公开(公告)号：US20200252201A1

公开(公告)日：2020-08-06

申请号：US16591957

申请日：2019-10-03

Applicant: ADVA Optical Networking SE

Inventor： Andrew Sergeev

IPC: H04L9/06 ,  H04L29/06

Abstract: There are provided a method and system for assessing latency of ciphering end point of secure communication channel. The method comprises: generating a test traffic comprising a series of original data packets, wherein, for each original data packet, size of a given packet is uniquely indicative of the packet's place in a sequence of data packets in the series and enables unique correspondence with a size of the given packet upon its encryption; successively transmitting the original packets to the ciphering end point, whilst associating with respective departure time stamps; receiving encrypted packets from the ciphering end point and associating them with respective arrival time stamps; using a size of a given encrypted packet with a timestamp TSa to identify a size of a matching original packet, its place in the sequence of original packets and, thereby, its departure timestamp TSd, thus giving rise to a plurality of timestamp pairs (TSd; TSa).

公开(公告)号：US09960822B2

公开(公告)日：2018-05-01

申请号：US15041666

申请日：2016-02-11

Applicant: ADVA Optical Networking SE

Inventor： Eyal Ben-Sa'adon ,  Andrew Sergeev

IPC: H04L12/28 ,  H04B7/024 ,  H04W16/18 ,  H04W56/00 ,  H04W28/16

CPC classification number: H04B7/024 ,  H04W16/18 ,  H04W28/16 ,  H04W56/002

Abstract: A method for facilitating coordinated multipoint communication providing a plurality of network interface devices for measuring synchronization accuracy in the backhaul network; creating an actual coverage map for the coordinated multipoint communication analyzing the created actual coverage map to determine whether the backhaul network is sufficient for a selected coordinated multipoint technique; if the backhaul network is not sufficient determining one or more key performance indicators creating a conditional coverage map; comparing the actual coverage map with the conditional coverage map; reconfiguring the wireless communication network if the actual coverage map does not match the conditional coverage map.

公开(公告)号：US11637699B2

公开(公告)日：2023-04-25

申请号：US17380149

申请日：2021-07-20

Applicant: ADVA Optical Networking SE

Inventor： Andrew Sergeev ,  Joo Yeon Cho

IPC: G06F21/00 ,  H04L29/06 ,  H04L9/08

Abstract: There is provided a technique of establishing encryption keys for communication between 1st peer and 2nd peer via a data path. The technique comprises: by each peer, using input keying material to independently generate equivalent pairs of peer encryption keys (PEKs), verifying equivalence of the generated PEK pairs, and using by 1st peer and 2nd peer the verified PEK pairs to become in possession of equivalent pairs of session encryption keys (SEKs). Verifying comprises: generating by 1st peer a first handshake (HS) message encrypted by PEK Tx1 and sending the first HS message to the 2nd peer via the data path; decrypting by the 2nd peer the first HS message using the PEK Rx2, generating a second HS message encrypted by PEK Tx2, and sending the second HS message to the 1st peer via the data path; and decrypting the second HS message by the 1st peer using PEK Rx1.

公开(公告)号：US11095430B2

公开(公告)日：2021-08-17

申请号：US16591957

申请日：2019-10-03

Applicant: ADVA Optical Networking SE

Inventor： Andrew Sergeev

IPC: H04L9/32 ,  H04L9/06 ,  H04L29/06

Abstract: There are provided a method and system for assessing latency of ciphering end point of secure communication channel. The method comprises: generating a test traffic comprising a series of original data packets, wherein, for each original data packet, size of a given packet is uniquely indicative of the packet's place in a sequence of data packets in the series and enables unique correspondence with a size of the given packet upon its encryption; successively transmitting the original packets to the ciphering end point, whilst associating with respective departure time stamps; receiving encrypted packets from the ciphering end point and associating them with respective arrival time stamps; using a size of a given encrypted packet with a timestamp TSa to identify a size of a matching original packet, its place in the sequence of original packets and, thereby, its departure timestamp TSd, thus giving rise to a plurality of timestamp pairs (TSd; TSa).

公开(公告)号：US10979367B2

公开(公告)日：2021-04-13

申请号：US16270163

申请日：2019-02-07

Applicant: ADVA OPTICAL NETWORKING SE

Inventor： Andrew Sergeev ,  Eli Angel

IPC: H04L12/931 ,  H04L12/935 ,  H04L12/713 ,  H04L12/723 ,  H04L12/947 ,  H04L29/06

Abstract: A method, device, and computer-program product of forwarding data packets in a virtual switch is provided. The virtual switch comprises: first, second and third virtual ports for respectively receiving/transmitting: LAN traffic from/to a physical LAN port; secured traffic from/to a physical secured traffic port; and Internet traffic from/to a physical Internet port. The method comprises: determining, for selected data packets of the outbound traffic, signature information; storing the signature information and information identifying associated packets; outputting the outbound traffic for processing by a virtual machine; receiving at least a portion of the outbound traffic as outbound secured traffic for supply to the secured port; determining whether each data packet of the outbound secure traffic matches the dedicated signature information and responsively controlling the forwarding of the respective data packet as part of the outbound secured traffic to the secured port and/or creating a SUSPICIOUS SOURCE alarm.

公开(公告)号：US20160044723A1

公开(公告)日：2016-02-11

申请号：US14818823

申请日：2015-08-05

Applicant: ADVA Optical Networking SE

Inventor： Andrew Sergeev ,  Evgeny Zemlerub ,  Eyal Ben-Sa'adon

IPC: H04W76/02 ,  H04W24/08 ,  H04L29/06

CPC classification number: H04W76/12 ,  H04L61/251 ,  H04L63/0272 ,  H04L69/08 ,  H04W24/08

Abstract: A method for facilitating the establishment of a virtual private network in a cellular communication network comprising the steps of: arranging a network interface device in close proximity to a plurality of antennas; identifying an access request from a client device to establish a virtual private network connection through a core network portion by means of the network interface device; determining application information from the client device by means of the net-work interface device; and comparing the application information to a network information of the core net-work portion to determine whether the application information matches the net-work information by means of the network interface device.

Abstract translation: 一种用于促进在蜂窝通信网络中建立虚拟专用网络的方法，包括以下步骤：将网络接口设备布置在靠近多个天线的位置; 识别来自客户端设备的访问请求，以通过所述网络接口设备通过核心网络部分建立虚拟专用网络连接; 通过所述网络接口设备从所述客户端设备确定应用信息; 以及将所述应用信息与所述核心网络部分的网络信息进行比较，以通过所述网络接口设备确定所述应用信息是否与所述网络工作信息相匹配。

公开(公告)号：US10313877B2

公开(公告)日：2019-06-04

申请号：US15152848

申请日：2016-05-12

Applicant: ADVA Optical Networking SE

Inventor： Andrew Sergeev ,  Evgeny Zemlerub ,  Eyal Ben-Sa'adon

IPC: H04L29/06 ,  H04W12/04 ,  H04W76/12 ,  H04W12/02 ,  G06F9/455 ,  H04W12/06

Abstract: A method for facilitating participation of an intermediary network device in a security gateway communication including: establishing a secure channel between the intermediary network device and a security gateway; transmitting a virtual machine instantiation command generated by software running in the security gateway to the intermediary network device; instantiating a virtual machine on the intermediary network device; when establishing a secure communication session between the at least one base station and the core network portion via the security gateway for the first time, establishing an Internet Key Exchange communication between the virtual machine and the security gateway and transmitting session keys from the security gateway to the virtual machine during the Internet Key Exchange communication; establishing an IPsec tunnel between the virtual machine and the security gateway.

公开(公告)号：US09913304B2

公开(公告)日：2018-03-06

申请号：US14818823

申请日：2015-08-05

Applicant: ADVA Optical Networking SE

Inventor： Andrew Sergeev ,  Evgeny Zemlerub ,  Eyal Ben-Sa'adon

IPC: H04W76/02 ,  H04L29/06 ,  H04W24/08 ,  H04L29/12

CPC classification number: H04W76/12 ,  H04L61/251 ,  H04L63/0272 ,  H04L69/08 ,  H04W24/08

Abstract: A method for facilitating the establishment of a virtual private network in a cellular communication network comprising the steps of: arranging a network interface device in close proximity to a plurality of antennas; identifying an access request from a client device to establish a virtual private network connection through a core network portion by means of the network interface device; determining application information from the client device by means of the net-work interface device; and comparing the application information to a network information of the core net-work portion to determine whether the application information matches the net-work information by means of the network interface device.

公开(公告)号：US20170104608A1

公开(公告)日：2017-04-13

申请号：US15285899

申请日：2016-10-05

Applicant: ADVA Optical Networking SE

Inventor： Andrew Sergeev ,  Yossi Meir ,  Shlomo Reches ,  Samuel Monderer

IPC: H04L12/46 ,  H04L12/935

CPC classification number: H04L12/4641 ,  G06F11/3003 ,  G06F11/301 ,  H04L7/00 ,  H04L43/0858 ,  H04L47/30 ,  H04L49/3009 ,  H04L49/3045 ,  H04L61/1552

Abstract: There are provided a system and method of assessing latency of forwarding data packets in virtual environment. The method comprises: generating packet signatures SGD and SGA respectively for departing and arriving data packets; maintaining a first data structure comprising records related to departing packets associated with a first virtual function (VF), each record informative of SGD and registered departure time TD of a given departing packet; responsive to registering arriving time TA of a given monitored arriving packet SGA associated with a second VF, searching the first data structure for a record matching a matching condition SGD=SGA; modifying the matching record to become informative of latency ΔT=TA−TD and adding the modified record to a second data structure; and using data in the second data structure for assessing latency of forwarding packets from the ingress virtual port to the egress virtual port.

公开(公告)号：US12184407B2

公开(公告)日：2024-12-31

申请号：US17991356

申请日：2022-11-21

Applicant: ADVA Optical Networking SE

Inventor： Michael Rabinovich ,  Andrew Sergeev ,  Joo Yeon Cho ,  Shihuan Zou

IPC: H04J3/06

Abstract: There is provided a technique of securing clock synchronization between master clock node (MCN) and client clock node (CCN). During a cycle of exchanging PTP messages between MCN and CCN, MCN generates an associated paired message for each PTP message generated thereby and informative of t1 or t4 timestamps provided by MCN and sends each paired message to a validation entity (VE) via a secured channel between MCN and VE. When PTP messages traverse transparent clock nodes (TCN) between MCN and CCN, each TCN generates a paired message for each version of PTP message updated thereby and sends each generated paired message to VE via a secured channel between respective TCN and VE. VE uses the received paired messages to provide a validation of the cycle, wherein synchronization-related task(s) (e.g. clock correction by the client clock node, etc.) are provided only subject to successful validation of the cycle by VE.