Patents by Inventor Michael Aalders
Michael Aalders has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9521063Abstract: The present invention advantageously provides a method, system and apparatus for aggregating multiple site-specific routes, by determining a first aggregate-aware route that includes a prefix of a site-specific address and a prefix length of an aggregate route address of a first service provider. The method and system can be implemented as an enhancement to existing IP protocols such as BGP and other inter-domain routing protocols. The method and apparatus may further include applying a routing protocol policy in which an aggregate route may serve as a proxy for an aggregate-aware route when the address of the aggregate route matches the address of the aggregate-aware route. The method and system may yet further include determining a second aggregate-aware route that includes the prefix of the aggregate route address of the first service provider and a prefix length of a second aggregate route address of a second service provider.Type: GrantFiled: August 23, 2006Date of Patent: December 13, 2016Assignee: Avaya Inc.Inventors: Dwight Jameson, Michael Aalders, Patrik Lahti
-
Publication number: 20150058989Abstract: A method of defending against a denial-of-service (DoS) attack on an IPv6 neighbor cache includes steps of determining a number of neighbor cache entries currently stored in the neighbor cache and then determining whether the number of entries exceeds a neighbor cache threshold that is less than a neighbor cache limit defining a maximum capacity of the neighbor cache. When the number of entries in the neighbor cache exceeds the neighbor cache threshold, stateless neighbor resolution is triggered. Stateless neighbor resolution entails sending a neighbor solicitation to resolve an address for an incoming packet without logging a corresponding entry in the neighbor cache. Additional techniques that complement the above method involve purging of neighbor cache entries designated as incomplete, prioritization of the entries based on trustworthiness, shortening the incomplete-status timer to less than 3 seconds, and curtailing the number of retransmissions of the neighbor solicitations.Type: ApplicationFiled: October 2, 2014Publication date: February 26, 2015Inventors: Patrik LAHTI, Michael AALDERS
-
Patent number: 8869278Abstract: A method of defending against a denial-of-service (DoS) attack on an IPv6 neighbor cache includes steps of determining a number of neighbor cache entries currently stored in the neighbor cache and then determining whether the number of entries exceeds a neighbor cache threshold that is less than a neighbor cache limit defining a maximum capacity of the neighbor cache. When the number of entries in the neighbor cache exceeds the neighbor cache threshold, stateless neighbor resolution is triggered. Stateless neighbor resolution entails sending a neighbor solicitation to resolve an address for an incoming packet without logging a corresponding entry in the neighbor cache. Additional techniques that complement the above method involve purging of neighbor cache entries designated as incomplete, prioritization of the entries based on trustworthiness, shortening the incomplete-status timer to less than 3 seconds, and curtailing the number of retransmissions of the neighbor solicitations.Type: GrantFiled: March 15, 2012Date of Patent: October 21, 2014Assignee: Bockstar Technologies LLCInventors: Patrik Lahti, Michael Aalders
-
Publication number: 20140215221Abstract: In a hitless manual cryptographic key refresh scheme, a state machine is independently maintained at each network node. The state machine includes a first state, a second state, and a third state. In the first state, which is the steady state, a current cryptographic key is used both for generating signatures for outgoing packets and for authenticating signatures of incoming packets. In the second state, which is entered when a new cryptographic key is provisioned, the old (i.e. formerly current) key is still used for generating signatures for outgoing packets, however one or, if necessary, both of the old key and the newly provisioned key is used for authenticating signatures of incoming packets. In the third state, the new key is used for generating signatures for outgoing packets and either one or both of the old key and new key are used for authenticating signatures of incoming packets.Type: ApplicationFiled: December 18, 2013Publication date: July 31, 2014Applicant: ROCKSTAR CONSORTIUM US LPInventors: RICHARD GAUVREAU, MICHAEL AALDERS, KIM EDWARDS
-
Patent number: 8631228Abstract: In a hitless manual cryptographic key refresh scheme, a state machine is independently maintained at each network node. The state machine includes a first state, a second state, and a third state. In the first state, which is the steady state, a current cryptographic key is used both for generating signatures for outgoing packets and for authenticating signatures of incoming packets. In the second state, which is entered when a new cryptographic key is provisioned, the old (i.e. formerly current) key is still used for generating signatures for outgoing packets, however one or, if necessary, both of the old key and the newly provisioned key is used for authenticating signatures of incoming packets. In the third state, the new key is used for generating signatures for outgoing packets and either one or both of the old key and new key are used for authenticating signatures of incoming packets.Type: GrantFiled: November 18, 2011Date of Patent: January 14, 2014Assignee: Rockstar Consortium US LPInventors: Richard Gauvreau, Michael Aalders, Kim Edwards
-
Publication number: 20120180130Abstract: A method of defending against a denial-of-service (DoS) attack on an IPv6 neighbor cache includes steps of determining a number of neighbor cache entries currently stored in the neighbor cache and then determining whether the number of entries exceeds a neighbor cache threshold that is less than a neighbor cache limit defining a maximum capacity of the neighbor cache. When the number of entries in the neighbor cache exceeds the neighbor cache threshold, stateless neighbor resolution is triggered. Stateless neighbor resolution entails sending a neighbor solicitation to resolve an address for an incoming packet without logging a corresponding entry in the neighbor cache. Additional techniques that complement the above method involve purging of neighbor cache entries designated as incomplete, prioritization of the entries based on trustworthiness, shortening the incomplete-status timer to less than 3 seconds, and curtailing the number of retransmissions of the neighbor solicitations.Type: ApplicationFiled: March 15, 2012Publication date: July 12, 2012Applicant: NORTEL NETWORKS LIMITEDInventors: Patrik LAHTI, Michael AALDERS
-
Patent number: 8161549Abstract: A method of defending against a denial-of-service (DoS) attack on an IPv6 neighbor cache includes steps of determining a number of neighbor cache entries currently stored in the neighbor cache and then determining whether the number of entries exceeds a neighbor cache threshold that is less than a neighbor cache limit defining a maximum capacity of the neighbor cache. When the number of entries in the neighbor cache exceeds the neighbor cache threshold, stateless neighbor resolution is triggered. Stateless neighbor resolution entails sending a neighbor solicitation to resolve an address for an incoming packet without logging a corresponding entry in the neighbor cache. Additional techniques that complement the above method involve purging of neighbor cache entries designated as incomplete, prioritization of the entries based on trustworthiness, shortening the incomplete-status timer to less than 3 seconds, and curtailing the number of retransmissions of the neighbor solicitations.Type: GrantFiled: November 17, 2005Date of Patent: April 17, 2012Inventors: Patrik Lahti, Michael Aalders
-
Publication number: 20120066491Abstract: In a hitless manual cryptographic key refresh scheme, a state machine is independently maintained at each network node. The state machine includes a first state, a second state, and a third state. In the first state, which is the steady state, a current cryptographic key is used both for generating signatures for outgoing packets and for authenticating signatures of incoming packets. In the second state, which is entered when a new cryptographic key is provisioned, the old (i.e. formerly current) key is still used for generating signatures for outgoing packets, however one or, if necessary, both of the old key and the newly provisioned key is used for authenticating signatures of incoming packets. In the third state, the new key is used for generating signatures for outgoing packets and either one or both of the old key and new key are used for authenticating signatures of incoming packets.Type: ApplicationFiled: November 18, 2011Publication date: March 15, 2012Applicant: NORTEL NETWORKS LIMITEDInventors: RICHARD GAUVREAU, MICHAEL AALDERS, KIM EDWARDS
-
Patent number: 8082441Abstract: In a hitless manual cryptographic key refresh scheme, a state machine is independently maintained at each network node. The state machine includes a first state, a second state, and a third state. In the first state, which is the steady state, a current cryptographic key is used both for generating signatures for outgoing packets and for authenticating signatures of incoming packets. In the second state, which is entered when a new cryptographic key is provisioned, the old (i.e. formerly current) key is still used for generating signatures for outgoing packets, however one or, if necessary, both of the old key and the newly provisioned key is used for authenticating signatures of incoming packets. In the third state, the new key is used for generating signatures for outgoing packets and either one or both of the old key and new key are used for authenticating signatures of incoming packets.Type: GrantFiled: June 10, 2009Date of Patent: December 20, 2011Assignee: Nortel Networks LimitedInventors: Richard Gauvreau, Michael Aalders, Kim Edwards
-
Publication number: 20090282237Abstract: In a hitless manual cryptographic key refresh scheme, a state machine is independently maintained at each network node. The state machine includes a first state, a second state, and a third state. In the first state, which is the steady state, a current cryptographic key is used both for generating signatures for outgoing packets and for authenticating signatures of incoming packets. In the second state, which is entered when a new cryptographic key is provisioned, the old (i.e. formerly current) key is still used for generating signatures for outgoing packets, however one or, if necessary, both of the old key and the newly provisioned key is used for authenticating signatures of incoming packets. In the third state, the new key is used for generating signatures for outgoing packets and either one or both of the old key and new key are used for authenticating signatures of incoming packets.Type: ApplicationFiled: June 10, 2009Publication date: November 12, 2009Inventors: Richard Gauvreau, Michael Aalders, Kim Edwards
-
Patent number: 7581093Abstract: In a hitless manual cryptographic key refresh scheme, a state machine may be independently maintained at each network node. The state machine may include a first state, a second state, and a third state. In the first state, which may be the steady state, a current cryptographic key may be used both for generating signatures for outgoing packets and for authenticating signatures of incoming packets. In the second state, which is entered when a new cryptographic key is provisioned, the old (i.e. formerly current) key may still be used for generating signatures for outgoing packets, however one or, if necessary, both of the old key and the newly provisioned key may be used for authenticating signatures of incoming packets. In the third state, the new key may be used for generating signatures for outgoing packets and either one or both of the old key and new key may be used for authenticating signatures of incoming packets.Type: GrantFiled: December 22, 2003Date of Patent: August 25, 2009Assignee: Nortel Networks LimitedInventors: Richard Gauvreau, Michael Aalders, Kim Edwards
-
Publication number: 20080049717Abstract: The present invention advantageously provides a method, system and apparatus for aggregating multiple site-specific routes, by determining a first aggregate-aware route that includes a prefix of a site-specific address and a prefix length of an aggregate route address of a first service provider. The method and system can be implemented as an enhancement to existing IP protocols such as BGP and other inter-domain routing protocols. The method and apparatus may further include applying a routing protocol policy in which an aggregate route may serve as a proxy for an aggregate-aware route when the address of the aggregate route matches the address of the aggregate-aware route. The method and system may yet further include determining a second aggregate-aware route that includes the prefix of the aggregate route address of the first service provider and a prefix length of a second aggregate route address of a second service provider.Type: ApplicationFiled: August 23, 2006Publication date: February 28, 2008Inventors: Dwight Jamieson, Michael Aalders, Patrik Lahti
-
Publication number: 20070130427Abstract: A method of defending against a denial-of-service (DoS) attack on an IPv6 neighbor cache includes steps of determining a number of neighbor cache entries currently stored in the neighbor cache and then determining whether the number of entries exceeds a neighbor cache threshold that is less than a neighbor cache limit defining a maximum capacity of the neighbor cache. When the number of entries in the neighbor cache exceeds the neighbor cache threshold, stateless neighbor resolution is triggered. Stateless neighbor resolution entails sending a neighbor solicitation to resolve an address for an incoming packet without logging a corresponding entry in the neighbor cache. Additional techniques that complement the above method involve purging of neighbor cache entries designated as incomplete, prioritization of the entries based on trustworthiness, shortening the incomplete-status timer to less than 3 seconds, and curtailing the number of retransmissions of the neighbor solicitations.Type: ApplicationFiled: November 17, 2005Publication date: June 7, 2007Applicant: Nortel Networks LimitedInventors: Patrik Lahti, Michael Aalders
-
Publication number: 20050138352Abstract: In a hitless manual cryptographic key refresh scheme, a state machine is independently maintained at each network node. The state machine includes a first state, a second state, and a third state. In the first state, which is the steady state, a current cryptographic key is used both for generating signatures for outgoing packets and for authenticating signatures of incoming packets. In the second state, which is entered when a new cryptographic key is provisioned, the old (i.e. formerly current) key is still used for generating signatures for outgoing packets, however one or, if necessary, both of the old key and the newly provisioned key is used for authenticating signatures of incoming packets. In the third state, the new key is used for generating signatures for outgoing packets and either one or both of the old key and new key are used for authenticating signatures of incoming packets.Type: ApplicationFiled: December 22, 2003Publication date: June 23, 2005Inventors: Richard Gauvreau, Michael Aalders, Kim Edwards
-
Publication number: 20050002333Abstract: An emulated multi-QoS link provides an application-level Connection (e.g. a Multi-Protocol Label Switching (MPLS) E-LSP) with the capability of receiving or transmitting messages of various QoS levels over an interconnection employing a connection-oriented protocol (e.g. ATM) at the data link layer. The emulated multi-QoS link may provide the application managing the application-level Connection (e.g. MPLS) with a control plane Application Programming Interface (API) like that of a multi-QoS link which may provide link status based on the status of underlying connections at the data link layer. The connection-oriented or non connection-oriented nature of the data link layer protocol is transparent to an application instance using the emulated multi-QoS link. Advantageously, emulated multi-QoS links may simplify merging in the case where the application is MPLS.Type: ApplicationFiled: June 18, 2003Publication date: January 6, 2005Inventors: Michael Aalders, Kim Edwards, Dwight Jamieson