WO2006115679A3 - Cryptographic peer discovery, authentication, and authorization for on-path signaling - Google Patents
Cryptographic peer discovery, authentication, and authorization for on-path signaling Download PDFInfo
- Publication number
- WO2006115679A3 WO2006115679A3 PCT/US2006/011479 US2006011479W WO2006115679A3 WO 2006115679 A3 WO2006115679 A3 WO 2006115679A3 US 2006011479 W US2006011479 W US 2006011479W WO 2006115679 A3 WO2006115679 A3 WO 2006115679A3
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- authorization
- request
- authentication
- peer discovery
- data packet
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3273—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Abstract
A method is disclosed for cryptographic peer discovery, authentication, and authorization. According to one embodiment, a data packet, which is addressed to a destination device other than an intermediary network device, is intercepted at the intermediary network device. The data packet contains a request and a group identifier. A shared secret cryptographic key, which is mapped to the group identifier, is selected. A challenge is sent toward an upstream device from whence the data packet came. A response is received. A verification value is generated based on the cryptographic key and the challenge. It is determined whether the response matches the verification value. If the response matches the verification value, then it is determined whether the request is allowed by an authorization set that is mapped to the group identifier. If the request is allowed, then a policy of the intermediary network device is configured based on the request.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP06739943.6A EP1875362B1 (en) | 2005-04-26 | 2006-03-22 | Cryptographic peer discovery, authentication, and authorization for on-path signaling |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/115,542 US7350227B2 (en) | 2005-04-26 | 2005-04-26 | Cryptographic peer discovery, authentication, and authorization for on-path signaling |
US11/115,542 | 2005-04-26 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2006115679A2 WO2006115679A2 (en) | 2006-11-02 |
WO2006115679A3 true WO2006115679A3 (en) | 2007-06-28 |
Family
ID=37188457
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2006/011479 WO2006115679A2 (en) | 2005-04-26 | 2006-03-22 | Cryptographic peer discovery, authentication, and authorization for on-path signaling |
Country Status (4)
Country | Link |
---|---|
US (1) | US7350227B2 (en) |
EP (1) | EP1875362B1 (en) |
CN (1) | CN100541476C (en) |
WO (1) | WO2006115679A2 (en) |
Families Citing this family (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7346773B2 (en) * | 2004-01-12 | 2008-03-18 | Cisco Technology, Inc. | Enabling stateless server-based pre-shared secrets |
CN1996901A (en) * | 2006-01-06 | 2007-07-11 | 鸿富锦精密工业(深圳)有限公司 | Communication monitoring system and method of the network data |
CA2670496C (en) * | 2006-11-30 | 2019-07-30 | Bce Inc. | Method, system and apparatus for logging into a communication client |
US20090100506A1 (en) * | 2007-10-11 | 2009-04-16 | Steve Whang | System and Method for Managing Network Flows Based on Policy Criteria |
US8122482B2 (en) * | 2008-01-24 | 2012-02-21 | Cisco Technology, Inc. | Cryptographic peer discovery, authentication, and authorization for on-path signaling |
US8391492B1 (en) * | 2008-06-25 | 2013-03-05 | Cisco Technology, Inc. | Secure resource reservation protocol (RSVP) with dynamic group keying |
US8983066B2 (en) * | 2009-02-27 | 2015-03-17 | Cisco Technology, Inc. | Private pairwise key management for groups |
US8548171B2 (en) * | 2009-02-27 | 2013-10-01 | Cisco Technology, Inc. | Pair-wise keying for tunneled virtual private networks |
US8867747B2 (en) * | 2009-03-31 | 2014-10-21 | Cisco Technology, Inc. | Key generation for networks |
US8806572B2 (en) * | 2009-05-30 | 2014-08-12 | Cisco Technology, Inc. | Authentication via monitoring |
US8341250B2 (en) * | 2009-05-30 | 2012-12-25 | Cisco Technology, Inc. | Networking device provisioning |
CN101997632B (en) * | 2009-08-12 | 2013-11-06 | 华为技术有限公司 | Negotiation information transmission method and device |
US8166161B1 (en) | 2009-09-30 | 2012-04-24 | Cisco Technology, Inc. | System and method for ensuring privacy while tagging information in a network environment |
US8468195B1 (en) | 2009-09-30 | 2013-06-18 | Cisco Technology, Inc. | System and method for controlling an exchange of information in a network environment |
US8489390B2 (en) * | 2009-09-30 | 2013-07-16 | Cisco Technology, Inc. | System and method for generating vocabulary from network data |
US8990083B1 (en) | 2009-09-30 | 2015-03-24 | Cisco Technology, Inc. | System and method for generating personal vocabulary from network data |
US8935274B1 (en) | 2010-05-12 | 2015-01-13 | Cisco Technology, Inc | System and method for deriving user expertise based on data propagating in a network environment |
US9465795B2 (en) | 2010-12-17 | 2016-10-11 | Cisco Technology, Inc. | System and method for providing feeds based on activity in a network environment |
US8667169B2 (en) | 2010-12-17 | 2014-03-04 | Cisco Technology, Inc. | System and method for providing argument maps based on activity in a network environment |
US8553065B2 (en) | 2011-04-18 | 2013-10-08 | Cisco Technology, Inc. | System and method for providing augmented data in a network environment |
US8528018B2 (en) | 2011-04-29 | 2013-09-03 | Cisco Technology, Inc. | System and method for evaluating visual worthiness of video data in a network environment |
US8620136B1 (en) | 2011-04-30 | 2013-12-31 | Cisco Technology, Inc. | System and method for media intelligent recording in a network environment |
US8909624B2 (en) | 2011-05-31 | 2014-12-09 | Cisco Technology, Inc. | System and method for evaluating results of a search query in a network environment |
US8886797B2 (en) | 2011-07-14 | 2014-11-11 | Cisco Technology, Inc. | System and method for deriving user expertise based on data propagating in a network environment |
US8831403B2 (en) | 2012-02-01 | 2014-09-09 | Cisco Technology, Inc. | System and method for creating customized on-demand video reports in a network environment |
AU2018370383A1 (en) * | 2017-11-20 | 2020-07-09 | Mako Networks, Inc. | Method and system for transmitting data |
US10904217B2 (en) | 2018-05-31 | 2021-01-26 | Cisco Technology, Inc. | Encryption for gateway tunnel-based VPNs independent of wan transport addresses |
US10834056B2 (en) * | 2018-07-31 | 2020-11-10 | Ca, Inc. | Dynamically controlling firewall ports based on server transactions to reduce risks |
Family Cites Families (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5268962A (en) * | 1992-07-21 | 1993-12-07 | Digital Equipment Corporation | Computer network with modified host-to-host encryption keys |
US5668878A (en) * | 1994-02-28 | 1997-09-16 | Brands; Stefanus Alfonsus | Secure cryptographic methods for electronic transfer of information |
US5774670A (en) * | 1995-10-06 | 1998-06-30 | Netscape Communications Corporation | Persistent client state in a hypertext transfer protocol based client-server system |
US5963915A (en) * | 1996-02-21 | 1999-10-05 | Infoseek Corporation | Secure, convenient and efficient system and method of performing trans-internet purchase transactions |
US5961601A (en) * | 1996-06-07 | 1999-10-05 | International Business Machines Corporation | Preserving state information in a continuing conversation between a client and server networked via a stateless protocol |
US6226750B1 (en) * | 1998-01-20 | 2001-05-01 | Proact Technologies Corp. | Secure session tracking method and system for client-server environment |
US6263437B1 (en) * | 1998-02-19 | 2001-07-17 | Openware Systems Inc | Method and apparatus for conducting crypto-ignition processes between thin client devices and server devices over data networks |
US6253326B1 (en) * | 1998-05-29 | 2001-06-26 | Palm, Inc. | Method and system for secure communications |
JP3493141B2 (en) * | 1998-06-12 | 2004-02-03 | 富士通株式会社 | Gateway system and recording medium |
US20040015725A1 (en) * | 2000-08-07 | 2004-01-22 | Dan Boneh | Client-side inspection and processing of secure content |
US6904521B1 (en) * | 2001-02-16 | 2005-06-07 | Networks Associates Technology, Inc. | Non-repudiation of e-mail messages |
US7228424B2 (en) * | 2002-08-12 | 2007-06-05 | Mossman Associates Inc | Method and system for using optical disk drive as a biometric card reader for secure online user authentication |
US7346773B2 (en) * | 2004-01-12 | 2008-03-18 | Cisco Technology, Inc. | Enabling stateless server-based pre-shared secrets |
-
2005
- 2005-04-26 US US11/115,542 patent/US7350227B2/en active Active
-
2006
- 2006-03-22 CN CNB200680008970XA patent/CN100541476C/en not_active Expired - Fee Related
- 2006-03-22 WO PCT/US2006/011479 patent/WO2006115679A2/en active Application Filing
- 2006-03-22 EP EP06739943.6A patent/EP1875362B1/en not_active Not-in-force
Non-Patent Citations (4)
Title |
---|
BAKER F. ET AL.: "RSVP Cryptographic Authentication", RFC 2747, January 2000 (2000-01-01), XP015008530, Retrieved from the Internet <URL:ftp://ftp.rfc-editor.org/in-notes/rfc2747.txt> * |
BRADEN R. ET AL.: "Resource ReSerVation Protocol (RSVP) -- Version 1 Functional Specification", RFC 2205, vol. 2205, September 1997 (1997-09-01), pages 1 - 112, XP003020371, Retrieved from the Internet <URL:ftp://ftp.rfc-editor.org/in-notes/rfc2205.txt> * |
HERZOG S.: "RSVP Extensions for Policy Control", RFC 2750, January 2000 (2000-01-01), XP015008533, Retrieved from the Internet <URL:ftp://ftp.rfc-editor.org/in-notes/rfc2750.txt> * |
See also references of EP1875362A4 * |
Also Published As
Publication number | Publication date |
---|---|
EP1875362B1 (en) | 2014-06-25 |
EP1875362A4 (en) | 2011-01-05 |
WO2006115679A2 (en) | 2006-11-02 |
EP1875362A2 (en) | 2008-01-09 |
US20060242408A1 (en) | 2006-10-26 |
US7350227B2 (en) | 2008-03-25 |
CN101147141A (en) | 2008-03-19 |
CN100541476C (en) | 2009-09-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2006115679A3 (en) | Cryptographic peer discovery, authentication, and authorization for on-path signaling | |
CN105917689B (en) | Secure peer-to-peer groups in information-centric networks | |
CN109600350B (en) | System and method for secure communication between controllers in a vehicle network | |
CN106533655B (en) | Method for safe communication of ECU (electronic control Unit) in vehicle interior network | |
CN107105060B (en) | Method for realizing information security of electric automobile | |
Hazem et al. | Lcap-a lightweight can authentication protocol for securing in-vehicle networks | |
US10735206B2 (en) | Securing information exchanged between internal and external entities of connected vehicles | |
Zelle et al. | On using TLS to secure in-vehicle networks | |
WO2013122177A1 (en) | Vehicle-mounted network system | |
Chattopadhyay et al. | Security of autonomous vehicle as a cyber-physical system | |
KR101521412B1 (en) | Protocol Management System for Aggregating Massages based on certification | |
RU2018129320A (en) | PROTECTED AND TORGE RESISTANT COMMUNICATION FOR UNDERWATER UNDERABLE APPLIANCES | |
Seeber et al. | Towards a trust computing architecture for RPL in cyber physical systems | |
WO2018017566A1 (en) | Hash-chain based sender identification scheme | |
CN106209883A (en) | Based on link selection and the multi-chain circuit transmission method and system of broken restructuring | |
CN101145915B (en) | An authentication system and method of trustable router | |
US20050129236A1 (en) | Apparatus and method for data source authentication for multicast security | |
Khalil et al. | Sybil attack prevention through identity symmetric scheme in vehicular ad-hoc networks | |
US20080133915A1 (en) | Communication apparatus and communication method | |
JP2019507971A5 (en) | ||
Oyler et al. | Security in automotive telematics: a survey of threats and risk mitigation strategies to counter the existing and emerging attack vectors | |
WO2008099254A3 (en) | Authorizing n0n-3gpp ip access during tunnel establishment | |
Mershad et al. | REACT: secure and efficient data acquisition in VANETs | |
JP6375962B2 (en) | In-vehicle gateway device and electronic control device | |
Dolev et al. | Certificating vehicle public key with vehicle attributes a (periodical) licensing routine, against man-in-the-middle attacks and beyond |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 200680008970.X Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 6452/DELNP/2007 Country of ref document: IN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2006739943 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
NENP | Non-entry into the national phase |
Ref country code: RU |