Fast authentication and access control method for mobile networking
    11.
    发明授权
    Fast authentication and access control method for mobile networking 有权
    移动网络的快速认证和访问控制方法

    公开(公告)号:US07174456B1

    公开(公告)日:2007-02-06

    申请号:US10146383

    申请日:2002-05-14

    IPC分类号: H04L9/00

    摘要: A fast authentication and access control method of authenticating a network access device to a communications network having an access point communicating with a remote authentication (home AAA) server for the network access device. The method includes the step of receiving an access request having an authentication credential from the network access device at the access point. The authentication credential includes a security certificate having a public key for the network access device and an expiration time. The security certificate is signed with a private key for the remote authentication server. The access point locally validates the authentication credential by accessing the public key of the remote authentication server from a local database, and checking the signature and expiration time of the security certificate. If the authentication credential is validated at the access point, the access point grants the network access device conditional access to the network by sending an access granted message to the network access device. The access granted message includes a session key encrypted with a public key for the network access device. The session key is stored in a database associated with the access point. The access point contacts the remote authentication server to check a revocation status of the security certificate for the network access device. If the access point receives a message from the remote authentication server that the authentication credential for the network access device has been revoked, it suspends network access for the network access device.

    摘要翻译: 一种用于向具有与用于网络接入设备的远程认证(家庭AAA)服务器通信的接入点的通信网络)认证网络接入设备的快速认证和接入控制方法。 该方法包括在接入点从网络接入设备接收具有认证凭证的接入请求的步骤。 认证凭证包括具有用于网络访问设备的公钥的安全证书和到期时间。 安全证书使用远程认证服务器的私钥进行签名。 访问点通过从本地数据库访问远程认证服务器的公钥,并检查安全证书的签名和到期时间来本地验证认证凭证。 如果验证凭证在接入点被验证,则接入点通过向网络接入设备发送访问许可消息来授权网络访问设备对网络的条件访问。 访问许可消息包括用网络访问设备的公开密钥加密的会话密钥。 会话密钥存储在与接入点相关联的数据库中。 接入点与远程认证服务器联系,检查网络接入设备的安全证书的撤销状态。 如果接入点从远程认证服务器接收到网络接入设备的认证凭证已经被撤销的消息,则它挂起网络接入设备的网络接入。

    Fast authentication and access control system for mobile networking
    12.
    发明授权
    Fast authentication and access control system for mobile networking 有权
    用于移动网络的快速认证和访问控制系统

    公开(公告)号:US08065518B1

    公开(公告)日:2011-11-22

    申请号:US11047905

    申请日:2005-02-01

    IPC分类号: H04L9/00

    摘要: A fast authentication and access control method of authenticating a network access device to a communications network having an access point communicating with a remote authentication (home AAA) server for the network access device. The method includes the step of receiving an access request having an authentication credential from the network access device at the access point. The authentication credential includes a security certificate having a public key for the network access device and an expiration time. The security certificate is signed with a private key for the remote authentication server. The access point locally validates the authentication credential by accessing the public key of the remote authentication server from a local database, and checking the signature and expiration time of the security certificate. If the authentication credential is validated at the access point, the access point grants the network access device conditional access to the network by sending an access granted message to the network access device. The access granted message includes a session key encrypted with a public key for the network access device. The session key is stored in a database associated with the access point. The access point contacts the remote authentication server to check a revocation status of the security certificate for the network access device. If the access point receives a message from the remote authentication server that the authentication credential for the network access device has been revoked, it suspends network access for the network access device.

    摘要翻译: 一种用于向具有与用于网络接入设备的远程认证(家庭AAA)服务器通信的接入点的通信网络)认证网络接入设备的快速认证和接入控制方法。 该方法包括在接入点从网络接入设备接收具有认证凭证的接入请求的步骤。 认证凭证包括具有用于网络访问设备的公钥的安全证书和到期时间。 安全证书使用远程认证服务器的私钥进行签名。 访问点通过从本地数据库访问远程认证服务器的公钥,并检查安全证书的签名和到期时间来本地验证认证凭证。 如果验证凭证在接入点被验证,则接入点通过向网络接入设备发送访问许可消息来授权网络访问设备对网络的条件访问。 访问许可消息包括用网络访问设备的公开密钥加密的会话密钥。 会话密钥存储在与接入点相关联的数据库中。 接入点与远程认证服务器联系,检查网络接入设备的安全证书的撤销状态。 如果接入点从远程认证服务器接收到网络接入设备的认证凭证已经被撤销的消息,则它挂起网络接入设备的网络接入。

    SYSTEM AND METHOD TO SUPPORT NETWORKING FUNCTIONS FOR MOBILE HOSTS THAT ACCESS MULTIPLE NETWORKS
    13.
    发明申请
    SYSTEM AND METHOD TO SUPPORT NETWORKING FUNCTIONS FOR MOBILE HOSTS THAT ACCESS MULTIPLE NETWORKS 失效
    用于支持接入多个网络的移动网络的网络功能的系统和方法

    公开(公告)号:US20090022152A1

    公开(公告)日:2009-01-22

    申请号:US12242771

    申请日:2008-09-30

    IPC分类号: H04L12/56 H04L9/00

    摘要: An IP-based corporate network architecture and method for providing seamless secure mobile networking across office WLAN, home WLAN, public WLAN, and 2.5 G/3 G cellular networks for corporate wireless data users. The system includes Internet roaming clients (IRCs), a secure mobility gateway (SMG), optional secure IP access (SIA) gateways, and a virtual single account (VSA) server. The IRC is a special client tool installed on a mobile computer (laptop or PDA) equipped with a WLAN adaptor and a cellular modem. It is responsible for establishing and maintaining a mobile IPsec tunnel between the mobile computer and a corporate intranet. The SMG is a mobile IPsec gateway installed between the corporate intranet and the Internet. It works in conjunction with the IRC to maintain the mobile IPsec tunnel when the mobile computer is connected on the Internet via a home WLAN, a public WLAN, or a cellular network. The SIA gateway is a special IPsec gateway installed in the middle of the wired corporate intranet and an office WLAN. It works with the IRC to ensure data security and efficient use of corporate IP addresses when the mobile computer is connected to the office WLAN. The VSA server manages authentication credentials for every corporate user based on a virtual single account concept. The Internet Roaming system can provide secure, always-on office network connectivity for corporate users no matter where they are located using best available wireless networks.

    摘要翻译: 一种基于IP的企业网络架构和方法,用于为企业无线数据用户提供跨办公室WLAN,家庭WLAN,公共WLAN和2.5 G / 3G蜂窝网络的无缝安全移动网络。 该系统包括互联网漫游客户端(IRC),安全移动网关(SMG),可选的安全IP接入(SIA)网关和虚拟单一帐户(VSA)服务器。 IRC是安装在配有WLAN适配器和蜂窝调制解调器的移动计算机(笔记本电脑或PDA)上的特殊客户端工具。 它负责在移动计算机和公司内部网之间建立和维护移动IPsec隧道。 SMG是安装在企业内部网和互联网之间的移动IPsec网关。 它与IRC一起工作,以便在移动计算机通过家庭WLAN,公共WLAN或蜂窝网络在因特网上连接时维护移动IPsec隧道。 SIA网关是安装在有线企业内部网和办公室WLAN中间的专用IPsec网关。 它与IRC一起工作,以确保在移动计算机连接到办公室WLAN时数据安全并有效利用公司IP地址。 VSA服务器根据虚拟单一帐户概念管理每个公司用户的身份验证凭据。 互联网漫游系统可以为企业用户提供安全,永远在线的办公网络连接,无论他们所在的地方使用最佳可用无线网络。

    System and method to support networking functions for mobile hosts that access multiple networks
    14.
    发明授权
    System and method to support networking functions for mobile hosts that access multiple networks 失效
    支持访问多个网络的移动主机的网络功能的系统和方法

    公开(公告)号:US07441043B1

    公开(公告)日:2008-10-21

    申请号:US10334628

    申请日:2002-12-31

    IPC分类号: G06F15/173 G06F15/16

    摘要: An IP-based corporate network architecture and method for providing seamless secure mobile networking across office WLAN, home WLAN, public WLAN, and 2.5G/3G cellular networks for corporate wireless data users. The system includes Internet roaming clients (IRCs), a secure mobility gateway (SMG), optional secure IP access (SIA) gateways, and a virtual single account (VSA) server. The IRC is a special client tool installed on a mobile computer (laptop or PDA) equipped with a WLAN adaptor and a cellular modem. It is responsible for establishing and maintaining a mobile IPsec tunnel between the mobile computer and a corporate intranet. The SMG is a mobile IPsec gateway installed between the corporate intranet and the Internet. It works in conjunction with the IRC to maintain the mobile IPsec tunnel when the mobile computer is connected on the Internet via a home WLAN, a public WLAN, or a cellular network. The SIA gateway is a special IPsec gateway installed in the middle of the wired corporate intranet and an office WLAN. It works with the IRC to ensure data security and efficient use of corporate IP addresses when the mobile computer is connected to the office WLAN. The VSA server manages authentication credentials for every corporate user based on a virtual single account concept. The Internet Roaming system can provide secure, always-on office network connectivity for corporate users no matter where they are located using best available wireless networks.

    摘要翻译: 一种基于IP的企业网络架构和方法,用于为企业无线数据用户提供跨办公室WLAN,家庭WLAN,公共WLAN和2.5G / 3G蜂窝网络的无缝安全移动网络。 该系统包括互联网漫游客户端(IRC),安全移动网关(SMG),可选的安全IP接入(SIA)网关和虚拟单一帐户(VSA)服务器。 IRC是安装在配有WLAN适配器和蜂窝调制解调器的移动计算机(笔记本电脑或PDA)上的特殊客户端工具。 它负责在移动计算机和公司内部网之间建立和维护移动IPsec隧道。 SMG是安装在企业内部网和互联网之间的移动IPsec网关。 它与IRC一起工作,以便在移动计算机通过家庭WLAN,公共WLAN或蜂窝网络在因特网上连接时维护移动IPsec隧道。 SIA网关是安装在有线企业内部网和办公室WLAN中间的专用IPsec网关。 它与IRC一起工作,以确保在移动计算机连接到办公室WLAN时数据安全并有效利用公司IP地址。 VSA服务器根据虚拟单一帐户概念管理每个公司用户的身份验证凭据。 互联网漫游系统可以为企业用户提供安全,永远在线的办公网络连接,无论他们所在的地方使用最佳可用无线网络。

    Channel efficiency based packet scheduling for interactive data in cellular networks
    16.
    发明授权
    Channel efficiency based packet scheduling for interactive data in cellular networks 有权
    基于信道效率的数据包调度,用于蜂窝网络中的交互式数据

    公开(公告)号:US07602791B1

    公开(公告)日:2009-10-13

    申请号:US11405839

    申请日:2006-04-18

    IPC分类号: H04L12/56

    CPC分类号: H04W72/1231

    摘要: The present packet scheduling algorithm gives cellular network operators greater flexibility in adjusting the way resources are allocated among interactive best-effort data users. The present packet scheduling algorithm is capable of allocating radio resource dynamically, not only based on channel conditions, but also to achieve different performance trade-offs among users with different link qualities. According to the algorithm, channel quality is determined for each user. Channel efficiency is calculated and the channel efficiency value is used as the primary factor in weighting the delivery of packets to (or from) a given user. In a packet schedule weighting equation, a value of exponent may be varied from negative to positive to give good (or bad) users better service. However, performance of users with bad channel qualities degrades the performance of good channel users in a disproportionate manner.

    摘要翻译: 本分组调度算法为蜂窝网络运营商提供了更大的灵活性来调整资源在交互式尽力而为的数据用户之间的分配方式。 本分组调度算法不仅可以根据信道状况动态分配无线资源,而且可以在具有不同链路质量的用户之间实现不同的性能权衡。 根据该算法,确定每个用户的信道质量。 计算通道效率,并且使用通道效率值作为对给定用户(或从)给予用户的数据包传递进行加权的主要因素。 在分组调度加权方程中,指数值可以从负变为正,以给好(或坏)用户更好的服务。 然而,具有不良信道质量的用户的性能以不成比例的方式降低了优质频道用户的表现。

    CHANNEL EFFICIENCY BASED PACKET SCHEDULING FOR INTERACTIVE DATA IN CELLULAR NETWORKS
    20.
    发明申请
    CHANNEL EFFICIENCY BASED PACKET SCHEDULING FOR INTERACTIVE DATA IN CELLULAR NETWORKS 审中-公开
    细胞网络中交互数据的基于信道效率的分组调度

    公开(公告)号:US20100002600A1

    公开(公告)日:2010-01-07

    申请号:US12561161

    申请日:2009-09-16

    IPC分类号: H04W72/12 H04L12/26

    CPC分类号: H04W72/1231

    摘要: The present packet scheduling algorithm gives cellular network operators greater flexibility in adjusting the way resources are allocated among interactive best-effort data users. The present packet scheduling algorithm is capable of allocating radio resource dynamically, not only based on channel conditions, but also to achieve different performance trade-offs among users with different link qualities. According to the algorithm, channel quality is determined for each user. Channel efficiency is calculated and the channel efficiency value is used as the primary factor in weighting the delivery of packets to (or from) a given user. In a packet schedule weighting equation, a value of exponent may be varied from negative to positive to give good (or bad) users better service. However, performance of users with bad channel qualities degrades the performance of good channel users in a disproportionate manner.

    摘要翻译: 本分组调度算法为蜂窝网络运营商提供了更大的灵活性来调整资源在交互式尽力而为的数据用户之间的分配方式。 本分组调度算法不仅可以根据信道状况动态分配无线资源,而且可以在具有不同链路质量的用户之间实现不同的性能权衡。 根据该算法,确定每个用户的信道质量。 计算通道效率,并且使用通道效率值作为对给定用户(或从)给予用户的数据包传递进行加权的主要因素。 在分组调度加权方程中,指数值可以从负变为正,以给好(或坏)用户更好的服务。 然而,具有不良信道质量的用户的性能以不成比例的方式降低了优质频道用户的表现。