公开(公告)号：EP2050001A4

公开(公告)日：2012-01-18

申请号：EP07798670

申请日：2007-06-15

Applicant: IBM

Inventor： LIU ZHEN ,  YANG HOA ,  YE FAN ,  XIA HONGUI

IPC: G06F17/30

CPC classification number: G06F17/30578 ,  Y10S707/99932 ,  Y10S707/99953 ,  Y10S707/99955

公开(公告)号：EP2035916A4

公开(公告)日：2012-06-20

申请号：EP07798187

申请日：2007-06-06

Applicant: IBM

Inventor： LIU ZHEN ,  YANG HAO ,  YE FAN

IPC: G06F17/30

CPC classification number: G06F17/30545

公开(公告)号：WO2008119672A2

公开(公告)日：2008-10-09

申请号：PCT/EP2008053325

申请日：2008-03-19

Applicant: IBM ,  IBM UK ,  LIU ZHEN ,  YANG HAO ,  YE FAN

Inventor： LIU ZHEN ,  YANG HAO ,  YE FAN

IPC: H04L29/06 ,  H04L12/22

CPC classification number: H04L63/1458 ,  H04L63/1466 ,  H04L2463/146 ,  H04W84/20

Abstract: A system and method for packet traceback in a network includes maintaining an identity number (ID) for each node in a network and generating a signature (e.g., a message authentication code (MAC)) using a secret key shared between each node on a forwarding path and a sink. Each forwarding node leaves a mark by appending its ID and a signature in the packet, either in a deterministic manner or with a probability. Upon receiving a packet at the sink, correctness of the signatures included in each packet is verified in the reverse order by which these signatures were appended. A last valid MAC is determined in the forwarding path to determine the locations of compromised nodes that collude in false data injection attacks.

Abstract translation: 用于网络中的数据包追溯的系统和方法包括维护网络中每个节点的身份号码（ID），并使用转发上的每个节点之间共享的密钥生成签名（例如，消息认证码（MAC）） 路径和水槽。 每个转发节点通过以确定性方式或以概率将其ID和签名附加在分组中来留下标记。 在接收器处接收到分组时，以附加这些签名的相反顺序来验证每个分组中包括的签名的正确性。 在转发路径中确定最后一个有效MAC，以确定在虚假数据注入攻击中并发的受损节点的位置。

公开(公告)号：WO2008119672A4

公开(公告)日：2009-03-26

申请号：PCT/EP2008053325

申请日：2008-03-19

Applicant: IBM ,  IBM UK ,  LIU ZHEN ,  YANG HAO ,  YE FAN

Inventor： LIU ZHEN ,  YANG HAO ,  YE FAN

IPC: H04L29/06 ,  H04L12/22

CPC classification number: H04L63/1458 ,  H04L63/1466 ,  H04L2463/146 ,  H04W84/20

Abstract: A system and method for packet traceback in a network includes maintaining an identity number (ID) for each node in a network and generating a signature (e.g., a message authentication code (MAC)) using a secret key shared between each node on a forwarding path and a sink. Each forwarding node leaves a mark by appending its ID and a signature in the packet, either in a deterministic manner or with a probability. Upon receiving a packet at the sink, correctness of the signatures included in each packet is verified in the reverse order by which these signatures were appended. A last valid MAC is determined in the forwarding path to determine the locations of compromised nodes that collude in false data injection attacks.

Abstract translation: 用于网络中的分组追踪的系统和方法包括：维护网络中的每个节点的身份号码（ID），并使用在转发中的每个节点之间共享的秘密密钥来生成签名（例如，消息认证码（MAC）） 路径和水槽。 每个转发节点通过以确定性方式或以概率在分组中附加其ID和签名来留下标记。 在接收器处接收到数据包后，每个数据包中包含的签名的正确性按照附加这些签名的相反顺序进行验证。 在转发路径中确定最后一个有效MAC，以确定在虚假数据注入攻击中共谋的被破坏节点的位置。

公开(公告)号：WO2014182571A3

公开(公告)日：2015-01-22

申请号：PCT/US2014036629

申请日：2014-05-02

Applicant: IBM

Inventor： BERMAN THOMAS ,  CALO SERAPHIN ,  SU LU ,  VYVYAN DAVID ,  YE FAN

IPC: H04L12/54 ,  H04L12/28 ,  H04L25/14

CPC classification number: H04L45/24

Abstract: In at least one embodiment, a method and a system include a node potentially having information responsive to an information request distributed into, for example, a federated coalition network where the node receives at least one information request packet, conducts a search of information at the node to determine if requested information is present, when the requested information is present, then the node sends an acknowledgement to a requesting node, linear network codes the requested information into m packets where m is greater than or equal to k, which is the number of packets needed to be received by the requesting node to reconstruct the requested information, selects multiple paths between the node and the requesting node such that no third party will see more than k -1 different packets, and transmits the m packets distributed over the selected paths.

Abstract translation: 在至少一个实施例中，方法和系统包括潜在地具有响应于分发到例如节点接收至少一个信息请求分组的联盟联盟网络的信息请求的信息的节点在 节点，以确定所请求的信息是否存在，当所请求的信息存在时，节点向请求节点发送确认，线性网络将请求的信息编码为m个分组，其中m大于或等于k，其是数字 需要由请求节点接收以重构所请求的信息的分组，选择节点和请求节点之间的多个路径，使得没有第三方将看到超过k -1个不同的分组，并且发送分布在所选择的 路径。

公开(公告)号：WO2008014062A2

公开(公告)日：2008-01-31

申请号：PCT/US2007071403

申请日：2007-06-15

Applicant: IBM ,  LIU ZHEN ,  YANG HOA ,  YE FAN ,  XIA HONGUI

Inventor： LIU ZHEN ,  YANG HOA ,  YE FAN ,  XIA HONGUI

IPC: G06F17/30

CPC classification number: G06F17/30578 ,  Y10S707/99932 ,  Y10S707/99953 ,  Y10S707/99955

Abstract: Methods and systems are provided for optimally trading off replication overhead and consistency levels in distributed data replication where nodes are organized in a hierarchy. The root node has the original data that need to be replicated at all other nodes, and the replicated copies have a freshness threshold that must be satisfied. The data are propagated through periodic updates in the hierarchy. Each node periodically sends data to its child nodes. Given the freshness threshold, an algorithm and its distributed protocol can determine the optimal update period for each link of the hierarchy such that the freshness threshold is satisfied for every node and the overall replication overhead is minimized. The systems and methods can be used in any scenario where replicated data have consistency requirements, such as in a replicate overlay assisted resource discovery system.

Abstract translation: 提供了方法和系统，用于最佳地折中分布式数据复制中的复制开销和一致性级别，其中节点被组织在层次结构中。 根节点具有需要在所有其他节点进行复制的原始数据，并且复制副本具有必须满足的新鲜度阈值。 数据通过层次结构中的定期更新进行传播。 每个节点周期性地向其子节点发送数据。 给定新鲜度阈值，算法及其分布式协议可以确定层次结构的每个链路的最佳更新周期，使得每个节点满足新鲜度阈值，并将整体复制开销最小化。 系统和方法可以在复制数据具有一致性要求的任何情况下使用，例如在复制覆盖辅助资源发现系统中。

公开(公告)号：WO2007149701A3

公开(公告)日：2008-11-06

申请号：PCT/US2007070544

申请日：2007-06-06

Applicant: IBM ,  LIU ZHEN ,  YANG HAO ,  YE FAN

Inventor： LIU ZHEN ,  YANG HAO ,  YE FAN

IPC: G06F7/00 ,  G06F17/30

CPC classification number: G06F17/30545

Abstract: Methods and systems are provided for identifying and allocating resources disposed within a plurality of distributed and autonomous computing systems, each of which may have its own legacy resource discovery service. Resource identification servers disposed within each one of the distributed computing systems communicate resource attribute data to a tree hierarchy of dedicated servers. The resource attribute data are maintained in native formats within the distributed computing systems and are mapped to a common format provided by the dedicated servers. The resource attribute data are aggregated at each node within the tree hierarchy, communicated up through the tree hierarchy to one or more root nodes and replicated down through all of the nodes. Additional system robustness is provided through period resource checks and resource attribute data updates. Resource allocation queries are submitted to any level node within the hierarchy and forwarded to the proper computing system for processing.

Abstract translation: 提供了用于识别和分配布置在多个分布式和自主计算系统内的资源的方法和系统，每个计算系统可以具有其自己的传统资源发现服务。 布置在分布式计算系统的每一个内的资源识别服务器将资源属性数据传送到专用服务器的树层。 资源属性数据以分布式计算系统内的本机格式进行维护，并映射到由专用服务器提供的通用格式。 资源属性数据在树层次结构中的每个节点进行聚合，通过树层次结构传递到一个或多个根节点，并通过所有节点进行复制。 通过周期资源检查和资源属性数据更新来提供额外的系统稳健性。 资源分配查询被提交到层次结构中的任何级节点，并转发到正确的计算系统进行处理。

公开(公告)号：BRPI0808619A2

公开(公告)日：2014-08-12

申请号：BRPI0808619

申请日：2008-03-19

Applicant: IBM

Inventor： LIU ZHEN ,  YANG HAO ,  YE FAN

IPC: H04L29/06 ,  H04L12/22

Abstract: A system and method for packet traceback in a network includes maintaining an identity number (ID) for each node in a network and generating a signature (e.g., a message authentication code (MAC)) using a secret key shared between each node on a forwarding path and a sink. Each forwarding node leaves a mark by appending its ID and a signature in the packet, either in a deterministic manner or with a probability. Upon receiving a packet at the sink, correctness of the signatures included in each packet is verified in the reverse order by which these signatures were appended. A last valid MAC is determined in the forwarding path to determine the locations of compromised nodes that collude in false data injection attacks.

公开(公告)号：AT511295T

公开(公告)日：2011-06-15

申请号：AT08718046

申请日：2008-03-19

Applicant: IBM

Inventor： LIU ZHEN ,  YANG HAO ,  YE FAN

IPC: H04L29/06 ,  H04L12/22

Abstract: A system and method for packet traceback in a network includes maintaining an identity number (ID) for each node in a network and generating a signature (e.g., a message authentication code (MAC)) using a secret key shared between each node on a forwarding path and a sink. Each forwarding node leaves a mark by appending its ID and a signature in the packet, either in a deterministic manner or with a probability. Upon receiving a packet at the sink, correctness of the signatures included in each packet is verified in the reverse order by which these signatures were appended. A last valid MAC is determined in the forwarding path to determine the locations of compromised nodes that collude in false data injection attacks.

公开(公告)号：CA2672696A1

公开(公告)日：2008-10-09

申请号：CA2672696

申请日：2008-03-19

Applicant: IBM

Inventor： YE FAN ,  YANG HAO ,  LIU ZHEN

IPC: H04L29/06 ,  H04L12/22

Abstract: A system and method for packet traceback in a network includes maintainin g an identity number (ID) for each node in a network and generating a signat ure (e.g., a message authentication code (MAC)) using a secret key shared be tween each node on a forwarding path and a sink. Each forwarding node leaves a mark by appending its ID and a signature in the packet, either in a deter ministic manner or with a probability. Upon receiving a packet at the sink, correctness of the signatures included in each packet is verified in the rev erse order by which these signatures were appended. A last valid MAC is dete rmined in the forwarding path to determine the locations of compromised node s that collude in false data injection attacks.