公开(公告)号：US20190116031A1

公开(公告)日：2019-04-18

申请号：US16095072

申请日：2016-05-05

Applicant: Catherine TRUCHAN ,  Stere PREDA ,  Suresh KRISHNAN ,  Telefonaktiebolaget LM Ericsson (publ)

Inventor： Catherine Truchan ,  Stere Preda ,  Suresh Krishnan

IPC: H04L9/08 ,  H04L29/06 ,  H04W12/04 ,  H04W36/00 ,  H04W36/12

Abstract: Methods, systems, and computer program products for security context escrowing are provided herein. According to one aspect, a method of operation of a network node for a telecommunications network comprises storing security context information associated with a small data, fast path connection between a wireless device and a first gateway that is serving the wireless device, determining a change in the gateway that is serving the wireless device from the first gateway to a second gateway, and, in response to determining the change, providing the stored security context information to the second gateway for use with the wireless device.

公开(公告)号：US20170142577A1

公开(公告)日：2017-05-18

申请号：US14760370

申请日：2015-06-29

Applicant: Suresh KRISHNAN ,  TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)

Inventor： Stere Preda ,  Suresh Krishnan ,  Catherine Truchan

IPC: H04W12/02 ,  H04L29/06

CPC classification number: H04W12/02 ,  H04L63/0442 ,  H04L63/0471 ,  H04L2209/80 ,  H04W84/045 ,  H04W88/16

Abstract: In one aspect of the teachings herein, a radio node provides a local loopback mode of operation in at least some operational instances, in which it loops “local” traffic between wireless devices operating within a local radio cell or cells, rather than forwarding such traffic along to a controlling gateway for handling. The wireless devices operating within the cell(s) and involved in the loopback operation switch over from symmetric encryption that involves the controlling gateway as a secure endpoint for their traffic, to asymmetric or public-private key pair encryption. The radio node uses a correspondingly derived loopback encryption key to enable security on the loopback traffic flow between the involved local devices. Use of the loopback encryption key means that the radio node need not know or otherwise have access to the symmetric encryption keys used by the involved devices and the controlling gateway for “normal” non-loopback operation.

公开(公告)号：US09432211B2

公开(公告)日：2016-08-30

申请号：US13224791

申请日：2011-09-02

Applicant: Alan Kavanagh ,  Suresh Krishnan

Inventor： Alan Kavanagh ,  Suresh Krishnan

IPC: G06F15/173 ,  H04L12/28 ,  H04L12/24 ,  H04L29/12 ,  H04L12/26 ,  H04M15/00 ,  H04L29/06

CPC classification number: H04L12/2874 ,  H04L12/2498 ,  H04L12/2876 ,  H04L29/12245 ,  H04L41/509 ,  H04L43/026 ,  H04L43/028 ,  H04L65/4069 ,  H04L69/22 ,  H04M15/82 ,  H04M15/8228

Abstract: An edge node of an Access/Network Service Provider (ANP) network tracks the delivery into the ANP network of content from Contzzent Providers (CP), and generates accounting sessions with an accounting server. The edge node is provisioned with the IP addresses of known CP servers. A content delivery session, characterized by a CP IP address and a content identifier, such as a Differentiated Service Code Point (DSCP) value, is started upon the source IP address of a packet matching a known CP, and a packet count is incremented for each subsequent packet from the CP with the same content identifier. An accounting session is initiated with an accounting server when the content delivery session is started, and the accounting session is terminated, with the packet count for the session, upon a time-out since the last packet received. Multiple content delivery sessions may be ongoing simultaneously.

Abstract translation: 接入/网络服务提供商（ANP）网络的边缘节点跟踪从服务提供商（CP）到内容的ANP网络的传送，并与计费服务器一起生成计费会话。 边缘节点配有已知CP服务器的IP地址。 在与已知CP匹配的分组的源IP地址上开始以CP IP地址和诸如差分服务码点（DSCP）值的内容标识符为特征的内容递送会话，并且分组计数增加以用于 来自CP的每个后续分组具有相同的内容标识符。 当内容发送会话启动时，计费会话由计费服务器发起，并且计费会话终止，会话的数据包计数自上次收到的数据包之后的超时。 多个内容传送会话可能同时进行。

公开(公告)号：US09083705B2

公开(公告)日：2015-07-14

申请号：US13849362

申请日：2013-03-22

Applicant: Suresh Krishnan ,  Meral Shirazipour ,  Catherine Truchan

Inventor： Suresh Krishnan ,  Meral Shirazipour ,  Catherine Truchan

IPC: H04L12/28 ,  H04L29/06 ,  H04L29/12 ,  H04L12/24 ,  H04L12/721

CPC classification number: H04L61/2514 ,  H04L41/0813 ,  H04L41/0816 ,  H04L45/38 ,  H04L61/2517 ,  H04L63/0892

Abstract: The present disclosure describes methods and apparatus for differentiating subscriber devices of a subscriber hidden by a network address translation device and enables traffic flow steering on a per device basis rather than a per subscriber basis. Identification of subscriber devices is achieved by assigning a reserved set of external ports to each subscriber device. Different service paths can be defined for different subscriber devices to provide a subscriber with a different experience for each subscriber device of the subscriber.

Abstract translation: 本公开描述了用于区分由网络地址转换设备隐藏的用户的用户设备的方法和设备，并且使得能够在每个设备的基础上而不是每个用户的基础上进行业务流控制。 用户设备的识别是通过将预留的一组外部端口分配给每个用户设备来实现的。 可以为不同的订户设备定义不同的服务路径，以向订户提供与订户的每个订户设备不同的体验。

公开(公告)号：US09015346B2

公开(公告)日：2015-04-21

申请号：US14222032

申请日：2014-03-21

Applicant: Suresh Krishnan ,  Alan Kavanagh

Inventor： Suresh Krishnan ,  Alan Kavanagh

IPC: G06F15/16 ,  H04L12/56 ,  H04L29/12

CPC classification number: H04L45/741 ,  H04L61/2514 ,  H04L61/2517 ,  H04L61/6095

Abstract: Methods, network address translation (NAT) devices, network nodes and system for allowing identification of a private device in a public network or treating traffic of a private device in a public network. The NAT may allocate a private IPv4 address to the private device, reserve a block of ports on the public IPv4 address for the private device and send an identification of the block of ports to a network node in the public network. The network node of the public network may receive an identification of a block of ports on the public IPv4 address indicating that the block of ports is reserved for the private device and activate a rule for treating traffic of the private device.

Abstract translation: 方法，网络地址转换（NAT）设备，网络节点和系统，用于允许在公共网络中识别专用设备或处理公共网络中的专用设备的流量。 NAT可以将私有IPv4地址分配给私有设备，在私有设备的公共IPv4地址上保留端口块，并将该端口块的标识发送到公共网络中的网络节点。 公共网络的网络节点可以接收公共IPv4地址上的端口块的标识，指示端口块被保留用于专用设备，并激活用于处理专用设备的流量的规则。

公开(公告)号：US20140307736A1

公开(公告)日：2014-10-16

申请号：US13863733

申请日：2013-04-16

Applicant: Suresh KRISHNAN ,  Geoffrey LEFEBVRE

Inventor： Suresh KRISHNAN ,  Geoffrey LEFEBVRE

IPC: H04L29/06 ,  H04L12/741

CPC classification number: H04L69/22 ,  H04L45/745

Abstract: A method for providing a parser by a network node, which includes a table defining a plurality of rules and a plurality of match fields required for extraction from an incoming data packet header in order to apply each of the respective rules is described. The method comprises determining at least one occurrence in the table of a first match field that requires extraction; and determining a parser for use in accordance with the at least one determined occurrence of the first match field. Furthermore, the step of determining at least one occurrence of the first match field comprises initializing a counter associated with the first match field and incrementing the counter for each of the plurality of rules that requires extraction of the first match field. And the step of determining a parser comprises determining the parser for use in accordance with the counter. A network node for carrying this method is also described.

Abstract translation: 描述了一种由网络节点提供解析器的方法，该方法包括定义多个规则的表格和从输入数据分组头部提取所需的多个匹配字段，以便应用每个相应的规则。 该方法包括确定表中需要提取的第一匹配字段的至少一个出现; 以及根据所述至少一个确定的所述第一匹配字段的出现来确定使用的解析器。 此外，确定第一匹配字段的至少一次出现的步骤包括初始化与第一匹配字段相关联的计数器，并且对于需要提取第一匹配字段的多个规则中的每个规则递增计数器。 并且确定解析器的步骤包括根据计数器确定解析器以供使用。 还描述了用于承载该方法的网络节点。

公开(公告)号：US20130132544A1

公开(公告)日：2013-05-23

申请号：US13304012

申请日：2011-11-23

Applicant: Suresh Krishnan ,  Alan Kavanagh

Inventor： Suresh Krishnan ,  Alan Kavanagh

IPC: G06F15/173

CPC classification number: H04L67/2814 ,  H04L67/1021 ,  H04L67/2804 ,  H04L67/2842 ,  H04W4/18

Abstract: A network element in a network is provided. The network element includes a receiver that receives a content request message. The received content request message indicates content to be transmitted to a device. The network element includes a processor in communication with the receiver. The processor generates a modified content request message by inserting identification data into the content request message. The identification data identifies at least one of a plurality of network nodes in the network. The network element includes a transmitter that transmits the modified content request message to a content distribution network server. The receiver further receives a redirect message that is based on the transmitted modified content request message. The redirect message identifies that a one of the plurality of network nodes is a cache location storing the indicated content.

Abstract translation: 提供网络中的网元。 网元包括接收内容请求消息的接收器。 接收到的内容请求消息指示要发送到设备的内容。 网络元件包括与接收器通信的处理器。 处理器通过将标识数据插入到内容请求消息中来生成修改的内容请求消息。 识别数据标识网络中的多个网络节点中的至少一个。 网元包括将修改的内容请求消息发送到内容分发网络服务器的发送器。 接收机还接收基于发送的修改内容请求消息的重定向消息。 重定向消息识别出多个网络节点之一是存储指示内容的高速缓存位置。

公开(公告)号：US20100107231A1

公开(公告)日：2010-04-29

申请号：US12582544

申请日：2009-10-20

Applicant: Alan Kavanagh ,  Suresh Krishnan

Inventor： Alan Kavanagh ,  Suresh Krishnan

IPC: H04L9/32 ,  G06F21/00 ,  G06F11/07 ,  G06F15/16

CPC classification number: H04L63/08 ,  H04L9/3213 ,  H04L61/2015 ,  H04L63/0892

Abstract: Methods and network node in a network for receiving a network access request related to a subscriber via at least one external network interface and treating the network access request by using at least a first function and second function. A failure indication related to the subscriber is obtained from at least one of the first function or the second function. The network access request is thereafter denied by sending an access result via the external network interface. The access result comprises a cause of failure indicating the at least one of the first function or the second function as a source for the failure. The first and second functions may be, for instance, an AAA function and a DHCP function.

Abstract translation: 网络中的方法和网络节点，用于经由至少一个外部网络接口接收与订户相关的网络接入请求，并且通过使用至少第一功能和第二功能来处理所述网络接入请求。 从第一功能或第二功能中的至少一个获得与订户相关的故障指示。 此后，网络访问请求通过外部网络接口发送访问结果而被拒绝。 访问结果包括故障原因，指示第一功能或第二功能中的至少一个作为故障的源。 第一和第二功能可以是例如AAA功能和DHCP功能。

公开(公告)号：US07508793B2

公开(公告)日：2009-03-24

申请号：US11229680

申请日：2005-09-20

Applicant: Wassim Haddad ,  Suresh Krishnan

Inventor： Wassim Haddad ,  Suresh Krishnan

IPC: H04Q7/00

CPC classification number: H04L29/1232 ,  H04L61/2092 ,  H04W8/085 ,  H04W8/087 ,  H04W36/0011 ,  H04W80/04

Abstract: A MN, a method and a VMAP for increasing efficiency of handover of the MN from a AR1 to a AR2. The VMAP is hierarchically below a MAP and above the AR1. The MN has a RCoA valid under the MAP and a LCoA valid under the AR1. The VMAP comprises an OMM Function capable of receiving a PathUM thereby informing the VMAP that the MN 412 is handing over to the AR2, computing a LCoA2 valid under the AR2 and forwarding traffic received on the LCoA to the LCoA2. A VMAP Binding Cache Entry for the MN comprises at least the MN's RCoA, the MN's LCoA and a unique value associated with the MN. The VMAP, therewith, computes the LCoA2 using a same function as in the MN. Prior to receiving the PathUM, the VMAP could receive an E-LBA issued from the MAP and addressed to the LCoA comprising the MN's RCoA and the unique value associated with the MN and thereafter, creating or updating the VBCE for the MN using information included therein.

Abstract translation: MN，用于提高MN从AR1到AR2的切换的效率的方法和VMAP。 VMAP分层地在MAP之下并且在AR1之上。 MN在MAP下具有RCoA有效，在AR1下有一个LCoA有效。 VMAP包括能够接收Path​​UM的OMM功能，从而向VMAP通知MN 412正在切换到AR2，计算在AR2下有效的LCoA2，并将在LCoA上接收的业务转发到LCoA2。 MN的VMAP绑定缓存条目至少包括MN的RCoA，MN的LCoA和与MN相关联的唯一值。 因此，VMAP使用与MN中相同的功能来计算LCoA2。 在接收到PathUM之前，VMAP可以接收从MAP发出的E-LBA，并发送到包括MN的RCoA的LCoA和与MN相关联的唯一值，此后，使用包括在其中的信息创建或更新MN的VBCE 。

公开(公告)号：US20070287472A1

公开(公告)日：2007-12-13

申请号：US11738819

申请日：2007-04-23

Applicant: Wassim Haddad ,  Suresh Krishnan

Inventor： Wassim Haddad ,  Suresh Krishnan

IPC: H04Q7/20

CPC classification number: H04L45/00 ,  H04L29/06 ,  H04W8/26 ,  H04W24/00 ,  H04W28/06 ,  H04W40/36 ,  H04W80/04 ,  H04W84/12 ,  H04W92/24

Abstract: Systems and methods are described which delegate reachability testing for mobility signaling in communication networks. A mobile node transmits a mobility signaling package to other network nodes, which can use the information contained therein to perform the delegated reachability testing.

Abstract translation: 描述了在通信网络中委托移动性信令的可达性测试的系统和方法。 移动节点将移动性信令包发送到其他网络节点，其可以使用其中包含的信息来执行委托的可达性测试。