利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

13 条记录 (耗时 0.03 秒)

    Exchange certificate for one way validation of information
    1.
    发明授权
    Exchange certificate for one way validation of information 失效
    交换证书,单向验证信息

    公开(公告)号:US5515439A

    公开(公告)日:1996-05-07

    申请号:US336605

    申请日:1994-11-09

    申请人: David Bantz Frederic Bauchot Eliane D. Bello Shay Kutten Hugo Krawczyk Amir Herzberg Yishay Mansour

    发明人: David Bantz Frederic Bauchot Eliane D. Bello Shay Kutten Hugo Krawczyk Amir Herzberg Yishay Mansour

    IPC分类号: G09C1/00 H04J13/00 H04L9/06 H04L9/08 H04L9/14 H04L9/16 H04L9/30 H04L9/32

    CPC分类号: H04L9/0844 H04L9/0891 H04L2209/80

    摘要: In a communications system, a method is described allowing two users having established a communication session identified by a unique session freshness proof, to transmit and validate a new value of a variable by using an exchange certificate which combines the following elements: the new value of the variable, a common secret key known by both users, an exchange counter representative of the number of values of said variable transmitted between the two users during the current communication session and a session freshness proof. Protection against potential eavesdroppers and intruders is provided by combining cryptographically the elements of the exchange certificate. Further protection is obtained by interrupting the current communication session and opening a new one characterized by a new unique session freshness proof when the exchange counter reaches its maximum value; thus avoiding the risk that the same value of the session freshness keeps being used when the exchange counter is reset to its initial value. Consequently a given pair of values of the session freshness proof and of the exchange counter will never be used more than one time, making eavesdropping and, replaying attacks from intruders more difficult. Preferably, the method used for opening a new communication session uses already known authentication methods based on the common secret key.

    摘要翻译: 在通信系统中,描述了允许两个用户已经建立了通过唯一会话新鲜度证明来识别的通信会话的方法,通过使用组合以下元素的交换证书来发送和验证变量的新值:新值 所述变量,两个用户已知的公用秘密密钥,表示在当前通信会话期间在两个用户之间传送的所述变量的值的数量的交换计数器和会话新鲜度证明。 通过加密地组合交换证书的元素来提供对潜在窃听者和入侵者的保护。 当交换计数器达到最大值时,通过中断当前通信会话并打开一个新特性的新特性会话新鲜度证明来获得进一步的保护; 从而避免当交换计数器重置为其初始值时会话新鲜度相同的值被使用的风险。 因此,会话新鲜度证明和交换计数器的一对给定的值将永远不会被使用一次以上,从而使得窃听和重播来自入侵者的攻击更加困难。 优选地,用于打开新的通信会话的方法使用已知的基于公用秘密密钥的认证方法。

    Dynamic user registration method in a mobile communications network
    2.
    发明授权
    Dynamic user registration method in a mobile communications network 失效
    移动通信网络中的动态用户注册方法

    公开(公告)号:US5519706A

    公开(公告)日:1996-05-21

    申请号:US267689

    申请日:1994-06-28

    申请人: David Bantz Frederic Bauchot Eliane D. Bello Shay Kutten Hugo Krawczyk

    发明人: David Bantz Frederic Bauchot Eliane D. Bello Shay Kutten Hugo Krawczyk

    IPC分类号: G09C1/00 H04J13/00 H04L9/06 H04L9/08 H04L9/14 H04L9/16 H04L9/30 H04L9/32 H04J3/02

    CPC分类号: H04L9/0844 H04L9/0891 H04L2209/80

    摘要: In a communications system comprising a number of base stations, each base station communicating over a shared communication channel with a plurality of registered stations and controlling the network cell formed by said plurality of registered stations, a method is described for dynamically registering and deregistering mobile stations. Each station owns a unique address and is allocated a local identifier at registration time. Each network cell owns a unique cell identifier known to all registered stations belonging to this network cell. Base stations manage cell members data uniquely associating the unique address and the local identifier corresponding to each one of the mobile stations belonging to their network cell. A registration request is sent to a selected base station by a registering mobile station, comprising the unique cell identifier of the network cell controlled by the selected base station and the unique address of the registering mobile station; the selected base station detects in its cell members data any conflicting registered station whose unique address matches the unique address of the registering mobile station and sends an address check packet to any conflicting registered station, comprising the unique address of the conflicting registered station, its local identifier and the identifier of the network cell it controls. A receiving registered mobile station sends to the selected base station, an acknowledgement to the address check packet if its unique address, the local identifier of its owning base station and its network cell identifier all match with the ones carried by the address check packet. The selected base station rejects the registration request it it receives an acknowledgement to its address check packet. The same address check packet is used to deregister inactive stations.

    摘要翻译: 在包括多个基站的通信系统中,每个基站通过共享通信信道与多个注册站进行通信并控制由所述多个注册站形成的网络小区,描述了一种动态登记和注销移动站的方法 。 每个站拥有唯一的地址,并在注册时分配一个本地标识符。 每个网络小区拥有属于该网络小区的所有注册站所知的唯一小区标识符。 基站管理对应于属于其网络小区的移动站中的每一个的唯一地址和本地标识的小区成员数据。 注册请求由注册移动台发送到所选择的基站,包括由所选择的基站控制的网络小区的唯一小区标识符和注册移动台的唯一地址; 所选择的基站在其小区成员数据中检测其唯一地址与注册移动站的唯一地址匹配的冲突注册站,并将地址检查分组发送到任何冲突的注册站,包括冲突注册站的唯一地址,其本地 标识符及其控制的网络单元的标识符。 接收登记的移动台如果其唯一地址,其拥有的基站的本地标识符及其网络小区标识符与地址检查分组携带的唯一地址一致,则向所选择的基站发送对地址检查分组的确认。 所选择的基站拒绝其接收到其地址检查分组的确认的注册请求。 相同的地址检查数据包用于取消注册非活动站。

    Secure message authentication for binary additive stream cipher systems
    3.
    发明授权
    Secure message authentication for binary additive stream cipher systems 失效
    二进制加密流密码系统的安全消息认证

    公开(公告)号:US5345507A

    公开(公告)日:1994-09-06

    申请号:US118080

    申请日:1993-09-08

    申请人: Amir Herzberg Hugo M. Krawczyk Shay Kutten Yishay Mansour

    发明人: Amir Herzberg Hugo M. Krawczyk Shay Kutten Yishay Mansour

    IPC分类号: G09C1/00 G06F21/20 H04L9/20 H04L9/22 H04L9/30 H04L9/32 H04L9/28

    CPC分类号: H04L9/32 H04L9/0631 H04L9/0662 H04L9/3026 H04L9/3242 H04L2209/125 H04L2209/20

    摘要: A method of verifying the authenticity of a message transmitted from a sender to a receiver in a communication system is partitioned into three stages. In the first stage, a key is secretly exchanged between the sender and receiver. This key is a binary irreducible polynomial p(x) of degree n. In addition, the sender and receiver share an encryption key composed of a stream of secret random, or pseudo-random bits. In the second stage, the sender appends a leading non-zero string of bits, which, in the simplest case, may be a single "1" bit, and n tail bits "0" to M to generate an augmented message, this augmented message considered as a polynomial having coefficients corresponding to the message bits. If the length of the message is known and cryptographically verified, then there is no need for a leading "1". The sender then computes a polynomial residue resulting from the division of the augmented message polynomial generated by the key polynomial p(x) exchanged by the sender and receiver. The sender encrypts the computed residue. Preferably, the encryption is done by performing a bitwise Exclusive OR operation between the bits of the residue and the stream of secret bits shared by the sender and receiver. The sender then transmits the message M and the encrypted residue. The third stage is performed by the receiver by decrypting the transmitted encrypted residue at the time of reception. The receiver then appends the decrypted residue to the end of the received message M to obtain a combined bit stream M'. The receiver computes the residue of the division between the binary polynomial represented by the bit stream M' and the key polynomial p(x) exchanged by the sender and receiver. The receiver accepts a received message M as authentic only if the residue computed is zero.

    摘要翻译: 在通信系统中验证从发送方发送到接收方的消息的真实性的方法被划分为三个阶段。 在第一阶段,密钥在发送方和接收方之间秘密交换。 该密钥是度数n的二进制不可约多项式p(x)。 此外,发送方和接收方共享由秘密随机或伪随机比特流组成的加密密钥。 在第二阶段,发送方附加一个前导的非零字符串比特,最简单的情况是,它们可以是单个“1”比特,并且n个尾比特“0”到M以产生增强的消息, 消息被认为是具有对应于消息比特的系数的多项式。 如果消息的长度已知且经密码验证,则不需要引导“1”。 然后,发送者计算由由发送者和接收者交换的密钥多项式p(x)生成的增强消息多项式的除法产生的多项式残差。 发送方加密计算的残差。 优选地,通过在残差的比特和由发送者和接收者共享的秘密比特流之间执行按位异或运算来完成加密。 然后,发送者发送消息M和加密的残留。 第三级由接收机通过在接收时对发送的加密残留进行解密来执行。 然后,接收器将解密后的残差附加到接收到的消息M的结尾,以获得组合比特流M'。 接收机计算由比特流M'表示的二进制多项式与由发送方和接收方交换的密钥多项式p(x)之间的除法余数。 只有当计算的残差为零时,接收方才接收接收到的消息M。

    Method and system for key distribution and authentication in a data communication network
    4.
    发明授权
    Method and system for key distribution and authentication in a data communication network 失效
    数据通信网络中密钥分发和认证的方法和系统

    公开(公告)号:US5539824A

    公开(公告)日:1996-07-23

    申请号:US348656

    申请日:1994-12-02

    申请人: Ronald E. Bjorklund Frederic Bauchot Michele M. Wetterwald Shay Kutten Amir Herzberg

    发明人: Ronald E. Bjorklund Frederic Bauchot Michele M. Wetterwald Shay Kutten Amir Herzberg

    IPC分类号: G09C1/00 H04L9/08 H04L9/32 H04N9/32

    CPC分类号: H04L9/0836 H04L9/321 H04L2209/80

    摘要: This invention deals with a safe key distribution and authentication in a data communication network (e.g. wireless LAN type of network).The network includes a network manager to which are connected, via a LAN wired circuit, one or more base stations. Individual remote stations are, in turn, wirelessly connected to an installed base station.One essential function for achieving security in such a network, is a mechanism to reliably authenticate the exchanges of data between communicating parties. This involves the establishment of session keys, which keys need to be distributed safely to the network components. An original and safe method is provided with this invention for key distribution and authentication during network installation, said method including using the first installed base station for generating a network key and a backbone key, and then using said first installed base station for subsequent remote station or additional base station installations while avoiding communicating said network key.

    摘要翻译: 本发明涉及数据通信网络(例如,无线LAN类型的网络)中的安全密钥分发和认证。 该网络包括经由LAN有线电路连接到一个或多个基站的网络管理器。 反过来,各个远程站无线连接到已安装的基站。 在这种网络中实现安全性的一个基本功能是可靠地认证通信方之间数据交换的机制。 这涉及建立会话密钥,这些密钥需要安全地分发给网络组件。 本发明提供了一种用于网络安装期间的密钥分发和认证的原始和安全的方法,所述方法包括使用第一安装的基站生成网络密钥和骨干密钥,然后使用所述第一安装的基站用于后续的远程站 或附加的基站安装,同时避免通信所述网络密钥。

    Multi-party secure session/conference
    5.
    发明授权
    Multi-party secure session/conference 失效
    多方安全会议/会议

    公开(公告)号:US5369705A

    公开(公告)日:1994-11-29

    申请号:US892852

    申请日:1992-06-03

    申请人: Raymond F. Bird Amir Herzberg Philippe A. Janson Shay Kutten Refik A. Molva Marcel M. Yung

    发明人: Raymond F. Bird Amir Herzberg Philippe A. Janson Shay Kutten Refik A. Molva Marcel M. Yung

    IPC分类号: G06F13/00 G09C1/00 H04L9/08 H04L9/32

    CPC分类号: H04L9/0833

    摘要: A method and apparatus for providing authentication among a dynamically selected group of users in a communication system with a dynamically changing network topology. With this invention, freshness information and alleged identity information are transmitted from each of the users in the group using available paths in the network. A group key is then generated, and coded information, derived from the group key and the above transmitted information, is sent to each of the users. Each unit of coded information is accompanied by an identifying tag so as to identify which of the users is to use the appropriate unit of coded information. Each alleged user will then extract the group key from a corresponding coded information unit only if it shares an appropriate secret with a server. Without knowledge of the group key, a user cannot be authenticated.

    摘要翻译: 一种在具有动态变化的网络拓扑的通信系统中的动态选择的用户组之间提供认证的方法和装置。 利用本发明,使用网络中的可用路径从组中的每个用户发送新鲜度信息和所指称的身份信息。 然后生成组密钥,并将从组密钥和上述发送的信息导出的编码信息发送给每个用户。 编码信息的每个单元都附有识别标签,以便识别哪个用户使用适当的编码信息单元。 然后,每个被指称的用户只有在与服务器共享适当的秘密时,才从相应的编码信息单元中提取组密钥。 不知道组密钥,用户不能被认证。

    Method and apparatus for authenticating users of a communication system to each other
    8.
    发明授权
    Method and apparatus for authenticating users of a communication system to each other 失效
    用于将每个其他通信系统的用户认证的方法和装置

    公开(公告)号:US5202921A

    公开(公告)日:1993-04-13

    申请号:US678474

    申请日:1991-04-01

    申请人: Amir Herzberg Shay Kutten Marcel M. Yung

    发明人: Amir Herzberg Shay Kutten Marcel M. Yung

    IPC分类号: H04M3/42 G06F21/20 H04L9/08 H04L9/30 H04L9/32

    CPC分类号: H04L9/0836 H04L63/062 H04L63/08 H04L9/0866 H04L9/3273

    摘要: Method and apparatus for authenticating users (entities) of a computer network based on the entity's identification is described. Keys for each party of a potential session are derived by projections stored at each party's location. The projections are based on a partially computed function which can be in encryption by some key of the user identification or a multivariable polynomial or other function which is partially evaluated for one user's identification. Each user evaluates his projection with the other user/party's identification. The evaluated quantities are compared using a validation routine. The method requires only one basic piece of information, the projection to be distributed to each user, and does not need specific keys for specific users (or other users' information stored in one user's memory or global network). The method enables adding users to the system directory in a flexible way, without having to notify users of the addition. The method applies to communication heirarchies and inter-domain communication, as well.