公开(公告)号：JPH1040100A

公开(公告)日：1998-02-13

申请号：JP7138897

申请日：1997-03-25

Applicant: IBM

Inventor： AUERBACH JOSHUA SETH ,  CHOW CHEE-SENG ,  KAPLAN MARC ADAM ,  CRIGLER JEFFREY CHARLES

IPC: G06F21/22 ,  G06F9/06 ,  G06F13/00 ,  G06F21/00 ,  G06Q10/00 ,  G06Q30/00 ,  G07F7/12 ,  G09C1/00 ,  H04L9/08 ,  H04L9/14 ,  H04L9/32 ,  G06F15/00 ,  G06F17/60

Abstract: PROBLEM TO BE SOLVED: To obtain a method for preparing, distributing, and vending a digital document, and a method for managing access to the digital document by providing a step for enciphering one of information parts by a part enciphering key, and preparing an enciphered part to be housed in an envelope. SOLUTION: A document part 203 can be enciphered. The enciphered document part 203 can be a 'valuable content' (for example, the chapter of a book, high resolution JPEG picture, or MPEG stream) to be purchased by a user. A non-enciphered part is a 'thesis' (for example, a book review by the others, index, summarization, or low resolution JPEG picture). The purpose of the non-enciphered part is to allow the user to attain the 'preview', 'sampling' or 'browse' of the content of the enciphered envelope before actually purchasing it.

公开(公告)号：DE69328647T2

公开(公告)日：2001-01-11

申请号：DE69328647

申请日：1993-03-23

Applicant: IBM

Inventor： AHMADI HAMID ,  CHEN JEANE SHU-CHUN ,  CHOW CHEE-SENG ,  GUERIN ROCH ,  GUN LEVENT ,  LEE ANTHONY MANGCHUEN ,  TEDIJANTO THEODORE E

IPC: G06F13/00 ,  H04L12/56

公开(公告)号：CA2094409C

公开(公告)日：1998-07-14

申请号：CA2094409

申请日：1993-04-20

Applicant: IBM

Inventor： AUERBACH JOSHUA SETH ,  CHOW CHEE-SENG ,  DRAKE JOHN ELLIS JR ,  GOPAL PRABANDHAM MADAN ,  HERVATIC ELIZABETH ANNE ,  KAPLAN MARC ADAM ,  PETERS MARCIA LAMBERT ,  WARD MICHAEL JAMES

IPC: H04L12/18 ,  H04L12/24 ,  H04L12/56

Abstract: In a multicast network communication system, administration of the communication path making up the multicast tree itself has been separated from control and administration of the network. Creation of a multicast distribution tree and control over the membership thereof, is separately controlled independently from the creation and use of the tree transmission path used to communicate among the members of a multicast set. Transmission distribution trees are set up when a transmission request is received and the properties of the transmission path that is required are known. Transmission paths are created and controlled by all nodes in the communications system, each node having necessary control code and processors for responding to requests from set members to transmit a message to groups of users by creating and activating the necessary tree communication path distribution linkages. A distribution tree is created by the Tree Leader by generating a tree address using a random number generator. A tree address correlator is generated utilizing network and node identifiers unique for the network, and a list of subnodes or users connected for each member of the multicast tree set is generated. Using this information, a tree distribution path is computed to cover all of the subnodes required and a tree set up request message is sent by the Tree Leader along a computed path to each involved subnode. Each subnode returns a message indicating whether the tree address is already in use or is available for use. Successfully negotiated tree addresses are marked at the path link initiation and termination points at each node through the network.

公开(公告)号：CA2089789C

公开(公告)日：1997-01-21

申请号：CA2089789

申请日：1993-02-18

Applicant: IBM

Inventor： AHMADI HAMID ,  CHEN JEANE SHU-CHUN ,  CHOW CHEE-SENG ,  GUERIN ROCH ,  GUN LEVENT ,  LEE ANTHONY MANGCHUEN ,  TEDIJANTO THEODORE E

IPC: G06F13/00 ,  H04L12/56 ,  H04Q3/42

Abstract: A packet communications system utilizes a route determining mechanism by identifying principal paths between the source and the destination in the system. Principal paths are minimum hop count paths with a transmission delay less than a specified threshold. Principal path links are accepted as legs of the optimum path, if feasible, i.e., if the resulting load on the link is less than a specified principal threshold. Secondary links are accepted only if the resulting load on the link is less than a specified secondary threshold, where the secondary threshold is less than the principal threshold. All paths must also have a transmission delay less than a specified threshold. Each request for a route includes the source node, the destination node, the load required, the maximum transmission delay and, if desired, the quality of service parameters which all of the legs of the route must satisfy. A modified Bellman-Ford breadth-first searchalgorithm is used to identify the principal links and, using these principal link identifications, determining the optimum path.

公开(公告)号：FR2717973B1

公开(公告)日：1997-01-03

申请号：FR9501602

申请日：1995-02-07

Applicant: IBM

Inventor： BODNER RACHEL ANNE ,  CHOW CHEE-SENG ,  GIDON ISRAEL ,  DUDLEY JOHN GARY ,  EDWARDS ALLAN KENDRICK ,  GOPAL INDER SARAT ,  IMMANUEL CHANDRA PAUL ,  KAPLAN MARC ADAM ,  KUTTEN SHAT ,  TEDIJANTO THEODORE ERNEST

IPC: H04L12/18 ,  H04L12/56 ,  H04L12/44

公开(公告)号：DE69736310T2

公开(公告)日：2007-07-05

申请号：DE69736310

申请日：1997-02-27

Applicant: IBM

Inventor： AUERBACH JOSHUA SETH ,  CHOW CHEE-SENG ,  KAPLAN MARC ADAM ,  CRIGLER JEFFREY CHARLES

IPC: G06F21/22 ,  H04L9/32 ,  G06F9/06 ,  G06F13/00 ,  G06F21/00 ,  G06Q10/00 ,  G06Q30/00 ,  G07F7/10 ,  G07F7/12 ,  G09C1/00 ,  H04L9/08 ,  H04L9/14

Abstract: A method and apparatus to create, distribute, sell and control access to digital documents using secure cryptographic envelopes. An envelope is an aggregation of information parts, where each of the parts to be protected are encrypted with a corresponding part encryption key. These encrypted information parts along with the other information parts become part of the envelope. Each part encryption key is also encrypted with a public key, and these encrypted part encryption keys are also included in the envelope. The envelope also includes a list of parts where each entry in the list has a part name and a secure hash of the named part. The list is then signed with a secret key to generate a signature, which is also included in the envelope. The signature can be verified using a second public key associated with first secret key, and the integrity of any information part in the envelope can be checked by computing a second hash and comparing it with the corresponding hash in the list of parts. Also, the information content of any encrypted part can only be recovered by knowledge of a second secret key corresponding to the public key that was used to encrypt the part encryption keys.

公开(公告)号：DE69327017D1

公开(公告)日：1999-12-23

申请号：DE69327017

申请日：1993-05-19

Applicant: IBM

Inventor： AUERBACH JOSHUA SETH ,  CHOW CHEE-SENG ,  PETERS MARCIA LAMBERT ,  DRAKE JOHN ELLIS ,  GOPAL PRABANDHAM MADAN ,  HERVATIC ELIZABETH ANNE ,  KAPLAN MARC ADAM

IPC: H04L12/18 ,  H04L12/24

Abstract: In a multicast network communication system, administration of the communication path making up the multicast tree itself has been separated from control and administration of the network. Creation of a multicast distribution tree and control over the membership thereof, is separately controlled independently from the creation and use of the tree transmission path used to communicate among the members of a multicast set. Transmission distribution trees are set up when a transmission request is received and the properties of the transmission path that is required are known. Transmission paths are created and controlled by all nodes in the communications system, each node having necessary control code and processors for responding to requests from set members to transmit a message to groups of users by creating and activating the necessary tree communication path distribution linkages. A distribution tree is created by the Tree Leader by generating a tree address using a random number generator. A tree address correlator is generated utilizing network and node identifiers unique for the network, and a list of subnodes or users connected for each member of the multicast tree set is generated. Using this information, a tree distribution path is computed to cover all of the subnodes required and a tree set up request message is sent by the Tree Leader along a computed path to each involved subnode. Each subnode returns a message indicating whether the tree address is already in use or is available for use. Successfully negotiated tree addresses are marked at the path link initiation and termination points at each node through the network.

公开(公告)号：AT186803T

公开(公告)日：1999-12-15

申请号：AT93480060

申请日：1993-05-19

Applicant: IBM

Inventor： AUERBACH JOSHUA SETH ,  CHOW CHEE-SENG ,  PETERS MARCIA LAMBERT ,  DRAKE JOHN ELLIS JR ,  GOPAL PRABANDHAM MADAN ,  HERVATIC ELIZABETH ANNE ,  KAPLAN MARC ADAM

IPC: H04L12/18 ,  H04L12/24

Abstract: In a multicast network communication system, administration of the communication path making up the multicast tree itself has been separated from control and administration of the network. Creation of a multicast distribution tree and control over the membership thereof, is separately controlled independently from the creation and use of the tree transmission path used to communicate among the members of a multicast set. Transmission distribution trees are set up when a transmission request is received and the properties of the transmission path that is required are known. Transmission paths are created and controlled by all nodes in the communications system, each node having necessary control code and processors for responding to requests from set members to transmit a message to groups of users by creating and activating the necessary tree communication path distribution linkages. A distribution tree is created by the Tree Leader by generating a tree address using a random number generator. A tree address correlator is generated utilizing network and node identifiers unique for the network, and a list of subnodes or users connected for each member of the multicast tree set is generated. Using this information, a tree distribution path is computed to cover all of the subnodes required and a tree set up request message is sent by the Tree Leader along a computed path to each involved subnode. Each subnode returns a message indicating whether the tree address is already in use or is available for use. Successfully negotiated tree addresses are marked at the path link initiation and termination points at each node through the network.

公开(公告)号：CA2089789A1

公开(公告)日：1993-10-29

申请号：CA2089789

申请日：1993-02-18

Applicant: IBM

Inventor： AHMADI HAMID ,  CHEN JEANE S-C ,  CHOW CHEE-SENG ,  GUERIN ROCH ,  GUN LEVENT ,  LEE ANTHONY M ,  TEDIJANTO THEODORE E

IPC: G06F13/00 ,  H04L12/56 ,  H04Q3/42

公开(公告)号：DE69736310D1

公开(公告)日：2006-08-24

申请号：DE69736310

申请日：1997-02-27

Applicant: IBM

Inventor： AUERBACH JOSHUA SETH ,  CHOW CHEE-SENG ,  KAPLAN MARC ADAM ,  CRIGLER JEFFREY CHARLES

IPC: G06F21/22 ,  H04L9/32 ,  G06F9/06 ,  G06F13/00 ,  G06F21/00 ,  G06Q10/00 ,  G06Q30/00 ,  G07F7/10 ,  G07F7/12 ,  G09C1/00 ,  H04L9/08 ,  H04L9/14

Abstract: A method and apparatus to create, distribute, sell and control access to digital documents using secure cryptographic envelopes. An envelope is an aggregation of information parts, where each of the parts to be protected are encrypted with a corresponding part encryption key. These encrypted information parts along with the other information parts become part of the envelope. Each part encryption key is also encrypted with a public key, and these encrypted part encryption keys are also included in the envelope. The envelope also includes a list of parts where each entry in the list has a part name and a secure hash of the named part. The list is then signed with a secret key to generate a signature, which is also included in the envelope. The signature can be verified using a second public key associated with first secret key, and the integrity of any information part in the envelope can be checked by computing a second hash and comparing it with the corresponding hash in the list of parts. Also, the information content of any encrypted part can only be recovered by knowledge of a second secret key corresponding to the public key that was used to encrypt the part encryption keys.