IPv6: the new Internet protocol
TL;DR: An overview of the role of an internet protocol, the motivation for developing a new version of the IP, and some of the details of the next generation of IP are examined.
Abstract: The current version of the Internet protocol (IP) is becoming obsolete because of its limited address space, lack of needed functionality and inadequate security features. The next generation of IP, called IPv6, has now been standardized and will carry TCP/IP networks and applications well into the next century. This article begins with an overview of the role of an internet protocol, looks at the motivation for developing a new version of the IP, and then examines some of its details.
Citations
More filters
Patent•
19 Sep 2006TL;DR: In this paper, a security architecture for multiple information resources is presented, in which a single sign-on is provided for a single information resource and access is granted without the need for further credentials and authentication.
Abstract: A security architecture has been developed in which a single sign-on is provided for multiple information resources. Rather than specifying a single authentication scheme for all information resources, the security architecture associates trust-level requirements with information resources. Authentication schemes (e.g., those based on passwords, certificates, biometric techniques, smart cards, etc.) are employed depending on the trust-level requirement(s) of an information resource (or information resources) to be accessed. Once credentials have been obtained for an entity and the entity has been authenticated to a given trust level, access is granted, without the need for further credentials and authentication, to information resources for which the authenticated trust level is sufficient.
639 citations
Patent•
31 Jul 2000TL;DR: In this paper, a single sign-on is provided for session credentials to maintain continuity of a persistent session across multiple accesses to one or more information resources, and in some embodiments, across credential level changes.
Abstract: A security architecture has been developed in which a single sign-on is provided. Session credentials are used to maintain continuity of a persistent session across multiple accesses to one or more information resources, and in some embodiments, across credential level changes. Session credentials are secured, e.g., as a cryptographically secured session token, such that they may be inspected by a wide variety of entities or applications to verify an authenticated trust level, yet may not be prepared or altered except by a trusted authentication service. Some embodiments of the present invention associate trust level requirements with information resources. Authentication schemes (e.g., those based on passwords, certificates, biometric techniques, smart cards, etc.) are associated with trust levels, and in some embodiments, with environmental parameters. For example, in one configuration, a login service (120) obtains login credentials for an entity (e.g., 170) commensurate with the trust level requirement(s) of an information resource or information resources (e.g., 191, 192, 193) to be accessed and with environment parameters that affect the sufficiency of a given credential type. Once login credentials (e.g., 410) have been obtained for an entity and have been authenticated to a given trust level, session credentials (e.g., 420) are issued and access is granted to information resources for which the trust level is sufficient. Advantageously, by using the session credentials access is granted without the need for further login credentials and authentication. In some configurations, session credentials evidencing an insufficient trust level may be remedied by a session continuity preserving upgrade of login credential.
320 citations
Patent•
31 Jul 2000TL;DR: In this article, a single sign-on is provided for multiple information resources by associating trust-level requirements with information resources (e.g., passwords, certificates, biometric techniques, smart cards, etc.).
Abstract: A security architecture has been developed in which a single sign-on is provided for multiple information resources. Rather than specifying a single authentication scheme for all information resources, the security architecture associates trust-level requirements with information resources. Authentication schemes (e.g., those based on passwords, certificates, biometric techniques, smart cards, etc.) are associated with trust levels and a log-on service (e.g., 120) obtains credentials for an entity commensurate with the trust-level requirement(s) of one or more information resources (e.g., 191, 192, 193) to be accessed. Once credentials have been obtained for an entity (e.g., 170) and the entity has been authenticated to a given trust level, access is granted, without the need for further credentials and authentication, to information resources for which the authenticated trust level is sufficient.
288 citations
Patent•
05 Aug 1999TL;DR: In this article, a security architecture advantageously allows temporal, locational, connection type and/or client capabilities-related information to affect the sufficiency of a given credential type (and associated authentication scheme) for access to a particular information resource.
Abstract: By including environment information in a security policy, a security architecture advantageously allows temporal, locational, connection type and/or client capabilities-related information to affect the sufficiency of a given credential type (and associated authentication scheme) for access to a particular information resource In some configurations, time of access, originating location (physical or network) and/or connection type form a risk profile that can be factored into credential type sufficiency In some configurations, changing environmental parameters may cause a previously sufficient credential to become insufficient Alternatively, an authenticated credential previously insufficient for access at a given trust level may be sufficient based on a changed or more fully parameterized session environment In some configurations, the use of session tracking facilites (eg, the information content of session tokens) can be tailored to environmental parameters (eg, connection type or location) Similarly, capabilities of a particular client entity (eg, browser support for 128-bit cipher or availablity of a fingerprint scanner or card reader) may affect the availability or sufficiency of particular authentication schemes to achieve a desired trust level
233 citations
Patent•
AT&T1
TL;DR: In this article, the TCP2B protocol and TCP2E protocol have been proposed, where the client retransmits its requested options in the ACK message so the server need not store the options after the connection request.
Abstract: The protocol of the present invention includes two new first level protocols and several embodiments of a second level protocol. The two new first level protocols of the present invention include the TCP2B protocol and the TCP2E protocol. In the TCP2B protocol, both client and server indicate their support for this protocol using one or more bits in TCP header. According to the TCP2B protocol, the client retransmits its requested options in the ACK message so the server need not store the options after the connection request. In the TCP2E protocol, the server maintains a Friends Table listing addresses of device recently observed to be complying with TCP. If a client's address is on the Friends Table, the connection request is processed according to TCP. Otherwise, the server sends an ACK message to the client to prompt the client to send a reset message. The client's address can then be added to the Friends Table.
187 citations
References
More filters
TL;DR: This paper presents an overview of the Next Generation Internet Protocol (IPng), which was approved by the Internet Engineering Steering Group on November 17, 1994 and made a Proposed Standard.
Abstract: This paper presents an overview of the Next Generation Internet Protocol (IPng). IPng was recommended by the IPng Area Directors of the Internet Engineering Task Force at the Toronto IETF meeting on July 25, 1994, and documented in RFC 1752, "The Recommendation for the IP Next Generation Protocol" [1]. The recommendation was approved by the Internet Engineering Steering Group on November 17, 1994 and made a Proposed Standard.
97 citations
TL;DR: The issues that derive from growth in scale and function, which are prompting the Internet community to assess significant changes in the protocol suite, are explored and related to the IBM Open Blueprint™.
Abstract: After tracing the evolution of Transmission Control Protocol/Internet Protocol (TCP/IP) from its academic and government research heritage to its current commercial use, we survey new directions in TCP/IP. We explore the issues that derive from growth in scale and function, which are prompting the Internet community to assess significant changes in the protocol suite. We relate these issues to the IBM Open Blueprint™. Much as the IBM Personal Computer brought computing to millions of people, the Internet service of the IBM Global Network and IBM's Internet Connection products are bringing networking to millions of people and are changing how customers are transacting business among themselves and with IBM.
13 citations