公开(公告)号：US08687631B2

公开(公告)日：2014-04-01

申请号：US12848141

申请日：2010-07-31

申请人： Srinath Gundavelli ,  Frank Brockners ,  Mark Grayson ,  Kent K. Leung ,  Flemming S. Andreasen

发明人： Srinath Gundavelli ,  Frank Brockners ,  Mark Grayson ,  Kent K. Leung ,  Flemming S. Andreasen

IPC分类号： H04L12/28

CPC分类号： H04L45/741 ,  H04L12/4633 ,  H04L29/12367 ,  H04L29/12377 ,  H04L61/106 ,  H04L61/2514 ,  H04L61/2517 ,  H04L69/22

摘要： An example method is provided and includes receiving a packet associated with a flow, determining a tunnel identifier for the flow, and determining a flow identifier for the flow. The method includes associating the flow identifier and the tunnel identifier to an Internet protocol (IP) address to generate a binding to be used for a network address and port translation (NAPT). In other embodiments, a routing decision is executed based on the binding between the identifiers and the IP address. The flow identifier can be a context identifier (CID), and the tunnel identifier can be a softwire tunnel ID. In yet other embodiments, the packet can be tagged as part of an encapsulation operation, which includes providing information about a network location at which the network address and port translation is to be executed.

摘要翻译： 提供了示例性方法，并且包括接收与流相关联的分组，确定流的隧道标识符，以及确定流的流标识符。 该方法包括将流标识符和隧道标识符与因特网协议（IP）地址相关联，以生成用于网络地址和端口转换（NAPT）的绑定。 在其他实施例中，基于标识符和IP地址之间的绑定来执行路由决定。 流标识符可以是上下文标识符（CID），隧道标识符可以是软线隧道ID。 在其他实施例中，分组可以被标记为封装操作的一部分，其包括提供关于将要执行网络地址和端口转换的网络位置的信息。

公开(公告)号：US20110258431A1

公开(公告)日：2011-10-20

申请号：US12762204

申请日：2010-04-16

申请人： Srinath Gundavelli ,  Brian E. Weis

发明人： Srinath Gundavelli ,  Brian E. Weis

IPC分类号： H04L12/56 ,  H04L29/06

CPC分类号： H04L61/2007 ,  H04L29/12254 ,  H04L29/12283 ,  H04L29/12933 ,  H04L45/00 ,  H04L45/72 ,  H04L61/2038 ,  H04L61/2061 ,  H04L61/6068 ,  H04L63/0428 ,  H04L67/12 ,  H04W8/04 ,  H04W72/04

摘要： An example method includes receiving an Internet protocol (IP) address request in a network and selecting an IP address associated with a prefix that represents an IP subnet. The prefix includes a color attribute to be provided as part of a communication session that includes a plurality of packets. The prefix defines one or more properties associated with an application for the session. The prefix is communicated to a network element in a signaling plane, the prefix is configured to be used to make a routing decision for at least some of the plurality of packets. In more specific embodiments, the method can include applying one or more network policies based on the prefix associated with the IP address. The method could also include decrypting an encryption protocol in order to identify the prefix of a subsequent communication flow, and executing a routing decision based on the prefix.

摘要翻译： 示例性方法包括在网络中接收因特网协议（IP）地址请求，并且选择与表示IP子网的前缀相关联的IP地址。 前缀包括要作为包括多个分组的通信会话的一部分提供的颜色属性。 前缀定义与会话的应用程序相关联的一个或多个属性。 前缀被传送到信令平面中的网元，前缀被配置为用于为多个分组中的至少一些分组做出路由决定。 在更具体的实施例中，该方法可以包括基于与IP地址相关联的前缀应用一个或多个网络策略。 该方法还可以包括解密加密协议以便识别后续通信流的前缀，以及基于前缀执行路由决定。

公开(公告)号：US20110103344A1

公开(公告)日：2011-05-05

申请号：US12612131

申请日：2009-11-04

申请人： Srinath Gundavelli ,  Abhijit Choudhury ,  Rohit Suri ,  Venkatesh Kanagasabapathy ,  Bhavannarayana Nelakanti ,  Sudhir Jain

发明人： Srinath Gundavelli ,  Abhijit Choudhury ,  Rohit Suri ,  Venkatesh Kanagasabapathy ,  Bhavannarayana Nelakanti ,  Sudhir Jain

IPC分类号： H04W36/00

CPC分类号： H04W8/005 ,  H04L41/12 ,  H04W8/26

摘要： Techniques are provided herein to support roaming of wireless mobile client devices from one wireless local area network access point device to another wireless local area network access point device. Neighbor discovery messages are received from wireless mobile client devices. A neighbor discovery message specifies a target address for a neighbor discovery function. A response to a neighbor discovery message is sent to a wireless mobile client device such that the response message appears to have been sent by a wireless mobile client device that has an address that corresponds to the target address of the neighbor discovery message.

摘要翻译： 本文提供了技术来支持将无线移动客户端设备从一个无线局域网接入点设备漫游到另一个无线局域网接入点设备。 从无线移动客户端设备接收邻居发现消息。 邻居发现消息指定邻居发现功能的目标地址。 对邻居发现消息的响应被发送到无线移动客户端设备，使得响应消息看起来已被无线移动客户端设备发送，该无线移动客户端设备具有与邻居发现消息的目标地址相对应的地址。

公开(公告)号：US20060072759A1

公开(公告)日：2006-04-06

申请号：US10951499

申请日：2004-09-27

申请人： Srinath Gundavelli ,  Kent Leung ,  Alpesh Patel

发明人： Srinath Gundavelli ,  Kent Leung ,  Alpesh Patel

IPC分类号： H04K1/00

CPC分类号： H04L63/06 ,  H04L9/0844 ,  H04L63/08 ,  H04L2209/80 ,  H04W12/04 ,  H04W12/06 ,  H04W80/04

摘要： Methods and apparatus for dynamically generating authentication keys are disclosed. Specifically, a Mobile-Foreign authentication key is separately generated by both the Mobile Node and Foreign Agent. Similarly, a Foreign-Home authentication key is separately generated by the Foreign Agent and the Home Agent. In accordance with one embodiment, generation of the Mobile-Foreign authentication key and Foreign-Home authentication key are accomplished via the Diffie-Hellman key generation scheme.

摘要翻译： 公开了用于动态生成认证密钥的方法和装置。 具体来说，移动外部认证密钥由移动节点和外部代理单独分别生成。 类似地，外国人认证密钥由外地代理和归属代理单独产生。 根据一个实施例，通过Diffie-Hellman密钥生成方案来实现Mobile-Foreign认证密钥和Foreign-Home认证密钥的生成。

公开(公告)号：US08923260B2

公开(公告)日：2014-12-30

申请号：US13312157

申请日：2011-12-06

申请人： Srinath Gundavelli ,  Rajesh Pazhyannur ,  Kent K. Leung

发明人： Srinath Gundavelli ,  Rajesh Pazhyannur ,  Kent K. Leung

IPC分类号： H04W92/00

CPC分类号： H04W8/02 ,  H04W60/005

摘要： Systems and methods for providing identity management and mobility management are disclosed. The management scheme provides mobility in multi-device and multi-homed deployments. A collection of three identities, a device identity, a link layer identity, and a user identity, can be used to provide mobility for a number of devices under different use scenarios. In one embodiment, a method is disclosed for receiving messages from a mobile device at a mobility gateway, the messages including identifiers such as a user identifier, a link layer identifier, and a device identifier where identifiers are stored or retained at the mobility gateway. When a subsequent network attach request is received including one or more identifiers, a reconnection can occur, based on a result of comparing the stored identifiers with the received one or more identifiers.

摘要翻译： 公开了用于提供身份管理和移动性管理的系统和方法。 管理方案提供多设备和多宿主部署中的移动性。 可以使用三个身份的集合，设备身份，链路层身份和用户身份来为不同使用场景下的多个设备提供移动性。 在一个实施例中，公开了一种用于在移动性网关处从移动设备接收消息的方法，所述消息包括诸如用户标识符，链路层标识符和在移动性网关处存储或保留标识符的设备标识符的标识符。 当接收到包括一个或多个标识符的后续网络附着请求时，可以基于将所存储的标识符与所接收的一个或多个标识符进行比较的结果来进行重新连接。

公开(公告)号：US08259683B2

公开(公告)日：2012-09-04

申请号：US13286036

申请日：2011-10-31

申请人： Srinath Gundavelli ,  Kent K Leung

发明人： Srinath Gundavelli ,  Kent K Leung

IPC分类号： H04W4/00 ,  H04W36/00

CPC分类号： H04L41/5054 ,  H04L41/08 ,  H04L41/0803 ,  H04L41/0843 ,  H04L67/306 ,  H04W80/04

摘要： The disclosed embodiments enable service policies to be provisioned for a Mobile Node dynamically. A network device receives a message including at least one of one or more attributes of a Mobile IP session and one or more user preferences associated with the Mobile Node. One or more rules to be applied to the Mobile Node may then be identified. One or more of the identified rules are executed according to at least one of one or more of the attributes of the Mobile IP session and one or more of the user preferences associated with the Mobile Node.

摘要翻译： 所公开的实施例使得能够动态地为移动节点提供服务策略。 网络设备接收包括移动IP会话的一个或多个属性中的至少一个以及与移动节点相关联的一个或多个用户偏好的消息。 然后可以识别要应用于移动节点的一个或多个规则。 根据移动IP会话的一个或多个属性和与移动节点相关联的一个或多个用户偏好中的至少一个来执行所识别的规则中的一个或多个。

公开(公告)号：US20100166179A1

公开(公告)日：2010-07-01

申请号：US12645286

申请日：2009-12-22

申请人： Srinath Gundavelli ,  Kent Leung ,  Alpesh Patel

发明人： Srinath Gundavelli ,  Kent Leung ,  Alpesh Patel

IPC分类号： H04K1/00 ,  H04L9/00 ,  H04L9/32

CPC分类号： H04L63/06 ,  H04L9/0844 ,  H04L63/08 ,  H04L2209/80 ,  H04W12/04 ,  H04W12/06 ,  H04W80/04

摘要： Methods and apparatus for dynamically generating authentication keys are disclosed. Specifically, a Mobile-Foreign authentication key is separately generated by both the Mobile Node and Foreign Agent. Similarly, a Foreign-Home authentication key is separately generated by the Foreign Agent and the Home Agent. In accordance with one embodiment, generation of the Mobile-Foreign authentication key and Foreign-Home authentication key are accomplished via the Diffie-Hellman key generation scheme.

摘要翻译： 公开了用于动态生成认证密钥的方法和装置。 具体来说，移动外部认证密钥由移动节点和外部代理单独分别生成。 类似地，外国人认证密钥由外地代理和归属代理单独产生。 根据一个实施例，通过Diffie-Hellman密钥生成方案来实现Mobile-Foreign认证密钥和Foreign-Home认证密钥的产生。

公开(公告)号：US06941457B1

公开(公告)日：2005-09-06

申请号：US09608831

申请日：2000-06-30

申请人： Srinath Gundavelli ,  David McNamee

发明人： Srinath Gundavelli ,  David McNamee

IPC分类号： H04K1/00 ,  H04L9/00 ,  H04L9/08

CPC分类号： H04L9/0841

摘要： An optimized approach for arriving at a shared secret key in a dynamically changing multicast or broadcast group environment is disclosed. In one aspect of the invention, a method is provided for communicating through a secure channel between members of a dynamically changing multicast group connected over an insecure network. The method provides that a first shared secret key for establishing a first multicast group is computed that includes a set of one or more first members. Based on the first shared secret key, a first multicast group exchange key is also generated. Upon receiving a first user exchange key from a first user requesting entry into the first multicast group, a second secret key, based on the first user exchange key and the first shared secret key is computed. The first multicast group exchange key is sent to the first user and used by the first user to generate the same second shared secret key. Through the use of the second shared secret key a second multicast group is established whose members include the first user and the set of one or more first members of the first multicast group as the second shared secret key provides a first secure channel for communicating between members of the second multicast group over the insecure network.

摘要翻译： 公开了一种用于在动态变化的多播或广播组环境中达到共享秘密密钥的优化方法。 在本发明的一个方面，提供了一种用于通过在不安全网络上连接的动态变化的多播组的成员之间的安全信道进行通信的方法。 该方法规定，计算包括一组一个或多个第一成员的用于建立第一多播组的第一共享秘密密钥。 基于第一共享秘密密钥，还生成第一组播组交换密钥。 在从第一用户请求进入第一多播组中的第一用户交换密钥接收时，基于第一用户交换密钥和第一共享密钥计算第二密钥。 第一组播组交换密钥被发送给第一用户并由第一用户使用以产生相同的第二共享密钥。 通过使用第二共享秘密密钥，建立第二多播组，其成员包括第一用户和第一多播组的一个或多个第一成员的集合，因为第二共享秘密密钥提供用于在成员之间进行通信的第一安全信道 的第二个组播组在不安全的网络上。

公开(公告)号：US09198209B2

公开(公告)日：2015-11-24

申请号：US13591069

申请日：2012-08-21

申请人： Mark Grayson ,  Srinath Gundavelli

发明人： Mark Grayson ,  Srinath Gundavelli

IPC分类号： G01R31/08 ,  H04W76/02 ,  H04W28/02

CPC分类号： H04W76/12 ,  H04W28/0268

摘要： A method is provided in one example embodiment and includes receiving a request associated with a flow over a wireless link, where the request specifies resource requirements for the flow. The method also includes mapping an Internet protocol (IP) flow description to a plurality of tunnel IP addresses, and mapping a framed IP address to an access point (AP) tunnel endpoint address in order to establish a quality of service (QoS) for tunneled traffic.

摘要翻译： 在一个示例性实施例中提供了一种方法，并且包括接收与无线链路上的流相关联的请求，其中该请求指定该流的资源需求。 该方法还包括将互联网协议（IP）流描述映射到多个隧道IP地址，以及将成帧的IP地址映射到接入点（AP）隧道端点地址，以便建立用于隧道化的服务质量（QoS） 交通。

公开(公告)号：US08687609B2

公开(公告)日：2014-04-01

申请号：US12612116

申请日：2009-11-04

申请人： Srinath Gundavelli ,  Abhijit Choudhury ,  Rohit Suri ,  Venkatesh Kanagasabapathy ,  Bhavannarayana Nelakanti ,  Sudhir Jain

发明人： Srinath Gundavelli ,  Abhijit Choudhury ,  Rohit Suri ,  Venkatesh Kanagasabapathy ,  Bhavannarayana Nelakanti ,  Sudhir Jain

IPC分类号： H04W4/00

CPC分类号： H04L12/189 ,  H04L12/18 ,  H04L12/4641 ,  H04L45/16 ,  H04W28/0226 ,  H04W40/023 ,  H04W40/24 ,  H04W40/248 ,  H04W40/30 ,  H04W84/12

摘要： Techniques are provided to manage how router advertisement messages are forwarded for ultimate wireless transmission in a wireless network. In one embodiment, a multicast router advertisement message intended for a virtual local area network is converted into individual unicast router advertisement messages directed to specific wireless mobile client devices that are part of that virtual local area network. In another embodiment, router advertisement messages are routed between controllers according to the current location of a wireless mobile client device. In still other embodiments, techniques are provided to minimize the volume of the router advertisement messages sent over a wireless network, and to proactively send a unicast router advertisement message to a mobile client device that has performed a handoff, without waiting for a router solicitation message.

摘要翻译： 提供技术来管理路由器通告消息如何被转发以用于无线网络中的最终无线传输。 在一个实施例中，旨在用于虚拟局域网的多播路由器通告消息被转换成针对作为该虚拟局域网的一部分的特定无线移动客户端设备的单独的单播路由器通告消息。 在另一实施例中，路由器通告消息根据无线移动客户端设备的当前位置在控制器之间路由。 在其他实施例中，提供了技术来最小化通过无线网络发送的路由器通告消息的音量，并且主动地向执行切换的移动客户端设备发送单播路由器通告消息，而不等待路由器请求消息 。