-
公开(公告)号:DE69531264D1
公开(公告)日:2003-08-21
申请号:DE69531264
申请日:1995-02-21
Applicant: IBM
Inventor: CANETTI RAN , HERZBERG AMIR
Abstract: A method is provided which allows a set of servers to maintain a set of keys, shared with a client, in the presence of mobile eavesdroppers that occasionally break into servers and learn the entire contents of their memories. Static and dynamic schemes maintain secret keys common to the user and each of several servers in the presence of a mobile, transient adversary that occasionally breaks into servers in order to gather information on the users' secret keys. The schemes use periodic "refreshments" of every user's private keys. In each round the servers involve in a computation in which each server computes a new private key to be shared with the user, in a way that allows the user to keep track of the changing keys without any communication with the servers. The schemes are very efficient. In particular, a user has to interact only with one server in order to obtain a session key. The user may choose the server with whom it wants to interact. The method may be used to securely generate random numbers (i.e., using the keys as random numbers).
-
公开(公告)号:DE69221017D1
公开(公告)日:1997-09-04
申请号:DE69221017
申请日:1992-03-13
Applicant: IBM
Inventor: HERZBERG AMIR , KUTTEN SHAY , YUNG MARCEL MORDECHAY
Abstract: Method and apparatus for authenticating users (entities) of a computer network based on the entity's identification is described. Keys for each party of a potential session are derived by projections stored at each party's location. The projections are based on a partially computed function which can be in encryption by some key of the user identification or a multivariable polynomial or other function which is partially evaluated for one user's identification. Each user evaluates his projection with the other user/party's identification. The evaluated quantities are compared using a validation routine. The method requires only one basic piece of information, the projection to be distributed to each user, and does not need specific keys for specific users (or other users' information stored in one user's memory or global network). The method enables adding users to the system directory in a flexible way, without having to notify users of the addition. The method applies to communication heirarchies and inter-domain communication, as well.
-
公开(公告)号:GB2367661B
公开(公告)日:2004-11-24
申请号:GB0104912
申请日:2001-02-28
Applicant: IBM
Inventor: HERZBERG AMIR , RAVID YIFTACH
Abstract: A method for managing objects for users including providing a set of attributes and a set of containers each having attributes from the set. The method further provides a user interface for dynamically assigning attributes to the objects. The method further provides for selectively displaying, through a user interface, containers and objects in the containers. An object is displayed in a container if a condition is met. The condition is applied to the attributes of the container and the attributes of the object.
-
公开(公告)号:DE69531264T2
公开(公告)日:2004-06-09
申请号:DE69531264
申请日:1995-02-21
Applicant: IBM
Inventor: CANETTI RAN , HERZBERG AMIR
Abstract: A method is provided which allows a set of servers to maintain a set of keys, shared with a client, in the presence of mobile eavesdroppers that occasionally break into servers and learn the entire contents of their memories. Static and dynamic schemes maintain secret keys common to the user and each of several servers in the presence of a mobile, transient adversary that occasionally breaks into servers in order to gather information on the users' secret keys. The schemes use periodic "refreshments" of every user's private keys. In each round the servers involve in a computation in which each server computes a new private key to be shared with the user, in a way that allows the user to keep track of the changing keys without any communication with the servers. The schemes are very efficient. In particular, a user has to interact only with one server in order to obtain a session key. The user may choose the server with whom it wants to interact. The method may be used to securely generate random numbers (i.e., using the keys as random numbers).
-
公开(公告)号:DE69330065T2
公开(公告)日:2001-08-09
申请号:DE69330065
申请日:1993-12-08
Applicant: IBM
Inventor: BJORKLUND RONALD EINAR , BAUCHOT FREDERIC , WETTERWALD MICHELE MARIE , KUTTEN SHAY , HERZBERG AMIR
-
Patent Agency Ranking
公开(公告)号:DE69521977T2
公开(公告)日:2002-04-04
申请号:DE69521977
申请日:1995-11-28
Applicant: IBM
Inventor: HERZBERG AMIR , KRAWCZYK HUGO M , KUTTEN SHAY , VAN LE AN , MATYAS STEPHEN M , YUNG MARCEL M
Abstract: A method and system for detecting authorized programs within a data processing system. The present invention creates a validation structure for validating a program. The validation structure is embedded in the program and in response to an initiation of the program, a determination is made as to whether the program is an authorized program. The determination is made using the validation structure.
-
公开(公告)号:DE69221017T2
公开(公告)日:1998-01-15
申请号:DE69221017
申请日:1992-03-13
Applicant: IBM
Inventor: HERZBERG AMIR , KUTTEN SHAY , YUNG MARCEL MORDECHAY
Abstract: Method and apparatus for authenticating users (entities) of a computer network based on the entity's identification is described. Keys for each party of a potential session are derived by projections stored at each party's location. The projections are based on a partially computed function which can be in encryption by some key of the user identification or a multivariable polynomial or other function which is partially evaluated for one user's identification. Each user evaluates his projection with the other user/party's identification. The evaluated quantities are compared using a validation routine. The method requires only one basic piece of information, the projection to be distributed to each user, and does not need specific keys for specific users (or other users' information stored in one user's memory or global network). The method enables adding users to the system directory in a flexible way, without having to notify users of the addition. The method applies to communication heirarchies and inter-domain communication, as well.
-
8.发明专利
公开(公告)号:CA2130396A1
公开(公告)日:1995-06-09
申请号:CA2130396
申请日:1994-08-18
Applicant: IBM
Inventor: BJORKLUND RONALD E , BAUCHOT FREDERIC , HERZBERG AMIR , KUTTEN SHAY , WETTERWALD MICHELE M
-
公开(公告)号:CA2134013A1
公开(公告)日:1995-06-04
申请号:CA2134013
申请日:1994-10-21
Applicant: IBM
Inventor: KUTTEN SHAY , KRAWCZYK HUGO , HERZBERG AMIR , MANSOUR YISHAY , BAUCHOT FREDERIC , BANTZ DAVID , DAL BELLO ELIANE
IPC: G09C1/00 , H04J13/00 , H04L9/06 , H04L9/08 , H04L9/14 , H04L9/16 , H04L9/30 , H04L9/32 , H04L9/28
Abstract: In a communications system, a method is described allowing two users having established a communication session identified by a unique session freshness proof, to transmit and validate a new value of a variable by using an exchange certificate which combines the following elements : the new value of the variable, a common secret key known by both users, an exchange counter representative of the number of values of said variable transmitted between the two users during the current communication session and a session freshness proof. Protection against potential eavesdroppers and intruders is provided by combining cryptographically the elements of the exchange certificate. Further protection is obtained by interrupting the current communication session and opening a new one characterized by a new unique session freshness proof when the exchange counter reaches its maximum value; thus avoiding the risk that the same value of the session freshness keeps being used when the exchange counter is reset to its initial value. Consequently a given pair of values of the session freshness proof and of the exchange counter will never be used more than one time, making eavesdropping and, replaying attacks from intruders more difficult. Preferably, the method used for opening a new communication session uses already known authentication methods based on the common secret key.
-
公开(公告)号:GB2365561B
公开(公告)日:2004-06-16
申请号:GB0030228
申请日:2000-12-12
Applicant: IBM
-
-
-
-
-
-
-
-
-
Search Results
16
records
(took 0.019 seconds)
