-
公开(公告)号:US08332923B2
公开(公告)日:2012-12-11
申请号:US11972450
申请日:2008-01-10
申请人: Yoshihiro Oba , Subir Das
发明人: Yoshihiro Oba , Subir Das
IPC分类号: H04L29/04
CPC分类号: H04W12/06 , H04L63/062 , H04L63/0807 , H04L63/162 , H04W8/005 , H04W12/04 , H04W36/005 , H04W36/12
摘要: A media-independent handover key management architecture is disclosed that uses Kerberos for secure key distribution among a server, an authenticator, and a mobile node. In the preferred embodiments, signaling for key distribution is based on re-keying and is decoupled from re-authentication that requires EAP (Extensible Authentication Protocol) and AAA (Authentication, Authorization and Accounting) signaling similar to initial network access authentication. In this framework, the mobile node is able to obtain master session keys required for dynamically establishing the security associations with a set of authenticators without communicating with them before handover. By separating re-key operation from re-authentication, the proposed architecture is more optimized for a proactive mode of operation. It can also be optimized for reactive mode of operation by reversing the key distribution roles between the mobile node and the target access node.
摘要翻译: 公开了一种媒体独立的切换密钥管理架构,其使用Kerberos在服务器,认证器和移动节点之间进行安全密钥分发。 在优选实施例中,用于密钥分发的信令基于重新键入,并且与需要与初始网络接入认证相似的EAP(可扩展认证协议)和AAA(认证,授权和计费)信令的再认证解耦。 在该框架中,移动节点能够获得主动会话密钥,用于在切换之前与一组认证者动态建立安全关联,而不与其进行通信。 通过将重新键入操作与重新认证分离,所提出的架构针对主动操作模式进行了更优化。 还可以通过反转移动节点和目标接入节点之间的密钥分发角色来优化用于反应的操作模式。
-
52.发明申请System and Method for Group Communications in 3GPP Machine-to-Machine Networks 审中-公开3GPP机器到机器网络中的组通信的系统和方法公开(公告)号:US20120296968A1
公开(公告)日:2012-11-22
申请号:US13365847
申请日:2012-02-03
申请人: Fuchun Joseph Lin , Ming-Yee Lai , Subir Das , Jyh-Cheng Chen
发明人: Fuchun Joseph Lin , Ming-Yee Lai , Subir Das , Jyh-Cheng Chen
IPC分类号: G06F15/16
CPC分类号: H04L61/103 , H04L61/2069 , H04W4/70 , H04W8/02 , H04W8/26 , H04W60/04
摘要: An inventive system and method for group communication among devices in M2M networks comprises associating one or more of the devices with a gateway having a unique identifier, initiating registration of the devices at an M2M network using the unique identifier of the gateway, providing from the network a temporary identifier to the gateway and associating, in the network, the temporary identifier with the gateway, attaching the devices to the network using the temporary identifier, and communicating information between the network and the device through the gateway. In one aspect, the devices can be classified into sub-groups and each sub-group has a sub-group head that can be attached to the gateway so that the devices can communicate with the network through the sub-group head instead of the gateway. Each sub-group can be associated with a unique temporary identifier, in addition to the temporary identifier associated with the gateway.
摘要翻译: 用于M2M网络中的设备之间的群组通信的创新系统和方法包括将一个或多个设备与具有唯一标识符的网关相关联,使用网关的唯一标识符在M2M网络上发起设备的注册,从网络提供 网关的临时标识符,并将临时标识符与网关相关联,使用临时标识符将设备附加到网络,以及通过网关在网络和设备之间传送信息。 在一个方面,设备可以分为子组,每个子组都有一个可以连接到网关的子组头,使得设备可以通过子组头而不是网关与网络进行通信 。 除了与网关相关联的临时标识符之外,每个子组可以与唯一的临时标识符相关联。
-
公开(公告)号:US08036176B2
公开(公告)日:2011-10-11
申请号:US12135194
申请日:2008-06-08
申请人: Yoshihiro Oba , Subir Das
发明人: Yoshihiro Oba , Subir Das
IPC分类号: H04Q7/00
CPC分类号: H04W12/06 , H04L63/0823 , H04W36/0011 , H04W36/005 , H04W60/005
摘要: A system and method for performing MIH pre-authentication, which includes providing support for both direct and/or indirect pre-authentication and providing support for both network-initiated and mobile-initiated pre-authentication.
摘要翻译: 一种用于执行MIH预认证的系统和方法,其包括为直接和/或间接预认证提供支持,并且为网络启动和移动发起的预认证提供支持。
-
公开(公告)号:US20060236391A1
公开(公告)日:2006-10-19
申请号:US11161739
申请日:2005-08-15
申请人: Byungsuk Kim , Farooq Anjum , Subir Das , Praveen Gopalakrishnan , Latha Kant
发明人: Byungsuk Kim , Farooq Anjum , Subir Das , Praveen Gopalakrishnan , Latha Kant
IPC分类号: G06F12/14
CPC分类号: H04L63/1408 , H04L63/1466
摘要: The present invention, among other things, obviates the effects of an attack on a wireless network through appropriate isolation and recovery. An aspect of the present invention can include a system and method of isolating a victim of malicious behavior in a wireless access network, and in particular WLAN networks. By having software on the victim's device, the system provides the capability of recovering the victim from the effects of the intruder, and prevents the victim from being affected by subsequent attacks by the intruder. The preferred embodiments include two key components: a local monitor and a global monitor.
摘要翻译: 本发明尤其是通过适当的隔离和恢复来消除对无线网络的攻击的影响。 本发明的一个方面可以包括在无线接入网络,特别是WLAN网络中分离恶意行为的受害者的系统和方法。 通过在受害者的设备上使用软件,系统提供从入侵者的效果中恢复受害者的能力,并防止受害者受到入侵者后续攻击的影响。 优选实施例包括两个关键组件:本地监视器和全局监视器。
-
55.发明授权公开(公告)号:US06992995B2
公开(公告)日:2006-01-31
申请号:US09834237
申请日:2001-04-12
申请人: Prathima Agrawal , Subir Das , Sajal Das , Archan Misra
发明人: Prathima Agrawal , Subir Das , Sajal Das , Archan Misra
IPC分类号: H04Q7/00
摘要: Methods and systems are provided for facilitating intra-domain mobility. A first network or domain includes a home agent or SIP proxy of a mobile node. A second network includes two or more subnetworks and at least one mobility agent (MA). Each subnetwork includes an associated subnet agent. To communicate, the mobile node first registers with a subnet agent, receives a local care-of-address and a global care-of-address, and then registers with an MA. The mobile node may then provide the global care-of-address to the home agent. The local care-of-address may enable communication with the mobile node without determining a specific route to the mobile node. The global care-of-address received from the subnet agent may include the address of the MA. Accordingly, the mobile node may transition from any of the subnetworks to another subnetwork without communicating to the home agent information about the transition and without communicating to the MA information about a security association between the mobile node and the home agent.
摘要翻译: 提供方法和系统以促进域内迁移。 第一网络或域包括移动节点的归属代理或SIP代理。 第二网络包括两个或多个子网络和至少一个移动性代理(MA)。 每个子网包括相关联的子网代理。 为了通信,移动节点首先向子网代理注册,接收地址转交地址和全局转交地址,然后向MA注册。 然后,移动节点可以向归属代理提供全局转交地址。 本地转交地址可以实现与移动节点的通信,而无需确定到移动节点的特定路由。 从子网代理接收到的全局转交地址可能包括MA的地址。 因此,移动节点可以从任何子网转换到另一个子网,而不需要与归属代理相关的关于转换的信息进行通信,并且不与移动节点和归属代理之间的安全关联的MA信息通信。
-
公开(公告)号:US06799204B1
公开(公告)日:2004-09-28
申请号:US09693015
申请日:2000-10-20
申请人: Shinichi Baba , Subir Das , Anthony McAuley , Yasuro Shobatake
发明人: Shinichi Baba , Subir Das , Anthony McAuley , Yasuro Shobatake
IPC分类号: G06F1516
CPC分类号: H04L61/2015 , H04L29/12311 , H04L61/2084 , H04W8/26 , H04W80/04
摘要: The Dynamic Registration and Configuration Protocol (DRCP) provides a framework for registering and passing configuration information to roaming mobile hosts. DRCP is compatible with DHCP can switch to using DHCP protocol if only DHCP servers are present in the network. Most importantly, DRCP allows rapid configuration by moving address consistency checking from the critical path. Other novel features of DRCP allow: a) clients to know when to get a new address independent of the layer-2 access technology, b) efficient use of scarce wireless bandwidth, c) clients to be routers, d) dynamic addition or deletion of address pools to any DRCP node, and e) message exchange without broadcast.
摘要翻译: 动态注册和配置协议(DRCP)提供了一个框架,用于注册和传递配置信息到漫游的移动主机。 如果只有DHCP服务器存在于网络中,则DRCP与DHCP兼容可切换到使用DHCP协议。 最重要的是,通过从关键路径移动地址一致性检查,DRCP允许快速配置。 DRCP的其他新颖特征允许:a)客户端知道何时获得独立于第2层接入技术的新地址,b)有效利用稀缺的无线带宽,c)客户端作为路由器,d)动态添加或删除 地址池到任何DRCP节点,e)消息交换,无需广播。
-
公开(公告)号:US20120250529A1
公开(公告)日:2012-10-04
申请号:US12788418
申请日:2010-05-27
申请人: John Lee , Subir Das , Anthony J. McAuley
发明人: John Lee , Subir Das , Anthony J. McAuley
CPC分类号: H04W36/005 , H04L45/028 , H04W40/248 , H04W40/38 , H04W84/18 , Y02D70/20
摘要: In a mobile ad-hoc re-routing system in which network nodes are identified by topology dissemination messages, including local “Hello” and global Topographical Control (“TC”) messages, the improvement comprises triggering topology dissemination messages based on at least one of a new neighbor determination and link loss determinations.
摘要翻译: 在移动自组织重路由系统中,其中网络节点由包括本地Hello和全球拓扑结构控制(TC)消息的拓扑传播消息标识,所述改进包括基于新邻居确定中的至少一个来触发拓扑传播消息 和链路损耗确定。
-
公开(公告)号:US20090047959A1
公开(公告)日:2009-02-19
申请号:US12119048
申请日:2008-05-12
IPC分类号: H04Q7/20
CPC分类号: H04W36/005 , H04W36/0011 , H04W80/04
摘要: A method of employing an encoding scheme for media independent handover, comprising: having at least some data type carry only required information to determine the end of data without a length value
摘要翻译: 一种采用用于媒体独立切换的编码方案的方法,包括:至少有一些数据类型仅携带所需信息以确定没有长度值的数据结束
-
公开(公告)号:US20080310366A1
公开(公告)日:2008-12-18
申请号:US12135194
申请日:2008-06-08
申请人: Yoshihiro Oba , Subir Das
发明人: Yoshihiro Oba , Subir Das
CPC分类号: H04W12/06 , H04L63/0823 , H04W36/0011 , H04W36/005 , H04W60/005
摘要: A system and method for performing MIH pre-authentication, which includes providing support for both direct and/or indirect pre-authentication and providing support for both network-initiated and mobile-initiated pre-authentication.
摘要翻译: 一种用于执行MIH预认证的系统和方法,其包括为直接和/或间接预认证提供支持,并且为网络启动和移动发起的预认证提供支持。
-
公开(公告)号:US20080141031A1
公开(公告)日:2008-06-12
申请号:US11867659
申请日:2007-10-04
申请人: Yoshihiro Oba , Subir Das
发明人: Yoshihiro Oba , Subir Das
CPC分类号: H04W12/06 , H04L63/08 , H04L63/162 , H04L63/205
摘要: This document describes an EAP method used for extending EAP functionality. The extended functionality includes channel binding and re-authentication. The EAP method also allows sequencing of multiple EAP methods inside it.
摘要翻译: 本文档描述了用于扩展EAP功能的EAP方法。 扩展功能包括通道绑定和重新认证。 EAP方法还允许对其内的多种EAP方法进行排序。
-
-
-
-
-
-
-
-
-
搜索结果
60 条记录 (耗时 0.029 秒)
