Patents by Inventor Radia J. Perlman

Patent number: 8635284
Abstract: A method for processing packets that includes receiving a packet from a network, analyzing the packet to obtain packet information used to determine to which temporary data structure to forward the packet, if a first list includes the packet information forwarding the packet to a first temporary data structure, and processing the packet from the first temporary data structure, and if the first list does not include the packet information forwarding the packet to a second temporary data structure, processing the packet, wherein processing the packet comprises: sending a first test to a source of the packet using the packet information, placing the packet information on the first list, if a successful response to the first test is received, and placing the packet information on a second list, if an unsuccessful response to the first test is received.
Type: Grant
Filed: October 21, 2005
Issued: January 21, 2014
Assignee: Oracle Amerca, Inc.
Inventors: Sunay Tripathi, Radia J. Perlman, Nicolas G. Droux
Patent number: 8538014
Abstract: Some embodiments of the present invention provide a system that computes a target secret St in a sequence of secrets S0 . . . Sn. During operation, the system obtains k hash functions h1, . . . , hk, where h1 is known as the “lowest order hash function”, and hk is known as the “highest order hash function.” Associated with each hash function hi is a seed value seed comprising a pair (seedindexi, seedvaluei). Hash function hi operates on a pair (indexi, valuei) to produce a pair (newindexi, newvaluei), where newindexi>indexi. To compute target secret St, the hash functions are applied successively, starting with the highest order hash function whose associated seed's index value is largest without being greater than t, applying that hash function as many times as possible without having that hash function's output's index value become greater than t, and then applying each successive hash function in turn as many times as possible, until St has been computed.
Type: Grant
Filed: May 12, 2008
Issued: September 17, 2013
Assignee: Oracle America, Inc.
Inventor: Radia J. Perlman
Patent number: 8488782
Abstract: Some embodiments provide systems and techniques for performing parameterizable cryptography. An encryption key can be determined based at least on a string associated with an authorization policy. The encryption key can then be used to encrypt information. The decryption key can also be determined based at least on the string associated with the authorization policy. Note that the authorization policy must be satisfied to decrypt information. In some embodiments, the systems and techniques for performing parameterizable cryptography are blindable. These blindable embodiments can be used to preserve privacy.
Type: Grant
Filed: October 20, 2009
Issued: July 16, 2013
Assignee: Oracle America, Inc.
Inventor: Radia J. Perlman
Patent number: 8315395
Abstract: Some embodiments provide a system to generate a key pair. During operation, the system can receive a request to generate the key pair, wherein the key pair is generated by a key assigner, and wherein the key pair is associated with a user. Next, the system can determine a secret associated with the key assigner. Specifically, the system can determine the secret by determining an initial secret associated with the key assigner, and by applying a one-way hash function to the initial secret one or more times. The system can then determine a seed based on the secret. Specifically, the system can determine the seed by cryptographically combining the secret with information associated with the user. Next, the system can generate the key pair by using the seed as an input to a key generator. The system can then return the key pair to a requestor.
Type: Grant
Filed: December 10, 2008
Issued: November 20, 2012
Assignee: Oracle America, Inc.
Inventor: Radia J. Perlman
Patent number: 8200964
Abstract: One embodiment of the present invention provides a system for accessing an encrypted file through a file system. During operation, the system receives a request to access the encrypted file. In response to the request, the system sends an encrypted file key for the encrypted file from the file system to a tamper-resistant module. Next, the tamper-resistant module uses a master secret to decrypt the encrypted file key to restore the file key, wherein the master secret is obtained from an external source by the tamper-resistant module. The system then uses the file key to access the encrypted file.
Type: Grant
Filed: September 22, 2006
Issued: June 12, 2012
Assignee: Oracle America, Inc.
Inventors: Radia J. Perlman, Sunay Tripathi
Patent number: 8006285
Abstract: A distributed denial of service attack can be defended against by challenging requests at a machine upstream from the target of the attack. The upstream machine limits access to the victim machine in response to indication of the victim machine being attacked. The upstream machine begins trapping protocol data units destined for the victim machine and challenging requests to access the victim machine with tests that require sentient responses, such as Turing tests. The upstream machine then updates a set of rules governing access to the victim machine based, at least in part, on responses to the challenges or administered tests.
Type: Grant
Filed: June 13, 2005
Issued: August 23, 2011
Assignee: Oracle America, Inc.
Inventor: Radia J. Perlman
Application number: 20110093721
Abstract: Some embodiments provide systems and techniques for performing parameterizable cryptography. An encryption key can be determined based at least on a string associated with an authorization policy. The encryption key can then be used to encrypt information. The decryption key can also be determined based at least on the string associated with the authorization policy. Note that the authorization policy must be satisfied to decrypt information. In some embodiments, the systems and techniques for performing parameterizable cryptography are blindable. These blindable embodiments can be used to preserve privacy.
Type: Application
Filed: October 20, 2009
Issued: April 21, 2011
Assignee: SUN MICROSYSTEMS, INC.
Inventor: Radia J. Perlman
Patent number: 7874010
Abstract: One embodiment of the present invention provides a system that manages secret keys for messages. During operation, the system receives a desired expiration time T from an encrypter, and possibly a nonce N, at a server that manages keys. If N is not sent by the encrypter, it is generated by a key managing server. Next, the system chooses a secret ST, with an expiration time close to T, and an identifier IDS from a database for which secret ST can be retrieved using the identifier IDS. If such an ST is not already in the database, the server generates a new ST and IDS. The system then calculates a hash H=h(N,ST), and sends H and IDS from the server to the encrypter. The encrypter then encrypts M with H to form {M}H, and communicates ({M}H, N, IDS) to a message reader. The message reader then sends N and IDS to the server. The server then uses IDS to lookup ST, recalculates H=h(N,ST), and sends H to the message reader, thereby enabling the message reader to decrypt {M}H to obtain M.
Type: Grant
Filed: October 5, 2004
Issued: January 18, 2011
Assignee: Oracle America, Inc.
Inventor: Radia J. Perlman
Application number: 20100329460
Abstract: Some embodiments provide a system to assure enhanced security, e.g., by assuring that information is not revealed over a covert channel. All communications between a source system and a destination system may pass through an intermediate system. In some embodiments, the intermediate system may perform an additional level of blinding to ensure that the source system does not covertly reveal information to the destination system. In some embodiments, the intermediate system may request the source system to perform a modification operation, and then check if the source system performed the modification operation. Examples of the modification operation include a blinding operation and a cryptographic hashing operation.
Type: Application
Filed: June 30, 2009
Issued: December 30, 2010
Assignee: SUN MICROSYSTEMS, INC.
Inventor: Radia J. Perlman
Patent number: 7814318
Abstract: One embodiment of the present invention relates to a system for managing files which facilitates making the files permanently unreadable. During operation, the system maintains file-class keys at a file manager, wherein the file-class keys are associated with different classes of files. If a file belongs to a class of files, the system ensures that whenever the file is stored or updated in non-volatile storage that the file is encrypted with an associated key-manager-file-class key for the class of files. The system makes an entire class of files permanently unreadable by causing an associated key-manager-file-class key, which can be used to decrypt the class of files, to become permanently unreadable.
Type: Grant
Filed: September 27, 2005
Issued: October 12, 2010
Assignee: Oracle America, Inc.
Inventors: Radia J. Perlman, Donald D. Crouse
Patent number: 7770213
Abstract: One embodiment of the present invention provides a system that facilitates securely forgetting a secret. During operation, the system obtains a set of secrets which are encrypted with a secret key Si, wherein the set of secrets includes a secret to be forgotten and other secrets which are to be remembered. Next, the system decrypts the secrets to be remembered using Si, and also removes the secret to be forgotten from the set of secrets. The system then obtains a new secret key Si+1, and encrypts the secrets to be remembered using Si+1. Finally, the system forgets Si.
Type: Grant
Filed: April 17, 2006
Issued: August 3, 2010
Assignee: Oracle America, Inc.
Inventors: Radia J. Perlman, Anton B. Rang
Patent number: 7760722
Abstract: An edge device including a first list and a second list, a first queue and a second queue configured to receive packets, wherein packet information for each of the packets forwarded to the first queue is on a first list and packet information for each of the packets forwarded to the second queue is not on the first list. The edge device is configured to, for each of the packets stored in the second queue, send a message to a host to send a first test to a source of the packet, wherein the host is operatively connected to the edge device, obtain a response to the first test from the host, place the packet information on the first list, if a successful response to the first test is received, and place the packet information on a second list, if an unsuccessful response to the first test is received.
Type: Grant
Filed: October 21, 2005
Issued: July 20, 2010
Assignee: Oracle America, Inc.
Inventors: Sunay Tripathi, Radia J. Perlman, Cahya Adiansyah Masputra
Application number: 20100142713
Abstract: Some embodiments provide a system to generate a key pair. During operation, the system can receive a request to generate the key pair, wherein the key pair is generated by a key assigner, and wherein the key pair is associated with a user. Next, the system can determine a secret associated with the key assigner. Specifically, the system can determine the secret by determining an initial secret associated with the key assigner, and by applying a one-way hash function to the initial secret one or more times. The system can then determine a seed based on the secret. Specifically, the system can determine the seed by cryptographically combining the secret with information associated with the user. Next, the system can generate the key pair by using the seed as an input to a key generator. The system can then return the key pair to a requestor.
Type: Application
Filed: December 10, 2008
Issued: June 10, 2010
Assignee: SUN MICROSYSTEMS, INC.
Inventor: Radia J. Perlman
Patent number: 7660423
Abstract: One embodiment of the present invention provides a system that maintains keys using limited storage space on a computing device, such as a smart card. During operation, the system receives a request at the computing device to perform an operation involving a key. While processing the request, the system obtains an encrypted key from remote storage located outside of the computing device, wherein the encrypted key was created by encrypting the key along with an expiration time for the key. Next, the system decrypts the encrypted key to restore the key and the expiration time, wherein the encrypted key is decrypted using a computing-device key, which is maintained locally on the computing device. Finally, if the expiration time has not passed, the system uses the key to perform the requested operation. Note that by storing the encrypted key in remote storage, the computing device is able to use the key without consuming local storage space to store the key.
Type: Grant
Filed: January 3, 2006
Issued: February 9, 2010
Assignee: Sun Microsystems, Inc.
Inventor: Radia J. Perlman
Application number: 20090296926
Abstract: Some embodiments of the present invention provide a system that generates and retrieves a key derived from a master key. During operation, the system receives a request at a key manager to generate a new key, or to retrieve an existing key. To generate a new key, the system generates a key identifier and then derives the new key by cryptographically combining the generated key identifier with the master key. To retrieve an existing key, the system obtains a key identifier for the existing key from the request and then cryptographically combines the obtained key identifier with the master key to produce the existing key.
Type: Application
Filed: June 2, 2008
Issued: December 3, 2009
Assignee: SUN MICROSYSTEMS, INC.
Inventor: Radia J. Perlman
Application number: 20090279692
Abstract: Some embodiments of the present invention provide a system that computes a target secret St in a sequence of secrets S0 . . . Sn. During operation, the system obtains k hash functions h1, . . . , hk, where h1 is known as the “lowest order hash function”, and hk is known as the “highest order hash function.” Associated with each hash function hi is a seed value seed comprising a pair (seedindexi, seedvaluei). Hash function hi operates on a pair (indexi, valuei) to produce a pair (newindexi, newvaluei), where newindexi>indexi. To compute target secret St, the hash functions are applied successively, starting with the highest order hash function whose associated seed's index value is largest without being greater than t, applying that hash function as many times as possible without having that hash function's output's index value become greater than t, and then applying each successive hash function in turn as many times as possible, until St has been computed.
Type: Application
Filed: May 12, 2008
Issued: November 12, 2009
Assignee: SUN MICROSYSTEMS, INC.
Inventor: Radia J. Perlman
Patent number: 7596696
Abstract: One embodiment of the present invention provides a system that facilitates making the files permanently unreadable. During operation, the system encrypts a file with a key K at a file manager and then stores the encrypted file in non-volatile storage. Next, the system stores the key K in a key database located in volatile storage at the file manager. The system then encrypts the key database, and stores the encrypted key database in non-volatile storage. Additionally, a key that can be used to decrypt the encrypted key database is maintained by a key manager, and is not maintained in non-volatile form by the file manager. In this way, if the file manager crashes, losing the contents of its volatile storage, the file manager must interact with the key manager to decrypt the encrypted key database.
Type: Grant
Filed: August 29, 2005
Issued: September 29, 2009
Assignee: Sun Microsystems, Inc.
Inventor: Radia J. Perlman
Application number: 20090019293
Abstract: Some embodiments of the present invention provide a system that automatically revokes data on a portable computing device. During operation, the system uses a key K1 to encrypt data on the portable computing device. The system then attempts verify that the portable computing device is secure. If the attempt to verify that the portable computing device is secure fails, the system causes K1 to be removed from the portable computing device.
Type: Application
Filed: October 1, 2007
Issued: January 15, 2009
Assignee: SUN MICROSYSTEMS, INC.
Inventor: Radia J. Perlman
Patent number: 7409545
Abstract: A method and system is disclosed for utilizing an ephemeral encryption or decryption agent so as to preclude access by the ephemeral encryption agent or decryption agent, respectively, to the information being ephemerally encrypted or decrypted. To preclude access by the ephemeral encryption agent, a blinding function is applied to the information prior to forwarding such information to the encryption agent for encryption. To preclude access to the information by the ephemeral decryption agent, a blinding function is applied to the encrypted information prior to forwarding the encrypted information to the decryption agent for decryption. Once the information has been returned, the information is unblinded, leaving an encrypted or decrypted message respectively.
Type: Grant
Filed: September 18, 2003
Issued: August 5, 2008
Assignee: Sun MicroSystems, Inc.
Inventor: Radia J. Perlman
Patent number: 7398322
Abstract: One embodiment of the present invention provides a system that transparently interconnects multiple network links into a single virtual network link. During operation, a Rbridge (Rbridge) within the system receives a packet, wherein the Rbridge belongs to a set of one or more Rbridges that transparently interconnect the multiple network links into the single virtual network link. These Rbridges automatically obtain information specifying which endnodes are located on the multiple network links without the endnodes having to proactively announce their presence to the Rbridges. If a destination for the packet resides on the same virtual network link, the Rbridge routes the packet to the destination. This route can be an optimal path to the destination, and is not constrained to lie along a spanning tree through the set of Rbridges.
Type: Grant
Filed: April 14, 2004
Issued: July 8, 2008
Assignee: Sun Microsystems, Inc.
Inventor: Radia J. Perlman
1 2 3 4 5 next