公开(公告)号：US09237015B2

公开(公告)日：2016-01-12

申请号：US14056038

申请日：2013-10-17

Applicant: Cisco Technology, Inc.

Inventor： David McGrew ,  John Foley

IPC: H04L9/32 ,  H04L9/30 ,  H04L29/06

CPC classification number: H04L63/123 ,  H04L9/30 ,  H04L63/0435 ,  H04L63/1466

Abstract: A method of providing anti-replay protection, authentication, and encryption with minimal data overhead is provided. A sender uses an arbitrary-length pseudorandom permutation to encrypt messages that include plaintext and successively increasing sequence numbers, to produce ciphertext messages. The sender transmits the ciphertext messages. A receiver receives the ciphertext messages and, for each received ciphertext message, performs the following operations. The receiver decrypts the given ciphertext message to recover plaintext and a candidate sequence number from the message. The receiver determines if the candidate sequence number is in any one of multiple acceptable sequence number windows having respective sequence number ranges that are based on at least one of a highest sequence number previously accepted and a last sequence number that was previously rejected, as established based on processing of previously received ciphertext messages.

Abstract translation: 提供了一种以最少数据开销提供反重放保护，认证和加密的方法。 发送方使用任意长度的伪随机排列来加密包括明文和连续增加的序列号的消息，以产生密文消息。 发送方发送密文消息。 接收者接收密文消息，对于每个收到的密文消息，执行以下操作。 接收机解密给定的密文消息，从消息中恢复明文和候选序列号。 接收机确定候选序列号是否在具有各自序列号范围的多个可接受的序列号窗口中的任何一个中，其具有基于先前被接受的最高序列号和先前拒绝的最后序列号中的至少一个， 对先前接收的密文消息进行处理。

公开(公告)号：US20150033014A1

公开(公告)日：2015-01-29

申请号：US14056038

申请日：2013-10-17

Applicant: Cisco Technology, Inc.

Inventor： David McGrew ,  John Foley

IPC: H04L9/30

CPC classification number: H04L63/123 ,  H04L9/30 ,  H04L63/0435 ,  H04L63/1466

Abstract: A method of providing anti-replay protection, authentication, and encryption with minimal data overhead is provided. A sender uses an arbitrary-length pseudorandom permutation to encrypt messages that include plaintext and successively increasing sequence numbers, to produce ciphertext messages. The sender transmits the ciphertext messages. A receiver receives the ciphertext messages and, for each received ciphertext message, performs the following operations. The receiver decrypts the given ciphertext message to recover plaintext and a candidate sequence number from the message. The receiver determines if the candidate sequence number is in any one of multiple acceptable sequence number windows having respective sequence number ranges that are based on at least one of a highest sequence number previously accepted and a last sequence number that was previously rejected, as established based on processing of previously received ciphertext messages.

Abstract translation: 提供了一种以最少数据开销提供反重放保护，认证和加密的方法。 发送方使用任意长度的伪随机排列来加密包括明文和连续增加的序列号的消息，以产生密文消息。 发送方发送密文消息。 接收者接收密文消息，对于每个收到的密文消息，执行以下操作。 接收机解密给定的密文消息，从消息中恢复明文和候选序列号。 接收机确定候选序列号是否在具有各自序列号范围的多个可接受的序列号窗口中的任何一个中，其具有基于先前被接受的最高序列号和先前拒绝的最后序列号中的至少一个， 对先前接收的密文消息进行处理。

公开(公告)号：US20160255098A1

公开(公告)日：2016-09-01

申请号：US14963915

申请日：2015-12-09

Applicant: Cisco Technology, Inc.

Inventor： David McGrew ,  John Foley

IPC: H04L29/06

CPC classification number: H04L63/123 ,  H04L9/30 ,  H04L63/0435 ,  H04L63/1466

Abstract: A method of providing anti-replay protection, authentication, and encryption with minimal data overhead is provided. A sender uses an arbitrary-length pseudorandom permutation to encrypt messages that include plaintext and successively increasing sequence numbers, to produce ciphertext messages. The sender transmits the ciphertext messages. A receiver receives the ciphertext messages and, for each received ciphertext message, performs the following operations. The receiver decrypts the given ciphertext message to recover plaintext and a candidate sequence number from the message. The receiver determines if the candidate sequence number is in any one of multiple non-contiguous acceptable sequence number windows having respective sequence number ranges that are based on at least one of a highest sequence number previously accepted and a last sequence number that was previously rejected, as established based on processing of previously received ciphertext messages.

Abstract translation: 提供了一种以最少数据开销提供反重放保护，认证和加密的方法。 发送方使用任意长度的伪随机排列来加密包括明文和连续增加的序列号的消息，以产生密文消息。 发送方发送密文消息。 接收者接收密文消息，对于每个收到的密文消息，执行以下操作。 接收机解密给定的密文消息，从消息中恢复明文和候选序列号。 接收机确定候选序列号是否具有基于先前接受的最高序列号和先前拒绝的最后序列号中的至少一个的具有相应序列号范围的多个不连续可接受序列号窗口中的任一个， 如基于先前接收的密文消息的处理所建立的。

公开(公告)号：US20140344930A1

公开(公告)日：2014-11-20

申请号：US13896550

申请日：2013-05-17

Applicant: Cisco Technology, Inc.

Inventor： John Foley

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  H04L63/1475

Abstract: In one implementation, network taps are detected using impedance measurements from a network. A network device is configured to calculate a baseline impedance as a function of a sequence of impedance values. As impedance measurements subsequent to the sequence of impedance values are received, the network device is configured to calculate a difference between the impedance measurement and the baseline impedance. The network device generates a network tap warning message when the difference between the impedance measurement and the baseline impedance exceeds a threshold. The network device may be an endpoint computer, a data switch, or an external device remote from the network.

Abstract translation: 在一个实现中，使用来自网络的阻抗测量来检测网络抽头。 网络设备被配置为根据阻抗值序列来计算基线阻抗。 随着接收到阻抗值序列之后的阻抗测量，网络设备被配置为计算阻抗测量和基线阻抗之间的差异。 当阻抗测量和基线阻抗之间的差异超过阈值时，网络设备会生成网络点击警告消息。 网络设备可以是端点计算机，数据交换机或远离网络的外部设备。

公开(公告)号：US09674204B2

公开(公告)日：2017-06-06

申请号：US14963915

申请日：2015-12-09

Applicant: Cisco Technology, Inc.

Inventor： David McGrew ,  John Foley

IPC: G06F11/00 ,  H04L29/06 ,  H04L9/30

CPC classification number: H04L63/123 ,  H04L9/30 ,  H04L63/0435 ,  H04L63/1466

Abstract: A method of providing anti-replay protection, authentication, and encryption with minimal data overhead is provided. A sender uses an arbitrary-length pseudorandom permutation to encrypt messages that include plaintext and successively increasing sequence numbers, to produce ciphertext messages. The sender transmits the ciphertext messages. A receiver receives the ciphertext messages and, for each received ciphertext message, performs the following operations. The receiver decrypts the given ciphertext message to recover plaintext and a candidate sequence number from the message. The receiver determines if the candidate sequence number is in any one of multiple non-contiguous acceptable sequence number windows having respective sequence number ranges that are based on at least one of a highest sequence number previously accepted and a last sequence number that was previously rejected, as established based on processing of previously received ciphertext messages.

公开(公告)号：US09130984B2

公开(公告)日：2015-09-08

申请号：US13896550

申请日：2013-05-17

Applicant: Cisco Technology, Inc.

Inventor： John Foley

IPC: G06F11/00 ,  H04L29/06

CPC classification number: H04L63/1425 ,  H04L63/1475

Abstract: In one implementation, network taps are detected using impedance measurements from a network. A network device is configured to calculate a baseline impedance as a function of a sequence of impedance values. As impedance measurements subsequent to the sequence of impedance values are received, the network device is configured to calculate a difference between the impedance measurement and the baseline impedance. The network device generates a network tap warning message when the difference between the impedance measurement and the baseline impedance exceeds a threshold. The network device may be an endpoint computer, a data switch, or an external device remote from the network.

Abstract translation: 在一个实现中，使用来自网络的阻抗测量来检测网络抽头。 网络设备被配置为根据阻抗值序列来计算基线阻抗。 随着接收到阻抗值序列之后的阻抗测量，网络设备被配置为计算阻抗测量和基线阻抗之间的差异。 当阻抗测量和基线阻抗之间的差异超过阈值时，网络设备会生成网络点击警告消息。 网络设备可以是端点计算机，数据交换机或远离网络的外部设备。