Abstract: A method and apparatus for identifying a data message that is eligible for discard. A beacon node periodically transmits a beacon message to a plurality of client nodes communicatively coupled via a network. Each beacon message includes a beacon sequence number and preferably, the beacon sequence numbers are authenticated by the beacon, node. The client nodes, upon receipt of the beacon messages, verify the authenticity of the respective received beacon sequence numbers and generate a local sequence number derived from the received beacon sequence number. When one client in the session has data to transmit to another client in the session, the sending client assembles a data message and inserts its local sequence number in the data message prior to transmission of the data message to the other client nodes in the session.

Abstract: A method for updating a key in a secure group involves issuing an update request by a first member of the secure group, receiving the update request by a second member of the secure group, generating a first suggested revision number by the first member, generating a second suggested revision number by the second member in response to the update request, calculating a first send time by the first member using the first suggested revision number, calculating a second send time by the second member using the second suggested revision number, sending the first suggested revision number by the first member upon reaching the first send time if the first member is not blocked from sending, sending the second suggested revision number by the second member upon reaching the second send time if the second member is not blocked from sending, receiving the first suggested revision number by the second member, comparing the first suggested revision number to the second suggested revision number by the second member, bloc

Abstract: One embodiment of the present invention provides a system that performs content screening on a message that is protected by end-to-end encryption. The system operates by receiving an encrypted message and an encrypted message key at a destination from a source; the encrypted message having been formed by encrypting the message with a message key; the encrypted message key having been formed by encrypting the message key. The destination forwards the message to a content screener in a secure manner, and allows the content screener to screen the message to determine whether the message satisfies a screening criterion. If the message satisfies the screening criterion, the destination receives a communication from the content screener that enables the destination to process the message. In one embodiment of the present invention, the system decrypts the encrypted message key at the destination to restore the message key, and forwards the message key along with the encrypted message to the content screener.

Abstract: A system and method for adding routing information for a node to a routing table, which efficiently makes necessary changes to the routing table to support routing to and from the node, while maintaining the deadlock-free quality of the paths described by the routing table. The routing table is generated by storing routing information in the routing table that reflects and describes a deadlock-free set of paths through a network of nodes. A row of entries is added to the routing table describing how to forward data units from the node. A column of entries is added to the routing table describing how to forward data units addressed to the node. The forwarding information within each entry added to the routing table maintains the deadlock-free quality of the set of paths represented by the forwarding table.

Abstract: A distributed system and method for generating “layered routes.” The layered routes generated by the disclosed system reflect a layered representation of the network. By operating in accord with the layered representation of the network, the disclosed system provides deadlock-free routes. The layered representation consists of an ordered set of layers, where each layer is a deadlock-free sub-topology of the network. In determining routes using links from different layers, the links used in each route are constrained to be taken from layers of non-decreasing order as the route extends from source to destination.

Abstract: Protocols that provide more efficient operation in dynamic and heterogeneous networking environments are defined. The protocols present a range of levels of error control and sequence order control. Traffic in a link between neighboring network devices is segregated into flows. Each flow is managed in accordance with a selected protocol. It is possible to simultaneously employ different protocols for respective flows within the link.

Abstract: A system includes at least one resource, such as a computer, and a high-security authentication device, the at least one resource being selectively utilizable by an operator. The high-security authentication device is configured to perform an authentication operation in connection with a prospective operator and generate a credential for the prospective operator if it authenticates the prospective operator. The at least one resource is configured to, in response to the prospective operator attempting to utilize the resource, initiate an operator authentication verification operation using the credential to attempt to verify the authentication of the operator, and allow the prospective operator to utilize the at least one resource in response to the operator authentication verification operation.

Abstract: Data units are tunneled through topological restrictions that reside in a path between a first network device and a second network device. For example, a remote network device that resides outside of the domain of a multicast group obtains access to the multicast group by tunneling through the boundary of the domain. A proxy device within the domain functions as a member of the multicast group on behalf of the remote network device. Data units that are transmitted from the remote network device to the proxy device are tunneled to the multicast group via the proxy device. Data units that are transmitted from the multicast group to the proxy device are tunneled to the remote network device via the proxy device.

Abstract: One embodiment of the present invention provides a system that performs content screening on a message that is protected by end-to-end encryption. The system operates by receiving an encrypted message and an encrypted message key at a content screener from a firewall, the firewall having previously received the encrypted message and the encrypted message key from a source outside the firewall. The content screener decrypts the encrypted message key to restore the message key, and decrypts the encrypted message with the message key to restore the message. Next, the content screener screens the message to determine whether the message satisfies a screening criterion. If so, the system forwards the message to a destination within the firewall in a secure manner. In one embodiment of the present invention, the system decrypts the encrypted message key by sending the encrypted message key to the destination.

Abstract: One embodiment of the present invention provides a system that performs, content screening on a message that is protected by end-to-end encryption. The system operates by receiving an encrypted message at a firewall from a source outside of the firewall, the encrypted message having been formed by encrypting the message with a message key. In order to restore the message, the system procures the message key and decrypts the encrypted message with the message key. Next, the system screens the message within the firewall to determine whether the message satisfies a screening criterion. If so, the system allows a destination within the firewall to process the message. In one embodiment of the present invention, procuring the message key includes allowing the source and the destination to negotiate the message key, which is then sent to the firewall.

Abstract: A system and method for calculating a deadlock-free set of paths in a network which generates an ordered set of deadlock-free sub-topologies, referred to as “layers.”The ordered set of layers is used to determine a deadlock-free set of paths through the network. The resulting paths allow data to be efficiently routed through the network without causing traffic to be disproportionately routed through any subset of links. Each of the deadlock-free layers may be any type of deadlock-free sub-topology. The generated ordering may be any arbitrary ordering of the layers. A shortest-path route calculation is performed with the following constraint: starting at any given layer, for each node, proceed to calculate a shortest path to every other node in the graph where at any node being utilized to assess a given minimum path, the path may move to any higher-ordered layer, but may never return to a lower ordered layer. In this way, within each layer, a path moves through a tree and thus avoids deadlock.

Abstract: A method and apparatus that constructs a “router database” and then uses the database to determine a longest match between a piece of target data, such as an address in a packet to be routed, and the database. The database contains a comparison table having a plurality of entries. In a first embodiment, each entry has up to k values, where 2<=k<=N, where N is a number of comparison values in the database. In a second embodiment, each entry has up to k−1 values. During operation, various ones of the comparison table entries are loaded and compared to the address to determine a longest matching prefix in the router database. The comparison can be done in parallel.

Abstract: A method of detecting congestion in a computer network uses a receiving station which determines a first number of messages missing in a first acknowledgment window. The station then determines a second number of messages missing in a subsequent acknowledgement window. The station then measures congestion on the network in response to an increase in the number of missing messages as indicated by the first number of missing messages in the first acknowledgement window and the second number of missing messages in the second acknowledgement window.

Abstract: A method and system for providing limited access privileges with an untrusted terminal allows a user to perform privileged operations between the untrusted terminal and a remote terminal in a controlled manner. The user can establish a secure communications channel between the untrusted terminal and a credentials server to receive credentials therefrom. Once the user receives the credentials, the secure communications channel is closed. The user can then use the credentials to perform privileged operations on a remote terminal through the untrusted terminal. The remote terminal knows to grant the user limited privileges based on information included in the credentials. The effects of malicious actions by the untrusted terminal are limited and controlled.

Abstract: Receiver stations located close together in a computer network dynamically form a multicast repair tree by a plurality of receiver stations choosing a repair head station from among the closely located receiver stations. A receiver station calculates its distance from a repair head station by subtracting the decremented TTL value read from the IP header from the initial value of the TTL parameter carried in field TTL SCOPE of HELLO messages, transmitted by repair head stations. Using a criteria that a closer repair head station is a more optimum repair head station, receiver stations listen to each received HELLO message, calculate the distance to the repair head station, and reaffiliate with the closest repair head station.

Abstract: A multicast repair tree is established, the repair tree having one sender station and a plurality of repair head stations. A repair head station has an affiliated group of member stations. A repair head station retransmits a lost message to its affiliated group of member stations upon receipt from a member station of a NACK message indicating that the selected message was not received. Acknowledgment windows (ACK windows) are established in a member station for transmission of ACK or NACK message by the member station. A number of messages transmitted by the sender station during a transmission window is established. Also a same size of ACK window is established in the receiving stations, with a slot in the ACK window corresponding to each message transmitted by the repair head station. Each receiving station is assigned a slot in the ACK window during which time that receiving station transmits its ACK or NACK messages.

Abstract: A method and apparatus for securely communicating ephemeral information from a first node to a second node. In a first embodiment, the first node encodes and transmits an ephemeral message encrypted at least in part with an ephemeral key, from the first node to the second node. Only the second node has available to it the information that is needed to achieve decryption by an ephemeral key server of a decryption key that is needed to decrypt certain encrypted payload information contained within the message communicated from the first node to the second node. In a second embodiment the first node transmits to the second node an ephemeral message that is encrypted at least in part with an ephemeral key. The ephemeral message includes enough information to permit the second node to communicate at least a portion of the message to an ephemeral key server and for the ephemeral key server to verify that the second node is an authorized decryption agent for the message.

Abstract: A network includes routers which route message packets among devices, thereby to facilitate transfer of information thereamong. Each router node makes use of routing information that identifies, inter alia, addresses and address ranges for which other router nodes are responsible, that the respective router node uses in routing a message packet that it receives. Each router node, through a negotiation operation with other router nodes, attempts to aggregate addresses for which it is responsible into one or more address ranges which do not overlap with addresses for which the other router nodes are responsible, and provides the address range(s), along with addresses for which it is responsible which could not be so aggregated, to the other router nodes for use as their routing information. Several methodologies are described for use in connection with the negotiation operations.

Abstract: One embodiment of the present invention provides a system that facilitates instant failover during packet routing by employing a flooding protocol to send packets between a source and a destination. Upon receiving a packet containing data at an intermediate node located between the source and the destination, the system determines whether the packet has been seen before at the intermediate node. If not, the system forwards the packet to neighboring nodes of the intermediate node. In one embodiment of the present invention, forwarding the packet to neighboring needs involves forwarding the packet to all neighboring nodes except the node from which the packet was received. In one embodiment of the present invention, determining whether the packet has been seen before involves examining a sequence number, SR, contained within the packet to determine whether the sequence number has been seen before.

Abstract: A system and method for shortening a certificate chain to form a collapsed certificate. The certificate chain comprises a plurality of linked certificates issued by a corresponding plurality of entities. The certificate chain extends from a first entity, through at least one intermediate entity, to a target entity associated with certain predetermined information. The plurality of linked certificates in the certificate chain is converted by the first entity into a collapsed certificate that is signed by the first entity and includes the predetermined information and an identification of the at least one intermediate entity. By utilizing the collapsed certificate in place of the plurality of linked certificates in the certificate chain, bandwidth utilization within a network and certificate processing overhead are reduced.