公开(公告)号：US07983158B2

公开(公告)日：2011-07-19

申请号：US11291433

申请日：2005-11-30

申请人： Liang Guo ,  Whay C. Lee ,  Anthony R. Metke ,  Deepak Bansal

发明人： Liang Guo ,  Whay C. Lee ,  Anthony R. Metke ,  Deepak Bansal

IPC分类号： G01R31/08 ,  G06F11/00 ,  G08C15/00 ,  H04J1/16 ,  H04J3/14 ,  H04L1/00 ,  H04L12/26 ,  H04L12/28 ,  H04L12/56

CPC分类号： H04L41/0896 ,  H04L45/04 ,  H04L45/125 ,  H04L45/42 ,  H04L47/15 ,  H04L47/2433 ,  H04L47/70 ,  H04L47/746 ,  H04L47/762 ,  H04L47/782 ,  H04L47/822 ,  H04L47/829

摘要： A system for facilitating bandwidth management in a routing domain is presented. In the system, area bandwidth managers are coupled to a domain bandwidth manager and arranged in accordance with an Open Shortest Path First (OSPF) hierarchical routing topology with the domain bandwidth manager at an upper level of the topology. Each area bandwidth manager is located in a different area of the routing topology in at least one lower level of the topology. The domain bandwidth manager and the area bandwidth managers cooperatively coordinate admission control to a routing domain for facilitating a communication session between a source device and a destination device.

摘要翻译： 提出了一种促进路由域中带宽管理的系统。 在系统中，区域带宽管理器被耦合到域带宽管理器，并且根据开放最短路径优先（OSPF）分层路由拓扑结构来布置，其中域带宽管理器位于拓扑的上层。 每个区域带宽管理器位于拓扑的至少一个较低级别中的路由拓扑的不同区域中。 域带宽管理器和区域带宽管理器协调地将接纳控制协调到路由域，以促进源设备和目的地设备之间的通信会话。

公开(公告)号：US20100115266A1

公开(公告)日：2010-05-06

申请号：US12262761

申请日：2008-10-31

申请人： Liang GUO ,  Whay Chiou Lee ,  Anthony R. Metke

发明人： Liang GUO ,  Whay Chiou Lee ,  Anthony R. Metke

IPC分类号： H04L9/06

CPC分类号： H04L9/3268 ,  H04L9/006 ,  H04L9/0891 ,  H04L9/321

摘要： A method and device are useful for enabling a trust relationship using an unexpired public key infrastructure (PKI) certificate, where a current status of the PKI certificate is unavailable. The method includes determining at a relying party that a certificate status update for the PKI certificate is unavailable (step 905). Next, in response to the certificate status update being unavailable, a tolerable certificate status age (TCSA) for the PKI certificate is determined at the relying party based on one or more attributes associated with a certificate holder of the PKI certificate (step 910). Using the PKI certificate, a trust relationship is enabled between the relying party and the certificate holder after determining the TCSA and before an expiration of the TCSA (step 915).

摘要翻译： 方法和设备对于使用未到期的公钥基础设施（PKI）证书启用信任关系是有用的，其中PKI证书的当前状态不可用。 该方法包括在依赖方确定PKI证书的证书状态更新不可用（步骤905）。 接下来，响应于证书状态更新不可用，基于与PKI证书的证书持有者相关联的一个或多个属性，在依赖方确定PKI证书的可容忍证书状态年龄（TCSA）（步骤910）。 使用PKI证书，在确定TCSA之后和TCSA到期之前，依赖方和证书持有者之间启用信任关系（步骤915）。

公开(公告)号：US20100082975A1

公开(公告)日：2010-04-01

申请号：US12241566

申请日：2008-09-30

申请人： Anthony R. Metke ,  Donald E. Eastlake, III

发明人： Anthony R. Metke ,  Donald E. Eastlake, III

IPC分类号： H04L9/00

CPC分类号： G06F21/33 ,  G06F2221/2145 ,  H04L9/007 ,  H04L9/3265 ,  H04L63/064 ,  H04L63/0823

摘要： A method and apparatus for external organization (EO) path length (EOPL) validation are provided. A relying party node (RPN) stores a current EO path length constraint (EOPLC) value, and an EOPL counter that maintains a count of an actual external organization path length. The RPN obtains a chain of certificates that link a subject node (SN) to its trust anchor, and processes the certificates in the chain. When a certificate has a lower EOPLC than the current EOPLC value, the RPN replaces the current EOPLC value with the lower EOPLC. When the certificate currently being evaluated includes an enabled EO flag, the RPN increments the EOPL counter by one. The EOPL validation fails when the EOPL counter is greater than the current EOPLC value, and is successful when the last remaining certificate in the chain is processed without having the EOPL counter exceed the current EOPLC value.

摘要翻译： 提供了一种用于外部组织（EO）路径长度（EOPL）验证的方法和装置。 依赖方节点（RPN）存储当前EO路径长度约束（EOPLC）值，以及维持实际外部组织路径长度计数的EOPL计数器。 RPN获得将主节点（SN）链接到其信任锚点的证书链，并处理链中的证书。 当证书具有比当前EOPLC值更低的EOPLC时，RPN用较低的EOPLC替换当前的EOPLC值。 当当前正在评估的证书包含启用的EO标志时，RPN将EOPL计数器递增1。 当EOPL计数器大于当前EOPLC值时，EOPL验证失败，并且在链中的最后剩余证书被处理而不使EOPL计数器超过当前EOPLC值时，EOPL验证失败。

公开(公告)号：US20100070755A1

公开(公告)日：2010-03-18

申请号：US12212032

申请日：2008-09-17

申请人： Erwin Himawan ,  Ananth Ignaci ,  Anthony R. Metke ,  Shanthi E. Thomas

发明人： Erwin Himawan ,  Ananth Ignaci ,  Anthony R. Metke ,  Shanthi E. Thomas

IPC分类号： H04L9/00

CPC分类号： H04L63/0442 ,  H04L63/12

摘要： A method and device for confirming authenticity of a public key infrastructure (PKI) transaction event between a relying node and a subject node in a communication network enables improved network security. According to some embodiments, the method includes establishing at a PKI event logging (PEL) server a process to achieve secure communications with the relying node (step 705). Next, the PEL server processes reported PKI transaction event data received from the relying node (step 710). The reported PKI transaction event data describe the PKI transaction event between the relying node and the subject node. The reported PKI transaction event data are then transmitted from the PEL server to the subject node (step 715). The subject node can thus compare the reported PKI transaction event data with corresponding local PKI transaction event data to confirm the authenticity of the PKI transaction event.

摘要翻译： 用于确认通信网络中的依赖节点和主体节点之间的公共密钥基础设施（PKI）事务事件的真实性的方法和设备能够改善网络安全性。 根据一些实施例，该方法包括在PKI事件记录（PEL）服务器处建立与依赖节点进行安全通信的过程（步骤705）。 接下来，PEL服务器处理从依赖节点接收的报告的PKI事务事件数据（步骤710）。 报告的PKI事务事件数据描述依赖节点和主体节点之间的PKI事务事件。 然后将所报告的PKI事务事件数据从PEL服务器发送到主题节点（步骤715）。 因此，主体节点可以将报告的PKI事务事件数据与对应的本地PKI事务事件数据进行比较，以确认PKI事务事件的真实性。

公开(公告)号：US20090249062A1

公开(公告)日：2009-10-01

申请号：US12059666

申请日：2008-03-31

申请人： Shanthi E. Thomas ,  Erwin Himawan ,  Ananth Ignaci ,  Anthony R. Metke

发明人： Shanthi E. Thomas ,  Erwin Himawan ,  Ananth Ignaci ,  Anthony R. Metke

IPC分类号： H04L9/32

CPC分类号： H04L9/3268 ,  H04L63/0823 ,  H04L2209/60 ,  H04L2209/80 ,  H04W12/06 ,  H04W84/18

摘要： A method and apparatus for distributing Certificate Revocation List (CRL) information in an ad hoc network are provided. Ad hoc nodes in an ad hoc network can each transmit one or more certificate revocation list advertisement message(s) (CRLAM(s)). Each CRLAM includes an issuer certification authority (CA) field that identifies a certification authority (CA) that issued a particular certificate revocation list (CRL), a certificate revocation list (CRL) sequence number field that specifies a number that specifies the version of the particular certificate revocation list (CRL) that was issued by the issuer certification authority (CA). Nodes that receive the CRLAMs can then use the CRL information provided in the CRLAM to determine whether to retrieve the particular certificate revocation list (CRL).

摘要翻译： 提供了一种在自组织网络中分发证书吊销列表（CRL）信息的方法和装置。 自组织网络中的自组织节点可以各自发送一个或多个证书撤销列表通告消息（一个或多个）。 每个CRLAM包括发行者证书颁发机构（CA）字段，用于标识颁发特定证书吊销列表（CRL）的证书颁发机构（CA），证书撤销列表（CRL）序列号字段，其指定指定版本的版本的证书颁发机构 特定证书撤销列表（CRL）由发行者证书颁发机构（CA）颁发。 接收CRLAM的节点可以使用CRLAM中提供的CRL信息来确定是否检索特定的证书吊销列表（CRL）。

公开(公告)号：US20080314681A1

公开(公告)日：2008-12-25

申请号：US11767610

申请日：2007-06-25

申请人： Hemang F. Patel ,  Anthony R. Metke

发明人： Hemang F. Patel ,  Anthony R. Metke

IPC分类号： G08B1/08

CPC分类号： A62B3/00 ,  A62B99/00 ,  A62C99/0081 ,  G01S5/02 ,  G08B7/066

摘要： A method of providing situational awareness at an incident scene. Sensor data can be received from at least one sensor (104, 106, 108) located at the incident scene and position data can be received for at least one resource (306, 308, 310, 312). Based on the received data, at least one optimal exit route (318) at the incident scene can be calculated. The present invention also relates to a system (118) that provides situational awareness at an incident scene. The system can include a communications adapter (204) that receives sensor data from at least one sensor located at the incident scene and position data for at least one resource located at the incident scene, and a processor (202) that calculates at least one optimal exit route for the resource to exit a location at the incident scene based on the received sensor data and position data.

摘要翻译： 在事件现场提供情境意识的方法。 可以从位于入射场景的至少一个传感器（104,106,108）接收传感器数据，并且可以为至少一个资源（306,308,310,312）接收位置数据。 基于接收的数据，可以计算入射场景下的至少一个最优退出路线（318）。 本发明还涉及一种在事件现场提供情境感知的系统（118）。 该系统可以包括：通信适配器（204），其从位于事件场景处的至少一个传感器接收传感器数据，以及位于位于事件场景处的至少一个资源的位置数据;以及处理器（202），其计算至少一个最优 基于所接收的传感器数据和位置数据，资源的出口路线离开事件场景的位置。

公开(公告)号：US08724812B2

公开(公告)日：2014-05-13

申请号：US12983067

申请日：2010-12-31

申请人： Thomas J. Senese ,  Adam C. Lewis ,  Anthony R. Metke ,  George Popovich ,  Shanthi E. Thomas

发明人： Thomas J. Senese ,  Adam C. Lewis ,  Anthony R. Metke ,  George Popovich ,  Shanthi E. Thomas

IPC分类号： H04L9/08

CPC分类号： H04W12/04 ,  H04L63/045 ,  H04L63/061 ,  H04L63/0807 ,  H04L63/0823 ,  H04W12/06

摘要： Methods for establishing secure point-to-point communications in a trunked radio system include receiving, at a trunking controller, a request from a source endpoint for a traffic channel for confidential communications between the source endpoint and a destination endpoint using a shared unique first symmetric key. The trunking controller provides keying material related to the symmetric key over the secured control channel to at least one of the source or destination endpoints and assigns a traffic channel. Moreover, in response to the request, the controller assigns a traffic channel. The keying material enables the unique first symmetric key to be securely established between the source and destination endpoints.

摘要翻译： 用于在集群无线电系统中建立安全点对点通信的方法包括在中继控制器处，使用共享唯一的第一对称来在源端点和目的地端点之间接收来自源端点的业务信道的业务信道的请求 键。 中继控制器将与安全控制信道上的对称密钥相关的密钥材料提供给源端点或目的端点中的至少一个，并分配业务信道。 此外，响应于该请求，控制器分配业务信道。 密钥材料使得能够在源端点和目的端点之间安全地建立唯一的第一对称密钥。

公开(公告)号：US20130159703A1

公开(公告)日：2013-06-20

申请号：US13328334

申请日：2011-12-16

申请人： Erwin Himawan ,  Anthony R. Metke ,  Shanthi E. Thomas

发明人： Erwin Himawan ,  Anthony R. Metke ,  Shanthi E. Thomas

IPC分类号： H04L29/06

CPC分类号： H04L63/0823

摘要： A certificate issuer (210) can periodically request, receive, and store current server-based certificate validation protocol (SCVP) staples (225) for supported relying parties (205) from at least one server-based certificate validation protocol (SCVP) responder (215). The certificate issuer (210) can receive a contact initiation request (220) from one of the relying parties (205). Responsive to receiving the contact initiation request (220), the certificate issuer (210) can identify a current SCVP staple from the saved staples that is applicable to the relying party (205). The certificate issuer (210) can conveying a response to the contact initiation request (220) to the relying party (205). The response can comprise the identified SCVP staple and a public key infrastructure (PKI) certificate (230) of the certificate issuer. The SCVP staple can validate a certification path between the PKI certificate (230) and a different certificate trusted by the relying party (205).

公开(公告)号：US08438388B2

公开(公告)日：2013-05-07

申请号：US12059666

申请日：2008-03-31

申请人： Shanthi E. Thomas ,  Erwin Himawan ,  Ananth Ignaci ,  Anthony R. Metke

发明人： Shanthi E. Thomas ,  Erwin Himawan ,  Ananth Ignaci ,  Anthony R. Metke

IPC分类号： H04L9/32

CPC分类号： H04L9/3268 ,  H04L63/0823 ,  H04L2209/60 ,  H04L2209/80 ,  H04W12/06 ,  H04W84/18

摘要： A method and apparatus for distributing Certificate Revocation List (CRL) information in an ad hoc network are provided. Ad hoc nodes in an ad hoc network can each transmit one or more certificate revocation list advertisement message(s) (CRLAM(s)). Each CRLAM includes an issuer certification authority (CA) field that identifies a certification authority (CA) that issued a particular certificate revocation list (CRL), a certificate revocation list (CRL) sequence number field that specifies a number that specifies the version of the particular certificate revocation list (CRL) that was issued by the issuer certification authority (CA). Nodes that receive the CRLAMs can then use the CRL information provided in the CRLAM to determine whether to retrieve the particular certificate revocation list (CRL).

摘要翻译： 提供了一种在自组织网络中分发证书吊销列表（CRL）信息的方法和装置。 自组织网络中的自组织节点可以各自发送一个或多个证书撤销列表通告消息（一个或多个）。 每个CRLAM包括发行者证书颁发机构（CA）字段，用于标识颁发特定证书吊销列表（CRL）的证书颁发机构（CA），证书撤销列表（CRL）序列号字段，其指定指定版本的版本的证书颁发机构 特定证书撤销列表（CRL）由发行者证书颁发机构（CA）颁发。 接收CRLAM的节点可以使用CRLAM中提供的CRL信息来确定是否检索特定的证书吊销列表（CRL）。

公开(公告)号：US08423761B2

公开(公告)日：2013-04-16

申请号：US12262786

申请日：2008-10-31

申请人： Liang Guo ,  Whay Chiou Lee ,  Anthony R. Metke

发明人： Liang Guo ,  Whay Chiou Lee ,  Anthony R. Metke

IPC分类号： G06F21/00

CPC分类号： H04L63/0823 ,  H04L9/006 ,  H04L9/3268 ,  H04L2209/80

摘要： A method and device are useful for enabling a trust relationship using an expired public key infrastructure (PKI) certificate. The method includes determining at a relying party a maximum permissible grace period during which the PKI certificate can be conditionally granted a valid status (step 905). Next, at the relying party an uncertainty interval is determined, during which the relying party is unable to detect a revocation of the PKI certificate (step 910). A certificate grace period is then determined at the relying party from a function of the maximum permissible grace period, the uncertainty interval and at least one attribute defined in the PKI certificate (step 915). Using the PKI certificate, a trust relationship is then enabled between the relying party and a certificate holder of the PKI certificate, after determining the grace period and before an expiration of the grace period (step 920).

摘要翻译： 一种方法和设备对于使用过期的公共密钥基础设施（PKI）证书启用信任关系很有用。 该方法包括在依赖方确定PKI证书有条件地被授予有效状态的最大允许宽限期（步骤905）。 接下来，在依赖方确定不确定性间隔，在该期间，依赖方不能检测到PKI证书的撤销（步骤910）。 然后根据最大允许宽限期，不确定性间隔和PKI证书中定义的至少一个属性的功能，在依赖方确定证书宽限期（步骤915）。 使用PKI证书，在确定宽限期之后和宽限期到期之前，在依赖方与PKI证书的证书持有者之间启用信任关系（步骤920）。