公开(公告)号：US20070043940A1

公开(公告)日：2007-02-22

申请号：US11207801

申请日：2005-08-22

申请人： Christophe Gustave ,  Vinod Choyi ,  Mladen Gavrilovic

发明人： Christophe Gustave ,  Vinod Choyi ,  Mladen Gavrilovic

IPC分类号： H04L9/00

CPC分类号： H04L63/0272 ,  H04L63/0281 ,  H04L63/0464 ,  H04L63/0471 ,  H04L63/164 ,  H04W12/02

摘要： A method for enabling a mobile node to transmit encrypted data over a path including a wireless link and an untrusted link, while avoiding double encryption on any link. The data on the end-to-end path is encrypted using an application specific security mechanism, or an L2 mechanism is used for encrypting the data on the wireless link as mandated by the wireless standards, and an application specific security mechanism is used for encrypting the data on the untrusted link. By avoiding redundant double encryption, the method of the invention results in optimizing the use of network resources in bandwidth-limited wireless networks and increases the life of the mobile node battery.

摘要翻译： 一种使得移动节点能够在包括无线链路和不可信链路的路径上传送加密数据的方法，同时避免在任何链路上的双重加密。 端到端路径上的数据使用特定于应用的安全机制进行加密，或者根据无线标准规定使用L2机制来加密无线链路上的数据，并且使用特定于应用的安全机制进行加密 不可信链接上的数据。 通过避免冗余双重加密，本发明的方法导致优化在带宽受限的无线网络中的网络资源的使用，并且增加了移动节点电池的寿命。

公开(公告)号：US20090046839A1

公开(公告)日：2009-02-19

申请号：US11893325

申请日：2007-08-15

申请人： Stanley Taihai Chow ,  Vinod Choyi ,  Christophe Gustave ,  Dmitri Vinokurov

发明人： Stanley Taihai Chow ,  Vinod Choyi ,  Christophe Gustave ,  Dmitri Vinokurov

IPC分类号： H04M1/56

CPC分类号： H04L63/0823 ,  H04L63/12 ,  H04L65/1069 ,  H04M3/382 ,  H04M2203/6045 ,  H04W12/06

摘要： A method comprising a plurality of operations. An operation is provided for receiving an authentication certificate of a called party. Telephony apparatus of a party calling the called party performs receiving the authentication certificate. An operation is provided for facilitating authentication of the authentication certificate and called party identification information thereof in response to receiving the authentication certificate. An operation is provided for providing an authentication notification in response to facilitating the authentication of the authentication certificate and the called party identification information. The authentication notification indicates successful authentication in response to the authentication being successful and wherein the authentication notification indicates non-successful authentication in response to the authentication not being successful.

摘要翻译： 一种包括多个操作的方法。 提供用于接收被叫方的认证证书的操作。 呼叫被叫方的电话设备执行接收认证证书。 响应于接收到认证证书，提供了用于促进认证证书的认证和被叫方标识信息的操作。 提供了一种操作来提供认证通知以响应认证证书和被叫方识别信息的认证。 认证通知响应于认证成功而指示成功认证，并且其中认证通知响应于认证不成功而指示不成功认证。

公开(公告)号：US20100070761A1

公开(公告)日：2010-03-18

申请号：US12212368

申请日：2008-09-17

申请人： Christophe Gustave ,  Vinod Choyi ,  Shu-Lin Chen

发明人： Christophe Gustave ,  Vinod Choyi ,  Shu-Lin Chen

IPC分类号： H04L9/06

CPC分类号： H04L9/3247 ,  H04L9/3263 ,  H04L9/3297

摘要： A method is provided in a telecommunications network for authenticating a sender (10) of a message to a recipient of the message. The method includes: registering the sender (10) with a trusted certificate authority (CA) (20), the registering including providing the CA (20) with (i) identification information identifying the sender (10) and (ii) a public key (12) of the sender (10); creating an authentication certificate (30) including the sender's identification information and the sender's public key (12); signing the certificate (30) with a private key (28) of the CA (20); provisioning a message sending device (52) of the sender (10) with the certificate (30) that was signed with the private key (28) of the CA (20); provisioning a message receiving device (40) of the recipient with a public key (24) of the CA (20), the CA's public key (24) being a corresponding counterpart to the CA's private key (28); generating a signature with a private key (14) of the sender (10), the sender's private key (14) being a corresponding counterpart for the sender's public key (12); sending a message from sender's message sending device (52), the message including the certificate (30) and the signature; retrieving the message with the recipient's message receiving device (40); using the CA's public key (24) with which the recipient's receiving device (40) was provisioned to obtain the sender's public key (12) from the certificate (30) received in the retrieved message; and, using the sender's public key (12) obtained from the certificate (30) received in the retrieved message to verify the signature generated with the sender's private key (14).

摘要翻译： 在电信网络中提供了一种方法，用于向消息的接收方认证消息的发送者（10）。 该方法包括：向可信证书机构（CA）（20）注册发送者（10），该注册包括向CA（20）提供（i）识别发送者（10）的识别信息和（ii）公开密钥 （10）的（12）; 创建包括所述发送者的识别信息和所述发送者的公开密钥（12）的认证证书（30）; 用CA（20）的私钥（28）签署证书（30）; 用CA（20）的私钥（28）签名的证书（30）来设置发送者（10）的消息发送设备（52）; 通过所述CA（20）的公开密钥（24）提供所述接收者的消息接收设备（40），所述CA的公开密钥（24）是所述CA的私钥（28）的相应对应物; 使用所述发送者（10）的私钥（14）生成签名，所述发送者的私钥（14）是所述发送者的公开密钥（12）的对应的对应物; 从发送者的消息发送装置（52）发送消息，所述消息包括证书（30）和签名; 用接收者的消息接收装置（40）检索消息; 使用接收者的接收设备（40）提供的CA的公开密钥（24）从在所检索的消息中接收的证书（30）获得发送者的公开密钥（12）; 以及使用从所检索的消息中接收的证书（30）获得的发送者的公开密钥（12）来验证使用发送者的私钥（14）生成的签名。

公开(公告)号：US20060087999A1

公开(公告)日：2006-04-27

申请号：US10970137

申请日：2004-10-22

申请人： Christophe Gustave ,  Vinod Choyi ,  Frederic Gariador

发明人： Christophe Gustave ,  Vinod Choyi ,  Frederic Gariador

IPC分类号： H04Q7/00

CPC分类号： H04L63/0853 ,  H04L63/04 ,  H04L63/0869 ,  H04W12/06 ,  H04W76/14

摘要： Methods for authenticating peer mobile network nodes for establishing a secure peer-to-peer communications context in an ad-hoc network are presented. The methods include accessing wireless infrastructure network entities at low bandwidth and for a short time duration to obtain cryptographic information regarding a peer mobile network node for the purpose of establishing secure peer-to-peer communications therewith ad-hoc network. Having received cryptographic information regarding a peer mobile network node, the method further includes challenging the peer network node with a challenge phrase derived from the cryptographic information received, receiving a response, and establishing a secure communications context to the peer mobile network node based on the validity of the received response. Advantages are derived from addressing security threats encountered in provisioning ad-hoc networking, by leveraging wireless infrastructure network security architecture, exemplary deployed in UMTS/GSM infrastructure networks, enabling seamless mobile network node authentication through the existing UMTS and/or GSM authentication infrastructure, while pervasively communicating with peer mobile network nodes in an ad-hoc network.

摘要翻译： 提出了用于认证对等移动网络节点以在自组织网络中建立安全的对等通信上下文的方法。 这些方法包括以低带宽和短时间的时间访问无线基础设施网络实体以获得关于对等移动网络节点的加密信息，以便与其自组织网络建立安全的对等通信。 已经接收到关于对等移动网络节点的加密信息，该方法还包括利用从所接收的加密信息导出的挑战短语来挑战对等网络节点，接收响应，以及基于所述对等移动网络节点向对等移动网络节点建立安全通信上下文 接收到的响应的有效性。 优点来自于通过利用无线基础设施网络安全架构，部署在UMTS / GSM基础设施网络中的示例性部署，通过现有的UMTS和/或GSM认证基础设施实现无缝移动网络节点认证，从而解决了提供自组织网络中遇到的安全威胁，同时 与ad-hoc网络中的对等移动网络节点进行广泛的通信。

公开(公告)号：US20090025075A1

公开(公告)日：2009-01-22

申请号：US11879307

申请日：2007-07-17

申请人： Stanley Taihai Chow ,  Vinod Choyi ,  Christophe Gustave ,  Dmitri Vinokurov

发明人： Stanley Taihai Chow ,  Vinod Choyi ,  Christophe Gustave ,  Dmitri Vinokurov

IPC分类号： G06F7/04

CPC分类号： H04M7/123 ,  H04L63/0823 ,  H04M3/38 ,  H04M2203/6045

摘要： A method comprises a plurality of operations. An operation is performed for requesting authentication of a target call session party during a call session between the target party and a call session party requesting said authentication. An operation is performed for receiving authentication information of the target call session party during the call session in response to requesting said authentication. An operation is performed for facilitating authentication of said authentication information during the call session in response to receiving said authentication information.

摘要翻译： 一种方法包括多个操作。 在目标方和请求所述认证的呼叫会话方之间的呼叫会话期间执行用于请求对目标呼叫会话方的认证的操作。 响应于请求所述认证，执行在呼叫会话期间接收目标呼叫会话方的认证信息的操作。 响应于接收到所述认证信息，执行呼叫会话期间认证所述认证信息的操作。

公开(公告)号：US20060274643A1

公开(公告)日：2006-12-07

申请号：US11143620

申请日：2005-06-03

申请人： Vinod Choyi ,  Bertrand Marquet ,  Frederic Gariador

发明人： Vinod Choyi ,  Bertrand Marquet ,  Frederic Gariador

IPC分类号： H04J1/16 ,  H04L12/26

CPC分类号： H04L29/12009 ,  H04L9/3228 ,  H04L29/12783 ,  H04L61/35 ,  H04L63/1466 ,  H04L2209/80 ,  H04W8/26 ,  H04W12/12 ,  H04W48/20

摘要： Mechanisms and methods for providing a mobile/wireless device with protection against false access-point/base-station attacks using MAC address protection are presented. The mobile/wireless device known as mobile client (MC) gains access to wireless network by discovering and selectively associating with an access point (AP). The MAC addresses of both the AP and the MC are protected during all communications between the AP and MC during the discovery phase. This protection mitigates MAC address spoofing type attacks on both the AP and the MC.

摘要翻译： 提出了使用MAC地址保护为移动/无线设备提供防止虚假接入点/基站攻击的机制和方法。 称为移动客户端（MC）的移动/无线设备通过发现和选择性地与接入点（AP）关联来获得对无线网络的接入。 在发现阶段，在AP和MC之间的所有通信期间，AP和MC两者的MAC地址都受到保护。 这种保护可以减轻AP和MC两者的MAC地址欺骗类型攻击。

公开(公告)号：US20060083192A1

公开(公告)日：2006-04-20

申请号：US10957480

申请日：2004-10-01

申请人： Gabriela Dinescu ,  Kevin McNamee ,  Vinod Choyi

发明人： Gabriela Dinescu ,  Kevin McNamee ,  Vinod Choyi

IPC分类号： H04Q7/00

CPC分类号： H04W28/02 ,  H04L12/22 ,  H04L63/0263 ,  H04L63/102

摘要： Communication traffic control techniques are disclosed. Targeted communication traffic control may be established in accordance with traffic control rules generated at a mobile communication device which is operating within a service area of a traffic control system. Communication traffic destined for or originating at the mobile communication device is then permitted or blocked by the traffic control system based on the traffic control rules. When a mobile communication device moves from a communication system service area served by one traffic control system to a service area served by a new traffic control system, any traffic control rules currently in effect at the traffic control system are preferably transferred to the new traffic control system. In some embodiments, multiple traffic control rules are aggregated before being transferred to a traffic control system.

摘要翻译： 公开了通信业务控制技术。 可以根据在交通控制系统的服务区域内操作的移动通信设备处生成的业务控制规则来建立目标通信业务控制。 然后由流量控制系统基于流量控制规则允许或阻止目的地为移动通信设备发送或发起的通信业务。 当移动通信设备从由一个业务控制系统服务的通信系统服务区域移动到由新的业务控制系统服务的业务区域时，业务控制系统当前有效的业务控制规则优选地被传送到新的业务控制 系统。 在一些实施例中，多个业务控制规则在被传送到业务控制系统之前被聚合。

公开(公告)号：US20090006867A1

公开(公告)日：2009-01-01

申请号：US11819832

申请日：2007-06-29

申请人： Vinod Choyi ,  Dmitri Vinokurov

发明人： Vinod Choyi ,  Dmitri Vinokurov

IPC分类号： G06F12/14

CPC分类号： G06F21/88 ,  G06F2221/2143

摘要： A system, device and method for providing data availability for a portable communication device, including various combinations of the following steps: notifying an operator that the portable communication device is missing; triggering encryption of data on the portable communication device; sending a data retrieval command to the portable communication device; authenticating the data retrieval command; retrieving data from the portable communication device; identifying a portion of the data retrieved from the portable communication device that is confidential; encrypting the identified confidential data on the portable communication device; and erasing the identified confidential data from the portable communication device or recovering the portable communication device and decrypting the confidential data on the portable communication device.

摘要翻译： 一种用于为便携式通信设备提供数据可用性的系统，设备和方法，包括以下步骤的各种组合：通知操作者便携式通信设备丢失; 触发便携式通信设备上的数据加密; 向所述便携式通信设备发送数据检索命令; 验证数据检索命令; 从便携式通信设备检索数据; 识别从所述便携式通信设备检索到的保密的数据的一部分; 在所述便携式通信设备上加密所识别的机密数据; 并且从便携式通信设备中擦除所识别的机密数据，或者恢复便携式通信设备并解密便携式通信设备上的机密数据。

公开(公告)号：US07676838B2

公开(公告)日：2010-03-09

申请号：US10899251

申请日：2004-07-26

申请人： Vinod Choyi ,  Andrew Robison ,  Frederic Gariador

发明人： Vinod Choyi ,  Andrew Robison ,  Frederic Gariador

IPC分类号： G06F9/00

CPC分类号： H04L63/0236 ,  H04L63/0272 ,  H04L63/0428 ,  H04L63/164 ,  H04L63/20 ,  H04L67/14 ,  H04L69/329 ,  H04W12/02 ,  H04W80/04

摘要： Methods and systems for secure communications are provided. Secure end-to-end connections are established as separate multiple secure connections, illustratively between a first system and an intermediate system and between a second system and an intermediate system. The multiple secure connections may be bound, by binding Internet Protocol Security Protocol (IPSec) Security Associations (SAs) for the multiple connections, for example, to establish the end-to-end connection. In the event of a change in operating conditions which would normally require the entire secure connection to be re-established, only one of the multiple secure connections which form the end-to-end connection is re-established. Separation of end-to-end connections in this manner may reduce processing resource requirements and latency normally associated with re-establishing secure connections.

摘要翻译： 提供了安全通信的方法和系统。 安全的端对端连接被建立为单独的多个安全连接，示例性地在第一系统和中间系统之间以及在第二系统和中间系统之间。 可以通过绑定多个连接的因特网协议安全协议（IPSec）安全关联（SA）来绑定多个安全连接，例如建立端到端连接。 在通常需要重新建立整个安全连接的操作条件改变的情况下，重新建立形成端对端连接的多个安全连接中的一个。 以这种方式分离端到端连接可以减少通常与重新建立安全连接相关联的处理资源需求和延迟。

公开(公告)号：US20060245362A1

公开(公告)日：2006-11-02

申请号：US11327299

申请日：2006-01-06

申请人： Vinod Choyi

发明人： Vinod Choyi

IPC分类号： H04J3/14 ,  H04L12/56

CPC分类号： H04L63/0272 ,  H04L12/4633 ,  H04L12/4641 ,  H04L63/0209 ,  H04L63/029 ,  H04L63/0464 ,  H04L63/062 ,  H04L63/164 ,  H04W8/082 ,  H04W12/02 ,  H04W12/04 ,  H04W40/00 ,  H04W76/12 ,  H04W80/00 ,  H04W80/04

摘要： In accordance with at least one embodiment of the present invention, IP application traffic can be provided confidentiality to and from one or more mobile nodes (MNs) belonging to the same domain even when such MNs are remotely located. It is possible to provide, preferably at all times, a similar level of confidentiality and integrity in communications between MNs as is typically provided within a corporate environment (e.g., within a secured intranet). Secure and efficient communication is provided when one or more MNs is communicating via a connection that cannot be presumed to be inherently secure, for example, a connection to a public network such as the internet or a network outside of a secured intranet.

摘要翻译： 根据本发明的至少一个实施例，即使当这些MN远程定位时，也可以向属于同一域的一个或多个移动节点（MN）提供IP应用业务的机密性。 优选地，在所有时间内，可以提供在公共环境（例如，在安全的内联网内）通常提供的类似的MN之间的通信的机密性和完整性的级别。 当一个或多个MN通过不能被认为是固有安全的连接来进行通信时，提供安全和有效的通信，例如到诸如因特网的公共网络或者在安全的内联网之外的网络的连接。