Abstract: A technique for controlling access to a bridge connected to at least two networks, such that buffer memory requirements are minimized. For at least one target network of the two networks, two dynamic lists are maintained, to keep track of data packets received from the target network and not yet forwarded, and to keep track of data packets stored for forwarding to the target network, but not yet forwarded. The target network uses a half-duplex medium and a CSMA/CD (Carrier Sense Multiple Access with Collision Detection) protocol. The invention operates by adjusting network protocol parameters used in the target network, to either guarantee or deny priority to the target network in the event of a collision, based on the continually observed status of the two lists. One of the adjustments modifies a backoff value that determines the amount of time that the bridge device will wait, in the event of a collision, before attempting to retransmit a data packet.

Abstract: A two-phase commit protocol for a distributed transaction processing system employs the presumed-commit configuration, with the exception that the new presumed-commit protocol coordinator needs to force-write only a "commit" log record for committed transactions, not the previous force writing of two log records. In order to provide information needed to allow the coordinator to answer inquiries from subordinate processes following a crash or loss of communications, a technique for circumscribing the set of indeterminate transactions is employed. The transactions are numbered in increasing order, identified by a transaction ID (T.sub.-- ID). The commit protocol is not allowed to begin unless the transaction ID of the committing transaction is within some preselected range of numbers starting from the highest-numbered stably-recorded transaction ID.

Abstract: In a computer network, each pair of host computers that need to exchange data packets establish a single host-to-host encryption/decryption key. Then, whenever one host computer sends a data packet to the other host computer, it first forms a predefined logical combination of the established host-to-host key and the destination buffer index to which the data packet is being sent, and then uses the resulting value to encrypt the secure portions of the data packet. The destination buffer index is included in the data packet's header, which is not encrypted. When the receiving host computer receives the encrypted data packet, it reads the destination buffer index from the packet header, forms the same predefined logical combination of the established host-to-host key and the destination buffer index to generate a decryption key, and uses the computed decryption key to decrypt the secure portions of the received data packet.

Abstract: A distributed computer system has a number of computers coupled thereto at distinct nodes. The computer at each node of the distributed system has a trusted computing base that includes an authentication agent for authenticating requests received from principals at other nodes in the system. Requests are transmitted to servers as messages that include a first identifier provided by the requester and a second identifier provided by the authentication agent of the requester node. Each server process is provided with a local cache of authentication data that identifies requesters whose previous request messages have been authenticated. When a request is received, the server checks the request's first and second identifiers against the entries in its local cache. If there is a match, then the request is known to be authentic. Otherwise, the server node's authentication agent is called to obtain authentication credentials from the requester's node to authenticate the request message.