公开(公告)号：CA2100539A1

公开(公告)日：1994-05-20

申请号：CA2100539

申请日：1993-07-14

Applicant: IBM

Inventor： DERBY JEFFREY H ,  DRAKE JOHN E JR ,  DUDLEY JOHN G ,  HERVATIC ELIZABETH A ,  JANNIELLO JAMES P ,  KAPLAN MARC A ,  KESNER BARRY A ,  KOPERDA FRANCIS R ,  PETERS MARCIA L ,  POTTER KENNETH H ,  TSIGLER ANDREV L ,  MARIN GERALD A ,  GOPAL INDER S ,  CIDON ISRAEL

IPC: H04L12/18 ,  H04L12/56 ,  H04Q11/04

公开(公告)号：CA2094405A1

公开(公告)日：1993-12-19

申请号：CA2094405

申请日：1993-04-20

Applicant: IBM

Inventor： SIDON ISRAEL ,  DAVENPORT DAVID W ,  DERBY JEFFREY H ,  DUDLEY JOHN G ,  GOPAL INDER S ,  JANNIELLO JAMES P ,  KAPLAN MARC A ,  KOPERDA FRANK R ,  KUTTEN SHAY ,  POTTER KENNETH H JR

IPC: H04L12/18 ,  H04L12/56

Abstract: A packet communications system provides for point-to-point packet routing and broadcast packet routing to limited subsets of nodes in the network, using a routing field in the packet header which is processed according to two different protocols. A third protocol is provided in which a packet can be broadcast to the limited subset even when launched from a node which is not a member of the subset. The routing field includes a first portion which contains the route labels necessary to deliver the packet to the broadcast subset. A second portion of the routing field contains the broadcast subset identifier which can then be used to deliver the packet to all of the members of the broadcast subset. Provision is made to backtrack deliver the packet to the last node identified before the broadcast subset if that last node is itself a member of the subset.

公开(公告)号：CA2059172C

公开(公告)日：1996-01-16

申请号：CA2059172

申请日：1992-01-10

Applicant: IBM

Inventor： BIRD RAYMOND F ,  GOPAL INDER S ,  JANSON PHILIPPE A ,  KUTTEN SHAY ,  MOLVA REFIK A ,  YUNG MARCEL M

IPC: H04L9/06 ,  G06F21/00 ,  G09C1/00 ,  H04L9/14 ,  H04L9/32 ,  H04L12/22 ,  H04K1/00

Abstract: A arrangement of authenticating communications network users and means for carrying out the arrangement: A first challenge N1 is transmitted from a first user A to a second user B. In response to the first challenge, B generates and transmits a first response to the challenge and second challenge N2 to A. A verifies that the first response is correct. A then generates and transmits a second response to the second challenge to B, where the second response is verified. The first response must be of a minimum form S1 and S2 are shared secrets between A and B. S1 may or may not equal to S2. In addition, f() and g() are selected such that the equation f'(S1,N1'....) = g(S2.N2) cannot be solved for N1' without knowledge of S1 and S2. f'() and N1' represent expressions on a second reference connection. Preferably, the function f() may include the direction D1 of flow of the message containing f(), as in f(S1, N1, D1,...). In such a case, f() is selected such that the equation f'(S, N1',D1',...) = f(S, N2, D1,...) cannot be solved for N1' without knowledge of S1 and S2. In this equation, D1' is the flow direction indicator of the message containing f'() on the reference connection. Specific protocols satisfying this condition are protected from so-called intercept attacks.

公开(公告)号：CA2059172A1

公开(公告)日：1992-09-21

申请号：CA2059172

申请日：1992-01-10

Applicant: IBM

Inventor： BIRD RAYMOND F ,  GOPAL INDER S ,  JANSON PHILIPPE A ,  KUTTEN SHAY ,  MOLVA REFIK A ,  YUNG MARCEL M

IPC: H04L9/06 ,  G06F21/00 ,  G09C1/00 ,  H04L9/14 ,  H04L9/32 ,  H04L12/22 ,  H04K1/00

Abstract: A arrangement of authenticating communications network users and means for carrying out the arrangement. A first challenge N1 is transmitted from a first user A to a second user B (300). In response to the first challenge, B generates and transmits a first response to the challenge and second challenge N2 to A. A verifies that the first response is correct. A then generates and transmits a second response to the second challenge to B, where the second response is verified. The first response must be of a minimum form and the second response must be of the minimum form S1 and S2 are shared secrets between A and B. S1 may or may not equal to S2, In addition, f() and g() are selected such that the equation cannot be solved for N1 min without knowledge of S1 and S2. f min () and N1 min represent expressions on a second reference connection. Preferably, the function f() may include the direction D1 of flow of the message containing f(), as in f(S1, N1, D1,...). In such a case, f() is selected such that the equation cannot be solved for N1 min without knowledge of S1 and S2. In this equation, D1 min is the flow direction indicator of the message containing f min () on the reference connection. Specific protocols satisfying this condition are protected from so-called intercept attacks.