公开(公告)号：EP0575281B1

公开(公告)日：1999-11-17

申请号：EP93480060.8

申请日：1993-05-19

申请人： International Business Machines Corporation

发明人： Auerbach, Joshua Seth ,  Chow, Chee-Seng ,  Peters, Marcia Lambert ,  Drake, John Ellis, Jr. ,  Gopal, Prabandham Madan ,  Hervatic, Elizabeth Anne ,  Kaplan, Marc Adam

IPC分类号： H04L12/18

CPC分类号： H04L12/1854 ,  H04L12/185 ,  H04L12/1877 ,  H04L41/00

公开(公告)号：EP0524123B1

公开(公告)日：1999-10-27

申请号：EP92480085.7

申请日：1992-06-22

申请人： International Business Machines Corporation

发明人： Bird, Raymond Frederick ,  Britton, Kathryn Heninger ,  Chung, Tien-Yaw David ,  Edwards, Allan Kendrick ,  Mathew, Johny ,  Pozefsky, Diane Phylis ,  Sarkar, Soumitra ,  Turner, Roger Don ,  Chung, Winston Wen-Kai ,  Yeung, Yue Tak ,  Gray, James Peyton ,  Dykeman, Harold Douglas ,  Doeringer, Willibald August ,  Auerbach, Joshua Seth ,  Wilson, John Hayden

IPC分类号： G06F15/16

CPC分类号： H04L29/06 ,  H04L69/08 ,  H04L69/24

公开(公告)号：EP0798892A3

公开(公告)日：2000-04-26

申请号：EP97301307.1

申请日：1997-02-27

申请人： INTERNATIONAL BUSINESS MACHINES CORPORATION

发明人： Auerbach, Joshua Seth ,  Chow, Chee-Seng ,  Kaplan, Marc Adam ,  Crigler, Jeffrey Charles

IPC分类号： H04L9/32 ,  G07F7/10

CPC分类号： G07F7/08 ,  G07F7/122 ,  G11B2220/2537 ,  H04L9/3247 ,  H04L2209/56 ,  H04L2209/60 ,  H04L2209/608

摘要： A method and apparatus to create, distribute, sell and control access to digital documents using secure cryptographic envelopes. An envelope is an aggregation of information parts, where each of the parts to be protected are encrypted with a corresponding part encryption key. These encrypted information parts along with the other information parts become part of the envelope. Each part encryption key is also encrypted with a public key, and these encrypted part encryption keys are also included in the envelope. The envelope also includes a list of parts where each entry in the list has a part name and a secure hash of the named part. The list is then signed with a secret key to generate a signature, which is also included in the envelope. The signature can be verified using a second public key associated with first secret key, and the integrity of any information part in the envelope can be checked by computing a second hash and comparing it with the corresponding hash in the list of parts. Also, the information content of any encrypted part can only be recovered by knowledge of a second secret key corresponding to the public key that was used to encrypt the part encryption keys.

公开(公告)号：EP0575281A3

公开(公告)日：1996-02-14

申请号：EP93480060.8

申请日：1993-05-19

申请人： International Business Machines Corporation

发明人： Auerbach, Joshua Seth ,  Chow, Chee-Seng ,  Peters, Marcia Lambert ,  Drake, John Ellis, Jr. ,  Gopal, Prabandham Madan ,  Hervatic, Elizabeth Anne ,  Kaplan, Marc Adam

IPC分类号： H04L12/18

CPC分类号： H04L12/1854 ,  H04L12/185 ,  H04L12/1877 ,  H04L41/00

摘要： In a multicast network communication system, administration of the communication path making up the multicast tree itself has been separated from control and administration of the network. Creation of a multicast distribution tree and control over the membership thereof, is separately controlled independently from the creation and use of the tree transmission path used to communicate among the members of a multicast set. Transmission distribution trees are set up when a transmission request is received and the properties of the transmission path that is required are known. Transmission paths are created and controlled by all nodes in the communications system, each node having necessary control code and processors for responding to requests from set members to transmit a message to groups of users by creating and activating the necessary tree communication path distribution linkages. A distribution tree is created by the Tree Leader by generating a tree address using a random number generator. A tree address correlator is generated utilizing network and node identifiers unique for the network, and a list of subnodes or users connected for each member of the multicast tree set is generated. Using this information, a tree distribution path is computed to cover all of the subnodes required and a tree set up request message is sent by the Tree Leader along a computed path to each involved subnode. Each subnode returns a message indicating whether the tree address is already in use or is available for use. Successfully negotiated tree addresses are marked at the path link initiation and termination points at each node through the network.

摘要翻译： 在组播网络通信系统中，构成组播树本身的通信路径的管理与网络的控制和管理分离。 组播分发树的创建和其隶属关系的控制独立于创建和使用用于在组播组的成员之间进行通信的树传输路径。 当接收到发送请求并且已知所需的传输路径的属性时，建立传输分配树。 传输路径由通信系统中的所有节点创建和控制，每个节点具有必要的控制代码和处理器，用于响应来自集成员的请求，通过创建和激活必要的树通信路径分配链接来向用户组发送消息。 树形树通过使用随机数生成器生成树形地址来创建分布树。 使用网络唯一的网络和节点标识符生成树地址相关器，并生成为多播树集的每个成员连接的子节点或用户列表。 使用该信息，计算树分布路径以覆盖所有所需的子节点，并且树形结构请求消息沿着计算的路径发送到每个相关子节点。 每个子节点返回一条消息，指示树状地址是否已在使用或可用。 通过网络在每个节点的路径链接启动和终止点处标记成功协商的树地址。

公开(公告)号：EP0798892B1

公开(公告)日：2006-07-12

申请号：EP97301307.1

申请日：1997-02-27

申请人： International Business Machines Corporation

发明人： Auerbach, Joshua Seth ,  Chow, Chee-Seng ,  Kaplan, Marc Adam ,  Crigler, Jeffrey Charles

IPC分类号： H04L9/32 ,  H04L9/08 ,  G07F7/10

CPC分类号： G07F7/08 ,  G07F7/122 ,  G11B2220/2537 ,  H04L9/3247 ,  H04L2209/56 ,  H04L2209/60 ,  H04L2209/608

公开(公告)号：EP0575279B1

公开(公告)日：2003-07-23

申请号：EP93480056.6

申请日：1993-05-05

申请人： International Business Machines Corporation

发明人： Auerbach, Joshua Seth ,  Drake, John Ellis, Jr. ,  Gopal, Prabandham Madan ,  Hervatic, Elizabeth Anne ,  Kaplan, Marc Adam ,  Kutten, Shay ,  Peters, Marcia Lambert ,  Ward, Michael James

IPC分类号： H04L12/24 ,  H04L12/18 ,  H04L12/56

CPC分类号： H04L12/1854 ,  H04L12/185 ,  H04L12/1877 ,  H04L41/042 ,  H04L2012/5626

公开(公告)号：EP0575279A3

公开(公告)日：1994-08-17

申请号：EP93480056.6

申请日：1993-05-05

申请人： International Business Machines Corporation

发明人： Auerbach, Joshua Seth ,  Drake, John Ellis, Jr. ,  Gopal, Prabandham Madan ,  Hervatic, Elizabeth Anne ,  Kaplan, Marc Adam ,  Kutten, Shay ,  Peters, Marcia Lambert ,  Ward, Michael James

IPC分类号： H04L12/24 ,  H04L12/18 ,  H04L12/56

CPC分类号： H04L12/1854 ,  H04L12/185 ,  H04L12/1877 ,  H04L41/042 ,  H04L2012/5626

摘要： A multinode, multicast communications network has a distributed control for the creation, administration and operational mode selection operative in each of the nodes of the network. Each node is provided with a Set Manager for controlling either creation of, administration or access to a set of users to whom a multicast is to be directed. The Set Manager maintains a record of the local membership of all users associated with the node in which the Set Manager resides. A given Set Manager for each designated set of users is assigned the task of being the Set Leader to maintain membership information about the entire set of users in the multicast group. One of the Set Managers in the communications network is designated to be the Registrar which maintains a list of all the Set Leaders in the network. The Registrar insures that there is one and only one Set Leader for each set of users, answers inquiries about the membership of the sets and directs inquiries to appropriate Set Leaders if necessary. All of the set creation, administration and control functions can therefore be carried out by any node of the system and provision is made to assume the function at a new node when failure or partition in the network occurs.

公开(公告)号：EP0575279A2

公开(公告)日：1993-12-22

申请号：EP93480056.6

申请日：1993-05-05

申请人： International Business Machines Corporation

发明人： Auerbach, Joshua Seth ,  Drake, John Ellis, Jr. ,  Gopal, Prabandham Madan ,  Hervatic, Elizabeth Anne ,  Kaplan, Marc Adam ,  Kutten, Shay ,  Peters, Marcia Lambert ,  Ward, Michael James

IPC分类号： H04L12/24 ,  H04L12/18 ,  H04L12/56

CPC分类号： H04L12/1854 ,  H04L12/185 ,  H04L12/1877 ,  H04L41/042 ,  H04L2012/5626

摘要： A multinode, multicast communications network has a distributed control for the creation, administration and operational mode selection operative in each of the nodes of the network. Each node is provided with a Set Manager for controlling either creation of, administration or access to a set of users to whom a multicast is to be directed. The Set Manager maintains a record of the local membership of all users associated with the node in which the Set Manager resides. A given Set Manager for each designated set of users is assigned the task of being the Set Leader to maintain membership information about the entire set of users in the multicast group. One of the Set Managers in the communications network is designated to be the Registrar which maintains a list of all the Set Leaders in the network. The Registrar insures that there is one and only one Set Leader for each set of users, answers inquiries about the membership of the sets and directs inquiries to appropriate Set Leaders if necessary. All of the set creation, administration and control functions can therefore be carried out by any node of the system and provision is made to assume the function at a new node when failure or partition in the network occurs.

摘要翻译： 多节点组播通信网络具有分布式控制，用于在网络的每个节点中操作的创建，管理和操作模式选择。 每个节点都设有一个集管理器，用于控制要组播多路广播的一组用户的创建，管理或访问。 集合管理器维护与Set Manager所在节点相关联的所有用户的本地成员资格记录。 为每个指定的用户组给定的集合管理器被分配为作为集合领导者的任务以维护关于组播组中的整个用户组的成员关系信息。 通信网络中的集合管理器之一被指定为注册服务商，其维护网络中所有集合领导者的列表。 注册商确保每组用户只有一个，只有一个集合领导，回答关于集合成员的查询，并在必要时向相应的集合领导者查询。 因此，所有集合的创建，管理和控制功能都可以由系统的任何节点执行，并且在网络中发生故障或分区时，提供在新节点上承担功能。

公开(公告)号：EP0798892A2

公开(公告)日：1997-10-01

申请号：EP97301307.1

申请日：1997-02-27

申请人： INTERNATIONAL BUSINESS MACHINES CORPORATION

发明人： Auerbach, Joshua Seth ,  Chow, Chee-Seng ,  Kaplan, Marc Adam ,  Crigler, Jeffrey Charles

IPC分类号： H04L9/32

CPC分类号： G07F7/08 ,  G07F7/122 ,  G11B2220/2537 ,  H04L9/3247 ,  H04L2209/56 ,  H04L2209/60 ,  H04L2209/608

摘要： A method and apparatus to create, distribute, sell and control access to digital documents using secure cryptographic envelopes. An envelope is an aggregation of information parts, where each of the parts to be protected are encrypted with a corresponding part encryption key. These encrypted information parts along with the other information parts become part of the envelope. Each part encryption key is also encrypted with a public key, and these encrypted part encryption keys are also included in the envelope. The envelope also includes a list of parts where each entry in the list has a part name and a secure hash of the named part. The list is then signed with a secret key to generate a signature, which is also included in the envelope. The signature can be verified using a second public key associated with first secret key, and the integrity of any information part in the envelope can be checked by computing a second hash and comparing it with the corresponding hash in the list of parts. Also, the information content of any encrypted part can only be recovered by knowledge of a second secret key corresponding to the public key that was used to encrypt the part encryption keys.

摘要翻译： 使用安全加密信封创建，分发，销售和控制数字文档访问的方法和装置。 信封是信息部分的集合，其中要被保护的每个部分用对应的部分加密密钥加密。 这些加密信息部分与其他信息部分一起成为信封的一部分。 每个部分加密密钥也用公钥加密，这些加密部分加密密钥也包含在信封中。 信封还包括列表，其中列表中的每个条目都具有部件名称和命名部件的安全散列。 然后，该列表用密钥签名以生成签名，其也包括在信封中。 可以使用与第一秘密密钥相关联的第二公钥来验证签名，并且可以通过计算第二散列并将其与部分列表中的相应散列进行比较来检查信封中的任何信息部分的完整性。 而且，任何加密部分的信息内容只能通过与用于加密部分加密密钥的公开密钥对应的第二密钥的知识来恢复。

公开(公告)号：EP0575281A2

公开(公告)日：1993-12-22

申请号：EP93480060.8

申请日：1993-05-19

申请人： International Business Machines Corporation

发明人： Auerbach, Joshua Seth ,  Chow, Chee-Seng ,  Peters, Marcia Lambert ,  Drake, John Ellis, Jr. ,  Gopal, Prabandham Madan ,  Hervatic, Elizabeth Anne ,  Kaplan, Marc Adam

IPC分类号： H04L12/18

CPC分类号： H04L12/1854 ,  H04L12/185 ,  H04L12/1877 ,  H04L41/00

摘要： In a multicast network communication system, administration of the communication path making up the multicast tree itself has been separated from control and administration of the network. Creation of a multicast distribution tree and control over the membership thereof, is separately controlled independently from the creation and use of the tree transmission path used to communicate among the members of a multicast set. Transmission distribution trees are set up when a transmission request is received and the properties of the transmission path that is required are known. Transmission paths are created and controlled by all nodes in the communications system, each node having necessary control code and processors for responding to requests from set members to transmit a message to groups of users by creating and activating the necessary tree communication path distribution linkages. A distribution tree is created by the Tree Leader by generating a tree address using a random number generator. A tree address correlator is generated utilizing network and node identifiers unique for the network, and a list of subnodes or users connected for each member of the multicast tree set is generated. Using this information, a tree distribution path is computed to cover all of the subnodes required and a tree set up request message is sent by the Tree Leader along a computed path to each involved subnode. Each subnode returns a message indicating whether the tree address is already in use or is available for use. Successfully negotiated tree addresses are marked at the path link initiation and termination points at each node through the network.

摘要翻译： 在组播网络通信系统中，构成组播树本身的通信路径的管理与网络的控制和管理分离。 组播分发树的创建和其隶属关系的控制独立于创建和使用用于在组播组的成员之间进行通信的树传输路径。 当接收到发送请求并且已知所需的传输路径的属性时，建立传输分配树。 传输路径由通信系统中的所有节点创建和控制，每个节点具有必要的控制代码和处理器，用于响应来自集成员的请求，通过创建和激活必要的树通信路径分配链接来向用户组发送消息。 树形树通过使用随机数生成器生成树形地址来创建分布树。 使用网络唯一的网络和节点标识符生成树地址相关器，并生成为多播树集的每个成员连接的子节点或用户列表。 使用该信息，计算树分布路径以覆盖所有所需的子节点，并且树形结构请求消息沿着计算的路径发送到每个相关子节点。 每个子节点返回一条消息，指示树状地址是否已在使用或可用。 通过网络在每个节点的路径链接启动和终止点处标记成功协商的树地址。