Using trusted associations to establish trust in a computer network
First Claim
1. A method for sharing a user'"'"'s trusted information, as needed, with another user over an Internet Protocol (IP) based computer network, said method comprising the steps of:
- determining the Internet Protocol (IP) address of a second user on the computer network;
determining the accessability of the second user on the computer network by sending an Internet Control message Protocol (ICMP) Echo Request to said second user carrying the first user'"'"'s security parameter and including a security level, digital certificate including a public key and signature of a first secure network interface unit (SNIU) associated with said first user, and receiving an Internet Control message Protocol (ICMP) Echo Reply from said second user in response to said ICMP Echo Request, said Reply including;
an association key encrypted using a key algorithm, said second user'"'"'s security level, and a digital certificate and signature corresponding to a second SNIU associated with said second user;
exchanging, between the first user and the second user through said first and second SNIUs, security related information needed to complete the establishment of a trusted association; and
,maintaining the trusted association during all communications between the first user and the second user,wherein each intermediate SNIU, in the communications path between the first SNIU and second SNIU, which receives the ICMP Echo reply originating from the second user, authenticates the ICMP echo reply, extracts a release key from the ICMP echo reply corresponding to the previous SNIU, generates a new release key corresponding to the next SNIU and encrypts the key using the public key corresponding to the next SNIU, removes the previous certificate and signature, appends its certificate, and digitally signs the ICMP Echo Reply before sending it on to the next SNIU.
4 Assignments
0 Petitions
Accused Products
Abstract
A method is disclosed for establishing trusted communications with associations for communications between users on an Internet Protocol based computer network. The method entails the first user determining the Internet Protocol (IP) address of a second user on the computer network through the use of Address Resolution Protocol (ARP) and Reverse Address Resolution Protocol (RARP). The first user then determining the accessability of the second user on the computer network. The users exchange security related information needed to complete the establishment of a trusted association. The trusted association is maintained during all communications between the first user and the second user.
253 Citations
9 Claims
-
1. A method for sharing a user'"'"'s trusted information, as needed, with another user over an Internet Protocol (IP) based computer network, said method comprising the steps of:
-
determining the Internet Protocol (IP) address of a second user on the computer network; determining the accessability of the second user on the computer network by sending an Internet Control message Protocol (ICMP) Echo Request to said second user carrying the first user'"'"'s security parameter and including a security level, digital certificate including a public key and signature of a first secure network interface unit (SNIU) associated with said first user, and receiving an Internet Control message Protocol (ICMP) Echo Reply from said second user in response to said ICMP Echo Request, said Reply including;
an association key encrypted using a key algorithm, said second user'"'"'s security level, and a digital certificate and signature corresponding to a second SNIU associated with said second user;exchanging, between the first user and the second user through said first and second SNIUs, security related information needed to complete the establishment of a trusted association; and
,maintaining the trusted association during all communications between the first user and the second user, wherein each intermediate SNIU, in the communications path between the first SNIU and second SNIU, which receives the ICMP Echo reply originating from the second user, authenticates the ICMP echo reply, extracts a release key from the ICMP echo reply corresponding to the previous SNIU, generates a new release key corresponding to the next SNIU and encrypts the key using the public key corresponding to the next SNIU, removes the previous certificate and signature, appends its certificate, and digitally signs the ICMP Echo Reply before sending it on to the next SNIU. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for sharing a user'"'"'s trusted information, as needed, with another user over an Internet Protocol (IP) based computer network via secure nework interface units (SNIUs) to communicate data information in the form of datagrams, said method comprising the steps of:
-
receiving an IP datagram at a first SNIU from a first user host destined for a second user host; placing said IP datagram in a wait queue; determining the Internet Protocol (IP) address of a second SNIU associated with the second user host on the computer network; determining the accessability of the second user host on the computer network, including the steps of; sending an Internet Control message Protocol (ICMP) Echo Request to said second user host carrying the first user host security level and a digital certificate including a public key, and signature corresponding to said first SNIU; sending an Internet Control message Protocol (ICMP) Echo Reply from said second user host to said first SNIU in response to said ICMP Echo Request, said Reply including; an association key encrypted using a key exchange algorithm, said second user host security level, and a digital certificate and signature of a second SNIU, said second SNIU associated with said second user host; receiving and authenticating the ICMP Echo Reply at the first SNIU to establish a trusted association between the first and second user hosts; and removing said IP datagram from the wait queue and encrypting the datagram using the association key for transfer to said second user host during the trusted association. - View Dependent Claims (8, 9)
-
Specification