-
公开(公告)号:US20080046716A1
公开(公告)日:2008-02-21
申请号:US11465620
申请日:2006-08-18
IPC分类号: H04L9/00
CPC分类号: H04L9/006 , H04L9/3263 , H04L63/06 , H04L63/0823 , H04L2209/80
摘要: A portable electronic device is operable as a portable certification authority. The portable electronic device stores a pair of keys of a public key infrastructure, issued by a parent certification authority and generates a certificate dependent upon the pair of keys. The private key and corresponding public key certificate are transmitted to a network device of a second agency to allow the device to be authenticated by any node of the network of the first agency that posses anchor information of the parent certification authority. This enables the device of the second agency to be authenticated by a network node of the first agency.
摘要翻译: 便携式电子设备可操作为便携式认证机构。 便携式电子设备存储由父证书颁发机构颁发的公开密钥基础设施的一对密钥,并且生成依赖于一对密钥的证书。 私钥和相应的公钥证书被发送到第二代理机构的网络设备,以允许设备由具有父认证机构的锚定信息的第一代理机构的网络的任何节点进行认证。 这使得第二代理机构的设备能够被第一代理机构的网络节点认证。
-
22.发明申请Method and apparatus for providing a supplicant access to a requested service 有权用于向请求的服务提供请求者访问的方法和装置公开(公告)号:US20070143605A1
公开(公告)日:2007-06-21
申请号:US11311959
申请日:2005-12-19
申请人: Anthony R. Metke , Bob D. LoGalbo
发明人: Anthony R. Metke , Bob D. LoGalbo
IPC分类号: H04L9/00
摘要: Providing a supplicant access to at least one requested service is described. An authentication request is received, wherein the authentication request comprises an association request and an identifier to a requested service. A relationship between the supplicant and the requested service based on the association request is created. Then, the association request for the requested service is fulfilled and an authentication server based upon the requested service identified in the authentication request is determined. Finally, the supplicant is authenticated for the requested service.
摘要翻译: 描述对至少一个所请求的服务的请求者访问。 接收认证请求,其中所述认证请求包括关联请求和对所请求服务的标识符。 创建基于关联请求的请求者与请求的服务之间的关系。 然后,满足对所请求服务的关联请求,并且确定基于认证请求中标识的请求服务的认证服务器。 最后,请求者对所请求的服务进行身份验证。
-
公开(公告)号:US11418318B2
公开(公告)日:2022-08-16
申请号:US11465620
申请日:2006-08-18
摘要: A portable electronic device is operable as a portable certification authority. The portable electronic device stores a pair of keys of a public key infrastructure, issued by a parent certification authority and generates a certificate dependent upon the pair of keys. The private key and corresponding public key certificate are transmitted to a network device of a second agency to allow the device to be authenticated by any node of the network of the first agency that posses anchor information of the parent certification authority. This enables the device of the second agency to be authenticated by a network node of the first agency.
-
24.发明授权Method and apparatus for external organization path length validation within a public key infrastructure (PKI) 有权公共密钥基础设施(PKI)内外部组织路径长度验证的方法和装置公开(公告)号:US08484461B2
公开(公告)日:2013-07-09
申请号:US12241566
申请日:2008-09-30
IPC分类号: H04L9/30
CPC分类号: G06F21/33 , G06F2221/2145 , H04L9/007 , H04L9/3265 , H04L63/064 , H04L63/0823
摘要: A method and apparatus for external organization (EO) path length (EOPL) validation are provided. A relying party node (RPN) stores a current EO path length constraint (EOPLC) value, and an EOPL counter that maintains a count of an actual external organization path length. The RPN obtains a chain of certificates that link a subject node (SN) to its trust anchor, and processes the certificates in the chain. When a certificate has a lower EOPLC than the current EOPLC value, the RPN replaces the current EOPLC value with the lower EOPLC. When the certificate currently being evaluated includes an enabled EO flag, the RPN increments the EOPL counter by one. The EOPL validation fails when the EOPL counter is greater than the current EOPLC value, and is successful when the last remaining certificate in the chain is processed without having the EOPL counter exceed the current EOPLC value.
摘要翻译: 提供了一种用于外部组织(EO)路径长度(EOPL)验证的方法和装置。 依赖方节点(RPN)存储当前EO路径长度约束(EOPLC)值,以及维持实际外部组织路径长度计数的EOPL计数器。 RPN获得将主节点(SN)链接到其信任锚点的证书链,并处理链中的证书。 当证书具有比当前EOPLC值更低的EOPLC时,RPN用较低的EOPLC替换当前的EOPLC值。 当当前正在评估的证书包含启用的EO标志时,RPN将EOPL计数器递增1。 当EOPL计数器大于当前EOPLC值时,EOPL验证失败,并且当链中的最后剩余证书被处理而不使EOPL计数器超过当前EOPLC值时,EOPL验证失败。
-
25.发明授权Method and system for distributed admission control in mobile ad hoc networks (MANETs) 有权移动自组织网络(MANET)中分布式接入控制的方法和系统公开(公告)号:US08432797B2
公开(公告)日:2013-04-30
申请号:US11877778
申请日:2007-10-24
CPC分类号: H04W28/16 , H04L47/70 , H04L47/805 , H04L47/824 , H04W84/18
摘要: Techniques are provided for distributed admission control (AC) in a mobile ad hoc network (MANET). When the source node transmits a new communication stream (NCS) toward a destination node, other nodes allow transmission of the NCS during a temporary admission period even though the NCS has not yet been admitted. The nodes can determine whether the NCS causes degradation of any existing communication stream(s) (ECSs) supported by that node based on existing QoS requirements associated with the ECSs. In some implementations, nodes which determine that they are unable to support ECSs transmit an indicator which notifies other nodes that admission of the NCS is denied by that node. By contrast, if none of the nodes transmit an indicator during the temporary admission period, then the NCS is “admitted” to the MANET and the source node is permitted to keep transmitting the NCS, a variation thereof or another new communication stream.
摘要翻译: 为移动自组织网络(MANET)中的分布式准入控制(AC)提供技术。 当源节点向目的地节点发送新的通信流(NCS)时,即使NCS尚未被允许,其他节点允许在临时准入期间传送NCS。 节点可以基于与ECS相关联的现有QoS要求来确定NCS是否导致由该节点支持的任何现有通信流(ECS)的降级。 在一些实现中,确定它们不能支持ECS的节点传送通知其他节点的指示符,该节点拒绝接纳NCS。 相比之下,如果在临时准入期间没有节点发送指示符,则NCS被“允许”到MANET,并且源节点被允许继续发送NCS,其变体或另一新的通信流。
-
26.发明授权Method and apparatus for providing a supplicant access to a requested service 有权用于向请求的服务提供请求者访问的方法和装置公开(公告)号:US08270947B2
公开(公告)日:2012-09-18
申请号:US11311959
申请日:2005-12-19
申请人: Anthony R. Metke , Bob D. LoGalbo
发明人: Anthony R. Metke , Bob D. LoGalbo
IPC分类号: H04M1/66
摘要: Providing a supplicant access to at least one requested service is described. An authentication request is received, wherein the authentication request comprises an association request and an identifier to a requested service. A relationship between the supplicant and the requested service based on the association request is created. Then, the association request for the requested service is fulfilled and an authentication server based upon the requested service identified in the authentication request is determined. Finally, the supplicant is authenticated for the requested service.
摘要翻译: 描述对至少一个所请求的服务的请求者访问。 接收认证请求,其中所述认证请求包括关联请求和对所请求服务的标识符。 创建基于关联请求的请求者与请求的服务之间的关系。 然后,满足对所请求服务的关联请求,并且确定基于认证请求中标识的请求服务的认证服务器。 最后,请求者对所请求的服务进行身份验证。
-
公开(公告)号:US07876706B2
公开(公告)日:2011-01-25
申请号:US11363757
申请日:2006-02-28
申请人: Randy L. Ekl , Mark J. Johnson , Anthony R. Metke , Aparna Pandey , Joseph E. Phillips , Christopher G. Ware
发明人: Randy L. Ekl , Mark J. Johnson , Anthony R. Metke , Aparna Pandey , Joseph E. Phillips , Christopher G. Ware
IPC分类号: H04L12/28
摘要: Techniques are provided for selecting a root node in an ad hoc network comprising a plurality of nodes including a first node. According to one implementation of these techniques, a first node can receive a message from at least one of the other nodes. Each message includes a number of primary factors associated with a particular node regarding capabilities of the particular node. The primary factors associated with each node can then be evaluated, and an attempt can be made to select the root node based on the primary factors associated with each node. If the first node is unable to select the root node based on the primary factors associated with each node, then the root node can be selected based on secondary factors associated with each node.
摘要翻译: 提供技术用于在自组织网络中选择包括第一节点的多个节点在其中的根节点。 根据这些技术的一个实施方式,第一节点可以从其他节点中的至少一个接收消息。 每个消息包括与特定节点相关联的关于特定节点的能力的多个主要因素。 然后可以评估与每个节点相关联的主要因素,并且可以基于与每个节点相关联的主要因素来尝试选择根节点。 如果第一节点不能根据与每个节点相关联的主要因素来选择根节点,则可以基于与每个节点相关联的次要因素来选择根节点。
-
28.发明申请METHOD AND APPARATUS FOR EXTERNAL ORGANIZATION PATH LENGTH VALIDATION WITHIN A PUBLIC KEY INFRASTRUCTURE (PKI) 有权公共关键基础设施(PKI)中外部组织路线长度验证的方法和装置公开(公告)号:US20100082975A1
公开(公告)日:2010-04-01
申请号:US12241566
申请日:2008-09-30
IPC分类号: H04L9/00
CPC分类号: G06F21/33 , G06F2221/2145 , H04L9/007 , H04L9/3265 , H04L63/064 , H04L63/0823
摘要: A method and apparatus for external organization (EO) path length (EOPL) validation are provided. A relying party node (RPN) stores a current EO path length constraint (EOPLC) value, and an EOPL counter that maintains a count of an actual external organization path length. The RPN obtains a chain of certificates that link a subject node (SN) to its trust anchor, and processes the certificates in the chain. When a certificate has a lower EOPLC than the current EOPLC value, the RPN replaces the current EOPLC value with the lower EOPLC. When the certificate currently being evaluated includes an enabled EO flag, the RPN increments the EOPL counter by one. The EOPL validation fails when the EOPL counter is greater than the current EOPLC value, and is successful when the last remaining certificate in the chain is processed without having the EOPL counter exceed the current EOPLC value.
摘要翻译: 提供了一种用于外部组织(EO)路径长度(EOPL)验证的方法和装置。 依赖方节点(RPN)存储当前EO路径长度约束(EOPLC)值,以及维持实际外部组织路径长度计数的EOPL计数器。 RPN获得将主节点(SN)链接到其信任锚点的证书链,并处理链中的证书。 当证书具有比当前EOPLC值更低的EOPLC时,RPN用较低的EOPLC替换当前的EOPLC值。 当当前正在评估的证书包含启用的EO标志时,RPN将EOPL计数器递增1。 当EOPL计数器大于当前EOPLC值时,EOPL验证失败,并且在链中的最后剩余证书被处理而不使EOPL计数器超过当前EOPLC值时,EOPL验证失败。
-
29.发明申请METHOD AND DEVICE FOR CONFIRMING AUTHENTICITY OF A PUBLIC KEY INFRASTRUCTURE (PKI) TRANSACTION EVENT 有权公开密钥基础设施(PKI)交易事件确认方法和设备公开(公告)号:US20100070755A1
公开(公告)日:2010-03-18
申请号:US12212032
申请日:2008-09-17
IPC分类号: H04L9/00
CPC分类号: H04L63/0442 , H04L63/12
摘要: A method and device for confirming authenticity of a public key infrastructure (PKI) transaction event between a relying node and a subject node in a communication network enables improved network security. According to some embodiments, the method includes establishing at a PKI event logging (PEL) server a process to achieve secure communications with the relying node (step 705). Next, the PEL server processes reported PKI transaction event data received from the relying node (step 710). The reported PKI transaction event data describe the PKI transaction event between the relying node and the subject node. The reported PKI transaction event data are then transmitted from the PEL server to the subject node (step 715). The subject node can thus compare the reported PKI transaction event data with corresponding local PKI transaction event data to confirm the authenticity of the PKI transaction event.
摘要翻译: 用于确认通信网络中的依赖节点和主体节点之间的公共密钥基础设施(PKI)事务事件的真实性的方法和设备能够改善网络安全性。 根据一些实施例,该方法包括在PKI事件记录(PEL)服务器处建立与依赖节点进行安全通信的过程(步骤705)。 接下来,PEL服务器处理从依赖节点接收的报告的PKI事务事件数据(步骤710)。 报告的PKI事务事件数据描述依赖节点和主体节点之间的PKI事务事件。 然后将所报告的PKI事务事件数据从PEL服务器发送到主题节点(步骤715)。 因此,主体节点可以将报告的PKI事务事件数据与对应的本地PKI事务事件数据进行比较,以确认PKI事务事件的真实性。
-
30.发明申请METHOD AND APPARATUS FOR DISTRIBUTING CERTIFICATE REVOCATION LISTS (CRLs) TO NODES IN AN AD HOC NETWORK 有权分发证券交易所(CRL)到广告网络中的节目的方法和装置公开(公告)号:US20090249062A1
公开(公告)日:2009-10-01
申请号:US12059666
申请日:2008-03-31
IPC分类号: H04L9/32
CPC分类号: H04L9/3268 , H04L63/0823 , H04L2209/60 , H04L2209/80 , H04W12/06 , H04W84/18
摘要: A method and apparatus for distributing Certificate Revocation List (CRL) information in an ad hoc network are provided. Ad hoc nodes in an ad hoc network can each transmit one or more certificate revocation list advertisement message(s) (CRLAM(s)). Each CRLAM includes an issuer certification authority (CA) field that identifies a certification authority (CA) that issued a particular certificate revocation list (CRL), a certificate revocation list (CRL) sequence number field that specifies a number that specifies the version of the particular certificate revocation list (CRL) that was issued by the issuer certification authority (CA). Nodes that receive the CRLAMs can then use the CRL information provided in the CRLAM to determine whether to retrieve the particular certificate revocation list (CRL).
摘要翻译: 提供了一种在自组织网络中分发证书吊销列表(CRL)信息的方法和装置。 自组织网络中的自组织节点可以各自发送一个或多个证书撤销列表通告消息(一个或多个)。 每个CRLAM包括发行者证书颁发机构(CA)字段,用于标识颁发特定证书吊销列表(CRL)的证书颁发机构(CA),证书撤销列表(CRL)序列号字段,其指定指定版本的版本的证书颁发机构 特定证书撤销列表(CRL)由发行者证书颁发机构(CA)颁发。 接收CRLAM的节点可以使用CRLAM中提供的CRL信息来确定是否检索特定的证书吊销列表(CRL)。
-
-
-
-
-
-
-
-
-
搜索结果
61 条记录 (耗时 0.03 秒)
