-
1.发明申请公开(公告)号:US20130031620A1
公开(公告)日:2013-01-31
申请号:US13626292
申请日:2012-09-25
申请人: Anthony C. FASCENDA
发明人: Anthony C. FASCENDA
CPC分类号: H04W12/04 , H04L9/0897 , H04L9/3234 , H04L9/3271 , H04L63/0428 , H04L63/061 , H04L63/08 , H04L2209/80 , H04W12/06
摘要: The invention provides a secure Wi-Fi communications method and system. In an embodiment of the invention, unique physical keys, or tokens, are installed at an access point and each client device of the network. Each key comprises a unique serial number and a common network send cryptographic key and a common network receive cryptographic key used only during the authentication phase by all components on the LAN. Each client key further includes a secret cryptographic key unique to each client device. During authentication, two random numbers are generated per communications session and are known by both sides of the wireless channel. Only the random numbers are sent across the wireless channel and in each case these numbers are encrypted. A transposed cryptographic key is derived from the unique secret cryptographic key using the random numbers generated during authentication. Thus, both sides of the wireless channel know the transposed cryptographic key without it ever being transmitted between the two.
摘要翻译: 本发明提供了一种安全的Wi-Fi通信方法和系统。 在本发明的实施例中,独特的物理密钥或令牌被安装在网络的接入点和每个客户端设备处。 每个密钥包括唯一的序列号和公共网络发送加密密钥以及仅在认证阶段期间由LAN上的所有组件使用的公共网络接收加密密钥。 每个客户端密钥还包括每个客户端设备唯一的秘密加密密钥。 在认证期间,每个通信会话生成两个随机数,并且由无线信道的两侧都知道。 只有随机数字通过无线信道发送,在这种情况下,这些数字被加密。 使用在认证期间生成的随机数从独特的秘密加密密钥导出转置的加密密钥。 因此,无线信道的两侧都知道转置的加密密钥,而不会在两者之间传输。
-
公开(公告)号:US08316142B2
公开(公告)日:2012-11-20
申请号:US13093323
申请日:2011-04-25
申请人: Anthony C. Fascenda
发明人: Anthony C. Fascenda
IPC分类号: G06F15/16
CPC分类号: H04L9/3234 , H04L63/0236 , H04L63/0272 , H04L63/061 , H04L63/0876 , H04L63/101 , H04L2209/80 , H04L2463/061 , H04W12/04 , H04W12/08 , H04W84/12
摘要: The invention provides an external in-line device (“Subnet Box”) placed between a network and an access point to achieve secure Wi-Fi communications without needing to modify the access point. The Subnet Box comprises an embedded token and will authenticate users based on pre-stored access rights. In at least one embodiment of the invention, the Subnet Box comprises: a first communications port for intercepting data packets communicated to and from a wired communications network; a second communications port for intercepting data packets communicated to and from a wireless access point, wherein the wireless access point is an edge device of the wired communications network; a database comprising a number of serial numbers each associated with a client token and a secret cryptographic key; and a processor for determining whether a computing device having a client token can access the wired communications network via the wireless access point. The processor establishes a secure tunnel between the computing device and the first communications port.
摘要翻译: 本发明提供一种放置在网络和接入点之间的外部在线设备(子网箱),以实现安全的Wi-Fi通信,而不需要修改接入点。 该子网框包括嵌入式令牌,并将基于预先存储的访问权限对用户进行身份验证。 在本发明的至少一个实施例中,子网箱包括:用于拦截与有线通信网络通信的数据分组的第一通信端口; 用于拦截与无线接入点通信的数据分组的第二通信端口,其中无线接入点是有线通信网络的边缘设备; 数据库,其包括与客户端令牌和秘密密码密钥相关联的多个序列号; 以及用于确定具有客户端令牌的计算设备是否可以经由无线接入点访问有线通信网络的处理器。 处理器在计算设备和第一通信端口之间建立安全通道。
-
3.发明申请公开(公告)号:US20110194695A1
公开(公告)日:2011-08-11
申请号:US13047384
申请日:2011-03-14
IPC分类号: H04L9/00
CPC分类号: H04K1/00 , H04L9/0822 , H04L9/0844 , H04L9/0869 , H04L63/0457 , H04L63/065 , H04L63/0853 , H04L2209/601 , H04L2463/061
摘要: A method of encrypting broadcast and multicast data communicated between two or more parties, each party having knowledge of a shared key, is provided. The key is calculated using values, some of which are communicated between the parties, so that the shared key is not itself transferred. Avoiding the transfer of the key offers several advantages over existing encryption methods.
摘要翻译: 提供了一种加密在两个或多个方之间传送的广播和多播数据的方法,每个方面具有共享密钥知识。 密钥是使用值计算的,其中一些是在双方之间传达的,以致共享密钥本身不被转移。 与现有的加密方法相比,避免传输密钥提供了几个优点。
-
公开(公告)号:US20110138170A1
公开(公告)日:2011-06-09
申请号:US13026764
申请日:2011-02-14
IPC分类号: H04L9/00
CPC分类号: H04L9/0844 , H04L63/0428 , H04L63/0457 , H04L63/0853 , H04L2209/80
摘要: A method of per-packet keying for encrypting and decrypting data transferred between two or more parties, each party having knowledge of a shared key that allows a per-packet key to differ for each packet is provided. Avoiding the use of a static session key during encryption offers several advantages over existing encryption methods. For example, rejecting packets received with duplicate sequence numbers, or sequence numbers that are beyond a specified deviation range mitigates Replay Attacks.
摘要翻译: 提供了一种用于加密和解密在两个或多个方之间传送的数据的每分组密钥的方法,每个方面具有允许每个分组密钥对每个分组不同的共享密钥的知识。 在加密期间避免使用静态会话密钥提供了优于现有加密方法的几个优点。 例如,拒绝使用重复的序列号接收的数据包,或超出指定偏差范围的序列号可以减轻重播攻击。
-
公开(公告)号:US07913085B2
公开(公告)日:2011-03-22
申请号:US11763843
申请日:2007-06-15
IPC分类号: H04L9/32
CPC分类号: H04L9/0844 , H04L63/0428 , H04L63/0457 , H04L63/0853 , H04L2209/80
摘要: A method of per-packet keying for encrypting and decrypting data transferred between two or more parties, each party having knowledge of a shared key that allows a per-packet key to differ for each packet is provided. Avoiding the use of a static session key during encryption offers several advantages over existing encryption methods. For example, rejecting packets received with duplicate sequence numbers, or sequence numbers that are beyond a specified deviation range mitigates Replay Attacks.
摘要翻译: 提供了一种用于加密和解密在两个或多个方之间传送的数据的每分组密钥的方法,每个方面具有允许每个分组密钥对每个分组不同的共享密钥的知识。 在加密期间避免使用静态会话密钥提供了优于现有加密方法的几个优点。 例如,拒绝使用重复的序列号接收的数据包,或超出指定偏差范围的序列号可以减轻重播攻击。
-
公开(公告)号:US20100017867A1
公开(公告)日:2010-01-21
申请号:US12539075
申请日:2009-08-11
申请人: Anthony C. FASCENDA
发明人: Anthony C. FASCENDA
CPC分类号: H04W12/06 , G06F2221/2153 , H04L63/0823 , H04L63/0853 , H04W48/02
摘要: The invention provides a method and system for locally tracking network usage and enforcing usage plans at a client device. In an embodiment of the invention, a unique physical key, or token, is installed at a client device of one or more networks. The key comprises a usage application and one or more access parameters designated the conditions and/or limits of a particular network usage plan. Upon initial connection to the network, the usage application grants or denies access to the network based on an analysis of the current values of the access parameters. Therefore, network usage tracking and enforcement is made simple and automatic without requiring any back-end servers on the network while still providing ultimate flexibility in changing billing plans for any number of users at any time.
摘要翻译: 本发明提供了一种用于在客户端设备处本地跟踪网络使用和实施使用计划的方法和系统。 在本发明的一个实施例中,将独特的物理密钥或令牌安装在一个或多个网络的客户端设备上。 密钥包括使用应用和指定特定网络使用计划的条件和/或限制的一个或多个访问参数。 在初始连接到网络时,使用应用程序基于对访问参数的当前值的分析来授予或拒绝对网络的访问。 因此,网络使用跟踪和实施简单而自动,无需网络上的任何后端服务器,同时仍然可以随时为任意数量的用户更改计费计划提供极大的灵活性。
-
7.发明授权System, method, and apparatus for automatically and dynamically updating options, features, and/or services available to a client device 有权用于自动和动态更新客户端设备可用的选项,功能和/或服务的系统,方法和装置公开(公告)号:US06560604B1
公开(公告)日:2003-05-06
申请号:US09523168
申请日:2000-03-10
申请人: Anthony C. Fascenda
发明人: Anthony C. Fascenda
IPC分类号: G06F1730
CPC分类号: H04L29/06 , G06F9/44505 , H04L67/04 , H04L67/34 , Y10S707/99944 , Y10S707/99945
摘要: A system, method, and apparatus for automatically and dynamically updating options, features, and/or services available to a client device operating in a client-server environment. The client device includes a client template database for storing templates defining a configuration of the client device. This configuration determines the options, features, and/or services available to a client device and the user of the client device. A server includes a server template database for storing the most current or latest versions of the templates used to configure the client device. When a user enters a user request at the client device, the client device transmits an associated information request to the server. The information request includes a client template identifier associated with the information request and a client template version identifier. The server receives the information request and compares the client template version identifier to a version identifier for a corresponding template in the server template database, to determine if the client device has the latest version of the template. If it does not, then the server transmits an information response message to the client, including a template update.
摘要翻译: 一种用于自动和动态地更新在客户机 - 服务器环境中操作的客户端设备可用的选项,特征和/或服务的系统,方法和装置。 客户端设备包括用于存储定义客户端设备的配置的模板的客户端模板数据库。 此配置确定客户端设备和客户端设备的用户可用的选项,功能和/或服务。 服务器包括用于存储用于配置客户端设备的最新版本的最新版本的服务器模板数据库。 当用户在客户端设备处输入用户请求时,客户端设备向服务器发送关联的信息请求。 信息请求包括与信息请求相关联的客户端模板标识符和客户端模板版本标识符。 服务器接收到信息请求,并将客户端模板版本标识符与服务器模板数据库中相应模板的版本标识符进行比较,以确定客户端设备是否具有最新版本的模板。 如果没有,则服务器向客户端发送信息响应消息,包括模板更新。
-
公开(公告)号:US4845491A
公开(公告)日:1989-07-04
申请号:US50826
申请日:1987-05-15
CPC分类号: H04W8/245 , G08B3/1016 , G08B3/1091 , G08B5/22 , G08B5/223 , G08B5/224 , G09B5/08 , H04W88/022
摘要: A pager based information system is used to transmit both conventional private messages (using unique pager IDs) and two types of unconventional multi-recipient (M-R) messages (using database IDs and group IDs), all using the conventional POCSAG pager transmission format. Operation of the pager is software controlled through the use of a microprocessor and a RAM; auxiliary chips are not needed because of the relatively slow transmission speeds. Authority to receive the M-R messages is provided at the time of manufacture (database IDs) or via broadcasts (group IDs). Database type M-R messages are stored in the pager RAM in a hierarchial or tree structure. The software controlled pagers permit the over-the-air modification of the operation of selected pagers, such as the addition or deletion of group IDs and the change in the tree structure of the storage area for the database messages. The pager includes a real time pager clock which is update by pairs of broadcast time messages, the second having a time correction for the first.
摘要翻译: 基于寻呼机的信息系统用于传输传统的私人消息(使用独特的寻呼机ID)和两种类型的非常规多收件人(M-R)消息(使用数据库ID和组ID),全部使用传统的POCSAG寻呼机传输格式。 寻呼机的操作是通过使用微处理器和RAM进行软件控制的; 由于传输速度相对较慢,不需要辅助芯片。 在制造时(数据库ID)或通过广播(组ID)提供接收M-R消息的权限。 数据库类型M-R消息以分层或树结构存储在寻呼机RAM中。 软件控制的寻呼机允许选择的寻呼机的操作的空中修改,例如添加或删除组ID以及数据库消息的存储区域的树结构的改变。 寻呼机包括通过成对的广播时间消息更新的实时寻呼机时钟,第二个具有第一个时间校正。
-
公开(公告)号:US08345875B2
公开(公告)日:2013-01-01
申请号:US13047384
申请日:2011-03-14
CPC分类号: H04K1/00 , H04L9/0822 , H04L9/0844 , H04L9/0869 , H04L63/0457 , H04L63/065 , H04L63/0853 , H04L2209/601 , H04L2463/061
摘要: A method of encrypting broadcast and multicast data communicated between two or more parties, each party having knowledge of a shared key, is provided. The key is calculated using values, some of which are communicated between the parties, so that the shared key is not itself transferred. Avoiding the transfer of the key offers several advantages over existing encryption methods.
-
公开(公告)号:US07934005B2
公开(公告)日:2011-04-26
申请号:US10935123
申请日:2004-09-08
申请人: Anthony C. Fascenda
发明人: Anthony C. Fascenda
IPC分类号: G06F15/16
CPC分类号: H04L9/3234 , H04L63/0236 , H04L63/0272 , H04L63/061 , H04L63/0876 , H04L63/101 , H04L2209/80 , H04L2463/061 , H04W12/04 , H04W12/08 , H04W84/12
摘要: The invention provides an external in-line device (“Subnet Box”) placed between a network and an access point to achieve secure Wi-Fi communications without needing to modify the access point. The Subnet Box comprises an embedded token and will authenticate users based on pre-stored access rights. In at least one embodiment of the invention, the Subnet Box comprises: a first communications port for intercepting data packets communicated to and from a wired communications network; a second communications port for intercepting data packets communicated to and from a wireless access point, wherein the wireless access point is an edge device of the wired communications network; a database comprising a number of serial numbers each associated with a client token and a secret cryptographic key; and a processor for determining whether a computing device having a client token can access the wired communications network via the wireless access point. The processor establishes a secure tunnel between the computing device and the first communications port.
摘要翻译: 本发明提供一种放置在网络和接入点之间的外部在线设备(“子网箱”),以实现安全的Wi-Fi通信,而不需要修改接入点。 该子网框包括嵌入式令牌,并将基于预先存储的访问权限对用户进行身份验证。 在本发明的至少一个实施例中,子网箱包括:用于拦截与有线通信网络通信的数据分组的第一通信端口; 用于拦截与无线接入点通信的数据分组的第二通信端口,其中无线接入点是有线通信网络的边缘设备; 数据库,其包括与客户端令牌和秘密密码密钥相关联的多个序列号; 以及用于确定具有客户端令牌的计算设备是否可以经由无线接入点访问有线通信网络的处理器。 处理器在计算设备和第一通信端口之间建立安全通道。
-
-
-
-
-
-
-
-
-
搜索结果
42 条记录 (耗时 0.021 秒)
