公开(公告)号：US20080178274A1

公开(公告)日：2008-07-24

申请号：US11938048

申请日：2007-11-09

申请人： Madjid F. Nakhjiri ,  Grant Rodolph

发明人： Madjid F. Nakhjiri ,  Grant Rodolph

IPC分类号： G06F21/00

CPC分类号： H04L9/3242 ,  H04L9/321 ,  H04L63/06 ,  H04L63/0807 ,  H04L63/0892

摘要： A novel system for utilizing an authorization token to separate authentication and authorization services. The system authenticates a client to an authenticating server; generates an authorization token with the authenticating server and the client; and authorizes services for the client using the generated authorization token. The authorization token may be transferred via a third party, or may be utilized to extend an initial session without re-authentication.

摘要翻译： 一种利用授权令牌分离认证和授权服务的新颖系统。 系统认证客户端到认证服务器; 与认证服务器和客户端生成授权令牌; 并使用生成的授权令牌授权客户端的服务。 授权令牌可以经由第三方传送，或者可以用于扩展初始会话而不进行重新认证。

公开(公告)号：US08245028B2

公开(公告)日：2012-08-14

申请号：US12960304

申请日：2010-12-03

申请人： George Calcev ,  Bogdan O Carbunar ,  Madjid F. Nakhjiri

发明人： George Calcev ,  Bogdan O Carbunar ,  Madjid F. Nakhjiri

IPC分类号： H04L29/06

CPC分类号： H04L63/045 ,  H04L63/0823 ,  H04L63/12 ,  H04L63/1433 ,  H04W40/28

摘要： Communication nodes, acting as intermediate routers for communication packets transmitted between a source node and a destination node, are provided with different access rights to the fields of the routed communication packets. Routes of intermediate routers between the source node and the destination node are discovered and the identities of intermediate routers on the discovered routes are collected. The aggregate trust levels of the intermediate routers are computed allowing the most trusted route to be selected. Encryption keys are securely distributed to intermediate routers on the most trusted route based on the trust level of the intermediate routers and fields of the communication packets are encrypted with encryption keys corresponding to the assigned trust level. Intermediated nodes are thereby prevented from accessing selected fields of the communication packets.

摘要翻译： 作为在源节点和目的地节点之间传送的通信分组的中间路由器的通信节点被提供给路由通信分组的字段的不同访问权限。 发现源节点和目的节点之间的中间路由器的路由，并收集发现的路由上的中间路由器的身份。 计算中间路由器的聚合信任级别，允许选择最信任的路由。 基于中间路由器的信任级别，加密密钥被安全地分发到最信任的路由器上的中间路由器，并且通过与所分配的信任级别对应的加密密钥对通信分组的字段进行加密。 由此阻止中间节点访问通信分组的选定字段。

公开(公告)号：US08099597B2

公开(公告)日：2012-01-17

申请号：US11849108

申请日：2007-08-31

申请人： Madjid F. Nakhjiri

发明人： Madjid F. Nakhjiri

IPC分类号： H04L9/00

CPC分类号： H04W12/06 ,  H04L63/0892

摘要： A communications component comprising a processor configured to implement a method comprising acquiring an authentication identifier (Auth ID), and constructing a network service identifier (NSI) comprising the Auth ID and an authentication, authorization, and accounting (AAA) realm. The disclosure includes a system comprising an authorization server in communication with a host, wherein the authorization server is configured to verify a previous authentication of the host using a NSI. Also disclosed is a method comprising receiving a NSI and a service request, wherein the NSI comprises an Auth ID, determining an authentication server associated with the Auth ID, verifying an authentication of a host using the Auth ID, and authorizing the host to receive a service associated with the service request.

摘要翻译： 一种通信部件，包括：处理器，被配置为实现包括获取认证标识符（认证ID）和构建包括认证ID和认证，授权和计费（AAA）领域的网络服务标识符（NSI）的方法。 本公开包括包括与主机通信的授权服务器的系统，其中所述授权服务器被配置为使用NSI来验证所述主机的先前认证。 还公开了一种方法，包括接收NSI和服务请求，其中NSI包括认证ID，确定与认证ID相关联的认证服务器，使用认证ID验证主机的认证，以及授权主机接收 与服务请求相关联的服务。

公开(公告)号：US08005224B2

公开(公告)日：2011-08-23

申请号：US11685884

申请日：2007-03-14

申请人： Madjid F. Nakhjiri ,  Changsheng Wan

发明人： Madjid F. Nakhjiri ,  Changsheng Wan

IPC分类号： H04K1/00

CPC分类号： H04L63/062 ,  H04L9/3213 ,  H04L63/0892 ,  H04L2209/80 ,  H04L2463/062 ,  H04W12/04 ,  H04W80/04

摘要： A method for establishing a new security association between a mobile node and a network source, the method comprising creating a first token comprising a security association between a network source and a mobile node, the first token being encrypted using a first key known to the mobile node and a first trust authority within a home network associated with the mobile node, and creating a second token comprising the same security association between the network source and the mobile node, the second token being encrypted using a second key known to the first trust authority and a second trust authority associated with the network source, wherein the first token and the second token are sent to the second trust authority using a chain of trust infrastructure.

摘要翻译： 一种用于在移动节点和网络源之间建立新的安全关联的方法，所述方法包括创建包括网络源和移动节点之间的安全关联的第一令牌，所述第一令牌使用所述移动节点和移动节点已知的第一密钥进行加密 节点和与移动节点相关联的家庭网络内的第一信任授权机构，以及创建包含网络源与移动节点之间的相同安全关联的第二令牌，第二令牌使用第一信任机构已知的第二密钥进行加密 以及与所述网络源相关联的第二信任机构，其中所述第一令牌和所述第二令牌使用信任基础设施链发送到所述第二信任机构。

公开(公告)号：US20110075845A1

公开(公告)日：2011-03-31

申请号：US12960304

申请日：2010-12-03

申请人： George Calcev ,  Bogdan O. Carbunar ,  Madjid F. Nakhjiri

发明人： George Calcev ,  Bogdan O. Carbunar ,  Madjid F. Nakhjiri

IPC分类号： H04L9/08

CPC分类号： H04L63/045 ,  H04L63/0823 ,  H04L63/12 ,  H04L63/1433 ,  H04W40/28

摘要： Communication nodes, acting as intermediate routers for communication packets transmitted between a source node and a destination node, are provided with different access rights to the fields of the routed communication packets. Routes of intermediate routers between the source node and the destination node are discovered and the identities of intermediate routers on the discovered routes are collected. The aggregate trust levels of the intermediate routers are computed allowing the most trusted route to be selected. Encryption keys are securely distributed to intermediate routers on the most trusted route based on the trust level of the intermediate routers and fields of the communication packets are encrypted with encryption keys corresponding to the assigned trust level. Intermediated nodes are thereby prevented from accessing selected fields of the communication packets.

摘要翻译： 作为在源节点和目的地节点之间传送的通信分组的中间路由器的通信节点被提供给路由通信分组的字段的不同访问权限。 发现源节点和目的节点之间的中间路由器的路由，并收集发现的路由上的中间路由器的身份。 计算中间路由器的聚合信任级别，允许选择最信任的路由。 基于中间路由器的信任级别，加密密钥被安全地分发到最信任的路由器上的中间路由器，并且通过与所分配的信任级别对应的加密密钥对通信分组的字段进行加密。 由此阻止中间节点访问通信分组的选定字段。

公开(公告)号：US07725717B2

公开(公告)日：2010-05-25

申请号：US11217003

申请日：2005-08-31

申请人： Pierre Roux ,  Marco Fratti ,  Madjid F. Nakhjiri

发明人： Pierre Roux ,  Marco Fratti ,  Madjid F. Nakhjiri

IPC分类号： H04L9/00 ,  H04L9/32

CPC分类号： H04L9/321 ,  H04L9/3231 ,  H04L9/3273 ,  H04L2209/56

摘要： The invention provides for secure end-to-end user authentication by a remote server communicating with a communication device. The communication device further communicates with an authentication device, which provides a user authentication message to the communication device for forwarding to the remote server. The authentication device comprises a data store for storing user authentication credentials. A user authentication processor performs a local authentication of a user of the authentication device in response to a user input. An authentication processor generates the authentication message if the user authentication is valid. The authentication processor implements a cryptographic function based on the user authentication credentials. A transmitter then transmits the authentication message to the at least one communication device.

摘要翻译： 本发明提供了与通信设备通信的远程服务器的安全的端到端用户认证。 通信装置还与认证装置通信，认证装置向通信装置提供用户认证消息，以转发到远程服务器。 认证设备包括用于存储用户认证证书的数据存储器。 用户认证处理器响应于用户输入执行认证设备的用户的本地认证。 如果用户认证有效，则认证处理器生成认证消息。 认证处理器基于用户认证证书实现加密功能。 然后，发射机将认证消息发送到至少一个通信设备。

公开(公告)号：US20080229107A1

公开(公告)日：2008-09-18

申请号：US11685884

申请日：2007-03-14

申请人： Madjid F. Nakhjiri ,  Changsheng Wan

发明人： Madjid F. Nakhjiri ,  Changsheng Wan

IPC分类号： H04L9/00

CPC分类号： H04L63/062 ,  H04L9/3213 ,  H04L63/0892 ,  H04L2209/80 ,  H04L2463/062 ,  H04W12/04 ,  H04W80/04

摘要： A method for establishing a new security association between a mobile node and a network source, the method comprising creating a first token comprising a security association between a network source and a mobile node, the first token being encrypted using a first key known to the mobile node and a first trust authority within a home network associated with the mobile node, and creating a second token comprising the same security association between the network source and the mobile node, the second token being encrypted using a second key known to the first trust authority and a second trust authority associated with the network source, wherein the first token and the second token are sent to the second trust authority using a chain of trust infrastructure.

摘要翻译： 一种用于在移动节点和网络源之间建立新的安全关联的方法，所述方法包括创建包括网络源和移动节点之间的安全关联的第一令牌，所述第一令牌使用所述移动节点和移动节点已知的第一密钥进行加密 节点和与移动节点相关联的家庭网络内的第一信任授权机构，以及创建包含网络源与移动节点之间的相同安全关联的第二令牌，第二令牌使用第一信任机构已知的第二密钥进行加密 以及与所述网络源相关联的第二信任机构，其中所述第一令牌和所述第二令牌使用信任基础设施链发送到所述第二信任机构。

公开(公告)号：US20080022389A1

公开(公告)日：2008-01-24

申请号：US11458222

申请日：2006-07-18

申请人： George Calcev ,  Madjid F. Nakhjiri ,  Bogdan O Carbunar

发明人： George Calcev ,  Madjid F. Nakhjiri ,  Bogdan O Carbunar

IPC分类号： G06F15/16

CPC分类号： H04L63/045 ,  H04L63/0823 ,  H04L63/12 ,  H04L63/1433 ,  H04W40/28

摘要： Communication nodes, acting as intermediate routers for communication packets transmitted between a source node and a destination node, are provided with different access rights to the fields of the routed communication packets. Routes of intermediate routers between the source node and the destination node are discovered and the identities of intermediate routers on the discovered routes are collected. The aggregate trust levels of the intermediate routers are computed allowing the most trusted route to be selected. Encryption keys are securely distributed to intermediate routers on the most trusted route based on the trust level of the intermediate routers and fields of the communication packets are encrypted with encryption keys corresponding to the assigned trust level. Intermediated nodes are thereby prevented from accessing selected fields of the communication packets.

摘要翻译： 作为在源节点和目的地节点之间传送的通信分组的中间路由器的通信节点被提供给路由通信分组的字段的不同访问权限。 发现源节点和目的节点之间的中间路由器的路由，并收集发现的路由上的中间路由器的身份。 计算中间路由器的聚合信任级别，允许选择最信任的路由。 基于中间路由器的信任级别，加密密钥被安全地分发到最信任的路由器上的中间路由器，并且通过与所分配的信任级别对应的加密密钥对通信分组的字段进行加密。 由此阻止中间节点访问通信分组的选定字段。