-
公开(公告)号:DE69325957T2
公开(公告)日:2000-03-30
申请号:DE69325957
申请日:1993-05-19
Applicant: IBM
Inventor: CIDON ISRAEL , DAVENPORT DAVID WILLIAM , DERBY JEFFREY HASKELL , DUDLEY JOHN GARY , GOPAL INDER SARAT , JANNIELLO JAMES PATRICK , KAPLAN MARC ADAM , KOPERDA FRANK RICHARD , POTTER KENNETH HARVEY , KUTTEN SHAY
Abstract: A packet communications system provides for point-to-point packet routing and broadcast packet routing to limited subsets of nodes in the network, using a routing field in the packet header which is processed according to two different protocols. A third protocol is provided in which a packet can be broadcast to the limited subset even when launched from a node which is not a member of the subset. The routing field includes a first portion which contains the route labels necessary to deliver the packet to the broadcast subset. A second portion of the routing field contains the broadcast subset identifier which can then be used to deliver the packet to all of the members of the broadcast subset. Provision is made to backtrack deliver the packet to the last node identified before the broadcast subset if that last node is itself a member of the subset.
-
公开(公告)号:DE69221017D1
公开(公告)日:1997-09-04
申请号:DE69221017
申请日:1992-03-13
Applicant: IBM
Inventor: HERZBERG AMIR , KUTTEN SHAY , YUNG MARCEL MORDECHAY
Abstract: Method and apparatus for authenticating users (entities) of a computer network based on the entity's identification is described. Keys for each party of a potential session are derived by projections stored at each party's location. The projections are based on a partially computed function which can be in encryption by some key of the user identification or a multivariable polynomial or other function which is partially evaluated for one user's identification. Each user evaluates his projection with the other user/party's identification. The evaluated quantities are compared using a validation routine. The method requires only one basic piece of information, the projection to be distributed to each user, and does not need specific keys for specific users (or other users' information stored in one user's memory or global network). The method enables adding users to the system directory in a flexible way, without having to notify users of the addition. The method applies to communication heirarchies and inter-domain communication, as well.
-
公开(公告)号:DE69213062T2
公开(公告)日:1997-03-13
申请号:DE69213062
申请日:1992-02-11
Applicant: IBM
Inventor: BIRD RAYMOND FREDERICK , GOPAL INDER SARAT , JANSON PHILIPPE ARNAUD , KUTTEN SHAY , MOLVA REFIK AHMET , YUNG MARCEL MORDECHAI
Abstract: A arrangement of authenticating communications network users and means for carrying out the arrangement. A first challenge N1 is transmitted from a first user A to a second user B (300). In response to the first challenge, B generates and transmits a first response to the challenge and second challenge N2 to A. A verifies that the first response is correct. A then generates and transmits a second response to the second challenge to B, where the second response is verified. The first response must be of a minimum form and the second response must be of the minimum form S1 and S2 are shared secrets between A and B. S1 may or may not equal to S2, In addition, f() and g() are selected such that the equation cannot be solved for N1 min without knowledge of S1 and S2. f min () and N1 min represent expressions on a second reference connection. Preferably, the function f() may include the direction D1 of flow of the message containing f(), as in f(S1, N1, D1,...). In such a case, f() is selected such that the equation cannot be solved for N1 min without knowledge of S1 and S2. In this equation, D1 min is the flow direction indicator of the message containing f min () on the reference connection. Specific protocols satisfying this condition are protected from so-called intercept attacks.
-
公开(公告)号:DE69333105T2
公开(公告)日:2004-06-03
申请号:DE69333105
申请日:1993-05-05
Applicant: IBM
Inventor: AUERBACH JOSHUA SETH , DRAKE JR , GOPAL PRABANDHAM MADAN , HERVATIC ELIZABETH ANNE , KAPLAN MARC ADAM , KUTTEN SHAY , PETERS MARCIA LAMBERT , WARD MICHAEL JAMES
Abstract: A multinode, multicast communications network has a distributed control for the creation, administration and operational mode selection operative in each of the nodes of the network. Each node is provided with a Set Manager for controlling either creation of, administration or access to a set of users to whom a multicast is to be directed. The Set Manager maintains a record of the local membership of all users associated with the node in which the Set Manager resides. A given Set Manager for each designated set of users is assigned the task of being the Set Leader to maintain membership information about the entire set of users in the multicast group. One of the Set Managers in the communications network is designated to be the Registrar which maintains a list of all the Set Leaders in the network. The Registrar insures that there is one and only one Set Leader for each set of users, answers inquiries about the membership of the sets and directs inquiries to appropriate Set Leaders if necessary. All of the set creation, administration and control functions can therefore be carried out by any node of the system and provision is made to assume the function at a new node when failure or partition in the network occurs.
-
公开(公告)号:DE69330065D1
公开(公告)日:2001-05-03
申请号:DE69330065
申请日:1993-12-08
Applicant: IBM
Inventor: BJORKLUND RONALD EINAR , BAUCHOT FREDERIC , WETTERWALD MICHELE MARIE , KUTTEN SHAY , HERZBERG AMIR
-
Patent Agency Ranking
公开(公告)号:CA2094410C
公开(公告)日:1998-05-05
申请号:CA2094410
申请日:1993-04-20
Applicant: IBM
Inventor: HERVATIC ELIZABETH ANNE , KAPLAN MARC ADAM , KUTTEN SHAY , WARD MICHAEL JAMES , PETERS MARCIA LAMBERT , GOPAL PRABANDHAM MADAN , DRAKE JOHN ELLIS JR , AUERBACH JOSHUA SETH
Abstract: A multinode, multicast communications network has a distributed control for the creation, administration and operational mode selection operative in each of the nodes of the network. Each node is provided with a Set Manager for controlling either creation of, administration or access to a set of users to whom a multicast is to be directed. The Set Manager maintains a record of the local membership of all users associated with the node in which the Set Manager resides. A given Set Manager for each designated set of users is assigned the task of being the Set Leader to maintain membership information about the entire set of users in the multicast group. One of the Set Managers in the communications network is designated to be the Registrar which maintains a list of all the Set Leaders in the network. The Registrar insures that there is one and only one Set Leader for each set of users, answers inquiries about the membership of the sets and directs inquiries to appropriate Set Leaders if necessary. All of the set creation, administration and control functions can therefore be carried out by any node of the system and provision is made to assume the function at a new node when failure or partition in the network occurs.
-
公开(公告)号:AU3839093A
公开(公告)日:1993-12-23
申请号:AU3839093
申请日:1993-05-06
Applicant: IBM
Inventor: AUERBACH JOSHUA SETH , DRAKE JOHN ELLIS JR , GOPAL PRABANDHAM MADAN , HERVATIC ELIZABETH ANNE , KAPLAN MARC ADAM , KUTTEN SHAY , PETERS MARCIA LAMBERT , WARD MICHAEL JAMES
Abstract: A multinode, multicast communications network has a distributed control for the creation, administration and operational mode selection operative in each of the nodes of the network. Each node is provided with a Set Manager for controlling either creation of, administration or access to a set of users to whom a multicast is to be directed. The Set Manager maintains a record of the local membership of all users associated with the node in which the Set Manager resides. A given Set Manager for each designated set of users is assigned the task of being the Set Leader to maintain membership information about the entire set of users in the multicast group. One of the Set Managers in the communications network is designated to be the Registrar which maintains a list of all the Set Leaders in the network. The Registrar insures that there is one and only one Set Leader for each set of users, answers inquiries about the membership of the sets and directs inquiries to appropriate Set Leaders if necessary. All of the set creation, administration and control functions can therefore be carried out by any node of the system and provision is made to assume the function at a new node when failure or partition in the network occurs.
-
公开(公告)号:AT245877T
公开(公告)日:2003-08-15
申请号:AT93480056
申请日:1993-05-05
Applicant: IBM
Inventor: AUERBACH JOSHUA SETH , DRAKE JOHN ELLIS JR , GOPAL PRABANDHAM MADAN , HERVATIC ELIZABETH ANNE , KAPLAN MARC ADAM , KUTTEN SHAY , PETERS MARCIA LAMBERT , WARD MICHAEL JAMES
Abstract: A multinode, multicast communications network has a distributed control for the creation, administration and operational mode selection operative in each of the nodes of the network. Each node is provided with a Set Manager for controlling either creation of, administration or access to a set of users to whom a multicast is to be directed. The Set Manager maintains a record of the local membership of all users associated with the node in which the Set Manager resides. A given Set Manager for each designated set of users is assigned the task of being the Set Leader to maintain membership information about the entire set of users in the multicast group. One of the Set Managers in the communications network is designated to be the Registrar which maintains a list of all the Set Leaders in the network. The Registrar insures that there is one and only one Set Leader for each set of users, answers inquiries about the membership of the sets and directs inquiries to appropriate Set Leaders if necessary. All of the set creation, administration and control functions can therefore be carried out by any node of the system and provision is made to assume the function at a new node when failure or partition in the network occurs.
-
公开(公告)号:DE69521977D1
公开(公告)日:2001-09-06
申请号:DE69521977
申请日:1995-11-28
Applicant: IBM
Inventor: HERZBERG AMIR , KRAWCZYK HUGO M , KUTTEN SHAY , VAN LE AN , MATYAS STEPHEN M , YUNG MARCEL M
Abstract: A method and system for detecting authorized programs within a data processing system. The present invention creates a validation structure for validating a program. The validation structure is embedded in the program and in response to an initiation of the program, a determination is made as to whether the program is an authorized program. The determination is made using the validation structure.
-
10.发明专利
公开(公告)号:CA2130396C
公开(公告)日:1998-03-31
申请号:CA2130396
申请日:1994-08-18
Applicant: IBM
Inventor: BJORKLUND RONALD E , BAUCHOT FREDERIC , WETTERWALD MICHELE M , HERZBERG AMIR , KUTTEN SHAY
Abstract: This invention deals with a safe key distribution and authentication in a data communication network (e.g. wireless LAN type of network). The network includes a network manager to which are connected, via a LAN wired circuit, one or more base stations. Individual remote stations are, in turn, wirelessly connected to an installed base station. One essential function for achieving security in such a network, is a mechanism to reliably authenticate the exchanges of data between communicating parties. This involves the establishment of session keys, which keys need to be distributed safely to the network components. An original and safe method is provided with this invention for key distribution and authentication during network installation, said method including using the first installed base station for generating a network key and a backbone key, and then using said first installed base station for subsequent remote station or additional base station installations while avoiding communicating said network key.
-
-
-
-
-
-
-
-
-
Search Results
26
records
(took 0.016 seconds)
