Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Patent
1997-08-25
2000-03-28
Peeso, Thomas R.
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
380281, 380282, 380285, H04L 900
Patent
active
060444681
ABSTRACT:
An encryption service in a manager encrypts network management information with a secret key that can be recognized by an agent to which the message is directed. The encryption service invokes an SNMP message transmission service in the manager to form a secure SNMP message having an apparent Object ID (OID) that identifies a decryption service in the agent and having an apparent Value that includes the encryption result. The SNMP message transmission service invokes a communication protocol service in the manager to send the secure SNMP message to the agent. A communication protocol service in the agent receives the secure SNMP message, and passes the received message to an SNMP message reception service in the agent. The SNMP message reception service checks whether or not a Community Name visible in the secure SNMP message is appropriate for access to the agent, and if so, searches a Management Information Base (MIB) in the agent for a sub-agent corresponding to the apparent OID, and if such a sub-agent is found, dispatches the apparent Value of the apparent OID to the sub-agent. The sub-agent decrypts the encryption result in the apparent Value, and rejects the message if the sub-agent is unable to recognize a secret key authorized for access to the agent.
REFERENCES:
J. Case, M. Fedor, M. Schoffstall, and J. Davin, " A Simple Network Management Protocol (SNMP)," RFC 1157, by May 1990, 36 pages.
Network Working Group, G. Walters, Editor, "User-based Security Model for SNMPv2," RFC 1910, Feb. 1996, 40 pages.
Ulyless Black, TCP/IP and Related Protocols, McGraw-Hill, Inc., New York, N.Y., pp. 304-310.
Computer Security, Time-Life Books, Inc., Richmond, Va., 1990, pp. 87-117.
Roger M. Needham, "The Changing Environment for Security Protocols," IEEE Network, IEEE, New York, N.Y., vol. 11, No. 3, May/Jun. 1997, pp. 12-15.
Chadwick et al., "Merging and Extending the PGP and PEM Trust Models--The ICE-TEL Trust Model," IEEE, Network, IEEE, New York, N.Y., vol. 11, No. 3, May/Jun. 1997, pp. 16-24.
Blumenthal et al., " Key Derivation for Network Management Applications," IEEE Network, IEEE, New York, N.Y., vol. 11, No. 3, May/Jun. 1997, pp. 26-29.
Michael Herfert, "Security Enhanced Mailing Lists," IEEE Network, IEEE, New York, N.Y., vol. 11, No. 3, May/Jun. 1997, pp. 30-33.
Peyravian et al., "Asynchronous Transfer Mode Security," IEEE Network, IEEE, New York, N.Y., vol. 11, No. 3, May/Jun. 1997, pp. 34-40.
Schneier, Applied Cryptography, pp. 5, 51, 56, 68, 210, 1995.
EMC Corporation
Peeso Thomas R.
LandOfFree
Secure transmission using an ordinarily insecure network communi does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Secure transmission using an ordinarily insecure network communi, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Secure transmission using an ordinarily insecure network communi will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-1335694