公开(公告)号：JPH11316677A

公开(公告)日：1999-11-16

申请号：JP1568399

申请日：1999-01-25

Applicant: LUCENT TECHNOLOGIES INC

Inventor： GROSSE ERIC

IPC: G06F21/22 ,  G06F13/00 ,  G06F21/00 ,  H04L29/06 ,  G06F9/06 ,  G06F15/00 ,  H04L12/26

Abstract: PROBLEM TO BE SOLVED: To provide an authentication technique for the countermeasure of security used for a computer network by inserting a probe into at least one of plural files and identifying a position where the probing is executed in the computer network. SOLUTION: A communication traffic stream which enters and leaves a private network 130, etc., is consecutively monitored inside a fire wall 180. In this monitoring mode, a probe is inserted at random into a file arriving at the network 130. If this probing is executed at the client side, a signal is extracted to show a security warning. Thus, the wall 180 secures identification between the probe and a client and produces a security warning if a security warning showing the execution of a specific probe is received.

公开(公告)号：JP2001313634A

公开(公告)日：2001-11-09

申请号：JP2001071600

申请日：2001-03-14

Applicant: LUCENT TECHNOLOGIES INC

Inventor： GROSSE ERIC ,  BOYKO VICTOR VLADIMIR ,  MACKENZIE PHILIP D ,  PATEL SARVAR

IPC: G06F21/20 ,  H04L9/08 ,  H04L9/32 ,  G06F15/00

Abstract: PROBLEM TO BE SOLVED: To provide a mutual network authentication protocol whose security can be proved and which is safe and is based only on a password. SOLUTION: Shared secret gxy is generated between two parties A and B involved in sharing a password through a data network by using Diffie-Hellman type key exchange related to a specific group. The symbol g represents a group generating element that is already known to both parties involved, the symbol x represents an exponent that is known to one party A involved (e.g. client) and the symbol y represents an exponent that is known to the other party B involved (e.g. server). The party A generates a parameter m by performing a group operation with respect to gx and at least a password function H1 and transmits the parameter m to the party B. This, the party B performs an inverse group operation of the parameter m and the function H1 to extract the secrecy gx and can further calculates the shared secrecy gxy from the party B and can generate the shared secret gxy.

公开(公告)号：CA2335172C

公开(公告)日：2005-04-12

申请号：CA2335172

申请日：2001-02-09

Applicant: LUCENT TECHNOLOGIES INC

Inventor： MACKENZIE PHILIP DOUGLAS ,  PATEL SARVAR ,  GROSSE ERIC ,  BOYKO VICTOR VLADIMIR

IPC: G06F21/20 ,  H04L9/08 ,  H04L9/32 ,  H04L9/00

Abstract: Secure communication protocols are disclosed in which two parties genera te a shared secret which may be used as a secure session key for communication between the parties. The protocols are based on Diffie-Hellman type key exchange in which a Diffie-Hellman value is combined with a function of at least a password using the group operation such that the Diffie-Hellman value may be extracte d by the other party using the inverse group operation and knowledge of the password. In one embodiment, each of the parties explicitly authenticates the other party, while in another embodiment, the parties utilize implicit authentication relying o n the generation of an appropriate secret session key to provide the implicit authentication. Typically, the parties will be a client computer and a serve r computer. In accordance with other embodiments of the invention, in order to protect against a security compromise at the server, the server is not in possession of the password, but instead is provided with, and stores, a so-called password verifier which is a function of the password and where the password itself cannot be determined from the value of the password verifier.

公开(公告)号：DE60001630D1

公开(公告)日：2003-04-17

申请号：DE60001630

申请日：2000-10-23

Applicant: LUCENT TECHNOLOGIES INC

Inventor： BOYKO VICTOR VLADIMIR ,  GROSSE ERIC ,  MACKENZIE PHILIP DOUGLAS ,  PATEL SARVAR

IPC: G06F21/20 ,  H04L9/08 ,  H04L9/32

Abstract: Secure communication protocols are disclosed in which two parties generate a shared secret which may be used as a secure session key for communication between the parties. The protocols are based on Diffie-Hellman type key exchange in which a Diffie-Hellman value is combined with a function of at least a password using the group operation such that the Diffie-Hellman value may be extracted by the other party using the inverse group operation and knowledge of the password. In one embodiment, each of the parties explicitly authenticates the other party, while in another embodiment, the parties utilize implicit authentication relying on the generation of an appropriate secret session key to provide the implicit authentication. Typically, the parties will be a client computer and a server computer. In accordance with other embodiments of the invention, in order to protect against a security compromise at the server, the server is not in possession of the password, but instead is provided with, and stores, a so-called password verifier which is a function of the password and where the password itself cannot be determined from the value of the password verifier.

公开(公告)号：DE60001630T2

公开(公告)日：2003-12-18

申请号：DE60001630

申请日：2000-10-23

Applicant: LUCENT TECHNOLOGIES INC

Inventor： BOYKO VICTOR VLADIMIR ,  GROSSE ERIC ,  MACKENZIE PHILIP DOUGLAS ,  PATEL SARVAR

IPC: G06F21/20 ,  H04L9/08 ,  H04L9/32

Abstract: Secure communication protocols are disclosed in which two parties generate a shared secret which may be used as a secure session key for communication between the parties. The protocols are based on Diffie-Hellman type key exchange in which a Diffie-Hellman value is combined with a function of at least a password using the group operation such that the Diffie-Hellman value may be extracted by the other party using the inverse group operation and knowledge of the password. In one embodiment, each of the parties explicitly authenticates the other party, while in another embodiment, the parties utilize implicit authentication relying on the generation of an appropriate secret session key to provide the implicit authentication. Typically, the parties will be a client computer and a server computer. In accordance with other embodiments of the invention, in order to protect against a security compromise at the server, the server is not in possession of the password, but instead is provided with, and stores, a so-called password verifier which is a function of the password and where the password itself cannot be determined from the value of the password verifier.

公开(公告)号：DE69922857T2

公开(公告)日：2005-12-08

申请号：DE69922857

申请日：1999-01-19

Applicant: LUCENT TECHNOLOGIES INC

Inventor： GROSSE ERIC

IPC: G06F21/22 ,  G06F13/00 ,  G06F21/00 ,  H04L29/06

Abstract: A technique for determining whether particular clients within a computer network are universally configured in accordance with the desired network security features of the computer network. A probe is randomly inserted within incoming files, e.g., at a firewall in the computer network. The probe is configured as a function of a particular execution task, e.g. a known virus, such that in a properly configured client the probe will not execute and the firewall does not detect a security breach. However, if the client is misconfigured, i.e., not in compliance with the standard network security features, the probe will execute and trigger an alarm in the firewall indicating that the client is vulnerable to a security breach. Advantageously, a network security administrator can take appropriate action to correct those clients which are misconfigured.

公开(公告)号：DE69922857D1

公开(公告)日：2005-02-03

申请号：DE69922857

申请日：1999-01-19

Applicant: LUCENT TECHNOLOGIES INC

Inventor： GROSSE ERIC

IPC: G06F21/22 ,  G06F13/00 ,  G06F21/00 ,  H04L29/06

Abstract: A technique for determining whether particular clients within a computer network are universally configured in accordance with the desired network security features of the computer network. A probe is randomly inserted within incoming files, e.g., at a firewall in the computer network. The probe is configured as a function of a particular execution task, e.g. a known virus, such that in a properly configured client the probe will not execute and the firewall does not detect a security breach. However, if the client is misconfigured, i.e., not in compliance with the standard network security features, the probe will execute and trigger an alarm in the firewall indicating that the client is vulnerable to a security breach. Advantageously, a network security administrator can take appropriate action to correct those clients which are misconfigured.

公开(公告)号：CA2254707C

公开(公告)日：2002-01-01

申请号：CA2254707

申请日：1998-12-01

Applicant: LUCENT TECHNOLOGIES INC

Inventor： GROSSE ERIC

IPC: G06F21/22 ,  G06F13/00 ,  G06F21/00 ,  H04L29/06 ,  G06F12/14 ,  H04L1/24 ,  H04L12/26

Abstract: A technique for determining whether particular clients within a computer network are universally configured in accordance with the desired network security features of the computer network. A probe is randomly inserted within incoming files, e.g., at a firewall in the computer network. The probe is configured as a function of a particul ar execution task, e.g. a known virus, such that in a properly configured client the prob e will not execute and the firewall does not detect a security breach. However, if the client is misconfigured, i.e., not in compliance with the standard network security features, the probe will execute and trigger an alarm in the firewall indicating that the client is vulnerable to a security breach. Advantageously, a network security administrator can take appropriate action to correct those clients which are misconfigured.

公开(公告)号：CA2335172A1

公开(公告)日：2001-09-17

申请号：CA2335172

申请日：2001-02-09

Applicant: LUCENT TECHNOLOGIES INC

Inventor： GROSSE ERIC ,  BOYKO VICTOR VLADIMIR ,  MACKENZIE PHILIP DOUGLAS ,  PATEL SARVAR

IPC: G06F21/20 ,  H04L9/08 ,  H04L9/32 ,  H04L9/00

Abstract: Secure communication protocols are disclosed in which two parties genera te a shared secret which may be used as a secure session key for communication between the parties. The protocols are based on Diffie-Hellman type key exchange in which a Diffie-Hellman value is combined with a function of at least a password using the group operation such that the Diffie-Hellman value may be extracte d by the other party using the inverse group operation and knowledge of the password. In one embodiment, each of the parties explicitly authenticates the other party, while in another embodiment, the parties utilize implicit authentication relying o n the generation of an appropriate secret session key to provide the implicit authentication. Typically, the parties will be a client computer and a serve r computer. In accordance with other embodiments of the invention, in order to protect against a security compromise at the server, the server is not in possession of the password, but instead is provided with, and stores, a so-called password verifier which is a function of the password and where the password itself cannot be determined from the value of the password verifier.

公开(公告)号：CA2254707A1

公开(公告)日：1999-07-29

申请号：CA2254707

申请日：1998-12-01

Applicant: LUCENT TECHNOLOGIES INC

Inventor： GROSSE ERIC

IPC: G06F21/22 ,  G06F13/00 ,  G06F21/00 ,  H04L29/06 ,  G06F12/14 ,  H04L1/24 ,  H04L12/26

Abstract: A technique for determining whether particular clients within a computer network are universally configured in accordance with the desired network security features of the computer network. A probe is randomly inserted within incoming files, e.g., at a firewall in the computer network. The probe is configured as a function of a particular execution task, e.g. a known virus, such that in a properly configured client the probe will not execute and the firewall does not detect a security breach. However, if the client is misconfigured, i.e., not in compliance with the standard network security features, the probe will execute and trigger an alarm in the firewall indicating that the client is vulnerable to a security breach. Advantageously, a network security administrator can take appropriate action to correct those clients which are misconfigured.