-
101.发明授权Method of anonymous entity authentication using group-based anonymous signatures 有权使用基于组的匿名签名的匿名实体身份验证方法公开(公告)号:US08707046B2
公开(公告)日:2014-04-22
申请号:US13100017
申请日:2011-05-03
申请人: Jesse Walker , Jiangtao Li
发明人: Jesse Walker , Jiangtao Li
IPC分类号: H04L29/06
CPC分类号: H04L9/3273 , H04L9/0838 , H04L9/0844 , H04L9/3247 , H04L9/3255 , H04L9/3268 , H04L2209/42
摘要: Methods for anonymous authentication and key exchange are presented. In one embodiment, a method includes initiating a two-way mutual authentication between a first entity and a second entity. The first entity remains anonymous to the second entity after performing the authentication. The method also includes establishing a mutually shared session key for use in secure communication between the entities, wherein the initiating and the establishing are in conjunction with direct anonymous attestation (DAA).
摘要翻译: 提出匿名认证和密钥交换的方法。 在一个实施例中,一种方法包括在第一实体和第二实体之间发起双向相互认证。 执行验证后,第一个实体对第二个实体保持匿名。 该方法还包括建立相互共享的会话密钥,用于实体之间的安全通信,其中启动和建立结合直接匿名认证(DAA)。
-
公开(公告)号:US20130276075A1
公开(公告)日:2013-10-17
申请号:US13976171
申请日:2011-09-01
申请人: Michelle X. Gong , Jesse Walker , Roy Want , Horst W. Haussecker
发明人: Michelle X. Gong , Jesse Walker , Roy Want , Horst W. Haussecker
IPC分类号: H04W12/08
CPC分类号: H04W12/08 , H04L67/1042 , H04L67/1044 , H04W4/08 , H04W12/06 , H04W76/10
摘要: Apparatuses for peer-to-peer network setup are presented. In one embodiment, an apparatus comprises a wireless processing unit to communicate with a master device. The wireless processing unit is operable to receive encoded data in a two-dimensional (2D) barcode. The encoded data comprise at least user information associated with the master device including a user identifier, a device identifier, or both. The encoded data further comprise network information including a network identifier, a password, and a profile lifetime value. In one embodiment, the apparatus further comprises a display unit to display at least part of the user information and the network information to a user. The wireless processing unit is operable to initiate a peer-to-peer network setup with the master device based at least on a response from the user.
摘要翻译: 提出了用于对等网络设置的设备。 在一个实施例中,一种装置包括与主设备进行通信的无线处理单元。 无线处理单元可操作以在二维(2D)条形码中接收编码数据。 编码数据至少包括与主设备相关联的用户信息,包括用户标识符,设备标识符或两者。 编码数据还包括网络信息,包括网络标识符,密码和简档寿命值。 在一个实施例中,该装置还包括显示单元,用于向用户显示至少一部分用户信息和网络信息。 无线处理单元可操作以至少基于来自用户的响应来与主设备发起对等网络建立。
-
103.发明授权Efficient key derivation for end-to-end network security with traffic visibility 有权针对具有流量可见性的端到端网络安全性的高效密钥导出公开(公告)号:US08467527B2
公开(公告)日:2013-06-18
申请号:US12327137
申请日:2008-12-03
申请人: Men Long , Jesse Walker , Karanvir Grewal
发明人: Men Long , Jesse Walker , Karanvir Grewal
CPC分类号: H04L9/0866 , H04L9/0631 , H04L63/0428 , H04L63/06 , H04L2209/125
摘要: Both end-to-end security and traffic visibility may be achieved by a system using a controller that derives a cryptographic key that is different for each client based on a derivation key and a client identifier that is conveyed in each data packet. The controller distributes the derivation key to information technology monitoring devices and a server to provide traffic visibility. For large key sizes, the key may be derived using a derivation formula as follows: client_key—MSB=AES128(base_key_1, client_ID), (1) client_key—LSB=AES128(base_key_2, client_ID+pad), and (2) client_key=client_key_MSB∥client_key_LSB, where (1) and (2) are executed in parallel. The client key and a client identifier may be used so that end-to-end security may be achieved.
摘要翻译: 端到端安全性和流量可见性可以由使用控制器的系统来实现,所述控制器基于在每个数据分组中传送的导出密钥和客户端标识符来导出每个客户端不同的密码密钥。 控制器将派生密钥分发到信息技术监控设备和服务器,以提供流量可视性。 对于较大的密钥大小,密钥可以使用以下推导公式导出:client_key-MSB = AES128(base_key_1,client_ID),(1)client_key-LSB = AES128(base_key_2,client_ID + pad)和(2)client_key = client_key_MSB‖client_key_LSB,其中(1)和(2)并行执行。 可以使用客户端密钥和客户端标识符,以便可以实现端到端的安全性。
-
公开(公告)号:US08429404B2
公开(公告)日:2013-04-23
申请号:US12570235
申请日:2009-09-30
IPC分类号: H04L9/32
CPC分类号: H04L63/061 , H04L63/0823
摘要: A system and method for discovery and/or authentication of clients to a network, particularly a managed network, substantially without requiring the client and/or access device to transmit an unencrypted address or identification.
摘要翻译: 用于基本上不需要客户端和/或接入设备发送未加密的地址或标识的用于向网络,特别是被管理网络发现和/或认证客户端的系统和方法。
-
公开(公告)号:US20120023334A1
公开(公告)日:2012-01-26
申请号:US12913708
申请日:2010-10-27
申请人: Ernest F. Brickell , Jiangtao Li , Jesse Walker
发明人: Ernest F. Brickell , Jiangtao Li , Jesse Walker
IPC分类号: H04L9/32
CPC分类号: H04L9/0844 , H04L9/0891 , H04L9/3255 , H04L9/3273 , H04L2209/42
摘要: Methods for anonymous authentication and key exchange are presented. In one embodiment, a method includes initiating a two-way mutual authentication between a device and a remote entity. The device remains anonymous to the remote entity after performing the authentication. The method also includes establishing a mutually shared session key for use in secure communication, wherein the initiating and the establishing are in conjunction with direct anonymous attestation (DAA).
摘要翻译: 提出匿名认证和密钥交换的方法。 在一个实施例中,一种方法包括启动设备和远程实体之间的双向相互认证。 执行身份验证后,设备对远程实体保持匿名。 该方法还包括建立用于安全通信的相互共享的会话密钥,其中启动和建立与直接匿名认证(DAA)结合。
-
公开(公告)号:US08001584B2
公开(公告)日:2011-08-16
申请号:US11241589
申请日:2005-09-30
申请人: Victor B. Lortz , Jesse Walker , Preston J. Hunt , Amol Kulkarni
发明人: Victor B. Lortz , Jesse Walker , Preston J. Hunt , Amol Kulkarni
IPC分类号: H04L9/32
CPC分类号: H04L63/0807 , H04L9/3226 , H04L9/3234 , H04L63/162 , H04L2209/56 , H04L2209/805
摘要: A first message is transmitted over a communication channel to initiate a transaction. The first message contains a random number and a public key of a device. Continuing the transaction, a second message is received. The second message also contains a random number and a public key of a second device. At least one message is received that contains a proof-of-possession of the device's password, along with a credential that is encrypted with a credential key.
摘要翻译: 通过通信信道发送第一消息以发起交易。 第一个消息包含一个设备的随机数和公钥。 继续交易,收到第二条消息。 第二个消息还包含第二个设备的随机数和公钥。 接收到至少一个包含设备密码证明的消息,以及使用证书密钥加密的证书。
-
107.发明授权Method and system of secured direct link set-up (DLS) for wireless networks 有权用于无线网络的安全直接链路建立(DLS)的方法和系统公开(公告)号:US07995546B2
公开(公告)日:2011-08-09
申请号:US12590356
申请日:2009-11-06
申请人: Jesse Walker , Shlomo Ovadia , Suman Sharma
发明人: Jesse Walker , Shlomo Ovadia , Suman Sharma
IPC分类号: H04W4/00
CPC分类号: H04W12/02 , H04L9/083 , H04L63/0428 , H04L63/062 , H04L2209/80 , H04L2463/061 , H04L2463/062 , H04W76/14 , H04W84/12 , H04W84/18
摘要: Method and system of secured direct link set-up (DLS) for wireless networks. In accordance with aspects of the method, techniques are disclosed for setting up computationally secure direct links between stations in a wireless network in a manner that is computationally secure. A direct link comprising a new communication session is set up between first and second stations in a wireless local area network (WLAN) hosted by an access point (AP), the direct link comprising a new communication session. The AP generates a unique session key for the new communication session and transfers secured copies of the session key to each of the first and second stations in a manner under which only the first and second stations can obtain the session key. A security mechanism is then implemented on the unsecured direct link to secure the direct link between the first and second stations using a secure session key derived from the session key.
摘要翻译: 用于无线网络的安全直接链路建立(DLS)的方法和系统。 根据该方法的方面,公开了用于以计算上安全的方式在无线网络中的站之间建立计算安全的直接链路的技术。 在由接入点(AP)托管的无线局域网(WLAN)中的第一和第二站之间建立包括新的通信会话的直接链路,该直接链路包括新的通信会话。 AP为新的通信会话生成唯一的会话密钥,并且以只有第一和第二站可以获得会话密钥的方式将会话密钥的安全副本传送到第一和第二站中的每一个。 然后在不安全的直接链路上实现安全机制,以使用从会话密钥导出的安全会话密钥来保护第一和第二站之间的直接链路。
-
108.发明申请Efficient Key Derivation for End-To-End Network Security with Traffic Visibility 有权针对具有流量可见性的端到端网络安全性的高效关键推导公开(公告)号:US20100135498A1
公开(公告)日:2010-06-03
申请号:US12327137
申请日:2008-12-03
申请人: Men Long , Jesse Walker , Karanvir Grewal
发明人: Men Long , Jesse Walker , Karanvir Grewal
CPC分类号: H04L9/0866 , H04L9/0631 , H04L63/0428 , H04L63/06 , H04L2209/125
摘要: Both end-to-end security and traffic visibility may be achieved by a system using a controller that derives a cryptographic key that is different for each client based on a derivation key and a client identifier that is conveyed in each data packet. The controller distributes the derivation key to information technology monitoring devices and a server to provide traffic visibility. For large key sizes, the key may be derived using a derivation formula as follows: client_key—MSB=AES128(base_key_1, client_ID), (1) client_key—LSB=AES128(base_key_2, client_ID+pad), and (2) client_key=client_key_MSB∥client_key_LSB, where (1) and (2) are executed in parallel. The client key and a client identifier may be used so that end-to-end security may be achieved.
摘要翻译: 端到端安全性和流量可见性可以由使用控制器的系统来实现,所述控制器基于在每个数据分组中传送的导出密钥和客户端标识符来导出每个客户端不同的密码密钥。 控制器将派生密钥分发到信息技术监控设备和服务器,以提供流量可视性。 对于较大的密钥大小,密钥可以使用以下推导公式导出:client_key-MSB = AES128(base_key_1,client_ID),(1)client_key-LSB = AES128(base_key_2,client_ID + pad)和(2)client_key = client_key_MSB‖client_key_LSB,其中(1)和(2)并行执行。 可以使用客户端密钥和客户端标识符,以便可以实现端到端的安全性。
-
公开(公告)号:US20090034443A1
公开(公告)日:2009-02-05
申请号:US11830184
申请日:2007-07-30
申请人: Jesse Walker , Emily H. Qi
发明人: Jesse Walker , Emily H. Qi
CPC分类号: H04W52/0274 , H04W52/0206 , H04W88/08 , Y02D70/122 , Y02D70/142 , Y02D70/146 , Y02D70/22
摘要: A wireless device operating as an access point (AP) uses an idle mode service and an idle mode mechanism to provide the capability of powering down during idle times. The client and the AP may share a cooperative idle mode mechanism to efficiently manage power for all devices operating in the WLAN.
摘要翻译: 作为接入点(AP)操作的无线设备使用空闲模式服务和空闲模式机制来提供在空闲时间期间断电的能力。 客户端和AP可以共享协作空闲模式机制以有效地管理在WLAN中操作的所有设备的电力。
-
公开(公告)号:US20080069351A1
公开(公告)日:2008-03-20
申请号:US11857349
申请日:2007-09-18
申请人: Jesse Walker , Meiyuan Zhao
发明人: Jesse Walker , Meiyuan Zhao
摘要: Techniques to overlay ciphersuite negotiation on top of the mesh link establishment protocol without sacrificing security. Two cryptographic primitives may be utilized: (1) a message integrity code, which is denoted as mK, where K is an authentication key (mK may be utilized to detect forged messages); and (2) a cryptographic random number generator, which will be denoted as rng. The techniques may use rng to produce values that cannot be predicted by any polynomial time algorithm.
摘要翻译: 在网络链路建立协议之上覆盖密码协商的技术,而不牺牲安全性。 可以使用两个加密原语:(1)消息完整性代码,其被表示为m K,其中K是认证密钥(m≠K)可用于检测 伪造消息); 和(2)密码随机数生成器,其将被表示为rng。 这些技术可以使用rng来产生不能被任何多项式时间算法预测的值。
-
-
-
-
-
-
-
-
-
搜索结果
111 条记录 (耗时 0.024 秒)