WO2006115679A3 - Cryptographic peer discovery, authentication, and authorization for on-path signaling - Google Patents

Cryptographic peer discovery, authentication, and authorization for on-path signaling Download PDF

Info

Publication number
WO2006115679A3
WO2006115679A3 PCT/US2006/011479 US2006011479W WO2006115679A3 WO 2006115679 A3 WO2006115679 A3 WO 2006115679A3 US 2006011479 W US2006011479 W US 2006011479W WO 2006115679 A3 WO2006115679 A3 WO 2006115679A3
Authority
WO
WIPO (PCT)
Prior art keywords
authorization
request
authentication
peer discovery
data packet
Prior art date
Application number
PCT/US2006/011479
Other languages
French (fr)
Other versions
WO2006115679A2 (en
Inventor
David A Mcgrew
Melinda L Shore
Original Assignee
Cisco Tech Inc
David A Mcgrew
Melinda L Shore
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cisco Tech Inc, David A Mcgrew, Melinda L Shore filed Critical Cisco Tech Inc
Priority to EP06739943.6A priority Critical patent/EP1875362B1/en
Publication of WO2006115679A2 publication Critical patent/WO2006115679A2/en
Publication of WO2006115679A3 publication Critical patent/WO2006115679A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]

Abstract

A method is disclosed for cryptographic peer discovery, authentication, and authorization. According to one embodiment, a data packet, which is addressed to a destination device other than an intermediary network device, is intercepted at the intermediary network device. The data packet contains a request and a group identifier. A shared secret cryptographic key, which is mapped to the group identifier, is selected. A challenge is sent toward an upstream device from whence the data packet came. A response is received. A verification value is generated based on the cryptographic key and the challenge. It is determined whether the response matches the verification value. If the response matches the verification value, then it is determined whether the request is allowed by an authorization set that is mapped to the group identifier. If the request is allowed, then a policy of the intermediary network device is configured based on the request.
PCT/US2006/011479 2005-04-26 2006-03-22 Cryptographic peer discovery, authentication, and authorization for on-path signaling WO2006115679A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP06739943.6A EP1875362B1 (en) 2005-04-26 2006-03-22 Cryptographic peer discovery, authentication, and authorization for on-path signaling

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/115,542 US7350227B2 (en) 2005-04-26 2005-04-26 Cryptographic peer discovery, authentication, and authorization for on-path signaling
US11/115,542 2005-04-26

Publications (2)

Publication Number Publication Date
WO2006115679A2 WO2006115679A2 (en) 2006-11-02
WO2006115679A3 true WO2006115679A3 (en) 2007-06-28

Family

ID=37188457

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2006/011479 WO2006115679A2 (en) 2005-04-26 2006-03-22 Cryptographic peer discovery, authentication, and authorization for on-path signaling

Country Status (4)

Country Link
US (1) US7350227B2 (en)
EP (1) EP1875362B1 (en)
CN (1) CN100541476C (en)
WO (1) WO2006115679A2 (en)

Families Citing this family (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7346773B2 (en) * 2004-01-12 2008-03-18 Cisco Technology, Inc. Enabling stateless server-based pre-shared secrets
CN1996901A (en) * 2006-01-06 2007-07-11 鸿富锦精密工业(深圳)有限公司 Communication monitoring system and method of the network data
CA2670496C (en) * 2006-11-30 2019-07-30 Bce Inc. Method, system and apparatus for logging into a communication client
US20090100506A1 (en) * 2007-10-11 2009-04-16 Steve Whang System and Method for Managing Network Flows Based on Policy Criteria
US8122482B2 (en) * 2008-01-24 2012-02-21 Cisco Technology, Inc. Cryptographic peer discovery, authentication, and authorization for on-path signaling
US8391492B1 (en) * 2008-06-25 2013-03-05 Cisco Technology, Inc. Secure resource reservation protocol (RSVP) with dynamic group keying
US8983066B2 (en) * 2009-02-27 2015-03-17 Cisco Technology, Inc. Private pairwise key management for groups
US8548171B2 (en) * 2009-02-27 2013-10-01 Cisco Technology, Inc. Pair-wise keying for tunneled virtual private networks
US8867747B2 (en) * 2009-03-31 2014-10-21 Cisco Technology, Inc. Key generation for networks
US8806572B2 (en) * 2009-05-30 2014-08-12 Cisco Technology, Inc. Authentication via monitoring
US8341250B2 (en) * 2009-05-30 2012-12-25 Cisco Technology, Inc. Networking device provisioning
CN101997632B (en) * 2009-08-12 2013-11-06 华为技术有限公司 Negotiation information transmission method and device
US8166161B1 (en) 2009-09-30 2012-04-24 Cisco Technology, Inc. System and method for ensuring privacy while tagging information in a network environment
US8468195B1 (en) 2009-09-30 2013-06-18 Cisco Technology, Inc. System and method for controlling an exchange of information in a network environment
US8489390B2 (en) * 2009-09-30 2013-07-16 Cisco Technology, Inc. System and method for generating vocabulary from network data
US8990083B1 (en) 2009-09-30 2015-03-24 Cisco Technology, Inc. System and method for generating personal vocabulary from network data
US8935274B1 (en) 2010-05-12 2015-01-13 Cisco Technology, Inc System and method for deriving user expertise based on data propagating in a network environment
US9465795B2 (en) 2010-12-17 2016-10-11 Cisco Technology, Inc. System and method for providing feeds based on activity in a network environment
US8667169B2 (en) 2010-12-17 2014-03-04 Cisco Technology, Inc. System and method for providing argument maps based on activity in a network environment
US8553065B2 (en) 2011-04-18 2013-10-08 Cisco Technology, Inc. System and method for providing augmented data in a network environment
US8528018B2 (en) 2011-04-29 2013-09-03 Cisco Technology, Inc. System and method for evaluating visual worthiness of video data in a network environment
US8620136B1 (en) 2011-04-30 2013-12-31 Cisco Technology, Inc. System and method for media intelligent recording in a network environment
US8909624B2 (en) 2011-05-31 2014-12-09 Cisco Technology, Inc. System and method for evaluating results of a search query in a network environment
US8886797B2 (en) 2011-07-14 2014-11-11 Cisco Technology, Inc. System and method for deriving user expertise based on data propagating in a network environment
US8831403B2 (en) 2012-02-01 2014-09-09 Cisco Technology, Inc. System and method for creating customized on-demand video reports in a network environment
AU2018370383A1 (en) * 2017-11-20 2020-07-09 Mako Networks, Inc. Method and system for transmitting data
US10904217B2 (en) 2018-05-31 2021-01-26 Cisco Technology, Inc. Encryption for gateway tunnel-based VPNs independent of wan transport addresses
US10834056B2 (en) * 2018-07-31 2020-11-10 Ca, Inc. Dynamically controlling firewall ports based on server transactions to reduce risks

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5268962A (en) * 1992-07-21 1993-12-07 Digital Equipment Corporation Computer network with modified host-to-host encryption keys
US5668878A (en) * 1994-02-28 1997-09-16 Brands; Stefanus Alfonsus Secure cryptographic methods for electronic transfer of information
US5774670A (en) * 1995-10-06 1998-06-30 Netscape Communications Corporation Persistent client state in a hypertext transfer protocol based client-server system
US5963915A (en) * 1996-02-21 1999-10-05 Infoseek Corporation Secure, convenient and efficient system and method of performing trans-internet purchase transactions
US5961601A (en) * 1996-06-07 1999-10-05 International Business Machines Corporation Preserving state information in a continuing conversation between a client and server networked via a stateless protocol
US6226750B1 (en) * 1998-01-20 2001-05-01 Proact Technologies Corp. Secure session tracking method and system for client-server environment
US6263437B1 (en) * 1998-02-19 2001-07-17 Openware Systems Inc Method and apparatus for conducting crypto-ignition processes between thin client devices and server devices over data networks
US6253326B1 (en) * 1998-05-29 2001-06-26 Palm, Inc. Method and system for secure communications
JP3493141B2 (en) * 1998-06-12 2004-02-03 富士通株式会社 Gateway system and recording medium
US20040015725A1 (en) * 2000-08-07 2004-01-22 Dan Boneh Client-side inspection and processing of secure content
US6904521B1 (en) * 2001-02-16 2005-06-07 Networks Associates Technology, Inc. Non-repudiation of e-mail messages
US7228424B2 (en) * 2002-08-12 2007-06-05 Mossman Associates Inc Method and system for using optical disk drive as a biometric card reader for secure online user authentication
US7346773B2 (en) * 2004-01-12 2008-03-18 Cisco Technology, Inc. Enabling stateless server-based pre-shared secrets

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
BAKER F. ET AL.: "RSVP Cryptographic Authentication", RFC 2747, January 2000 (2000-01-01), XP015008530, Retrieved from the Internet <URL:ftp://ftp.rfc-editor.org/in-notes/rfc2747.txt> *
BRADEN R. ET AL.: "Resource ReSerVation Protocol (RSVP) -- Version 1 Functional Specification", RFC 2205, vol. 2205, September 1997 (1997-09-01), pages 1 - 112, XP003020371, Retrieved from the Internet <URL:ftp://ftp.rfc-editor.org/in-notes/rfc2205.txt> *
HERZOG S.: "RSVP Extensions for Policy Control", RFC 2750, January 2000 (2000-01-01), XP015008533, Retrieved from the Internet <URL:ftp://ftp.rfc-editor.org/in-notes/rfc2750.txt> *
See also references of EP1875362A4 *

Also Published As

Publication number Publication date
EP1875362B1 (en) 2014-06-25
EP1875362A4 (en) 2011-01-05
WO2006115679A2 (en) 2006-11-02
EP1875362A2 (en) 2008-01-09
US20060242408A1 (en) 2006-10-26
US7350227B2 (en) 2008-03-25
CN101147141A (en) 2008-03-19
CN100541476C (en) 2009-09-16

Similar Documents

Publication Publication Date Title
WO2006115679A3 (en) Cryptographic peer discovery, authentication, and authorization for on-path signaling
CN105917689B (en) Secure peer-to-peer groups in information-centric networks
CN109600350B (en) System and method for secure communication between controllers in a vehicle network
CN106533655B (en) Method for safe communication of ECU (electronic control Unit) in vehicle interior network
CN107105060B (en) Method for realizing information security of electric automobile
Hazem et al. Lcap-a lightweight can authentication protocol for securing in-vehicle networks
US10735206B2 (en) Securing information exchanged between internal and external entities of connected vehicles
Zelle et al. On using TLS to secure in-vehicle networks
WO2013122177A1 (en) Vehicle-mounted network system
Chattopadhyay et al. Security of autonomous vehicle as a cyber-physical system
KR101521412B1 (en) Protocol Management System for Aggregating Massages based on certification
RU2018129320A (en) PROTECTED AND TORGE RESISTANT COMMUNICATION FOR UNDERWATER UNDERABLE APPLIANCES
Seeber et al. Towards a trust computing architecture for RPL in cyber physical systems
WO2018017566A1 (en) Hash-chain based sender identification scheme
CN106209883A (en) Based on link selection and the multi-chain circuit transmission method and system of broken restructuring
CN101145915B (en) An authentication system and method of trustable router
US20050129236A1 (en) Apparatus and method for data source authentication for multicast security
Khalil et al. Sybil attack prevention through identity symmetric scheme in vehicular ad-hoc networks
US20080133915A1 (en) Communication apparatus and communication method
JP2019507971A5 (en)
Oyler et al. Security in automotive telematics: a survey of threats and risk mitigation strategies to counter the existing and emerging attack vectors
WO2008099254A3 (en) Authorizing n0n-3gpp ip access during tunnel establishment
Mershad et al. REACT: secure and efficient data acquisition in VANETs
JP6375962B2 (en) In-vehicle gateway device and electronic control device
Dolev et al. Certificating vehicle public key with vehicle attributes a (periodical) licensing routine, against man-in-the-middle attacks and beyond

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200680008970.X

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 6452/DELNP/2007

Country of ref document: IN

WWE Wipo information: entry into national phase

Ref document number: 2006739943

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: RU