公开(公告)号：DE69221017D1

公开(公告)日：1997-09-04

申请号：DE69221017

申请日：1992-03-13

Applicant: IBM

Inventor： HERZBERG AMIR ,  KUTTEN SHAY ,  YUNG MARCEL MORDECHAY

IPC: H04M3/42 ,  G06F21/20 ,  H04L9/08 ,  H04L9/30 ,  H04L9/32

Abstract: Method and apparatus for authenticating users (entities) of a computer network based on the entity's identification is described. Keys for each party of a potential session are derived by projections stored at each party's location. The projections are based on a partially computed function which can be in encryption by some key of the user identification or a multivariable polynomial or other function which is partially evaluated for one user's identification. Each user evaluates his projection with the other user/party's identification. The evaluated quantities are compared using a validation routine. The method requires only one basic piece of information, the projection to be distributed to each user, and does not need specific keys for specific users (or other users' information stored in one user's memory or global network). The method enables adding users to the system directory in a flexible way, without having to notify users of the addition. The method applies to communication heirarchies and inter-domain communication, as well.

公开(公告)号：HU225077B1

公开(公告)日：2006-06-28

申请号：HU9902892

申请日：1997-07-23

Applicant: IBM

Inventor： JOHNSON DONALD BYRON ,  KARGER PAUL ASHLEY ,  KAUFMAN CHARLES WILLIAM JR ,  MATYAS STEPHEN MICHAEL JR ,  SAFFORD DAVID ROBERT ,  YUNG MARCEL MORDECHAY ,  ZUNIC NEVENKO

IPC: G09C1/00 ,  H04L9/32 ,  H04K1/00 ,  H04L9/08 ,  H04L9/14 ,  H04L9/28

Abstract: The method for providing for recovery of a cryptographic key using a number of cooperating key recovery agents comprises generating a number of shared key recovery values such that the key may be regenerated from the shared key recovery values without requiring additional non-public information. The shared recovery values are made available to the key recovery agents to enable recovery of the key. A pair of communicating parties use the cryptographic key to communicate, and the key is set by one party and sent to the ther one. Alternatively the key may be set by both parties acting together.

公开(公告)号：PL331313A1

公开(公告)日：1999-07-05

申请号：PL33131397

申请日：1997-07-23

Applicant: IBM

Inventor： JOHNSON DONALD BYRON ,  KARGER PAUL ASHLEY ,  KAUFMAN CHARLES WILLIAM JR ,  MATYAS STEPHEN MICHAEL JR ,  SAFFORD DAVID ROBERT ,  YUNG MARCEL MORDECHAY ,  ZUNIC NEVENKO

IPC: G09C1/00 ,  H04K1/00 ,  H04L9/08 ,  H04L9/14 ,  H04L9/28 ,  H04L9/32

Abstract: The method for providing for recovery of a cryptographic key using a number of cooperating key recovery agents comprises generating a number of shared key recovery values such that the key may be regenerated from the shared key recovery values without requiring additional non-public information. The shared recovery values are made available to the key recovery agents to enable recovery of the key. A pair of communicating parties use the cryptographic key to communicate, and the key is set by one party and sent to the ther one. Alternatively the key may be set by both parties acting together.

公开(公告)号：DE69221017T2

公开(公告)日：1998-01-15

申请号：DE69221017

申请日：1992-03-13

Applicant: IBM

Inventor： HERZBERG AMIR ,  KUTTEN SHAY ,  YUNG MARCEL MORDECHAY

IPC: H04M3/42 ,  G06F21/20 ,  H04L9/08 ,  H04L9/30 ,  H04L9/32

Abstract: Method and apparatus for authenticating users (entities) of a computer network based on the entity's identification is described. Keys for each party of a potential session are derived by projections stored at each party's location. The projections are based on a partially computed function which can be in encryption by some key of the user identification or a multivariable polynomial or other function which is partially evaluated for one user's identification. Each user evaluates his projection with the other user/party's identification. The evaluated quantities are compared using a validation routine. The method requires only one basic piece of information, the projection to be distributed to each user, and does not need specific keys for specific users (or other users' information stored in one user's memory or global network). The method enables adding users to the system directory in a flexible way, without having to notify users of the addition. The method applies to communication heirarchies and inter-domain communication, as well.