摘要:
In a communications system comprising a number of base stations, each base station communicating over a shared communication channel with a plurality of registered stations and controlling the network cell formed by said plurality of registered stations, a method is described for dynamically registering and deregistering mobile stations. Each station owns a unique address and is allocated a local identifier at registration time. Each network cell owns a unique cell identifier known to all registered stations belonging to this network cell. Base stations manage cell members data uniquely associating the unique address and the local identifier corresponding to each one of the mobile stations belonging to their network cell. A registration request is sent to a selected base station by a registering mobile station, comprising the unique cell identifier of the network cell controlled by the selected base station and the unique address of the registering mobile station; the selected base station detects in its cell members data any conflicting registered station whose unique address matches the unique address of the registering mobile station and sends an address check packet to any conflicting registered station, comprising the unique address of the conflicting registered station, its local identifier and the identifier of the network cell it controls. A receiving registered mobile station sends to the selected base station, an acknowledgement to the address check packet if its unique address, the local identifier of its owning base station and its network cell identifier all match with the ones carried by the address check packet. The selected base station rejects the registration request it it receives an acknowledgement to its address check packet. The same address check packet is used to deregister inactive stations.
摘要:
A method and apparatus for providing authentication among a dynamically selected group of users in a communication system with a dynamically changing network topology. With this invention, freshness information and alleged identity information are transmitted from each of the users in the group using available paths in the network. A group key is then generated, and coded information, derived from the group key and the above transmitted information, is sent to each of the users. Each unit of coded information is accompanied by an identifying tag so as to identify which of the users is to use the appropriate unit of coded information. Each alleged user will then extract the group key from a corresponding coded information unit only if it shares an appropriate secret with a server. Without knowledge of the group key, a user cannot be authenticated.
摘要:
This invention deals with a safe key distribution and authentication in a data communication network (e.g. wireless LAN type of network).The network includes a network manager to which are connected, via a LAN wired circuit, one or more base stations. Individual remote stations are, in turn, wirelessly connected to an installed base station.One essential function for achieving security in such a network, is a mechanism to reliably authenticate the exchanges of data between communicating parties. This involves the establishment of session keys, which keys need to be distributed safely to the network components. An original and safe method is provided with this invention for key distribution and authentication during network installation, said method including using the first installed base station for generating a network key and a backbone key, and then using said first installed base station for subsequent remote station or additional base station installations while avoiding communicating said network key.
摘要:
In a communications system, a method is described allowing two users having established a communication session identified by a unique session freshness proof, to transmit and validate a new value of a variable by using an exchange certificate which combines the following elements: the new value of the variable, a common secret key known by both users, an exchange counter representative of the number of values of said variable transmitted between the two users during the current communication session and a session freshness proof. Protection against potential eavesdroppers and intruders is provided by combining cryptographically the elements of the exchange certificate. Further protection is obtained by interrupting the current communication session and opening a new one characterized by a new unique session freshness proof when the exchange counter reaches its maximum value; thus avoiding the risk that the same value of the session freshness keeps being used when the exchange counter is reset to its initial value. Consequently a given pair of values of the session freshness proof and of the exchange counter will never be used more than one time, making eavesdropping and, replaying attacks from intruders more difficult. Preferably, the method used for opening a new communication session uses already known authentication methods based on the common secret key.
摘要:
A system for identifying the authorized receiver of any particular copy of a document. More specifically, each particular copy of a document is fingerprinted by applying a set of variations to a document, where each variation is a change in data contents, but does not change the meaning or perusal experience of the document. A database associating a set of variants to a receiver is maintained. Thus any variant or copy of that variant can be traced to an authorized receiver.
摘要:
A packet communications network in which multicast transmissions are made reliable by transmitting acknowledgements to all neighbors of every receiving node, including the source node. This allows the relinquishment of message holding buffers as soon as all near neighbors acknowledge receipt of the message after only tile longest round trip time to the nearest neighbors, rather than the round trip to the furthest destination. Moreover, highly reliable ancillary point-to-point transmission facilities can be used to retransmit multicast messages indicated as being lost by failure of acknowledgment. Finally, network partitions occurring during the multicast procedure do not necessarily lose the multicast message to the remote partitions since any node receiving the message can insure delivery to all other nodes in that partition.
摘要:
An arrangement of authenticating communications network users and means for carrying out the arrangement. A first challenge N1 is transmitted from a first user A to a second user B. In response to the first challenge, B transmits a first response and second challenge N2 to A. A verifies the first response. A then generates and transmits a second response to the second challenge to B, where the second response is verified. The first response must be of a minimum formf(S1, N1, . . . ),and the second response must be of the minimum formg(S2, N2, . . . ).S1 and S2 are shared secrets between A and B. f() and g() are selected such that the equationf'(s1,N1', . . . )=g(S2, N2)cannot be solved for N1' without knowledge of S1 and S2. f'() and N1' represent expressions on a second reference connection. Preferably, the function f() may include the direction D1 of the flow of the message containing f(), as in f(s1, N1, D1, . . . ). In such a case, f() is selected such that the equationf'(S,N1',D1', . . . )=f(S, N2, D1, . . . )cannot be solved for N1' without knowledge of S1 and S2 and D1' is the flow direction indicator of the message containing f'() on the reference connection.
摘要:
A method and system for detecting authorized programs within a data processing system. The present invention creates a validation structure for validating a program. The validation structure is embedded in the program and in response to an initiation of the program, a determination is made as to whether the program is an authorized program. The determination is made using the validation structure.
摘要:
A method and system for detecting authorized programs within a data processing system. The present invention creates a validation structure for validating a program. The validation structure is embedded in the program and in response to an initiation of the program, a determination is made as to whether the program is an authorized program. The determination is made using the validation structure.
摘要:
A multinode, multicast communications network has a distributed control for the creation, administration and operational mode selection operative in each of the nodes of the network. Each node is provided with a Set Manager for controlling either creation of, administration or access to a set of users to whom a multicast is to be directed. The Set Manager maintains a record of the local membership of all users associated with the node in which the Set Manager resides. A given Set Manager for each designated set of users is assigned the task of being the Set Leader to maintain membership information about the entire set of users in the multicast group. One of the Set Managers in the communications network is designated to be the Registrar which maintains a list of all the Set Leaders in the network. The Registrar insures that there is one and only one Set Leader for each set of users, answers inquiries about the membership of the sets and directs inquiries to appropriate Set Leaders if necessary. All of the set creation, administration and control functions can therefore be carried out by any node of the system and provision is made to assume the function at a new node when failure or partition in the network occurs.