公开(公告)号：US08316424B2

公开(公告)日：2012-11-20

申请号：US12845449

申请日：2010-07-28

申请人： Paul Shala Henry ,  Zhimei Jiang ,  Hui Luo ,  Frederick Kenneth Schmidt, Jr.

发明人： Paul Shala Henry ,  Zhimei Jiang ,  Hui Luo ,  Frederick Kenneth Schmidt, Jr.

IPC分类号： G06F7/04

CPC分类号： G06F21/31 ,  G06Q40/00 ,  H04L9/0863 ,  H04L9/3226 ,  H04L63/0815 ,  H04L63/083 ,  H04L2209/80

摘要： A Virtual Single Account (VSA) system and method that provides a mobile user with automatic authentication and connection to a remote network via local access networks with a single password, where the local access networks may be independent of the remote network. A mobile user has a single authentication credential for one VSA that is utilized by a VSA client installed on a mobile computing device. The VSA client provides for automatically authenticating and connecting the user's mobile device to a current local access network, and the target remote network such as the user's office network. All authentication credentials are encrypted using a key generated from the user's VSA password that is generated from the user's single password. The VSA client derives the key from the submitted VSA password and decrypts all authentication credentials that are required in order to connect the mobile device to the current local access network and thereafter to the office network.

摘要翻译： 虚拟单一帐户（VSA）系统和方法，其通过具有单个密码的本地接入网络向移动用户提供自动认证和连接到远程网络，其中本地接入网络可以独立于远程网络。 移动用户具有用于安装在移动计算设备上的VSA客户端使用的一个VSA的单个认证凭证。 VSA客户端提供自动认证和连接用户的移动设备到当前的本地接入网络，以及目标远程网络，如用户的办公室网络。 所有认证凭证都是使用从用户的单一密码生成的用户的VSA密码生成的密钥加密的。 VSA客户端从提交的VSA密码中获取密钥，并解密所需的所有认证凭据，以便将移动设备连接到当前的本地接入网络，然后再到办公室网络。

公开(公告)号：US20100265892A1

公开(公告)日：2010-10-21

申请号：US12829360

申请日：2010-07-01

申请人： Paul Shala Henry ,  Zhimei Jiang ,  Byoung-Jo J. Kim ,  Kin K. Leung ,  Hui Luo

发明人： Paul Shala Henry ,  Zhimei Jiang ,  Byoung-Jo J. Kim ,  Kin K. Leung ,  Hui Luo

IPC分类号： H04W4/00

CPC分类号： H04L61/2007 ,  H04L61/6022 ,  H04L69/324 ,  H04W8/26 ,  H04W76/11 ,  H04W80/04 ,  H04W88/06 ,  H04W88/182

摘要： A method and apparatus to enable IP networking for mobile hosts without requiring changes to be made to the TCP/IP stack in the operating system installed on the mobile hosts. The apparatus is an “intelligent device” that can be installed on or connected to a mobile host, and may comprise a software-only logical module, physical hardware, or a combination of both. To a mobile host, the intelligent device emulates a network interface such as an Ethernet card or a telephone modem. The intelligent device appears to an access network just like any regular IP host connected to the access network through a physical network interface device. The intelligent device handles all mobile networking functions for the mobile host, and may control multiple different physical network interface devices to enable a connection to the “best” access network available to the mobile user at his location.

摘要翻译： 一种用于为移动主机启用IP网络的方法和装置，而不需要对安装在移动主机上的操作系统中的TCP / IP栈进行更改。 该装置是可以安装在移动主机上或连接到移动主机的“智能设备”，并且可以包括仅软件逻辑模块，物理硬件或两者的组合。 对于移动主机，智能设备模拟诸如以太网卡或电话调制解调器之类的网络接口。 就像通过物理网络接口设备连接到接入网的任何常规IP主机一样，智能设备就像接入网络一样出现。 智能设备处理移动主机的所有移动网络功能，并且可以控制多个不同的物理网络接口设备，以便连接到他所在位置的移动用户可用的“最佳”接入网络。

公开(公告)号：US07788709B1

公开(公告)日：2010-08-31

申请号：US11415762

申请日：2006-05-02

申请人： Paul Shala Henry ,  Zhimei Jiang ,  Hui Luo ,  Frederick Kenneth Schmidt, Jr.

发明人： Paul Shala Henry ,  Zhimei Jiang ,  Hui Luo ,  Frederick Kenneth Schmidt, Jr.

IPC分类号： H04L9/32

CPC分类号： G06F21/31 ,  G06Q40/00 ,  H04L9/0863 ,  H04L9/3226 ,  H04L63/0815 ,  H04L63/083 ,  H04L2209/80

摘要： A Virtual Single Account (VSA) system and method that provides a mobile user with automatic authentication and connection to a remote network via local access networks with a single password, where the local access networks may be independent of the remote network. A mobile user has a single authentication credential for one VSA that is utilized by a VSA client installed on a mobile computing device. The VSA client provides for automatically authenticating and connecting the user's mobile device to a current local access network, and the target remote network such as the user's office network. All authentication credentials are encrypted using a key generated from the user's VSA password that is generated from the user's single password. The VSA client derives the key from the submitted VSA password and decrypts all authentication credentials that are required in order to connect the mobile device to the current local access network and thereafter to the office network.

摘要翻译： 虚拟单一帐户（VSA）系统和方法，其通过具有单个密码的本地接入网络向移动用户提供自动认证和连接到远程网络，其中本地接入网络可以独立于远程网络。 移动用户具有用于安装在移动计算设备上的VSA客户端使用的一个VSA的单个认证凭证。 VSA客户端提供自动认证和连接用户的移动设备到当前的本地接入网络，以及目标远程网络，如用户的办公室网络。 所有认证凭证都是使用从用户的单一密码生成的用户的VSA密码生成的密钥加密的。 VSA客户端从提交的VSA密码中获取密钥，并解密所需的所有认证凭据，以便将移动设备连接到当前的本地接入网络，然后再到办公室网络。

公开(公告)号：US07174456B1

公开(公告)日：2007-02-06

申请号：US10146383

申请日：2002-05-14

申请人： Paul Shala Henry ,  Zhimei Jiang ,  Hui Luo

发明人： Paul Shala Henry ,  Zhimei Jiang ,  Hui Luo

IPC分类号： H04L9/00

CPC分类号： H04L9/3268 ,  H04L63/0428 ,  H04L63/0823 ,  H04L63/0892 ,  H04L63/108 ,  H04L2209/80 ,  H04W12/06 ,  H04W12/08 ,  H04W36/0038

摘要： A fast authentication and access control method of authenticating a network access device to a communications network having an access point communicating with a remote authentication (home AAA) server for the network access device. The method includes the step of receiving an access request having an authentication credential from the network access device at the access point. The authentication credential includes a security certificate having a public key for the network access device and an expiration time. The security certificate is signed with a private key for the remote authentication server. The access point locally validates the authentication credential by accessing the public key of the remote authentication server from a local database, and checking the signature and expiration time of the security certificate. If the authentication credential is validated at the access point, the access point grants the network access device conditional access to the network by sending an access granted message to the network access device. The access granted message includes a session key encrypted with a public key for the network access device. The session key is stored in a database associated with the access point. The access point contacts the remote authentication server to check a revocation status of the security certificate for the network access device. If the access point receives a message from the remote authentication server that the authentication credential for the network access device has been revoked, it suspends network access for the network access device.

摘要翻译： 一种用于向具有与用于网络接入设备的远程认证（家庭AAA）服务器通信的接入点的通信网络）认证网络接入设备的快速认证和接入控制方法。 该方法包括在接入点从网络接入设备接收具有认证凭证的接入请求的步骤。 认证凭证包括具有用于网络访问设备的公钥的安全证书和到期时间。 安全证书使用远程认证服务器的私钥进行签名。 访问点通过从本地数据库访问远程认证服务器的公钥，并检查安全证书的签名和到期时间来本地验证认证凭证。 如果验证凭证在接入点被验证，则接入点通过向网络接入设备发送访问许可消息来授权网络访问设备对网络的条件访问。 访问许可消息包括用网络访问设备的公开密钥加密的会话密钥。 会话密钥存储在与接入点相关联的数据库中。 接入点与远程认证服务器联系，检查网络接入设备的安全证书的撤销状态。 如果接入点从远程认证服务器接收到网络接入设备的认证凭证已经被撤销的消息，则它挂起网络接入设备的网络接入。

公开(公告)号：US08065518B1

公开(公告)日：2011-11-22

申请号：US11047905

申请日：2005-02-01

申请人： Paul Shala Henry ,  Zhimei Jiang ,  Hui Luo

发明人： Paul Shala Henry ,  Zhimei Jiang ,  Hui Luo

IPC分类号： H04L9/00

CPC分类号： H04L63/0823 ,  H04L9/3268 ,  H04L63/0442 ,  H04L63/062 ,  H04L63/108 ,  H04W12/06 ,  H04W12/08 ,  H04W36/0038

摘要： A fast authentication and access control method of authenticating a network access device to a communications network having an access point communicating with a remote authentication (home AAA) server for the network access device. The method includes the step of receiving an access request having an authentication credential from the network access device at the access point. The authentication credential includes a security certificate having a public key for the network access device and an expiration time. The security certificate is signed with a private key for the remote authentication server. The access point locally validates the authentication credential by accessing the public key of the remote authentication server from a local database, and checking the signature and expiration time of the security certificate. If the authentication credential is validated at the access point, the access point grants the network access device conditional access to the network by sending an access granted message to the network access device. The access granted message includes a session key encrypted with a public key for the network access device. The session key is stored in a database associated with the access point. The access point contacts the remote authentication server to check a revocation status of the security certificate for the network access device. If the access point receives a message from the remote authentication server that the authentication credential for the network access device has been revoked, it suspends network access for the network access device.

摘要翻译： 一种用于向具有与用于网络接入设备的远程认证（家庭AAA）服务器通信的接入点的通信网络）认证网络接入设备的快速认证和接入控制方法。 该方法包括在接入点从网络接入设备接收具有认证凭证的接入请求的步骤。 认证凭证包括具有用于网络访问设备的公钥的安全证书和到期时间。 安全证书使用远程认证服务器的私钥进行签名。 访问点通过从本地数据库访问远程认证服务器的公钥，并检查安全证书的签名和到期时间来本地验证认证凭证。 如果验证凭证在接入点被验证，则接入点通过向网络接入设备发送访问许可消息来授权网络访问设备对网络的条件访问。 访问许可消息包括用网络访问设备的公开密钥加密的会话密钥。 会话密钥存储在与接入点相关联的数据库中。 接入点与远程认证服务器联系，检查网络接入设备的安全证书的撤销状态。 如果接入点从远程认证服务器接收到网络接入设备的认证凭证已经被撤销的消息，则它挂起网络接入设备的网络接入。

公开(公告)号：US20100299523A1

公开(公告)日：2010-11-25

申请号：US12845449

申请日：2010-07-28

申请人： Paul Shala Henry ,  Zhimei Jiang ,  Hui Luo ,  Frederick Kenneth Schmidt, JR.

发明人： Paul Shala Henry ,  Zhimei Jiang ,  Hui Luo ,  Frederick Kenneth Schmidt, JR.

IPC分类号： H04L9/32

CPC分类号： G06F21/31 ,  G06Q40/00 ,  H04L9/0863 ,  H04L9/3226 ,  H04L63/0815 ,  H04L63/083 ,  H04L2209/80

摘要： A Virtual Single Account (VSA) system and method that provides a mobile user with automatic authentication and connection to a remote network via local access networks with a single password, where the local access networks may be independent of the remote network. A mobile user has a single authentication credential for one VSA that is utilized by a VSA client installed on a mobile computing device. The VSA client provides for automatically authenticating and connecting the user's mobile device to a current local access network, and the target remote network such as the user's office network. All authentication credentials are encrypted using a key generated from the user's VSA password that is generated from the user's single password. The VSA client derives the key from the submitted VSA password and decrypts all authentication credentials that are required in order to connect the mobile device to the current local access network and thereafter to the office network.

摘要翻译： 虚拟单一帐户（VSA）系统和方法，其通过具有单个密码的本地接入网络向移动用户提供自动认证和连接到远程网络，其中本地接入网络可以独立于远程网络。 移动用户具有用于安装在移动计算设备上的VSA客户端使用的一个VSA的单个认证凭证。 VSA客户端提供自动认证和连接用户的移动设备到当前的本地接入网络，以及目标远程网络，如用户的办公室网络。 所有认证凭证都是使用从用户的单一密码生成的用户的VSA密码生成的密钥加密的。 VSA客户端从提交的VSA密码中获取密钥，并解密所需的所有认证凭据，以便将移动设备连接到当前的本地接入网络，然后再到办公室网络。

公开(公告)号：US07600040B1

公开(公告)日：2009-10-06

申请号：US10183816

申请日：2002-06-27

申请人： Paul Shala Henry ,  Hui Luo

发明人： Paul Shala Henry ,  Hui Luo

IPC分类号： G06F13/00

CPC分类号： G06F13/387 ,  H04L1/1867 ,  H04W36/023 ,  H04W36/14

摘要： A method and system for preventing packet loss during handoff of a mobile host between access networks. In accordance with an aspect of the invention, a home agent on a network maintains a FIFO (First In-First Out) buffer for every mobile host that it serves. When a packet destined for a particular mobile host is received at the home agent, it is assigned an incremental sequence number, encapsulated as an IP packet, and forwarded to the mobile host with the sequence number as an identifier. The packet and sequence number are thereafter stored in the buffer for a period of time after the packet was forwarded to the mobile host. After hand-off to the arriving network is completed, the mobile host sends the sequence number of the last-received IP packet to the home agent and the new care-of IP address. Using this sequence number, the home agent then determines whether any incoming packets had been routed to the previous care-of IP address. These are retrieved from the buffer, and resent to the new care-of IP address.

摘要翻译： 一种在接入网络之间防止移动主机切换期间的分组丢失的方法和系统。 根据本发明的一个方面，网络上的归属代理为其服务的每个移动主机维护FIFO（先进先出）缓冲器。 当在归属代理处接收到去往特定移动主机的分组时，向其分配增量序列号，封装为IP分组，并以序列号作为标识符转发给移动主机。 然后，在分组被转发到移动主机之后，分组和序列号被存储在缓冲器中一段时间​​。 在到达网络的切换完成后，移动主机将最后接收的IP分组的序列号发送到归属代理和新的转交IP地址。 使用该序列号，归属代理然后确定是否将任何传入的分组路由到之前转交的IP地址。 这些从缓冲区检索，并重新发送到新的转交IP地址。

公开(公告)号：US07593373B2

公开(公告)日：2009-09-22

申请号：US10266026

申请日：2002-10-07

申请人： Paul Shala Henry ,  Hui Luo

发明人： Paul Shala Henry ,  Hui Luo

IPC分类号： H04L12/28 ,  H04L12/66 ,  H04W4/00 ,  G06F15/16

CPC分类号： H04W8/082 ,  H04L45/00 ,  H04L69/22 ,  H04W8/26 ,  H04W80/04

摘要： A shortcut routing method to improve packet routing between a visiting mobile host connected to a subnet and a communicating host on the network or the same subnet. When a router receives an IP tunnel packet from a network interface on the visited network, it checks the inner IP packet for its final destination. If the destination IP address of the inner IP packet can be reached from the same network interface, the router decapsulates the IP tunnel packet and sends the inner IP packet directly to the communicating host on the subnet. For every outbound IP packet sent to the communicating host by the visiting mobile host, a portion of the round trip between the mobile host and home agent, is thereby eliminated. Optionally, the router can shortcut IP packets to a visiting mobile host that remains on the same subnet as the communicating host.

摘要翻译： 一种快速路由方法，用于改善连接到子网的访问移动主机与网络上的通信主机或同一子网之间的数据包路由。 当路由器从被访网络的网络接口接收IP隧道数据包时，会检查内部IP数据包的最终目的地址。 如果可以从同一网络接口到达内部IP报文的目的IP地址，路由器对IP隧道报文进行解封装，并将内部IP报文直接发送到子网上的通信主机。 对于由访问移动主机发送到通信主机的每个出站IP分组，由此消除了移动主机和归属代理之间往返的一部分。 可选地，路由器可以将IP数据包快速地保存到与通信主机保持在同一子网上的访问移动主机。

公开(公告)号：US20090022152A1

公开(公告)日：2009-01-22

申请号：US12242771

申请日：2008-09-30

申请人： Paul Shala Henry ,  Zhimei Jiang ,  Byoung-Jo J. Kim ,  Kin K. Leung ,  Hui Luo ,  Nemmara K. Shankaranarayanan

发明人： Paul Shala Henry ,  Zhimei Jiang ,  Byoung-Jo J. Kim ,  Kin K. Leung ,  Hui Luo ,  Nemmara K. Shankaranarayanan

IPC分类号： H04L12/56 ,  H04L9/00

CPC分类号： H04L29/1233 ,  H04L29/125 ,  H04L61/2564 ,  H04L61/2592 ,  H04L63/0272 ,  H04L63/0815 ,  H04L63/164 ,  H04L69/18 ,  H04W12/06 ,  H04W80/04 ,  H04W88/08

摘要： An IP-based corporate network architecture and method for providing seamless secure mobile networking across office WLAN, home WLAN, public WLAN, and 2.5 G/3 G cellular networks for corporate wireless data users. The system includes Internet roaming clients (IRCs), a secure mobility gateway (SMG), optional secure IP access (SIA) gateways, and a virtual single account (VSA) server. The IRC is a special client tool installed on a mobile computer (laptop or PDA) equipped with a WLAN adaptor and a cellular modem. It is responsible for establishing and maintaining a mobile IPsec tunnel between the mobile computer and a corporate intranet. The SMG is a mobile IPsec gateway installed between the corporate intranet and the Internet. It works in conjunction with the IRC to maintain the mobile IPsec tunnel when the mobile computer is connected on the Internet via a home WLAN, a public WLAN, or a cellular network. The SIA gateway is a special IPsec gateway installed in the middle of the wired corporate intranet and an office WLAN. It works with the IRC to ensure data security and efficient use of corporate IP addresses when the mobile computer is connected to the office WLAN. The VSA server manages authentication credentials for every corporate user based on a virtual single account concept. The Internet Roaming system can provide secure, always-on office network connectivity for corporate users no matter where they are located using best available wireless networks.

摘要翻译： 一种基于IP的企业网络架构和方法，用于为企业无线数据用户提供跨办公室WLAN，家庭WLAN，公共WLAN和2.5 G / 3G蜂窝网络的无缝安全移动网络。 该系统包括互联网漫游客户端（IRC），安全移动网关（SMG），可选的安全IP接入（SIA）网关和虚拟单一帐户（VSA）服务器。 IRC是安装在配有WLAN适配器和蜂窝调制解调器的移动计算机（笔记本电脑或PDA）上的特殊客户端工具。 它负责在移动计算机和公司内部网之间建立和维护移动IPsec隧道。 SMG是安装在企业内部网和互联网之间的移动IPsec网关。 它与IRC一起工作，以便在移动计算机通过家庭WLAN，公共WLAN或蜂窝网络在因特网上连接时维护移动IPsec隧道。 SIA网关是安装在有线企业内部网和办公室WLAN中间的专用IPsec网关。 它与IRC一起工作，以确保在移动计算机连接到办公室WLAN时数据安全并有效利用公司IP地址。 VSA服务器根据虚拟单一帐户概念管理每个公司用户的身份验证凭据。 互联网漫游系统可以为企业用户提供安全，永远在线的办公网络连接，无论他们所在的地方使用最佳可用无线网络。

公开(公告)号：US07441043B1

公开(公告)日：2008-10-21

申请号：US10334628

申请日：2002-12-31

申请人： Paul Shala Henry ,  Zhimei Jiang ,  Byoung-Jo J Kim ,  Kin K Leung ,  Hui Luo ,  Nemmara K Shankaranarayanan

发明人： Paul Shala Henry ,  Zhimei Jiang ,  Byoung-Jo J Kim ,  Kin K Leung ,  Hui Luo ,  Nemmara K Shankaranarayanan

IPC分类号： G06F15/173 ,  G06F15/16

CPC分类号： H04L29/1233 ,  H04L29/125 ,  H04L61/2564 ,  H04L61/2592 ,  H04L63/0272 ,  H04L63/0815 ,  H04L63/164 ,  H04L69/18 ,  H04W12/06 ,  H04W80/04 ,  H04W88/08

摘要： An IP-based corporate network architecture and method for providing seamless secure mobile networking across office WLAN, home WLAN, public WLAN, and 2.5G/3G cellular networks for corporate wireless data users. The system includes Internet roaming clients (IRCs), a secure mobility gateway (SMG), optional secure IP access (SIA) gateways, and a virtual single account (VSA) server. The IRC is a special client tool installed on a mobile computer (laptop or PDA) equipped with a WLAN adaptor and a cellular modem. It is responsible for establishing and maintaining a mobile IPsec tunnel between the mobile computer and a corporate intranet. The SMG is a mobile IPsec gateway installed between the corporate intranet and the Internet. It works in conjunction with the IRC to maintain the mobile IPsec tunnel when the mobile computer is connected on the Internet via a home WLAN, a public WLAN, or a cellular network. The SIA gateway is a special IPsec gateway installed in the middle of the wired corporate intranet and an office WLAN. It works with the IRC to ensure data security and efficient use of corporate IP addresses when the mobile computer is connected to the office WLAN. The VSA server manages authentication credentials for every corporate user based on a virtual single account concept. The Internet Roaming system can provide secure, always-on office network connectivity for corporate users no matter where they are located using best available wireless networks.

摘要翻译： 一种基于IP的企业网络架构和方法，用于为企业无线数据用户提供跨办公室WLAN，家庭WLAN，公共WLAN和2.5G / 3G蜂窝网络的无缝安全移动网络。 该系统包括互联网漫游客户端（IRC），安全移动网关（SMG），可选的安全IP接入（SIA）网关和虚拟单一帐户（VSA）服务器。 IRC是安装在配有WLAN适配器和蜂窝调制解调器的移动计算机（笔记本电脑或PDA）上的特殊客户端工具。 它负责在移动计算机和公司内部网之间建立和维护移动IPsec隧道。 SMG是安装在企业内部网和互联网之间的移动IPsec网关。 它与IRC一起工作，以便在移动计算机通过家庭WLAN，公共WLAN或蜂窝网络在因特网上连接时维护移动IPsec隧道。 SIA网关是安装在有线企业内部网和办公室WLAN中间的专用IPsec网关。 它与IRC一起工作，以确保在移动计算机连接到办公室WLAN时数据安全并有效利用公司IP地址。 VSA服务器根据虚拟单一帐户概念管理每个公司用户的身份验证凭据。 互联网漫游系统可以为企业用户提供安全，永远在线的办公网络连接，无论他们所在的地方使用最佳可用无线网络。