公开(公告)号：US20070201513A1

公开(公告)日：2007-08-30

申请号：US11364698

申请日：2006-02-28

申请人： Thomas Anderson ,  Igor Faynberg ,  Hui-Lan Lu

发明人： Thomas Anderson ,  Igor Faynberg ,  Hui-Lan Lu

IPC分类号： H04J3/22

CPC分类号： H04L47/822 ,  H04L47/2408 ,  H04L47/70 ,  H04L47/724 ,  H04L47/781 ,  H04L47/783 ,  H04L47/801

摘要： The present invention specifies the mechanism for supporting end-to-end quality of service (QoS) reservations for an implicit reservations model using a Resource and Admission Control Function (RACF) apparatus. The invention teaches how to implement implicit resource reservations using the open-standard Resource and Admission Control Function (RACF), which is being standardized in ITU-T. Several methods are covered: 1) With a first method, a general distributed approach has been specified. 2) For a second method, the terminating RACF keeps the state of the reservations, so the resulting protocol is relatively simple, robust, and easy to implement. 3) A third method, which can be based on either of the above methods or their combination, starts reservations at both, the terminating and originating RACF ends and works toward the meet-me point.

摘要翻译： 本发明使用资源和接纳控制功能（RACF）装置来规定用于支持隐式预约模型的端到端服务质量（QoS）预留的机制。 本发明教导了如何使用正在ITU-T中标准化的开放标准资源和准入控制功能（RACF）来实现隐式资源预留。 涵盖了几种方法：1）采用第一种方法，指定了一种通用的分布式方法。 2）对于第二种方法，终止RACF保留保留状态，因此生成的协议相对简单，稳健，易于实现。 3）可以基于上述任一方法或其组合的第三种方法在终止和起始RACF两端启动预留，并且朝向会议点工作。

公开(公告)号：US20120303571A1

公开(公告)日：2012-11-29

申请号：US13116263

申请日：2011-05-26

申请人： Igor Faynberg ,  Hui-Lan Lu

发明人： Igor Faynberg ,  Hui-Lan Lu

IPC分类号： G06N5/02

CPC分类号： G06F9/4881 ,  G06F21/31

摘要： Techniques are disclosed for optimally scheduling computations that involve multiple factors, the cost of evaluations and probabilities of success of which are known. For example, a methodology is provided for determining an optimal schedule of a multi-factor test in sub-quadratic time. While the methodology has wide ranging application, we illustrate a particular applicability to a security application involving multi-factor authentication in a cloud computing environment, as well as applicability to the contact center agent scheduling.

摘要翻译： 公开了技术来最佳地调度涉及多个因素的计算，评估的成本和成功的概率是已知的。 例如，提供了用于在亚二次时间内确定多因素测试的最佳调度的方法。 虽然该方法具有广泛的应用，但我们说明了在云计算环境中涉及多因素身份验证的安全应用程序的特殊适用性，以及对联络中心代理调度的适用性。

公开(公告)号：US08108677B2

公开(公告)日：2012-01-31

申请号：US11823620

申请日：2007-06-27

申请人： Thomas Wayne Anderson ,  Igor Faynberg ,  Hui Lan Lu ,  Zachary Zeltsan

发明人： Thomas Wayne Anderson ,  Igor Faynberg ,  Hui Lan Lu ,  Zachary Zeltsan

IPC分类号： H04L9/32 ,  H04L29/06

CPC分类号： H04L9/083 ,  H04L9/0891 ,  H04L9/3213 ,  H04L9/3297 ,  H04L63/126 ,  H04L63/1458

摘要： The invention that addresses the problem of authentication of the transport packet stream (which constitutes a flow within a session), which has been admitted into a managed packet network. Authentication and the subsequent policing of the flows supporting an identified client's authorized service prevent a large class of denial of service attacks described below. Specifically, the invention addresses two different matters: 1) key distribution and management 2) various forms of using a shared key for the authentication of transport packets on the user-to-network-interface (UNI).

摘要翻译： 本发明解决了已被允许进入被管理分组网络的传输分组流（其构成会话内的流）的认证问题。 支持识别的客户端授权服务的流的身份验证和后续管理可防止下面描述的大类拒绝服务攻击。 具体来说，本发明涉及两个不同的事项：1）密钥分发和管理2）用户到网络接口（UNI）上传输分组认证使用共享密钥的各种形式。

公开(公告)号：US09306871B2

公开(公告)日：2016-04-05

申请号：US11267356

申请日：2005-11-04

申请人： Igor Faynberg ,  Hui-Lan Lu

发明人： Igor Faynberg ,  Hui-Lan Lu

IPC分类号： G06F15/173 ,  H04L12/911 ,  H04L12/54 ,  H04L12/801

CPC分类号： H04L47/828 ,  H04L47/15 ,  H04L47/70 ,  H04L47/783

摘要： The present invention sets forth a methodology that allows involved processes to partition among themselves a pre-defined set of multi-type resources in a way that all processes end up satisfied with the outcome of the partitioning, and no central mediation for such partitioning is required. One exemplary embodiment of the invention sets forth a method of allocating multiple type resources among a distributed set of processes that includes the steps of selecting a process from the set of processes for partitioning the resources; partitioning the resources at the selected process; sharing results of the partitioning with others of the set of processes, wherein said other processes select a partition from the partitioned resources; the selected process being able to select a partition subsequent to the other processes having selected a partition. The method also repeats the above steps until all currently involved processes are satisfied by a selected partition of available resources. Additionally, if more than one process contends for the same partition, a next-in-line process not having been allocated resources repartitions remaining resources for selection by currently unsatisfied processes.

摘要翻译： 本发明提出了一种方法，其允许所涉及的过程以它们之间的方式将所有过程最终满足分区的结果的方式来分割预定义的多类型资源集合，并且不需要用于这种分区的中心调解 。 本发明的一个示例性实施例阐述了在分布式进程集合中分配多种类型资源的方法，该方法包括以下步骤：从用于划分资源的一组进程中选择一个进程; 在所选过程中划分资源; 与所述一组进程中的其他人共享分割的结果，其中所述其他进程从所述分区资源中选择分区; 所选择的进程能够在选择了分区的其他进程之后选择分区。 该方法还重复上述步骤，直到所有当前涉及的过程由可用资源的选定分区满足。 另外，如果多个进程针对相同的分区进行竞争，则未分配资源重新分区的下一个进程中的进程剩余资源供当前不满足进程选择。

公开(公告)号：US08973125B2

公开(公告)日：2015-03-03

申请号：US12790143

申请日：2010-05-28

申请人： Igor Faynberg ,  Hui-Lan Lu

发明人： Igor Faynberg ,  Hui-Lan Lu

IPC分类号： G06F15/16 ,  H04L29/06 ,  H04W12/06 ,  H04W88/16

CPC分类号： H04L63/0815 ,  H04L63/0853 ,  H04L63/102 ,  H04W12/06 ,  H04W88/16

摘要： In a communication network, assume a first computing device is an end user device, a second computing device is a gateway server, and a third computing device is an application server. A method comprises the following steps. The second computing device authenticates one or more packets received from the first computing device. The second computing device marks the one or more packets with a first-layer identity before routing the one or more packets toward the third computing device such that the third computing device is able to authenticate the one or more packets from the first computing device by confirming an association between the first-layer identity and a second-layer identity. For example, the first-layer identity may comprise a link layer identity assigned to the first computing device and the second-layer identity may comprise an application layer identity assigned to the first computing device.

摘要翻译： 在通信网络中，假设第一计算设备是终端用户设备，第二计算设备是网关服务器，第三计算设备是应用服务器。 一种方法包括以下步骤。 第二计算设备认证从第一计算设备接收的一个或多个分组。 在将一个或多个分组路由到第三计算设备之前，第二计算设备标记具有第一层身份的一个或多个分组，使得第三计算设备能够通过确认来验证来自第一计算设备的一个或多个分组 第一层身份与第二层身份之间的关联。 例如，第一层标识可以包括分配给第一计算设备的链路层标识，并且第二层标识可以包括分配给第一计算设备的应用层标识。

公开(公告)号：US08000233B2

公开(公告)日：2011-08-16

申请号：US11364698

申请日：2006-02-28

申请人： Thomas Wayne Anderson ,  Igor Faynberg ,  Hui-Lan Lu

发明人： Thomas Wayne Anderson ,  Igor Faynberg ,  Hui-Lan Lu

IPC分类号： G01R31/08 ,  H04J3/16

CPC分类号： H04L47/822 ,  H04L47/2408 ,  H04L47/70 ,  H04L47/724 ,  H04L47/781 ,  H04L47/783 ,  H04L47/801

摘要： A method and apparatus for supporting end-to-end quality of service (QoS) reservations for an implicit reservations model are provided. The invention teaches how to implement implicit resource reservations using the open-standard Resource and Admission Control Function (RACF). A request for resources for a given reservation between an originating and a terminating point in a network is received. A central controller for that domain processes the request for a given domain to determine whether routes for said reservation are available and whether necessary bandwidth for said reservation is available. An implicit reservation and a release of the bandwidth are respectively accomplished with a specific number of messages.If the routes and bandwidth are available, the reservation for the given domain is confirmed and the reservation request is passed to another central controller for a next domain having resources required to satisfy the reservation request.

摘要翻译： 提供了一种用于支持隐式预留模型的端到端服务质量（QoS）预留的方法和装置。 本发明教导了如何使用开放标准资源和接纳控制功能（RACF）来实现隐式资源预留。 接收对网络中的始发端点和终端点之间的给定预留的资源的请求。 该域的中央控制器处理给定域的请求以确定所述预留的路由是否可用以及所述预留的必要带宽是否可用。 分别使用特定数量的消息来实现带宽的隐式预留和释放。 如果路由和带宽可用，则确定给定域的预留，并且将预留请求传递给具有满足预留请求所需资源的下一个域的另一个中央控制器。

公开(公告)号：US20050203985A1

公开(公告)日：2005-09-15

申请号：US10835146

申请日：2004-04-29

申请人： Igor Faynberg ,  Hui-Lan Lu ,  Richard Perlman ,  Zachary Zeltsan

发明人： Igor Faynberg ,  Hui-Lan Lu ,  Richard Perlman ,  Zachary Zeltsan

IPC分类号： G06F13/00 ,  H04L12/58 ,  G06F15/16

CPC分类号： H04L51/12

摘要： The proposed invention solves the problem of spoofing the origin to create e-mail spam, virus distribution, and other abuse of the electronic mail. In particular, it solves a notoriously dangerous problem of distributing computer viruses via e-mail allegedly sent from friends, colleagues, and well-respected organizations. The proposed invention defines a comprehensive set of mechanisms and apparatus to reasonably ensure that an e-mail message—when received by an e-mail gateway, e-mail relay server, or the destination e-mail server—has originated at the location and sent by a person (or a program) specified in its “From:” field.

摘要翻译： 所提出的发明解决了欺骗起源的问题，以创建电子邮件垃圾邮件，病毒分发和其他滥用电子邮件。 特别是，它解决了一个非常危险的问题，通过电子邮件分发计算机病毒，据称是从朋友，同事和受人尊敬的组织发送的。 所提出的发明定义了一套全面的机制和装置，以合理地确保电子邮件消息（在由电子邮件网关，电子邮件中继服务器或目的地电子邮件服务器接收时）始发于该位置， 由其“From：”字段中指定的人员（或程序）发送。

公开(公告)号：US08776204B2

公开(公告)日：2014-07-08

申请号：US12723049

申请日：2010-03-12

申请人： Igor Faynberg ,  Hui-Lan Lu

发明人： Igor Faynberg ,  Hui-Lan Lu

IPC分类号： H04L29/06

CPC分类号： H04L63/0807 ,  G06F21/31 ,  G06F21/335 ,  G06F2221/2103 ,  G06F2221/2141 ,  H04L63/0884

摘要： In a communication network wherein a first computing device represents a resource owner and a second computing device represents a resource requestor, the resource owner detects an occurrence of an event, wherein the event occurrence represents a request to access one or more resources of the resource owner stored in a resource residence. The resource owner sends an authorization token to the resource requestor in response to the event occurrence, the authorization token serving as a proof of authorization delegated by the resource owner to be presented by the resource requestor to the resource residence so as to permit the resource requestor to access the one or more requested resources stored in the resource residence.

摘要翻译： 在其中第一计算设备表示资源所有者并且第二计算设备表示资源请求者的通信网络中，资源所有者检测事件的发生，其中事件发生表示访问资源所有者的一个或多个资源的请求 存储在资源住所。 资源所有者响应于事件发生向资源请求者发送授权令牌，授权令牌作为由资源所有者委托以由资源请求者呈现给资源驻留的授权证明，以允许资源请求者 以访问存储在资源住宅中的一个或多个所请求的资源。

公开(公告)号：US20110225643A1

公开(公告)日：2011-09-15

申请号：US12723049

申请日：2010-03-12

申请人： Igor Faynberg ,  Hui-Lan Lu

发明人： Igor Faynberg ,  Hui-Lan Lu

IPC分类号： H04L9/32

CPC分类号： H04L63/0807 ,  G06F21/31 ,  G06F21/335 ,  G06F2221/2103 ,  G06F2221/2141 ,  H04L63/0884

摘要： In a communication network wherein a first computing device represents a resource owner and a second computing device represents a resource requestor, the resource owner detects an occurrence of an event, wherein the event occurrence represents a request to access one or more resources of the resource owner stored in a resource residence. The resource owner sends an authorization token to the resource requestor in response to the event occurrence, the authorization token serving as a proof of authorization delegated by the resource owner to be presented by the resource requestor to the resource residence so as to permit the resource requestor to access the one or more requested resources stored in the resource residence.

摘要翻译： 在其中第一计算设备表示资源所有者并且第二计算设备表示资源请求者的通信网络中，资源所有者检测事件的发生，其中事件发生表示访问资源所有者的一个或多个资源的请求 存储在资源住所。 资源所有者响应于事件发生向资源请求者发送授权令牌，授权令牌作为由资源所有者委托以由资源请求者呈现给资源驻留的授权证明，以允许资源请求者 以访问存储在资源住宅中的一个或多个所请求的资源。

公开(公告)号：US20070124473A1

公开(公告)日：2007-05-31

申请号：US11267356

申请日：2005-11-04

申请人： Igor Faynberg ,  Hui-Lan Lu

发明人： Igor Faynberg ,  Hui-Lan Lu

IPC分类号： G06F15/173

CPC分类号： H04L47/828 ,  H04L47/15 ,  H04L47/70 ,  H04L47/783

摘要： The present invention sets forth a methodology that allows involved processes to partition among themselves a pre-defined set of multi-type resources in a way that all processes end up satisfied with the outcome of the partitioning, and no central mediation for such partitioning is required. One exemplary embodiment of the invention sets forth a method of allocating multiple type resources among a distributed set of processes that includes the steps of selecting a process from the set of processes for partitioning the resources; partitioning the resources at the selected process; sharing results of the partitioning with others of the set of processes, wherein said other processes select a partition from the partitioned resources; the selected process being able to select a partition subsequent to the other processes having selected a partition. The method also repeats the above steps until all currently involved processes are satisfied by a selected partition of available resources. Additionally, if more than one process contends for the same partition, a next-in-line process not having been allocated resources repartitions remaining resources for selection by currently unsatisfied processes.

摘要翻译： 本发明提出了一种方法，其允许所涉及的过程以它们之间的方式将所有过程最终满足分区的结果的方式来分割预定义的多类型资源集合，并且不需要用于这种分区的中心调解 。 本发明的一个示例性实施例阐述了在分布式进程集合中分配多种类型资源的方法，该方法包括以下步骤：从用于划分资源的一组进程中选择一个进程; 在所选过程中划分资源; 与所述一组进程中的其他人共享分割的结果，其中所述其他进程从所述分区资源中选择分区; 所选择的进程能够在选择了分区的其他进程之后选择分区。 该方法还重复上述步骤，直到所有当前涉及的过程由可用资源的选定分区满足。 另外，如果多个进程针对相同的分区进行竞争，则未分配资源重新分区的下一个进程中的进程剩余资源供当前不满足进程选择。