Patent application number | Description | Published |
20090282237 | HITLESS MANUAL CRYTOGRAPHIC KEY REFRESH IN SECURE PACKET NETWORKS - In a hitless manual cryptographic key refresh scheme, a state machine is independently maintained at each network node. The state machine includes a first state, a second state, and a third state. In the first state, which is the steady state, a current cryptographic key is used both for generating signatures for outgoing packets and for authenticating signatures of incoming packets. In the second state, which is entered when a new cryptographic key is provisioned, the old (i.e. formerly current) key is still used for generating signatures for outgoing packets, however one or, if necessary, both of the old key and the newly provisioned key is used for authenticating signatures of incoming packets. In the third state, the new key is used for generating signatures for outgoing packets and either one or both of the old key and new key are used for authenticating signatures of incoming packets. | 11-12-2009 |
20120066491 | HITLESS MANUAL CRYPTOGRAPHIC KEY REFRESH IN SECURE PACKET NETWORKS - In a hitless manual cryptographic key refresh scheme, a state machine is independently maintained at each network node. The state machine includes a first state, a second state, and a third state. In the first state, which is the steady state, a current cryptographic key is used both for generating signatures for outgoing packets and for authenticating signatures of incoming packets. In the second state, which is entered when a new cryptographic key is provisioned, the old (i.e. formerly current) key is still used for generating signatures for outgoing packets, however one or, if necessary, both of the old key and the newly provisioned key is used for authenticating signatures of incoming packets. In the third state, the new key is used for generating signatures for outgoing packets and either one or both of the old key and new key are used for authenticating signatures of incoming packets. | 03-15-2012 |
20120180130 | METHOD FOR DEFENDING AGAINST DENIAL-OF-SERVICE ATTACK ON THE IPV6 NEIGHBOR CACHE - A method of defending against a denial-of-service (DoS) attack on an IPv6 neighbor cache includes steps of determining a number of neighbor cache entries currently stored in the neighbor cache and then determining whether the number of entries exceeds a neighbor cache threshold that is less than a neighbor cache limit defining a maximum capacity of the neighbor cache. When the number of entries in the neighbor cache exceeds the neighbor cache threshold, stateless neighbor resolution is triggered. Stateless neighbor resolution entails sending a neighbor solicitation to resolve an address for an incoming packet without logging a corresponding entry in the neighbor cache. Additional techniques that complement the above method involve purging of neighbor cache entries designated as incomplete, prioritization of the entries based on trustworthiness, shortening the incomplete-status timer to less than 3 seconds, and curtailing the number of retransmissions of the neighbor solicitations. | 07-12-2012 |
20140215221 | HITLESS MANUAL CRYPTOGRAPHIC KEY REFRESH IN SECURE PACKET NETWORKS - In a hitless manual cryptographic key refresh scheme, a state machine is independently maintained at each network node. The state machine includes a first state, a second state, and a third state. In the first state, which is the steady state, a current cryptographic key is used both for generating signatures for outgoing packets and for authenticating signatures of incoming packets. In the second state, which is entered when a new cryptographic key is provisioned, the old (i.e. formerly current) key is still used for generating signatures for outgoing packets, however one or, if necessary, both of the old key and the newly provisioned key is used for authenticating signatures of incoming packets. In the third state, the new key is used for generating signatures for outgoing packets and either one or both of the old key and new key are used for authenticating signatures of incoming packets. | 07-31-2014 |
20150058989 | METHOD FOR DEFENDING AGAINST DENIAL-OF-SERVICE ATTACK ON THE IPV6 NEIGHBOR CACHE - A method of defending against a denial-of-service (DoS) attack on an IPv6 neighbor cache includes steps of determining a number of neighbor cache entries currently stored in the neighbor cache and then determining whether the number of entries exceeds a neighbor cache threshold that is less than a neighbor cache limit defining a maximum capacity of the neighbor cache. When the number of entries in the neighbor cache exceeds the neighbor cache threshold, stateless neighbor resolution is triggered. Stateless neighbor resolution entails sending a neighbor solicitation to resolve an address for an incoming packet without logging a corresponding entry in the neighbor cache. Additional techniques that complement the above method involve purging of neighbor cache entries designated as incomplete, prioritization of the entries based on trustworthiness, shortening the incomplete-status timer to less than 3 seconds, and curtailing the number of retransmissions of the neighbor solicitations. | 02-26-2015 |