Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
2003-11-14
2009-08-11
Vu, Kimyen (Department: 2435)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C713S166000
Reexamination Certificate
active
07574603
ABSTRACT:
A method for authenticating and negotiating security parameters among two or more network devices is disclosed. The method has a plurality of modes including a plurality of messages exchanged between the two or more network devices. In a main mode, the two or more network devices establish a secure channel and select security parameters to be used during a quick mode and a user mode. In the quick mode, the two or more computers derive a set of keys to secure data sent according to a security protocol. The optional user mode provides a means of authenticating one or more users associated with the two or more network devices. A portion of the quick mode is conducted during the main mode thereby minimizing the plurality of messages that need to be exchanged between the initiator and the responder.
REFERENCES:
patent: 5220603 (1993-06-01), Parker
patent: 5241594 (1993-08-01), Kung
patent: 5442342 (1995-08-01), Kung
patent: 5515441 (1996-05-01), Faucher
patent: 5544322 (1996-08-01), Cheng
patent: 5815574 (1998-09-01), Fortinsky
patent: 6170057 (2001-01-01), Inoue et al.
patent: 6330562 (2001-12-01), Boden et al.
patent: 6643774 (2003-11-01), McGarvey
patent: 6904529 (2005-06-01), Swander
patent: 6957346 (2005-10-01), Kivinen
patent: 6959336 (2005-10-01), Moreh
patent: 6986061 (2006-01-01), Kunzinger
patent: 7028186 (2006-04-01), Stenman
patent: 7062654 (2006-06-01), Millen
patent: 2002/0178377 (2002-11-01), Hemsath
patent: 2003/0142823 (2003-07-01), Swander
patent: 2003/0200433 (2003-10-01), Stirbu
patent: 2003/0212806 (2003-11-01), Mowers
patent: 2004/0151322 (2004-08-01), Sovio
patent: 2005/0135359 (2005-06-01), Chang
patent: 2005/0144463 (2005-06-01), Rossebo
patent: 2005/0149732 (2005-07-01), Freeman
patent: 2006/0015935 (2006-01-01), Dixon
patent: 2006/0078119 (2006-04-01), Jee
patent: 2006/0101149 (2006-05-01), Deininger
patent: 2006/0105741 (2006-05-01), Suh
patent: WO 0201827 (2002-01-01), None
J. Zhou, “Further Analysis of the Internet Key Exchange Protocol”, Computer Communications, vol. 23, Issue 17: pp. 1606-1612, Publication: 2000.
Derrell Piper et al., A GSS-API Authentication Method for IKE <draft-ietf-ipsec-isakmp-gss-auth-07.txt>; Network Working Group Internet Draft; Jul. 14, 2001; 13 pp.
J. Laganier et al.; Using IKE with IPv6 Cryptographically Generated Address draft-laganier-ike-ipv6-cga-01; Network Working Group Internet-Draft; Jun. 30, 2003; 20 pp.
Charlie Kaufman, Editor; Internet Key Exchange (IKEv2) Protocol; Internet-Draft draft-letf-ipsec-ikev2-11.txt; Oct. 9, 2003; 100 pp.
Mark Vandenwauver, Ren'e Govaerts, Joos Vandewalle, “How Role Based Access Control is implemented in SESAME,” Publication Date: 1997. http://www.cosic.esat.kuleuven.ac.be/sesame/papers/wetice97.pdf https://www.cosic.csat.kuleuven.ac.be/sesame/html/sesame—links.html.
D.W.Chadwick, A. Otenko, “RBAC policies in xml for x.509 based privilege management,” Publication Date: May 2002. http://sec.cs.kent.ac.uk/download/Sec2002Final.pdf (http://citeseer.ist.psu.edu/context/2397834/0).
“Unified Login with Pluggable Authentication Modules (PAM),” Conference on Computer and Communications Security, Proceedings of the 3rd ACM conference on Computer and communications security, Publication Date: 1996, pp. 1-10 http://delivery.acm.org/10.1145/240000/238177/pl-samar.pdf?key1=238177&key2=6437033511&coll=GUIDE&dl=GUIDE&CFID=1805311&CFTOKEN=10796813).
Niamh Quinn, Mark Smith, Petra Hoepner, Eric Malville, Tom-Arthur, “EURESCOM Technical Information,” Technology Assessment of Middleware for Telecommunications, Publication Date: Jul. 2001 http://www.eurescom.de/˜pub-deliverables/p900-series/P910/T125/p910ti25.pdf.
William A. Adamson, Jim Rees, and Peter Honeyman, “Joining Security Realms: A Single Login for NetWare and Kerberos,” Proceedings of the Fifth USENIX UNIX Security Symposium, Publication Date: Jun. 1995. http://www.usenix.org/publications/library/proceedings/security95/full—papers/adamson.ps.
Aboda, et al., “RFC 3748—Extensible Authentication Protocol (EAP),” Network Working Group, Jun. 2004.
Harkins, et al., “RFC 2409—The Internet Key Exchange (IKE),” Network Working Group, Nov. 1998.
Kaufman, C., “RFC 4306—Internet Key Exchange (IKEv2) Protocol,” Network Working Group, Dec. 2005.
Piper, D., B. Swander, “A GSS-API Authentication Method for IKE”, Jul. 2001, Internet Draft, http://www3.ietf.org/proceedings/02mar/I-D/draft-ietf-ipsec-isakmp-gss-auth-07.txt.
Internet Assigned Numbers Authority, “ISAKMP Registry”, http://www.iana.org/assignments/isakmp-registry.
Internet Assigned Numbers Authority, “IPsec Registry”, http://www.iana.org/assignments/ipsec-registry.
Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels”, BCP 14, RFC 2119, Mar. 1997, http://www.ietf.org/rfc/rfc/rfc2119.txt.
Piper, D., “The Internet IP Security Domain of Interpretation for ISAKMP”, RFC 2407, Nov. 1998, http://www.ietf.org/rfc/rfc2407.txt.
D. Harkins, D. Carrel, “The Internet Key Exchange (IKE)”, Nov. 1998, RFC 2409, http://www.ietf.org/rfc/rfc2409.txt.
Kent, S. and K. Seo, “Security Architecture for the Internet Protocol”, RFC 4301, Dec. 2005, http://www.ietf.org/rfc/rfc4301.txt.
Kent, S., “IP Encapsulating Security Payload (ESP)”, RFC 4303, Dec. 2005, http://www.ietf.org/rfc/rfc4301.txt.
National Institute of Standards and Technology, “FIPS 180-2, Secure Hash Standard (SHS)”, Aug. 2002, http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf.
Barker, E., Johnson, D., M. Smid, “Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography”, http://csrc.nist.gov/publications
istpubs/800-56A/sp800-56A—May-3-06.pdf.
JaeDock Lim, MinHo Ham, JeongNyeo Kim, “Implementation of light-weight IKE protocol for IPsec VPN within Router,” This paper appears in: Advanced Communication Technology, 2005, ICACT 2005. Publication Date: Feb. 21-23, 2005, vol. 1, pp. 81-84. http://ieeexplore.ieee.org/ie15/9886/31419/01461739.pdf?tp=&armumber=1461739&isnumber=31419.
Perlman, R., Kaufman, C., “Key Exchange in IPSec: Analysis of IKE,” This paper appears in: Internet Computing, IEEE Publication Date: Nov./Dec. 2000, vol. 4, Issue: 6, pp. 50-56. http://ieeexplore.ieee.org/ie15/4236/19367/00895016.pdf?isnumber=&arnumber=895016.
Meadows, C., “Analysis of the Internet Key Exchange Protocol Using the NRL Protocol Analyzer” This paper appears in: Security and Privacy, 1999. Proceedings of the 1999 IEEE Symposium on Publication Date: 1999, pp. 216-231. http://ieeexplore.ieee.org/ie15/6220/16605/00766916.pdf?isnumber=&arnumber=766916.
Matsuura, Kanta; Imai, Hideki, “Modified aggressive mode of internet key exchange resistant against denial-of-service attacks,” Publication Date: May 2000, vol. E83-D, Issue No. 5, pp. 972-979. http://www.csa.com/partners/viewrecord.php?requester=gs&collection=TRD&recid=494182CI.
Nir, Y.,Repeated Authentication in Internet Key Exchange(IKEv2)Protocol[online], RFC 4478, Apr. 2006, [Retrieved Jul. 2, 2007], Retrieved from; ftp://ftp.rfc-editor.org/in-notes/rfc4478.txt.
Pereira, R., Beaulieu, S.,Extended Authentication within ISAKMP/Oakley(XAUTH) [online], Dec. 19, [Retrieved Aug. 10, 2007], Retrieved from: http://tools.ietf.org/id/draft-ietf-ipsec-isakmp-xauth-06.txt.
Sakane, S., Kamada, K., Thomas, M., Vilhuber, J.,Kerberized Internet Negotiation of Keys(KINK) [online], Dec. 8, 2005, [Retrieved Dec. 7, 2007], Retrieved from: http://tools.ietf.org/html/draft-ietf-kink-kink-11.
Thomas, M.,Kerberized Internet Negotiation of Keys[online], Sep. 8, 2000, [Retrieved Dec. 7, 2007], Retrieved from: http://www3.ietf.org/proceedings/00dec/I-D/draft-ietf-kink-reqmt-00.txt.
Microsoft Corporation.Innovation Report Authenticated IP. Jul. 31
Bitan Sara
Huitema Christian
Mayfield Paul G.
Simon Daniel R.
Swander Brian D.
Merchant & Gould P.C.
Microsoft Corporation
Paliwal Yogesh
Vu Kimyen
LandOfFree
Method of negotiating security parameters and authenticating... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method of negotiating security parameters and authenticating..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method of negotiating security parameters and authenticating... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4105994