Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1998-08-21
2001-10-09
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C713S179000
Reexamination Certificate
active
06301662
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates generally to data networks and, more specifically, the present invention relates to transferring routing data in a data network.
2. Background Information
Data networks allow many computers or network resources to be connected together over short and long distances for countless numbers of purposes. There are many types of topologies that may be used when linking together the resources of a network. For example, resources in a network may be connected in a star configuration, a bus configuration, a ring configuration, or a combination of these topologies. As such, there may be more than one path from one box to another box in the network. In addition, the topology of the network may dynamically change as links in the network may sometimes be introduced or removed without notice.
In many networks, information is routed throughout the network using packets. Routing protocols of the network dynamically configure and distribute information regarding the topology of the network among the boxes, such as for example routers, in the network. There are many known routing protocols for distributing routing data among the routers of a network regarding the topology of a network. Some of these known protocols include Routing Information Protocol (RIP), the Open Shortest Path First (OSPF), Distance Vector Multicast Routing Protocol (DVMRP), Multicast Open Shortest Path First (MOSPF), Protocol-Independent Multicast (PIM), to name a few. In OSPF, the routing data that is transferring among the routers is included in a link state advertisement (LSA).
By sharing the information regarding the topology of the network, or routing data, the boxes in the network are able to learn of all of the various paths throughout the network to communicate with one another. The routing data each box receives may be used as a basis when determining a “best” path for forwarding packets through the network from the source box to the destination box. Naturally, it is important that the routing data received by each box or router in the network is correct. Without accurate routing data, the data packets that are transmitted throughout the network may not reach their intended destination.
A concern for network engineers is that the transferring of the routing data among the routers on boxes in the network and may be subject to attack. For instance, an intruder may intercept packets containing routing data and modify the routing data to disrupt network communications. In another example, the routing data contained in the packets may be corrupted because of other problems in the links such as for example faulty communications lines. In either case, incorrect routing data transferred among the boxes in the network may have the undesired consequence of disrupting network communications.
SUMMARY OF THE INVENTION
A method and an apparatus for authenticating routing data in a network is disclosed. In one embodiment, an adjustable tag length is determined for the output of a variable output length one-way function. The variable output length one-way function is performed on routing data to generate a tag having a length of the adjustable tag length. The routing data and the tag are transferred from one box in the network to another box in the network. Additional features and benefits of the present invention will become apparent from the detailed description, figures and claims set forth below.
REFERENCES:
patent: 6023471 (2000-02-01), Haddock et al.
patent: 6101255 (2000-08-01), Harrison et al.
patent: 6111660 (2000-08-01), Murray
patent: 6115392 (2000-09-01), Nomura
Y. Zheng, et al., “HAVAL—A One-Way Hashing Algorithm with Variable Length of Output,” Centre for Computer Security Research, Univ. of Wollongong, Australia, Jul. 28, 1994.
B.R. Smith, et al., Securing Distance-Vector Routing Protocols, IEEE, 1997.
K.E. Sirois and S.T. Kent, “Securing the Nimrod Routing Architecture,” IEEE, 1997.
K. Zhang, “Efficient Protocols for Signing Routing Messages,” Cambridge Univ. Computer Laboratory, Cambridge, UK.
S.L. Murphy and M.R. Badger, “Digital Signature Protection of the OSPF Routing Protocol,” IEEE, 1996.
R. Hauser, et al., “Reducing the Cost of Security in Link-State Routing,” IEEE, 1997.
S. Murphy, et al., “OSPF with Digital Signatures,” RFC 2154, Jun. 1997.
T. Pusateri, “Multicast Routing Protocol Security,” Internet Draft, Aug. 1998.
R. Rivest, “The MD5 Message-Digest Algorithm,” RFC 1321, Apr. 1992.
A. Heffernan, “Protection of BGP Sessions Via the TCP MD5 Signature Option,”Internet Draft, Mar. 12, 1998.
J. Moy, “OSPF Version 2,” RFC 1583, Mar. 1994.
Blakely , Sokoloff, Taylor & Zafman LLP
Nortel Networks Corporation
Peeso Thomas R.
LandOfFree
Authentication of routing data using variable output length... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Authentication of routing data using variable output length..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Authentication of routing data using variable output length... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2595360