-
公开(公告)号:US07856655B2
公开(公告)日:2010-12-21
申请号:US10882537
申请日:2004-06-30
申请人: Brian D. Swander , Bernard D. Aboba
发明人: Brian D. Swander , Bernard D. Aboba
CPC分类号: H04L63/0236 , H04L63/061 , H04L63/08 , H04L63/164
摘要: A system is provided for establishing a secure link among multiple users on a single machine with a remote machine. The system includes a subsystem to filter traffic so that traffic from each user is separate. The subsystem generates and associates a Security Association (SA) with at least one filter corresponding to the user and the traffic, and employs the SA to establish the secure link. An Internet Key Exchange module and a policy module may be included to generate and associate the security association, wherein the policy module is configured via Internet Protocol Security (IPSEC).
摘要翻译: 提供了一种用于在具有远程机器的单个机器上的多个用户之间建立安全链路的系统。 该系统包括一个过滤流量的子系统,以便来自每个用户的流量是分开的。 子系统生成并将安全关联(SA)与至少一个与用户和流量对应的过滤器关联起来,并使用SA建立安全链路。 可以包括互联网密钥交换模块和策略模块以生成和关联安全关联,其中策略模块通过因特网协议安全(IPSEC)配置。
-
公开(公告)号:US06915437B2
公开(公告)日:2005-07-05
申请号:US09741217
申请日:2000-12-20
申请人: Brian D. Swander , Bernard D. Aboba
发明人: Brian D. Swander , Bernard D. Aboba
CPC分类号: H04L63/0236 , H04L63/061 , H04L63/08 , H04L63/164
摘要: A system is provided for establishing a secure link among multiple users on a single machine with a remote machine. The system includes a subsystem to filter traffic so that traffic from each user is separate. The subsystem generates and associates a Security Association (SA) with at least one filter corresponding to the user and the traffic, and employs the SA to establish the secure link. An Internet Key Exchange module and a policy module may be included to generate and associate the security association, wherein the policy module is configured via Internet Protocol Security (IPSEC).
摘要翻译: 提供了一种用于在具有远程机器的单个机器上的多个用户之间建立安全链路的系统。 该系统包括一个过滤流量的子系统,以便来自每个用户的流量是分开的。 子系统生成并将安全关联(SA)与至少一个与用户和流量对应的过滤器关联起来,并使用SA建立安全链路。 可以包括互联网密钥交换模块和策略模块以生成和关联安全关联,其中策略模块通过因特网协议安全(IPSEC)配置。
-
公开(公告)号:US07743408B2
公开(公告)日:2010-06-22
申请号:US10734817
申请日:2003-12-12
申请人: Bernard D. Aboba , Timothy M. Moore
发明人: Bernard D. Aboba , Timothy M. Moore
IPC分类号: G06F7/04
CPC分类号: H04W48/20 , H04L63/0823 , H04L63/0869 , H04W12/06
摘要: Network devices access a communications network and engage in secure associations with one or more network access points upon authenticating the access points and upon verifying the discovery information that is broadcast by the access point. Once a secure association is created, management frames that are subsequently transmitted between the network devices and the access points and that are used to control the secure association are verified to further enhance the security of the communications network.
摘要翻译: 网络设备访问通信网络并且在认证接入点之后并且在验证由接入点广播的发现信息时,与一个或多个网络接入点进行安全关联。 一旦创建了安全关联,则验证随后在网络设备和接入点之间传输并用于控制安全关联的管理帧,以进一步增强通信网络的安全性。
-
4.发明申请PHYSICAL AND MAC ADAPTATION FOR INTERFERENCE MITIGATION WITH COGNITIVE RADIO 有权用于认知无线电干扰减轻的物理和MAC适配公开(公告)号:US20090124205A1
公开(公告)日:2009-05-14
申请号:US11939217
申请日:2007-11-13
申请人: Bernard D. Aboba , Paramvir Bahl , Gopala S. Narlanka , Jitendra D. Padhye , Bozidar Radunovic , Ramachandran Ramjee , Kun Tan , Miguel Oom Temudo de Castro
发明人: Bernard D. Aboba , Paramvir Bahl , Gopala S. Narlanka , Jitendra D. Padhye , Bozidar Radunovic , Ramachandran Ramjee , Kun Tan , Miguel Oom Temudo de Castro
IPC分类号: H04B17/00
CPC分类号: H04B17/382 , H04B17/345
摘要: A communication device cognitively monitors interference signals across a communication band so that adaptations for physical and medium access control (MAC) of data packet transmissions are appropriate for a particular interference signal. Characteristics of an interference signal of interest (e.g., bandwidth, power and/or duration relative to an average data packet transmitted over a communication channel of the communication device) are sensed for an appropriate adaptation (e.g., forward error correction, modulation technique, back off, request to send/clear to send protocol, etc.). Patterns for known types of interference sources can be compared so that when recognized an associated adaptation can be used.
摘要翻译: 通信设备认知地监测跨通信频带的干扰信号,使得数据分组传输的物理和媒体接入控制(MAC)的适配适用于特定的干扰信号。 感兴趣的干扰信号的特征(例如,相对于在通信设备的通信信道上传输的平均数据分组的带宽,功率和/或持续时间)被适当的适配(例如,前向纠错,调制技术,后向 关闭,请求发送/清除发送协议等)。 可以比较已知类型的干扰源的模式,使得当识别出可以使用相关联的适配时。
-
公开(公告)号:US06941465B1
公开(公告)日:2005-09-06
申请号:US09360912
申请日:1999-07-26
申请人: Ashwin Palekar , Bernard D. Aboba , Narendra C. Gidwani , Michel Guittet , Todd L. Paul , David L. Eitelbach , Stephen E. Bensley
发明人: Ashwin Palekar , Bernard D. Aboba , Narendra C. Gidwani , Michel Guittet , Todd L. Paul , David L. Eitelbach , Stephen E. Bensley
CPC分类号: H04L63/102 , G06F21/6218 , H04L63/20
摘要: A policy server program evaluates one or more policy statements based on the group or groups to which a user belongs as well as other conditions. Each policy statement expresses an implementation of the access policy of the network, and is associated with a profile. The profile contains one or more actions that are to be applied to the user. The policy server program determines the identity of the group or groups to which the user belongs by referencing one or more group attributes contained in a user object which is located in a directory on the network. The user object and its group parameters are established when the user is added to the directory, while a policy statement for a group can be created at any time.
摘要翻译: 策略服务器程序根据用户所属的组或其他条件来评估一个或多个策略语句。 每个策略语句表示网络的访问策略的实现,并且与配置文件相关联。 配置文件包含要应用于用户的一个或多个操作。 策略服务器程序通过引用位于网络上的目录中的用户对象中包含的一个或多个组属性来确定用户所属的组或组的身份。 当用户添加到目录时,建立用户对象及其组参数,同时可以创建组的策略语句。
-
公开(公告)号:US20090175182A1
公开(公告)日:2009-07-09
申请号:US12006864
申请日:2008-01-07
申请人: Hui Shen , Jiandong Ruan , Kun Tan , Jiansong Zhang , Amer A. Hassan , Bernard D. Aboba , Yi Lu , Tong Zhou
发明人: Hui Shen , Jiandong Ruan , Kun Tan , Jiansong Zhang , Amer A. Hassan , Bernard D. Aboba , Yi Lu , Tong Zhou
IPC分类号: G06F11/30
CPC分类号: H04W28/18
摘要: Systems and methods are provided for transmitting data on a wireless network. Some embodiments provide a technique whereby a type is determined for the transmission, at least one metric is determined for the transmission based at least in part on the transmission type and/or an indication of conditions on the channel on which the transmission is to be performed, at least one transmission parameter to be used in performing the transmission is selected to optimize the at least one metric, and the data is transmitted in accordance with the at least one transmission parameter.
摘要翻译: 提供了用于在无线网络上传输数据的系统和方法。 一些实施例提供了一种技术,其中为传输确定类型,至少部分地基于传输类型和/或要在其上执行传输的信道上的条件的指示来确定传输的至少一个度量 选择要在执行传输中使用的至少一个传输参数以优化所述至少一个度量,并且根据所述至少一个传输参数传输所述数据。
-
公开(公告)号:US07394821B2
公开(公告)日:2008-07-01
申请号:US10875255
申请日:2004-06-24
IPC分类号: H04L12/56
摘要: A system for maintaining network information. The system resides in a network comprising a plurality of sub-networks in communication with one another over a communications backbone. Each sub-network has a router for use in performing communications with other sub-networks. A directory service is linked to the communications backbone and includes a database. The database stores router attribute information that is published by each of the routers. Using a query engine associated with the directory service, meaningful information can be gathered from the database as a function of specified router attribute information.
摘要翻译: 维护网络信息的系统。 系统驻留在包括通过通信骨干彼此通信的多个子网络的网络中。 每个子网络具有用于与其他子网络进行通信的路由器。 目录服务链接到通信骨干网,并包括一个数据库。 数据库存储每个路由器发布的路由器属性信息。 使用与目录服务相关联的查询引擎,可以根据指定的路由器属性信息从数据库收集有意义的信息。
-
8.发明授权公开(公告)号:US08301081B2
公开(公告)日:2012-10-30
申请号:US11939217
申请日:2007-11-13
申请人: Bernard D. Aboba , Paramvir Bahl , Gopala S. Narlanka , Jitendra D. Padhye , Bozidar Radunovic , Ramachandran Ramjee , Kun Tan , Miguel Oom Temudo de Castro
发明人: Bernard D. Aboba , Paramvir Bahl , Gopala S. Narlanka , Jitendra D. Padhye , Bozidar Radunovic , Ramachandran Ramjee , Kun Tan , Miguel Oom Temudo de Castro
CPC分类号: H04B17/382 , H04B17/345
摘要: A communication device cognitively monitors interference signals across a communication band so that adaptations for physical and medium access control (MAC) of data packet transmissions are appropriate for a particular interference signal. Characteristics of an interference signal of interest (e.g., bandwidth, power and/or duration relative to an average data packet transmitted over a communication channel of the communication device) are sensed for an appropriate adaptation (e.g., forward error correction, modulation technique, back off, request to send/clear to send protocol, etc.). Patterns for known types of interference sources can be compared so that when recognized an associated adaptation can be used.
摘要翻译: 通信设备认知地监测跨通信频带的干扰信号,使得数据分组传输的物理和媒体接入控制(MAC)的适配适用于特定的干扰信号。 感兴趣的干扰信号的特征(例如,相对于在通信设备的通信信道上传输的平均数据分组的带宽,功率和/或持续时间)被适当的适配(例如,前向纠错,调制技术,后向 关闭,请求发送/清除发送协议等)。 可以比较已知类型的干扰源的模式,使得当识别出可以使用相关联的适配时。
-
公开(公告)号:US20090122700A1
公开(公告)日:2009-05-14
申请号:US11939625
申请日:2007-11-14
申请人: Bernard D. Aboba , Paramvir Bahl , Miguel Oom Temudo de Castro , Gopala S. Narlanka , Jitendra D. Padhye , Bozidar Radunovic , Ramachandran Ramjee , Kun Tan
发明人: Bernard D. Aboba , Paramvir Bahl , Miguel Oom Temudo de Castro , Gopala S. Narlanka , Jitendra D. Padhye , Bozidar Radunovic , Ramachandran Ramjee , Kun Tan
IPC分类号: H04L12/407 , H04L12/56 , H04B7/00
摘要: Each node or link of an ad hoc network assists in the distributed allocation of a data channel to increase fairness, even in a multi-hop network, by tracking a measure of link weight for itself and sharing this information over a control channel with neighboring nodes. The metric can be provided over a dedicated control channel, added as a header to data communication on a data channel, or inferred by monitoring data traffic from the neighboring node. The link weight can be adjusted by a link quality factor based on provided or inferred metrics such as transmission rates, ratio of transmission errors, idle time, etc. For multiple flow queues at a subject node, one with a higher transmission rate can be selected for increased fairness. When a packet is received, medium access includes allocating bandwidth, including bonding multiple frequencies that are determined to be available to both nodes.
摘要翻译: 自组织网络的每个节点或链路有助于数据信道的分布式分配,以便甚至在多跳网络中,通过跟踪自身的链路权重的度量并且通过与相邻节点的控制信道共享该信息来增加公平性 。 该度量可以通过专用控制信道提供,作为标题添加到数据信道上的数据通信,或通过监视来自相邻节点的数据业务来推断。 链路权重可以通过基于提供或推断的度量(例如传输速率,传输错误率,空闲时间等)的链路质量因子进行调整。对于主体节点处的多个流队列,可以选择具有较高传输速率的流量队列 增加公平性。 当接收到分组时,介质访问包括分配带宽,包括绑定被确定为可用于两个节点的多个频率。
-
10.发明授权公开(公告)号:US07464265B2
公开(公告)日:2008-12-09
申请号:US10138868
申请日:2002-05-03
申请人: Arun Ayyagari , Daniel R. Simon , Bernard D. Aboba , Krishna Ganugapati , Timothy M. Moore , Pradeep Bahl
发明人: Arun Ayyagari , Daniel R. Simon , Bernard D. Aboba , Krishna Ganugapati , Timothy M. Moore , Pradeep Bahl
IPC分类号: H04L9/00
CPC分类号: H04L9/0833 , H04L9/0841 , H04L63/065 , H04L63/08 , H04L63/104 , H04L67/14 , H04L2209/80 , H04L2463/061
摘要: Disclosed are methods for a client, having established one set of security keys, to establish a new set without having to communicate with an authentication server. When the client joins a group, master session security keys are derived and made known to the client and to the group's access server. From the master session security keys, the access server and client each derive transient session security keys, used for authentication and encryption. To change the transient session security keys, the access server creates “liveness” information and sends it to the client. New master session security keys are derived from the liveness information and the current set of transient session security keys. From these new master session security keys are derived new transient session security keys. This process limits the amount of data sent using one set of transient session security keys and thus limits the effectiveness of any statistical attacker.
摘要翻译: 已经公开了已经建立了一组安全密钥的客户端的方法来建立新的集合而不必与认证服务器进行通信。 当客户端加入一个组时,主会话安全密钥被导出,并被客户机和组的访问服务器所知。 从主会话安全密钥,访问服务器和客户端都派生用于认证和加密的瞬态会话安全密钥。 要更改瞬态会话安全密钥,访问服务器创建“活动”信息并将其发送给客户端。 新的主会话安全密钥来源于活动信息和当前的一组暂存会话安全密钥。 从这些新的主会话安全密钥导出新的临时会话安全密钥。 此过程限制使用一组瞬态会话安全密钥发送的数据量,从而限制任何统计攻击者的有效性。
-
-
-
-
-
-
-
-
-
搜索结果
22 条记录 (耗时 0.019 秒)
