公开(公告)号：AU659546B2

公开(公告)日：1995-05-18

申请号：AU3839093

申请日：1993-05-06

Applicant: IBM

Inventor： AUERBACH JOSHUA SETH ,  DRAKE JOHN ELLIS JR ,  GOPAL PRABANDHAM MADAN ,  HERVATIC ELIZABETH ANNE ,  KAPLAN MARC ADAM ,  KUTTEN SHAY ,  PETERS MARCIA LAMBERT ,  WARD MICHAEL JAMES

IPC: H04L12/18 ,  H04L12/24 ,  H04L12/56 ,  G06F15/16

Abstract: A multinode, multicast communications network has a distributed control for the creation, administration and operational mode selection operative in each of the nodes of the network. Each node is provided with a Set Manager for controlling either creation of, administration or access to a set of users to whom a multicast is to be directed. The Set Manager maintains a record of the local membership of all users associated with the node in which the Set Manager resides. A given Set Manager for each designated set of users is assigned the task of being the Set Leader to maintain membership information about the entire set of users in the multicast group. One of the Set Managers in the communications network is designated to be the Registrar which maintains a list of all the Set Leaders in the network. The Registrar insures that there is one and only one Set Leader for each set of users, answers inquiries about the membership of the sets and directs inquiries to appropriate Set Leaders if necessary. All of the set creation, administration and control functions can therefore be carried out by any node of the system and provision is made to assume the function at a new node when failure or partition in the network occurs.

公开(公告)号：CA2094405A1

公开(公告)日：1993-12-19

申请号：CA2094405

申请日：1993-04-20

Applicant: IBM

Inventor： SIDON ISRAEL ,  DAVENPORT DAVID W ,  DERBY JEFFREY H ,  DUDLEY JOHN G ,  GOPAL INDER S ,  JANNIELLO JAMES P ,  KAPLAN MARC A ,  KOPERDA FRANK R ,  KUTTEN SHAY ,  POTTER KENNETH H JR

IPC: H04L12/18 ,  H04L12/56

Abstract: A packet communications system provides for point-to-point packet routing and broadcast packet routing to limited subsets of nodes in the network, using a routing field in the packet header which is processed according to two different protocols. A third protocol is provided in which a packet can be broadcast to the limited subset even when launched from a node which is not a member of the subset. The routing field includes a first portion which contains the route labels necessary to deliver the packet to the broadcast subset. A second portion of the routing field contains the broadcast subset identifier which can then be used to deliver the packet to all of the members of the broadcast subset. Provision is made to backtrack deliver the packet to the last node identified before the broadcast subset if that last node is itself a member of the subset.

公开(公告)号：DE69521977T2

公开(公告)日：2002-04-04

申请号：DE69521977

申请日：1995-11-28

Applicant: IBM

Inventor： HERZBERG AMIR ,  KRAWCZYK HUGO M ,  KUTTEN SHAY ,  VAN LE AN ,  MATYAS STEPHEN M ,  YUNG MARCEL M

IPC: G06F21/22 ,  G06F1/00 ,  G06F21/00 ,  G06F12/14

Abstract: A method and system for detecting authorized programs within a data processing system. The present invention creates a validation structure for validating a program. The validation structure is embedded in the program and in response to an initiation of the program, a determination is made as to whether the program is an authorized program. The determination is made using the validation structure.

公开(公告)号：DE69221017T2

公开(公告)日：1998-01-15

申请号：DE69221017

申请日：1992-03-13

Applicant: IBM

Inventor： HERZBERG AMIR ,  KUTTEN SHAY ,  YUNG MARCEL MORDECHAY

IPC: H04M3/42 ,  G06F21/20 ,  H04L9/08 ,  H04L9/30 ,  H04L9/32

Abstract: Method and apparatus for authenticating users (entities) of a computer network based on the entity's identification is described. Keys for each party of a potential session are derived by projections stored at each party's location. The projections are based on a partially computed function which can be in encryption by some key of the user identification or a multivariable polynomial or other function which is partially evaluated for one user's identification. Each user evaluates his projection with the other user/party's identification. The evaluated quantities are compared using a validation routine. The method requires only one basic piece of information, the projection to be distributed to each user, and does not need specific keys for specific users (or other users' information stored in one user's memory or global network). The method enables adding users to the system directory in a flexible way, without having to notify users of the addition. The method applies to communication heirarchies and inter-domain communication, as well.

公开(公告)号：DE69213062D1

公开(公告)日：1996-10-02

申请号：DE69213062

申请日：1992-02-11

Applicant: IBM

Inventor： BIRD RAYMOND FREDERICK ,  GOPAL INDER SARAT ,  JANSON PHILIPPE ARNAUD ,  KUTTEN SHAY ,  MOLVA REFIK AHMET ,  YUNG MARCEL MORDECHAI

IPC: H04L9/06 ,  G06F21/00 ,  G09C1/00 ,  H04L9/14 ,  H04L9/32 ,  H04L12/22 ,  H04L9/00

Abstract: A arrangement of authenticating communications network users and means for carrying out the arrangement. A first challenge N1 is transmitted from a first user A to a second user B (300). In response to the first challenge, B generates and transmits a first response to the challenge and second challenge N2 to A. A verifies that the first response is correct. A then generates and transmits a second response to the second challenge to B, where the second response is verified. The first response must be of a minimum form and the second response must be of the minimum form S1 and S2 are shared secrets between A and B. S1 may or may not equal to S2, In addition, f() and g() are selected such that the equation cannot be solved for N1 min without knowledge of S1 and S2. f min () and N1 min represent expressions on a second reference connection. Preferably, the function f() may include the direction D1 of flow of the message containing f(), as in f(S1, N1, D1,...). In such a case, f() is selected such that the equation cannot be solved for N1 min without knowledge of S1 and S2. In this equation, D1 min is the flow direction indicator of the message containing f min () on the reference connection. Specific protocols satisfying this condition are protected from so-called intercept attacks.

公开(公告)号：CA2130396A1

公开(公告)日：1995-06-09

申请号：CA2130396

申请日：1994-08-18

Applicant: IBM

Inventor： BJORKLUND RONALD E ,  BAUCHOT FREDERIC ,  HERZBERG AMIR ,  KUTTEN SHAY ,  WETTERWALD MICHELE M

IPC: G09C1/00 ,  H04L9/08 ,  H04L9/32 ,  H04L12/22

公开(公告)号：CA2134013A1

公开(公告)日：1995-06-04

申请号：CA2134013

申请日：1994-10-21

Applicant: IBM

Inventor： KUTTEN SHAY ,  KRAWCZYK HUGO ,  HERZBERG AMIR ,  MANSOUR YISHAY ,  BAUCHOT FREDERIC ,  BANTZ DAVID ,  DAL BELLO ELIANE

IPC: G09C1/00 ,  H04J13/00 ,  H04L9/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/16 ,  H04L9/30 ,  H04L9/32 ,  H04L9/28

Abstract: In a communications system, a method is described allowing two users having established a communication session identified by a unique session freshness proof, to transmit and validate a new value of a variable by using an exchange certificate which combines the following elements : the new value of the variable, a common secret key known by both users, an exchange counter representative of the number of values of said variable transmitted between the two users during the current communication session and a session freshness proof. Protection against potential eavesdroppers and intruders is provided by combining cryptographically the elements of the exchange certificate. Further protection is obtained by interrupting the current communication session and opening a new one characterized by a new unique session freshness proof when the exchange counter reaches its maximum value; thus avoiding the risk that the same value of the session freshness keeps being used when the exchange counter is reset to its initial value. Consequently a given pair of values of the session freshness proof and of the exchange counter will never be used more than one time, making eavesdropping and, replaying attacks from intruders more difficult. Preferably, the method used for opening a new communication session uses already known authentication methods based on the common secret key.

公开(公告)号：CA2094410A1

公开(公告)日：1993-12-19

申请号：CA2094410

申请日：1993-04-20

Applicant: IBM

Inventor： AUERBACH JOSHUA S ,  DRAKE JOHN E JR ,  GOPAL PRABANDHAM M ,  HERVATIC ELIZABETH A ,  KAPLAN MARC A ,  KUTTEN SHAY ,  PETERS MARCIA L ,  WARD MICHAEL J

IPC: H04L12/18 ,  H04L12/24 ,  H04L12/56

Abstract: A multinode, multicast communications network has a distributed control for the creation, administration and operational mode selection operative in each of the nodes of the network. Each node is provided with a Set Manager for controlling either creation of, administration or access to a set of users to whom a multicast is to be directed. The Set Manager maintains a record of the local membership of all users associated with the node in which the Set Manager resides. A given Set Manager for each designated set of users is assigned the task of being the Set Leader to maintain membership information about the entire set of users in the multicast group. One of the Set Managers in the communications network is designated to be the Registrar which maintains a list of all the Set Leaders in the network. The Registrar insures that there is one and only one Set Leader for each set of users, answers inquiries about the membership of the sets and directs inquiries to appropriate Set Leaders if necessary. All of the set creation, administration and control functions can therefore be carried out by any node of the system and provision is made to assume the function at a new node when failure or partition in the network occurs.

公开(公告)号：DE69333105D1

公开(公告)日：2003-08-28

申请号：DE69333105

申请日：1993-05-05

Applicant: IBM

Inventor： AUERBACH JOSHUA SETH ,  DRAKE JR ,  GOPAL PRABANDHAM MADAN ,  HERVATIC ELIZABETH ANNE ,  KAPLAN MARC ADAM ,  KUTTEN SHAY ,  PETERS MARCIA LAMBERT ,  WARD MICHAEL JAMES

IPC: H04L12/18 ,  H04L12/24 ,  H04L12/56

Abstract: A multinode, multicast communications network has a distributed control for the creation, administration and operational mode selection operative in each of the nodes of the network. Each node is provided with a Set Manager for controlling either creation of, administration or access to a set of users to whom a multicast is to be directed. The Set Manager maintains a record of the local membership of all users associated with the node in which the Set Manager resides. A given Set Manager for each designated set of users is assigned the task of being the Set Leader to maintain membership information about the entire set of users in the multicast group. One of the Set Managers in the communications network is designated to be the Registrar which maintains a list of all the Set Leaders in the network. The Registrar insures that there is one and only one Set Leader for each set of users, answers inquiries about the membership of the sets and directs inquiries to appropriate Set Leaders if necessary. All of the set creation, administration and control functions can therefore be carried out by any node of the system and provision is made to assume the function at a new node when failure or partition in the network occurs.

公开(公告)号：DE69330065T2

公开(公告)日：2001-08-09

申请号：DE69330065

申请日：1993-12-08

Applicant: IBM

Inventor： BJORKLUND RONALD EINAR ,  BAUCHOT FREDERIC ,  WETTERWALD MICHELE MARIE ,  KUTTEN SHAY ,  HERZBERG AMIR

IPC: G09C1/00 ,  H04L9/08 ,  H04L9/32