公开(公告)号：CA2069710C

公开(公告)日：1996-08-20

申请号：CA2069710

申请日：1992-05-27

Applicant: IBM

Inventor： BIRD RAYMOND F ,  BRITTON KATHRYN H ,  CHUNG TEIN-YAW D ,  EDWARDS ALLAN K ,  MATHEW JOHNY ,  POZEFSKY DIANE P ,  SARKAR SOUMITRA ,  TURNER ROGER D ,  CHUNG WINSTON W-K ,  YEUNG YUE T ,  GRAY JAMES P ,  DYKEMAN HAROLD D ,  DOERINGER WILLIBALD A ,  AUERBACH JOSHUA S ,  WILSON JOHN H

IPC: G06F13/00 ,  H04L29/06 ,  G06F13/42 ,  H04L12/28

Abstract: A Transport Layer Protocol Boundary (TLPB) architecture is described which will permit an application program to run over a non-native transport protocol without first generating a protocol compensation package tailored to the transport protocols assumed by the program's application programming interface and by the available transport provider. All transport functions required by the program are converted to standardized or TLPB representations. When a connection between the first application program and a second remote application is requested, the individual required TLPB transport functions are compared to corresponding functions supported by the transport provider. Compensations are invoked only where there is a mismatch. The node on which the remote application program runs is informed of the compensations so that necessary de-compensation operations can be performed before the data is delivered to the remote application program.

公开(公告)号：CA2069710A1

公开(公告)日：1993-01-18

申请号：CA2069710

申请日：1992-05-27

Applicant: IBM

Inventor： BIRD RAYMOND F ,  BRITTON KATHRYN H ,  CHUNG TEIN-YAW D ,  EDWARDS ALLAN K ,  MATHEW JOHNY ,  POZEFSKY DIANE P ,  SARKAR SOUMITRA ,  TURNER ROGER D ,  CHUNG WINSTON W ,  YEUNG YUE T ,  GRAY JAMES P ,  DYKEMAN HAROLD D ,  DOERINGER WILLIBALD A ,  AUERBACH JOSHUA S ,  WILSON JOHN H

IPC: G06F13/00 ,  H04L29/06 ,  G06F13/42 ,  H04L12/48

Abstract: A Transport Layer Protocol Boundary (TLPB) architecture is described which will permit an application program to run over a non-native transport protocol without first generating a protocol compensation package tailored to the transport protocols assumed by the program's application programming interface and by the available transport provider. All transport functions required by the program are converted to standardized or TLPB representations. When a connection between the first application program and a second remote application is requested, the individual required TLPB transport functions are compared to corresponding functions supported by the transport provider. Compensations are invoked only where there is a mismatch. The node on which the remote application program runs is informed of the compensations so that necessary decompensation operations can be performed before the data is delivered to the remote application program.

公开(公告)号：CA2059172C

公开(公告)日：1996-01-16

申请号：CA2059172

申请日：1992-01-10

Applicant: IBM

Inventor： BIRD RAYMOND F ,  GOPAL INDER S ,  JANSON PHILIPPE A ,  KUTTEN SHAY ,  MOLVA REFIK A ,  YUNG MARCEL M

IPC: H04L9/06 ,  G06F21/00 ,  G09C1/00 ,  H04L9/14 ,  H04L9/32 ,  H04L12/22 ,  H04K1/00

Abstract: A arrangement of authenticating communications network users and means for carrying out the arrangement: A first challenge N1 is transmitted from a first user A to a second user B. In response to the first challenge, B generates and transmits a first response to the challenge and second challenge N2 to A. A verifies that the first response is correct. A then generates and transmits a second response to the second challenge to B, where the second response is verified. The first response must be of a minimum form S1 and S2 are shared secrets between A and B. S1 may or may not equal to S2. In addition, f() and g() are selected such that the equation f'(S1,N1'....) = g(S2.N2) cannot be solved for N1' without knowledge of S1 and S2. f'() and N1' represent expressions on a second reference connection. Preferably, the function f() may include the direction D1 of flow of the message containing f(), as in f(S1, N1, D1,...). In such a case, f() is selected such that the equation f'(S, N1',D1',...) = f(S, N2, D1,...) cannot be solved for N1' without knowledge of S1 and S2. In this equation, D1' is the flow direction indicator of the message containing f'() on the reference connection. Specific protocols satisfying this condition are protected from so-called intercept attacks.

公开(公告)号：CA2059172A1

公开(公告)日：1992-09-21

申请号：CA2059172

申请日：1992-01-10

Applicant: IBM

Inventor： BIRD RAYMOND F ,  GOPAL INDER S ,  JANSON PHILIPPE A ,  KUTTEN SHAY ,  MOLVA REFIK A ,  YUNG MARCEL M

IPC: H04L9/06 ,  G06F21/00 ,  G09C1/00 ,  H04L9/14 ,  H04L9/32 ,  H04L12/22 ,  H04K1/00

Abstract: A arrangement of authenticating communications network users and means for carrying out the arrangement. A first challenge N1 is transmitted from a first user A to a second user B (300). In response to the first challenge, B generates and transmits a first response to the challenge and second challenge N2 to A. A verifies that the first response is correct. A then generates and transmits a second response to the second challenge to B, where the second response is verified. The first response must be of a minimum form and the second response must be of the minimum form S1 and S2 are shared secrets between A and B. S1 may or may not equal to S2, In addition, f() and g() are selected such that the equation cannot be solved for N1 min without knowledge of S1 and S2. f min () and N1 min represent expressions on a second reference connection. Preferably, the function f() may include the direction D1 of flow of the message containing f(), as in f(S1, N1, D1,...). In such a case, f() is selected such that the equation cannot be solved for N1 min without knowledge of S1 and S2. In this equation, D1 min is the flow direction indicator of the message containing f min () on the reference connection. Specific protocols satisfying this condition are protected from so-called intercept attacks.