Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Patent
1998-12-02
2000-04-18
Trammell, James P.
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
380 30, G06F 1721
Patent
active
060527870
DESCRIPTION:
BRIEF SUMMARY
This application commences this National Stage of PCT/DE97/01001 filed May 16, 1997.
BACKGROUND OF THE INVENTION
During communication with a plurality of communication subscribers, it is necessary in many technical areas to use cryptographic methods to protect all the communications of all the subscribers against any form of misuse. In this case, the complexity which is required for cryptographic protection of all the communications is dependent on the respective application. Thus, for example, in private conversations it is under some circumstances not of major importance for all the cryptographically possible security measures to be used to protect the communication. However, in the case of communication with highly confidential contents, for example, very strict protection of the communication is of considerable importance.
The choice of security services, security mechanisms, security algorithms and security parameters used for communication protection is called the security policy, which is complied with during communication between communication partners.
However, since the security requirement and, linked to it, the security policy differ from communication session to communication session and from application to application, and since not all the communication subscribers actually have all the cryptographic methods available to them, it is possible when communication partners change frequently for serious discrepancies to arise in the required or possible security policy which is supported by the respective computer unit of the communication partner and can thus be ensured.
It is necessary for a standard security policy to be defined for the respective communication in every communication session within the group taking part in the communication session. Above all, it is necessary to provide a binding definition of a so-called group code, which is unambiguous for the entire group.
A summary of the cryptographic methods which can generally be used and can be used in the method can be found, for example, in Document S. Muftic, Sicherheits-mechanismen fur Rechnernetze, (Security mechanisms for computer networks), Karl Hansa Verlag Muenchen, ISBN 3-446-16272-0, (1992), pages 34-70.
It is known for two communication partners to negotiate a security policy, the negotiation which is described in this document being limited, however, only to a few parameters that are defined in advance see document, E. Kipp et al, The SSL Protocol, Internet Draft, available in June 1995 on the Internet from the following address: gopher://ds.internic.net:70/00/internet-drafts/draft-hickman-netscape-ssl- 01.txt.
SUMMARY OF THE INVENTION
The invention is thus based on the problem of carrying out group-based cryptographic code management between a first computer unit and any required number of other group computer units, the negotiation not being limited to specific parameters.
A first message is formed by a first computer unit and is in each case transmitted to at least some of the group computer units. The first message contains at least a first security policy proposal and a first identity checking variable. The first security policy proposal is verified in the group computer units using the first identity checking variable, and second security policy proposals are formed, in each case independently of one another, in the group computer units. This means that a specific second security policy proposal is formed in each group computer unit and is transmitted, in each case in a second message, to the first computer unit. The first computer unit receives the individual second security policy proposals, and a third message is formed and is transmitted to the group computer units. The group computer units use the third identity checking variable, which is contained in the third message, to check the integrity of the group security policy transmitted in said third message.
With this method, a group-based method is for the first time proposed for crytographic code management, by means of which it is possible to negotiate a
REFERENCES:
patent: 5220604 (1993-06-01), Gasser et al.
patent: 5224163 (1993-06-01), Gasser et al.
patent: 5315657 (1994-05-01), Abadi et al.
patent: 5577209 (1996-11-01), Boyle et al.
patent: 5748736 (1998-05-01), Mittra
Bruce Schneier. "Applied Cryptography" 2d. (New York: John Wiley & Sons, Inc., 1996) pp. 22, 23, 234, 235 & 389, Jan. 1, 1996.
IEEE Personal Communications vol. 1, (1994) 1st Quarter, No. 1, New York, A. Aziz et al, "Privacy and Authentication for Wireless Local Area Networks", pp. 25-31.
Proceedings of the International Carnahan Conference on Security Technology, Zurich, Switzerland, Chorley, B.J. et al, "The Definition and Implementation of a Secure Communications-Protocol", pp. 95-102.
ISBN 3-446-16272-0, Sead Muftic, "Sicherheits-mechanismen fur Rechnernetze", (1992), pp. 34-70.
Euchner Martin
Kessler Volker
Klasen Wolfgang
Siemens Aktiengesellschaft
Trammell James P.
Young John Leonard
LandOfFree
Process for group-based cryptographic code management between a does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Process for group-based cryptographic code management between a , we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Process for group-based cryptographic code management between a will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2345563