members have received the key.
    • 一种允许网络中的密钥管理器节点发起改变多播组中所有节点的组密钥的过程的方法和装置。 在所描述的实施例中,密钥管理器节点通过设置组播分组中的指示符来发起改变组密钥。 指示符表示组播组中的每个节点都应从密钥管理器节点获取新的组密钥。 密钥管理器节点每当密钥管理器节点确定组中的节点需要更改密钥时,就会设置该指示符。 然后,组播组中的节点从密钥管理器节点获取密钥。 在本发明的一个实施例中,密钥管理节点将组密钥发送给组的成员,并且一旦组中的所有节点都已经接收到它们的密钥,就发送组成员应该使用新密钥开始的指示符。 在另一个实施例中,密钥管理器节点将新密钥发送到组,以及指定新密钥何时生效的指令。 例如,新密钥可以在特定时间或当接收到某个分组号时生效。 在另一个实施例中,组中的每个接收机在预定时间段内使用新密钥和旧密钥,或者直到所有组成员已经接收到密钥。
    • 7. 发明授权
    • Determination of distance between nodes in a computer network
    • 确定计算机网络中节点之间的距离
    • US06192404B1
    • 2001-02-20
    • US09079504
    • 1998-05-14
    • Stephen A. HurstDah Ming ChiuStephen R. HannaRadia J. Pearlman
    • Stephen A. HurstDah Ming ChiuStephen R. HannaRadia J. Pearlman
    • G06F15173
    • H04L45/26H04L45/00H04L45/16H04L45/20
    • A base node of a computer network sends concurrent TTL query messages using multicast to other receiving nodes of the computer network. Each of the TTL query messages has a different time-to-live (TTL) parameter value and records the TTL parameter of the TTL query message into a message body. The receiving nodes receive one or more of the TTL query messages, namely, those TTL query messages whose TTL parameter values are sufficient to allow the TTL query message to reach the receiving node. Each receiving node can determine the TTL distance to the receiving node from the base node by determining the lowest TTL parameter value of all TTL query messages which reached the receiving node. Each receiving node communicates the TTL distance by sending to the base node a TTL query response message which indicates, in the message body, the least TTL parameter value of all TTL query messages received by the receiving node. Accordingly, the base node can determine TTL distances to other nodes of the computer network very quickly.
    • 计算机网络的基础节点使用组播向计算机网络的其他接收节点发送并发TTL查询消息。 每个TTL查询消息具有不同的生存时间(TTL)参数值,并将TTL查询消息的TTL参数记录到消息体中。 接收节点接收一个或多个TTL查询消息,即TTL参数值足以允许TTL查询消息到达接收节点的TTL查询消息。 每个接收节点可以通过确定到达接收节点的所有TTL查询消息的最低TTL参数值来确定从基本节点到接收节点的TTL距离。 每个接收节点通过向基础节点发送TTL查询响应消息来传送TTL距离,TTL查询响应消息在消息体中指示接收节点接收的所有TTL查询消息的最小TTL参数值。 因此,基本节点可以非常快速地确定到计算机网络的其他节点的TTL距离。
    • 8. 发明授权
    • Verifying integrity of network devices for secure multicast communications
    • 验证网络设备的安全组播通信的完整性
    • US08458462B1
    • 2013-06-04
    • US12271555
    • 2008-11-14
    • Stephen R. Hanna
    • Stephen R. Hanna
    • H04L29/06H04L9/32
    • H04L63/10H04L12/18H04L41/0866H04L63/065H04L63/1408H04L2209/16
    • A network device, such as an access control server, verifies the integrity of other network devices requiring access to a secure multicast. The network device receives a health status report from the other network devices and grants or denies access to the secure multicast based on a comparison of the health status report with a set of one or more stored policies. The network device then provides group keys to authorized network devices. The network device may also include a monitoring module that monitors activities of authorized network devices. Where the network device monitors authorized network devices, authorized network devices with behavior that fails to satisfy one or more behavioral policies will have their authorization revoked and will no longer have access to the secure multicast.
    • 诸如访问控制服务器的网络设备验证需要访问安全多播的其他网络设备的完整性。 网络设备从其他网络设备接收健康状态报告,并且基于健康状态报告与一组一个或多个存储策略的比较来授予或拒绝对安全多播的访问。 然后,网络设备向授权的网络设备提供组密钥。 网络设备还可以包括监视授权网络设备的活动的监控模块。 在网络设备监视授权网络设备的情况下,具有不能满足一个或多个行为策略的行为的授权网络设备将被撤销,并且将不再能够访问安全多播。