1. Field of the Invention
This invention pertains to the field of data communications networks and, more specifically, to means for determining the integrity and the authenticity of command frames, management frames, and the like, that are issued from a network node by an authorized managing entity or network manager.
2. Description of the Prior Art
As computer systems become geographically distributed, availability of the computer network becomes a major concern to all network customers. For example, disruption of a single network device can cause a tremendous loss in productivity by the network's customers. Network devices, such as concentrators, bridges, routers, gateways and servers, are increasingly being managed from remote network stations via network command fields that are contained in network management frames. Authenticity of the origin of management frames and the integrity of the management frames themselves are critical to maintaining high availability of the network. One unauthorized network command has the potential to disrupt thousands of network users and cause an unacceptable degradation in network performance or, in the worst case, prevent access to some, or all, network services including, for example, server and host access. An unauthorized management frame can be issued accidentally or maliciously. Thus, in all cases, it is desirable to check the integrity and authenticity of the network command frames.
The prior art describes various means for determining the integrity and authenticity of requests or commands that are issued from a network node by a network user.
The article entitled "Secure Communication Using Remote Procedure Calls, ACM Transactions On Computer Systems, Vol. 3, No. 1, February 1985, pages 1-14, describes an end-to-end secure protocol. An authenticator is based upon the time at which the authenticator was formed. This is done in order to limit the lifetime of an authenticator to a few hours.
The use of time stamping in a packet network is known. U.S. Pat. No. 4,894,823 is exemplary.
U.S. Pat. No. 5,113,499, incorporated herein by reference for the purpose of indicating the background of the invention and as illustrative of the state of the art, describes a telecommunications access management system having authorization, validation and password features.
U.S. Pat. No. 5,048,087, incorporated herein by reference for the purpose of indicating the background of the invention and as illustrative of the state of the art, describes end-to-end encryption for a packet based network and, more specifically, a means for the changing keys that are used for encryption.
The PCT publication International Publication Number WO 92/03000 describes a system for tamper proof time stamping a digital document to protect secrecy and which includes cryptographic verification.
While the prior art, of which the above is exemplary, is generally useful for its limited intended purposes, the need remains for a communications network access system providing improved means for checking the integrity and authenticity of received network management command frames.