Abstract: A data authentication system that at the sender produces for a plurality of data packets a plurality of “integrity checks” by selecting an integrity function from a family or set of integrity functions, selecting a number of bytes from a given packet and manipulating the bytes in accordance with the selected integrity function to produce the integrity check. The system then selects corresponding bytes or bytes that are offset from the corresponding bytes from a next packet and produces a next associated integrity check using the same or another selected integrity check function, and so forth. The system encrypts the integrity checks associated with the plurality of data packets using, for example, a shared secret key, and produces an integrity block. The system then sends the encrypted integrity block and the data packets to the intended recipients. A recipient decrypts the integrity block using the shared secret key and reproduces the integrity checks.

Abstract: A system and method for calculating a deadlock-free free set of paths in a network generates an ordered set of deadlock-free sub-topologies, referred to as “layers.” The ordered set of layers is then used to determine a deadlock-free set of paths through the network by performing a shortest-path route calculation with the following constraint: starting at any given layer, for each node, proceed to calculate a shortest path to every other node in the graph where, at any node being utilized to assess a given minimum path, the path may move to any higher-ordered layer, but may not return to a lower-ordered layer.

Abstract: One embodiment of the present invention provides a system that facilitates a key exchange that operates with a pre-shared secret key and that hides identities of parties involved in the key exchange. The method operates by establishing a negotiated secret key between a first party and a second party by performing communications between the first party and the second party across a network in a manner that does not allow an eavesdropper to determine the negotiated secret key. Next, the system encrypts an identifier for the first party using the negotiated secret key and a group secret key to form an encrypted identifier. This group secret key is known to members of a group, including the first party and the second party, but is kept secret from parties outside of the group. Next, the system sends the encrypted identifier from the first party across the network to the second party.

Abstract: One embodiment of the present invention provides a system for sending an encrypted message through a distribution list exploder in order to forward the encrypted message to recipients on a distribution list. The system operates by encrypting the message at a sender using a message key to form an encrypted message. The system also encrypts the message key with a group public key to form an encrypted message key. The group public key is associated with a group private key to form a public key-private key pair associated with a group of valid recipients for the message. Next, the system sends the encrypted message and the encrypted message key to the distribution list exploder, and the distribution list exploder forwards the encrypted message to a plurality of recipients specified in the distribution list. After receiving the encrypted message and the encrypted message key, the recipient decrypts the encrypted message key to restore the message key.

Abstract: In automatically configuring network-layer addresses for network nodes in a network region, a specified router on each link generates link number request messages for the link. An address-assigning node assigns a region-wise unique link number to each link identified in a request message, and returns link number assignment messages containing the assigned link numbers. Each specified router assigns the link number from a received link number assignment message to a field of the network-layer addresses of the nodes on the associated link. According to a variation of the method, each specified router self-selects a link number and communicates with the other specified routers to avoid conflicts. Each specified router receives messages from the other specified routers containing numbers selected as region-wise unique link numbers for other links. Each specified router stores the received link numbers in association with the respective links in a local database.

Abstract: A network device dynamically switches between layer 2 (data link) operation and layer 3 (network) operation. When enabled, bridging logic functions as a data link bridge, receiving data link messages from communications links forming part of a single network-layer segment and forwarding the messages to another communications link using layer-2 addresses in the messages. When enabled, routing logic functions as a network router, receiving network layer messages from different network-layer segments and forwarding the messages to other links based on a routing algorithm and the network layer addresses. Selection logic dynamically selects the desired function under different operating conditions. For a transition from router to bridge, multiple network-layer segments are merged into a single bridged network-layer segment, freeing up link numbers for use in configuring addresses for other segments.

Abstract: To ensure uniqueness of a router identifier in routing protocol messages (RPMs), a router determines whether an identifier IDR in received RPMs is the same as an identifier IDS in RPMs originated by the router. For RPMs having the same identifier, sequence information such as a sequence number is compared with sequence information in the RPM most recently originated by the router, the comparison indicating whether the received RPM appears to have been originated more recently. The rate at which such RPMs are being received is monitored. If the rate is above a predetermined threshold rate, the router infers that another router is using the same identifier, and selects a different identifier for subsequent use. The sequence information preferably includes a checksum calculated over contents of the message including a random number, to ensure proper flooding of each message to other routers that may be using a duplicate identifier.

Abstract: In accordance with the invention, on-line group servers issue group membership or group non-membership certificates upon request. Furthermore, when a requester requests a group certificate for a particular entity, the associated group server makes a dynamic decision regarding the entity's membership in the group rather than simply referring to a membership list. These capabilities provide for, among other things, the implementation of “nested” groups, wherein an entity may indirectly prove membership in a first, or nested, group by proving membership in a second group which is a member of the first group. In the nested group situation, the dynamic decision may involve the group server of the nested group obtaining proof of the entity's membership or non-membership in the second group. Proof of membership or non-membership may include a group certificate and/or a group membership list.

Abstract: A method and system for granting an applicant associated with a client computer in a client-server system access to a requested service without providing the applicant with intelligible information regarding group membership. The applicant transmits a request for service to an application server over a computer network. In response, the application server prepares an encrypted message which includes the identification of the group or groups having access privileges and transmits the encrypted message to the client along with a request that the client prove membership in at least one of the groups. The message is encrypted with an encryption key which can be decrypted by a group membership server.

Abstract: One embodiment of the present invention provides a system that facilitates accessing a parameter embedded within an object identifier. During operation, the system receives the object identifier, wherein the object identifier contains a string of values. Next, the system looks for a prefix within the object identifier, wherein the prefix indicates that a subsequent value in the object identifier is a parameter value. If the system detects such a prefix, the system obtains the parameter value from the subsequent value in the object identifier. Next, the system uses the parameter value to perform an operation related to the object identifier or to the associated object.

Abstract: A system and method for providing deferred processing of information within a received data unit. An indication of a deferrable processing option in a received packet is detected, such as a particular option type or flag, as well as other deferred processing control parameters, and some relevant portion of the packet is stored. The received packet may then be forwarded out of the device, without waiting for the deferred processing to be completed. The deferred processing may be performed in parallel, or subsequent to, forwarding of the packet. The disclosed system is embodied in a networking device such as a router, which includes a fast processing path for packet forwarding functions, and a relatively slow processing path for other functions such as network management. Detection of the deferred processing indication and copying of the relevant packet portion are performed in the fast path. Deferred processing itself may be performed in the slow path.

Abstract: A central node in a network computes for, and sends to, each node a forwarding table which consists of the set of neighbors to which the node should forward a message intended for a particular destination. The message includes a version number in the packet field header indicating which forwarding table version the node should use to forward the packet. The node does not begin marking and forwarding packets according to the new version number immediately. The node may wait a period of time after receiving the new table or may wait until receiving notification from the fabric manager to begin using the new version number. When a node receives a message from an end node, it inserts either the most recently received version number in one embodiment or uses the version dictated by the fabric manager in another embodiment.

Abstract: An embodiment consistent with the present invention includes a method and apparatus for forming a multicast repair tree. The methods perform by a data processor and comprises the steps of determining, for each of a plurality of potential heads in a multicast group, a ranking value associated with the potential head; advertising, by the potential heads to a plurality of potential receivers; prioritizing, by a potential receiver, the ranking values from the potential heads; and binding, by a potential receiver to the head having the highest ranking value, thereby forming a group of which the potential receiver,is a member and the potential head is the head. The ranking values may include “able”, “unable”, “willing”, and “reluctant.” The ranking value of a potential head determines in accordance with a static or a dynamic configuration. Ranking values determine dynamically based on ranges of system resource levels such as memory and available processor resources.

Abstract: A method and apparatus for identifying a data message that is eligible for discard. A beacon node periodically transmits a beacon message to a plurality of client nodes communicatively coupled via a network. Each beacon message includes a beacon sequence number and preferably, the beacon sequence numbers are authenticated by the beacon, node. The client nodes, upon receipt of the beacon messages, verify the authenticity of the respective received beacon sequence numbers and generate a local sequence number derived from the received beacon sequence number. When one client in the session has data to transmit to another client in the session, the sending client assembles a data message and inserts its local sequence number in the data message prior to transmission of the data message to the other client nodes in the session.

Abstract: A method for updating a key in a secure group involves issuing an update request by a first member of the secure group, receiving the update request by a second member of the secure group, generating a first suggested revision number by the first member, generating a second suggested revision number by the second member in response to the update request, calculating a first send time by the first member using the first suggested revision number, calculating a second send time by the second member using the second suggested revision number, sending the first suggested revision number by the first member upon reaching the first send time if the first member is not blocked from sending, sending the second suggested revision number by the second member upon reaching the second send time if the second member is not blocked from sending, receiving the first suggested revision number by the second member, comparing the first suggested revision number to the second suggested revision number by the second member, bloc

Abstract: One embodiment of the present invention provides a system that performs content screening on a message that is protected by end-to-end encryption. The system operates by receiving an encrypted message and an encrypted message key at a destination from a source; the encrypted message having been formed by encrypting the message with a message key; the encrypted message key having been formed by encrypting the message key. The destination forwards the message to a content screener in a secure manner, and allows the content screener to screen the message to determine whether the message satisfies a screening criterion. If the message satisfies the screening criterion, the destination receives a communication from the content screener that enables the destination to process the message. In one embodiment of the present invention, the system decrypts the encrypted message key at the destination to restore the message key, and forwards the message key along with the encrypted message to the content screener.

Abstract: A system and method for adding routing information for a node to a routing table, which efficiently makes necessary changes to the routing table to support routing to and from the node, while maintaining the deadlock-free quality of the paths described by the routing table. The routing table is generated by storing routing information in the routing table that reflects and describes a deadlock-free set of paths through a network of nodes. A row of entries is added to the routing table describing how to forward data units from the node. A column of entries is added to the routing table describing how to forward data units addressed to the node. The forwarding information within each entry added to the routing table maintains the deadlock-free quality of the set of paths represented by the forwarding table.

Abstract: A distributed system and method for generating “layered routes.” The layered routes generated by the disclosed system reflect a layered representation of the network. By operating in accord with the layered representation of the network, the disclosed system provides deadlock-free routes. The layered representation consists of an ordered set of layers, where each layer is a deadlock-free sub-topology of the network. In determining routes using links from different layers, the links used in each route are constrained to be taken from layers of non-decreasing order as the route extends from source to destination.

Abstract: Protocols that provide more efficient operation in dynamic and heterogeneous networking environments are defined. The protocols present a range of levels of error control and sequence order control. Traffic in a link between neighboring network devices is segregated into flows. Each flow is managed in accordance with a selected protocol. It is possible to simultaneously employ different protocols for respective flows within the link.

Abstract: A system includes at least one resource, such as a computer, and a high-security authentication device, the at least one resource being selectively utilizable by an operator. The high-security authentication device is configured to perform an authentication operation in connection with a prospective operator and generate a credential for the prospective operator if it authenticates the prospective operator. The at least one resource is configured to, in response to the prospective operator attempting to utilize the resource, initiate an operator authentication verification operation using the credential to attempt to verify the authentication of the operator, and allow the prospective operator to utilize the at least one resource in response to the operator authentication verification operation.