摘要:
A fast authentication and access control method of authenticating a network access device to a communications network having an access point communicating with a remote authentication (home AAA) server for the network access device. The method includes the step of receiving an access request having an authentication credential from the network access device at the access point. The authentication credential includes a security certificate having a public key for the network access device and an expiration time. The security certificate is signed with a private key for the remote authentication server. The access point locally validates the authentication credential by accessing the public key of the remote authentication server from a local database, and checking the signature and expiration time of the security certificate. If the authentication credential is validated at the access point, the access point grants the network access device conditional access to the network by sending an access granted message to the network access device. The access granted message includes a session key encrypted with a public key for the network access device. The session key is stored in a database associated with the access point. The access point contacts the remote authentication server to check a revocation status of the security certificate for the network access device. If the access point receives a message from the remote authentication server that the authentication credential for the network access device has been revoked, it suspends network access for the network access device.
摘要:
A fast authentication and access control method of authenticating a network access device to a communications network having an access point communicating with a remote authentication (home AAA) server for the network access device. The method includes the step of receiving an access request having an authentication credential from the network access device at the access point. The authentication credential includes a security certificate having a public key for the network access device and an expiration time. The security certificate is signed with a private key for the remote authentication server. The access point locally validates the authentication credential by accessing the public key of the remote authentication server from a local database, and checking the signature and expiration time of the security certificate. If the authentication credential is validated at the access point, the access point grants the network access device conditional access to the network by sending an access granted message to the network access device. The access granted message includes a session key encrypted with a public key for the network access device. The session key is stored in a database associated with the access point. The access point contacts the remote authentication server to check a revocation status of the security certificate for the network access device. If the access point receives a message from the remote authentication server that the authentication credential for the network access device has been revoked, it suspends network access for the network access device.
摘要:
An IP-based corporate network architecture and method for providing seamless secure mobile networking across office WLAN, home WLAN, public WLAN, and 2.5 G/3 G cellular networks for corporate wireless data users. The system includes Internet roaming clients (IRCs), a secure mobility gateway (SMG), optional secure IP access (SIA) gateways, and a virtual single account (VSA) server. The IRC is a special client tool installed on a mobile computer (laptop or PDA) equipped with a WLAN adaptor and a cellular modem. It is responsible for establishing and maintaining a mobile IPsec tunnel between the mobile computer and a corporate intranet. The SMG is a mobile IPsec gateway installed between the corporate intranet and the Internet. It works in conjunction with the IRC to maintain the mobile IPsec tunnel when the mobile computer is connected on the Internet via a home WLAN, a public WLAN, or a cellular network. The SIA gateway is a special IPsec gateway installed in the middle of the wired corporate intranet and an office WLAN. It works with the IRC to ensure data security and efficient use of corporate IP addresses when the mobile computer is connected to the office WLAN. The VSA server manages authentication credentials for every corporate user based on a virtual single account concept. The Internet Roaming system can provide secure, always-on office network connectivity for corporate users no matter where they are located using best available wireless networks.
摘要:
An IP-based corporate network architecture and method for providing seamless secure mobile networking across office WLAN, home WLAN, public WLAN, and 2.5G/3G cellular networks for corporate wireless data users. The system includes Internet roaming clients (IRCs), a secure mobility gateway (SMG), optional secure IP access (SIA) gateways, and a virtual single account (VSA) server. The IRC is a special client tool installed on a mobile computer (laptop or PDA) equipped with a WLAN adaptor and a cellular modem. It is responsible for establishing and maintaining a mobile IPsec tunnel between the mobile computer and a corporate intranet. The SMG is a mobile IPsec gateway installed between the corporate intranet and the Internet. It works in conjunction with the IRC to maintain the mobile IPsec tunnel when the mobile computer is connected on the Internet via a home WLAN, a public WLAN, or a cellular network. The SIA gateway is a special IPsec gateway installed in the middle of the wired corporate intranet and an office WLAN. It works with the IRC to ensure data security and efficient use of corporate IP addresses when the mobile computer is connected to the office WLAN. The VSA server manages authentication credentials for every corporate user based on a virtual single account concept. The Internet Roaming system can provide secure, always-on office network connectivity for corporate users no matter where they are located using best available wireless networks.
摘要:
A method and apparatus to enable IP networking for mobile hosts without requiring changes to be made to the TCP/IP stack in the operating system installed on the mobile hosts. The apparatus is an “intelligent device” that can be installed on or connected to a mobile host, and may comprise a software-only logical module, physical hardware, or a combination of both. To a mobile host, the intelligent device emulates a network interface such as an Ethernet card or a telephone modem. The intelligent device appears to an access network just like any regular IP host connected to the access network through a physical network interface device. The intelligent device handles all mobile networking functions for the mobile host, and may control multiple different physical network interface devices to enable a connection to the “best” access network available to the mobile user at his location.
摘要:
The present packet scheduling algorithm gives cellular network operators greater flexibility in adjusting the way resources are allocated among interactive best-effort data users. The present packet scheduling algorithm is capable of allocating radio resource dynamically, not only based on channel conditions, but also to achieve different performance trade-offs among users with different link qualities. According to the algorithm, channel quality is determined for each user. Channel efficiency is calculated and the channel efficiency value is used as the primary factor in weighting the delivery of packets to (or from) a given user. In a packet schedule weighting equation, a value of exponent may be varied from negative to positive to give good (or bad) users better service. However, performance of users with bad channel qualities degrades the performance of good channel users in a disproportionate manner.
摘要:
A wireless network includes a plurality of proxy servers located at various locations to selectively transform data based upon network conditions, such as link congestion. A queueing model for the network can be used to determine optimal operating parameters for the network.
摘要:
A method and system that reduces the impact of packet loss on video data quality. Packet selection is performed by the method and system to selectively drop low priority packets so that the overall quality of the received video data may be improved. In one exemplary embodiment, the probability of higher priority layers being delivered on time is computed and a packet is transmitted only if this probability is greater than a given threshold h. In another exemplary embodiment, the system and method have the capability of backing up the process to transmit previously skipped packets, if time allows.
摘要:
A method and system that reduces the impact of packet loss on video data quality. Packet selection is performed by the method and system to selectively drop low priority packets so that the overall quality of the received video data may be improved. In one exemplary embodiment, the probability of higher priority layers being delivered on time is computed and a packet is transmitted only if this probability is greater than a given threshold h. In another exemplary embodiment, the system and method have the capability of backing up the process to transmit previously skipped packets, if time allows.
摘要:
The present packet scheduling algorithm gives cellular network operators greater flexibility in adjusting the way resources are allocated among interactive best-effort data users. The present packet scheduling algorithm is capable of allocating radio resource dynamically, not only based on channel conditions, but also to achieve different performance trade-offs among users with different link qualities. According to the algorithm, channel quality is determined for each user. Channel efficiency is calculated and the channel efficiency value is used as the primary factor in weighting the delivery of packets to (or from) a given user. In a packet schedule weighting equation, a value of exponent may be varied from negative to positive to give good (or bad) users better service. However, performance of users with bad channel qualities degrades the performance of good channel users in a disproportionate manner.