Abstract: A method of detecting congestion in a computer network uses a receiving station which determines a first number of messages missing in a first acknowledgment window. The station then determines a second number of messages missing in a subsequent acknowledgement window. The station then measures congestion on the network in response to an increase in the number of missing messages as indicated by the first number of missing messages in the first acknowledgement window and the second number of missing messages in the second acknowledgement window.

Abstract: A method and system for providing limited access privileges with an untrusted terminal allows a user to perform privileged operations between the untrusted terminal and a remote terminal in a controlled manner. The user can establish a secure communications channel between the untrusted terminal and a credentials server to receive credentials therefrom. Once the user receives the credentials, the secure communications channel is closed. The user can then use the credentials to perform privileged operations on a remote terminal through the untrusted terminal. The remote terminal knows to grant the user limited privileges based on information included in the credentials. The effects of malicious actions by the untrusted terminal are limited and controlled.

Abstract: Receiver stations located close together in a computer network dynamically form a multicast repair tree by a plurality of receiver stations choosing a repair head station from among the closely located receiver stations. A receiver station calculates its distance from a repair head station by subtracting the decremented TTL value read from the IP header from the initial value of the TTL parameter carried in field TTL SCOPE of HELLO messages, transmitted by repair head stations. Using a criteria that a closer repair head station is a more optimum repair head station, receiver stations listen to each received HELLO message, calculate the distance to the repair head station, and reaffiliate with the closest repair head station.

Abstract: A multicast repair tree is established, the repair tree having one sender station and a plurality of repair head stations. A repair head station has an affiliated group of member stations. A repair head station retransmits a lost message to its affiliated group of member stations upon receipt from a member station of a NACK message indicating that the selected message was not received. Acknowledgment windows (ACK windows) are established in a member station for transmission of ACK or NACK message by the member station. A number of messages transmitted by the sender station during a transmission window is established. Also a same size of ACK window is established in the receiving stations, with a slot in the ACK window corresponding to each message transmitted by the repair head station. Each receiving station is assigned a slot in the ACK window during which time that receiving station transmits its ACK or NACK messages.

Abstract: A network includes routers which route message packets among devices, thereby to facilitate transfer of information thereamong. Each router node makes use of routing information that identifies, inter alia, addresses and address ranges for which other router nodes are responsible, that the respective router node uses in routing a message packet that it receives. Each router node, through a negotiation operation with other router nodes, attempts to aggregate addresses for which it is responsible into one or more address ranges which do not overlap with addresses for which the other router nodes are responsible, and provides the address range(s), along with addresses for which it is responsible which could not be so aggregated, to the other router nodes for use as their routing information. Several methodologies are described for use in connection with the negotiation operations.

Abstract: A method and system for evaluating a set of credentials that includes at least one group credential and that may include one or more additional credentials. A trust rating is provided in association with the at least one group credential within the set of credentials and trust ratings may also be provided in other credentials within the set of credentials. Each trust rating provides an indication of the level of confidence in the information being certified in the respective credential. In response to a request for access to a resource or service, an evaluation of the group credentials is performed by an access control program to determine whether access to the requested resource or service should be provided. In one embodiment, within any given certification path a composite trust rating for the respective path is determined. An overall trust rating for the set of credentials is determined based upon the composite trust ratings.

Abstract: A method and apparatus for performing ephemeral communication and assuring that an ephemeral decryption key is not accessible subsequent to an expiration time associated with the respective key. An ephemeral key pair is preferably generated within a tamper resistant cryptographic processor unit. The ephemeral key pair comprises and ephemeral encryption key and an ephemeral decryption key. The ephemeral decryption key is prevented from being accessed external of the tamper resistant cryptographic processor unit. Ephemeral messages encrypted using an ephemeral encryption key are decrypted by the cryptographic processor unit if associated with a time that precedes the expiration time for the respective ephemeral decryption key. A decrypted ephemeral message is prevented from being transmitted from the cryptographic processor unit in the event a time associated with a received encrypted ephemeral message is subsequent to the expiration time for the respective ephemeral key pair.

Abstract: An embodiment consistent with the present invention includes a method and apparatus for distributing multicast data. The method may be performed by a data processor and comprises the steps of forming a multicast repair tree including a sender, a plurality of heads, and a plurality of receivers, wherein at least one head is associated with the sender and at least one receiver is associated with the head; sending, by a sender to the plurality of heads and the plurality of receivers, a plurality of multicast messages at a data rate; receiving, by the sender from one of the plurality of heads, a congestion status associated with a receiver of the head; and slowing the data rate, by the sender, in accordance with the congestion status.

Abstract: A method and apparatus to allow a key manager node in a network to initiate the process of changing a group key for all nodes in a multicasting group. In the described embodiment, the key manager node initiates changing the group key by setting an indicator in a multicast packet. The indicator indicates that each of the nodes in the multicast group should obtain a new group key from the key manager node. The key manager node sets the indicator whenever the key manager node determines that the nodes in the group need to change their key. The nodes in the multicast group then obtain a key from the key manager node. In one embodiment of the present invention, the key manager node sends the group key to the members of the group and, once all nodes in the group have received their key, sends an indicator that the group members should start using the new keys. In another embodiment, the key manager node sends the new key to the group, along with instructions specifying when the new key is to take effect.

Abstract: A method and apparatus for identifying an applicant as a member of a group without explicitly listing all possible applicants. A test is defined which specifies the criteria for group membership. The test definition and an optional group identifier code are supplied to a criterion generator. The criterion generator generates an authenticated message based, at least in part, upon said test definition. The authenticated message is delivered to one or more criterion evaluators that verify the authenticated message. In one embodiment, once the authenticated message has been verified, the applicant for access to a resource presents a credential to the criterion evaluator. If the credential satisfies the test definition, the applicant is granted access to the specified resource and denied access if the credential does not satisfy the test definition.

Abstract: An authentication method and process are provided. One aspect of the process of the present invention includes authorizing a first on-line revocation server (OLRS) to provide information concerning certificates issued by a certificate authority (CA) that have been revoked. If the first OLRS is compromised, a second OLRS is authorized to provide certificate revocation information, but certificates issued by the CA remain valid unless indicated by the second OLRS to be revoked.

Abstract: A base node of a computer network sends concurrent TTL query messages using multicast to other receiving nodes of the computer network. Each of the TTL query messages has a different time-to-live (TTL) parameter value and records the TTL parameter of the TTL query message into a message body. The receiving nodes receive one or more of the TTL query messages, namely, those TTL query messages whose TTL parameter values are sufficient to allow the TTL query message to reach the receiving node. Each receiving node can determine the TTL distance to the receiving node from the base node by determining the lowest TTL parameter value of all TTL query messages which reached the receiving node. Each receiving node communicates the TTL distance by sending to the base node a TTL query response message which indicates, in the message body, the least TTL parameter value of all TTL query messages received by the receiving node.

Abstract: An embodiment consistent with the present invention includes a method and apparatus for forming a multicast repair tree. The method may be performed by a data processor and comprises the steps of determining, for each of a plurality of potential heads in a multicast group, a ranking value associated with the potential head; advertising, by the potential heads to a plurality of potential receivers; prioritizing, by a potential receiver, the ranking values from the potential heads; and binding, by a potential receiver to the head having the highest ranking value, thereby forming a group of which the potential receiver is a member and the potential head is the head. The head may also be the sender. There may be a plurality of heads. The ranking values may include “able”, “unable”, “willing”, and “reluctant.” The ranking value of a potential head may be determined in accordance with a static or a dynamic configuration.

Abstract: A method and system for establishing a shared secret between a plurality of devices using an authentication token. An authentication token is used to establish a shared secret between a local device and a remote device to provide user authentication, data encryption, and integrity protection. The authentication token may be used in a variety of ways to authenticate a user. First, a time-synchronized authentication token can generate a first character string that is communicated to a workstation. The workstation can manipulate the first character string to generate a second character string and send the second character string to a server. The server then compares the second character string with a plurality of possible matching character string values and determines the first character string. In another implementation, a challenge from a server can be received and processed by a challenge-response authentication token to generate a character string.

Abstract: An embodiment consistent with the present invention includes a method and apparatus for distributing multicast data. The method may be performed by a data processor and comprises the steps of forming a multicast repair tree including a sender, a plurality of heads, and a plurality of receivers, wherein at least one head is associated with the sender and at least one receiver is associated with the head; sending, by a sender to the plurality of heads and the plurality of receivers, a plurality of multicast messages at a data rate; receiving, by the sender from one of the plurality of heads, a congestion status associated with a receiver of the head; and slowing the data rate, by the sender, in accordance with the congestion status.

Abstract: Determination of a Time To Live ("TTL") hop count for repair data units transmitted from a repair head to a standard destination device in a communications network is facilitated for multicast transmission. The repair head destination device monitors the path between the repair head destination device and the standard destination devices by exchanging messages with the respective standard destination devices. The repair head transmits control messages to each destination device including a dispatched TTL value and an Internet Protocol ("IP") TTL value. If the control message fails to reach one of the standard destination devices, that standard destination device transmits a transmission failure indication to the repair head destination device. In response to the transmission failure indication the TTL value employed for the control message is increased.

Abstract: A secure communications arrangement is disclosed including a source device and a destination device interconnected by a network. The source device generates message packets for transfer to the destination device, each message packet including information in ciphertext form. The source device generates the ciphertext from plaintext in accordance with the cipher block chaining mode, using an initialization vector that is generated using a hash function selected so that small changes in an input result in large changes in the initialization vector. As a result values such as sequence numbers or time stamps can be used in generating the initialization vector, while still providing for cryptographic security for the ciphertext as against cryptanalytic attack. The destination device receives the message packet and decrypts the ciphertext to generate plaintext in accordance with the cipher block chaining mode, using an initialization vector that is generated using the corresponding hash function.