公开(公告)号：US08929862B2

公开(公告)日：2015-01-06

申请号：US13178612

申请日：2011-07-08

申请人： George Popovich ,  Shanthi E. Thomas

发明人： George Popovich ,  Shanthi E. Thomas

IPC分类号： H04M1/66 ,  H04W12/06 ,  H04L29/06 ,  H04W60/00

CPC分类号： H04W12/06 ,  H04L63/08 ,  H04L63/0823 ,  H04L63/205 ,  H04W60/00

摘要： A method and apparatus for attaching a wireless device to a foreign wireless domain of a 3GPP communication system using an alternative authentication mechanism, wherein wireless device performs the method, which includes: sending a first attach request message to an infrastructure device in the foreign wireless domain; receiving an attach reject message from the infrastructure device upon an unsuccessful attempt to obtain authentication credentials for the wireless device from a home wireless domain of the wireless device using a standard 3GPP authentication mechanism; responsive to the attach reject message sending a second attach request message to the infrastructure device, wherein the second attach request message indicates an alternative authentication mechanism to the standard 3GPP authentication mechanism; and receiving an attach accept message from the infrastructure device when the wireless device is successfully authenticated using the alternative authentication mechanism.

摘要翻译： 一种使用替代认证机制将无线设备附加到3GPP通信系统的外部无线域的方法和装置，其中无线设备执行该方法，其包括：向外部无线域中的基础设施设备发送第一附加请求消息 ; 在使用标准3GPP认证机制从无线设备的归属无线域获得无线设备的认证凭证的尝试不成功时，从基础设施设备接收附着拒绝消息; 响应于所述附着拒绝消息向所述基础设施设备发送第二附加请求消息，其中所述第二附着请求消息指示对所述标准3GPP认证机制的替代认证机制; 以及当使用替代认证机制成功认证无线设备时，从基础设施设备接收附加接受消息。

公开(公告)号：US08724812B2

公开(公告)日：2014-05-13

申请号：US12983067

申请日：2010-12-31

申请人： Thomas J. Senese ,  Adam C. Lewis ,  Anthony R. Metke ,  George Popovich ,  Shanthi E. Thomas

发明人： Thomas J. Senese ,  Adam C. Lewis ,  Anthony R. Metke ,  George Popovich ,  Shanthi E. Thomas

IPC分类号： H04L9/08

CPC分类号： H04W12/04 ,  H04L63/045 ,  H04L63/061 ,  H04L63/0807 ,  H04L63/0823 ,  H04W12/06

摘要： Methods for establishing secure point-to-point communications in a trunked radio system include receiving, at a trunking controller, a request from a source endpoint for a traffic channel for confidential communications between the source endpoint and a destination endpoint using a shared unique first symmetric key. The trunking controller provides keying material related to the symmetric key over the secured control channel to at least one of the source or destination endpoints and assigns a traffic channel. Moreover, in response to the request, the controller assigns a traffic channel. The keying material enables the unique first symmetric key to be securely established between the source and destination endpoints.

摘要翻译： 用于在集群无线电系统中建立安全点对点通信的方法包括在中继控制器处，使用共享唯一的第一对称来在源端点和目的地端点之间接收来自源端点的业务信道的业务信道的请求 键。 中继控制器将与安全控制信道上的对称密钥相关的密钥材料提供给源端点或目的端点中的至少一个，并分配业务信道。 此外，响应于该请求，控制器分配业务信道。 密钥材料使得能够在源端点和目的端点之间安全地建立唯一的第一对称密钥。

公开(公告)号：US20140068251A1

公开(公告)日：2014-03-06

申请号：US13601214

申请日：2012-08-31

申请人： Ananth Ignaci ,  Erwin Himawan ,  Anthony R. Metke ,  Shanthi E. Thomas

发明人： Ananth Ignaci ,  Erwin Himawan ,  Anthony R. Metke ,  Shanthi E. Thomas

IPC分类号： H04L29/06

CPC分类号： H04L63/0823 ,  H04L9/006 ,  H04L9/3265

摘要： A method and device is provided for dynamically maintaining and updating public key infrastructure (PKI) certificate path data across remote trusted domains to enable relying parties to efficiently authenticate other nodes in an autonomous ad-hoc network. A certificate path management unit (CPMU) monitors a list of sources for an occurrence of a life cycle event capable of altering an existing PKI certificate path data. Upon determining that the life cycle event has occurred, the CPMU calculates a new PKI certificate path data to account for the occurrence of the life cycle event and provides the new PKI certificate path data to at least one of a relying party in a local domain or a remote CPMU in a remote domain.

摘要翻译： 提供了一种方法和设备，用于在远程可信域之间动态地维护和更新公共密钥基础设施（PKI）证书路径数据，以使依赖方有效地认证自治自组织网络中的其他节点。 证书路径管理单元（CPMU）监视能够改变现有PKI证书路径数据的生命周期事件发生的源的列表。 在确定生命周期事件已经发生时，CPMU计算新的PKI证书路径数据以考虑生命周期事件的发生，并将新的PKI证书路径数据提供给本地域中的依赖方中的至少一个或 远程域中的远程CPMU。

公开(公告)号：US08595484B2

公开(公告)日：2013-11-26

申请号：US12181694

申请日：2008-07-29

申请人： Shanthi E. Thomas ,  Erwin Himawan ,  Ananth Ignaci ,  Anthony R. Metke

发明人： Shanthi E. Thomas ,  Erwin Himawan ,  Ananth Ignaci ,  Anthony R. Metke

IPC分类号： H04L9/00

CPC分类号： H04L9/3268 ,  H04L9/007 ,  H04L9/3265 ,  H04L2209/80

摘要： A method and device for distributing public key infrastructure (PKI) certificate path data enables relying nodes to efficiently authenticate other nodes in an autonomous ad-hoc network. The method includes compiling, at a certificate path management unit (CPMU), the PKI certificate path data (step 405). One or more available certificate paths are then determined at the CPMU for at least one relying node (step 410). Next, the PKI certificate path data are distributed by transmitting a certificate path data message from the CPMU to the at least one relying node (step 415). The certificate path data message includes information identifying one or more trusted certification authorities associated with the one or more available certificate paths.

摘要翻译： 用于分发公共密钥基础设施（PKI）证书路径数据的方法和设备使得依赖节点有效地认证自治自组织网络中的其他节点。 该方法包括在证书路径管理单元（CPMU）下编译PKI证书路径数据（步骤405）。 然后在CPMU为至少一个依赖节点确定一个或多个可用证书路径（步骤410）。 接下来，通过从CPMU向至少一个依赖节点发送证书路径数据消息来分发PKI证书路径数据（步骤415）。 证书路径数据消息包括标识与一个或多个可用证书路径相关联的一个或多个可信证书颁发机构的信息。

公开(公告)号：US20130159703A1

公开(公告)日：2013-06-20

申请号：US13328334

申请日：2011-12-16

申请人： Erwin Himawan ,  Anthony R. Metke ,  Shanthi E. Thomas

发明人： Erwin Himawan ,  Anthony R. Metke ,  Shanthi E. Thomas

IPC分类号： H04L29/06

CPC分类号： H04L63/0823

摘要： A certificate issuer (210) can periodically request, receive, and store current server-based certificate validation protocol (SCVP) staples (225) for supported relying parties (205) from at least one server-based certificate validation protocol (SCVP) responder (215). The certificate issuer (210) can receive a contact initiation request (220) from one of the relying parties (205). Responsive to receiving the contact initiation request (220), the certificate issuer (210) can identify a current SCVP staple from the saved staples that is applicable to the relying party (205). The certificate issuer (210) can conveying a response to the contact initiation request (220) to the relying party (205). The response can comprise the identified SCVP staple and a public key infrastructure (PKI) certificate (230) of the certificate issuer. The SCVP staple can validate a certification path between the PKI certificate (230) and a different certificate trusted by the relying party (205).

公开(公告)号：US08438388B2

公开(公告)日：2013-05-07

申请号：US12059666

申请日：2008-03-31

申请人： Shanthi E. Thomas ,  Erwin Himawan ,  Ananth Ignaci ,  Anthony R. Metke

发明人： Shanthi E. Thomas ,  Erwin Himawan ,  Ananth Ignaci ,  Anthony R. Metke

IPC分类号： H04L9/32

CPC分类号： H04L9/3268 ,  H04L63/0823 ,  H04L2209/60 ,  H04L2209/80 ,  H04W12/06 ,  H04W84/18

摘要： A method and apparatus for distributing Certificate Revocation List (CRL) information in an ad hoc network are provided. Ad hoc nodes in an ad hoc network can each transmit one or more certificate revocation list advertisement message(s) (CRLAM(s)). Each CRLAM includes an issuer certification authority (CA) field that identifies a certification authority (CA) that issued a particular certificate revocation list (CRL), a certificate revocation list (CRL) sequence number field that specifies a number that specifies the version of the particular certificate revocation list (CRL) that was issued by the issuer certification authority (CA). Nodes that receive the CRLAMs can then use the CRL information provided in the CRLAM to determine whether to retrieve the particular certificate revocation list (CRL).

摘要翻译： 提供了一种在自组织网络中分发证书吊销列表（CRL）信息的方法和装置。 自组织网络中的自组织节点可以各自发送一个或多个证书撤销列表通告消息（一个或多个）。 每个CRLAM包括发行者证书颁发机构（CA）字段，用于标识颁发特定证书吊销列表（CRL）的证书颁发机构（CA），证书撤销列表（CRL）序列号字段，其指定指定版本的版本的证书颁发机构 特定证书撤销列表（CRL）由发行者证书颁发机构（CA）颁发。 接收CRLAM的节点可以使用CRLAM中提供的CRL信息来确定是否检索特定的证书吊销列表（CRL）。

公开(公告)号：US20110026714A1

公开(公告)日：2011-02-03

申请号：US12511731

申请日：2009-07-29

申请人： Shanthi E. Thomas ,  Michael W. Bright ,  Chris A. Kruegel ,  Anthony R. Metke ,  Scott J. Pappas ,  Thomas J. Senese

发明人： Shanthi E. Thomas ,  Michael W. Bright ,  Chris A. Kruegel ,  Anthony R. Metke ,  Scott J. Pappas ,  Thomas J. Senese

IPC分类号： H04L9/08 ,  H04L9/00

CPC分类号： H04L63/061 ,  G06F21/57 ,  G06F21/602 ,  G06F21/606 ,  H04L9/0822 ,  H04L9/0825 ,  H04L63/0428 ,  H04L2209/80 ,  H04L2463/062 ,  H04W12/04

摘要： A sending device generates a first and a second KMM, wherein the first KMM includes a first KEK and a KMM encryption key, and the second KMM includes a set of symmetric encryption keys. The sending device further encrypts the set of symmetric encryption keys using the first KEK; encrypts the first KEK and the KMM encryption key using a first public key of a receiving device; and encrypts the second KMM using the KMM encryption key to generate an encrypted second KMM before sending the first KMM and the encrypted second KMM to the receiving device. The receiving device decrypts the first KEK and the KMM encryption key using a first private key that corresponds to the first public key; and decrypts the encrypted second KMM using the KMM encryption key to obtain the encrypted set of symmetric keys.

摘要翻译： 发送设备生成第一和第二KMM，其中第一KMM包括第一KEK和KMM加密密钥，并且第二KMM包括一组对称加密密钥。 所述发送装置使用所述第一KEK进一步加密所述一组对称加密密钥; 使用接收设备的第一公钥加密第一KEK和KMM加密密钥; 并且使用KMM加密密钥对第二KMM进行加密，以在将第一KMM和加密的第二KMM发送到接收设备之前生成加密的第二KMM。 接收设备使用对应于第一公钥的第一私钥对第一KEK和KMM加密密钥进行解密; 并使用KMM加密密钥解密加密的第二KMM以获得加密的对称密钥集。

公开(公告)号：US20100031027A1

公开(公告)日：2010-02-04

申请号：US12181694

申请日：2008-07-29

申请人： Shanthi E. Thomas ,  Erwin Himawan ,  Ananth Ignaci ,  Anthony R. Metke

发明人： Shanthi E. Thomas ,  Erwin Himawan ,  Ananth Ignaci ,  Anthony R. Metke

IPC分类号： H04L9/00

CPC分类号： H04L9/3268 ,  H04L9/007 ,  H04L9/3265 ,  H04L2209/80

摘要： A method and device for distributing public key infrastructure (PKI) certificate path data enables relying nodes to efficiently authenticate other nodes in an autonomous ad-hoc network. The method includes compiling, at a certificate path management unit (CPMU), the PKI certificate path data (step 405). One or more available certificate paths are then determined at the CPMU for at least one relying node (step 410). Next, the PKI certificate path data are distributed by transmitting a certificate path data message from the CPMU to the at least one relying node (step 415). The certificate path data message includes information identifying one or more trusted certification authorities associated with the one or more available certificate paths.

摘要翻译： 用于分发公共密钥基础设施（PKI）证书路径数据的方法和设备使得依赖节点有效地认证自治自组织网络中的其他节点。 该方法包括在证书路径管理单元（CPMU）下编译PKI证书路径数据（步骤405）。 然后在CPMU为至少一个依赖节点确定一个或多个可用证书路径（步骤410）。 接下来，通过从CPMU向至少一个依赖节点发送证书路径数据消息来分发PKI证书路径数据（步骤415）。 证书路径数据消息包括标识与一个或多个可用证书路径相关联的一个或多个可信证书颁发机构的信息。

公开(公告)号：US20080043744A1

公开(公告)日：2008-02-21

申请号：US11462065

申请日：2006-08-03

申请人： Matthew C. Keller ,  Tyrone D. Bekiares ,  Donald G. Newberg ,  Shanthi E. Thomas

发明人： Matthew C. Keller ,  Tyrone D. Bekiares ,  Donald G. Newberg ,  Shanthi E. Thomas

IPC分类号： H04L12/56 ,  H04L12/28

CPC分类号： H04W72/005 ,  H04L65/1006 ,  H04L65/4038 ,  H04L65/4061

摘要： A method and system for establishing floor control in a communication session enables remote control of devices in a network and provides a status update concerning floor ownership. The method includes processing at a floor controller a floor request message received from a first endpoint, where the floor request message requests that floor ownership be provided to a second endpoint (step 305). A floor control announcement message is then transmitted from the floor controller to at least both the first endpoint and the second endpoint, where the floor control announcement message indicates that the second endpoint has floor ownership (step 315).

摘要翻译： 用于在通信会话中建立楼层控制的方法和系统能够远程控制网络中的设备，并提供有关楼层所有权的状态更新。 该方法包括在楼层控制器处处理从第一端点接收的楼层请求消息，其中楼层请求消息请求将楼层所有权提供给第二端点（步骤305）。 然后，楼层控制通知消息从楼层控制器发送到至少第一端点和第二端点两者，其中楼层控制通知消息指示第二端点具有楼层所有权（步骤315）。

公开(公告)号：US08806196B2

公开(公告)日：2014-08-12

申请号：US13289356

申请日：2011-11-04

申请人： Anthony R. Metke ,  Erwin Himawan ,  Shanthi E. Thomas

发明人： Anthony R. Metke ,  Erwin Himawan ,  Shanthi E. Thomas

IPC分类号： H04L29/06 ,  H04L9/32 ,  G06F21/33

CPC分类号： H04L9/3268 ,  G06F21/33 ,  H04L9/006 ,  H04L63/0823

摘要： A relying party obtains a certificate of a certificate subject and acquires a status information object for the certificate. The relying party validates the certificate using information in the status information object and compares authorization attributes present in the status information object with policy attributes associated with the requested service. A policy attribute is a set of constraints used by the relying party to determine if the authorization attributes associated with the certificate subject are sufficient to allow the certificate subject to access the requested service. If the authorization attributes present in the status information object match the policy attributes associated with the requested service, the relying party may grant the certificate subject access to the requested service.

摘要翻译： 依赖方获得证书主体的证书，并获取证书的状态信息对象。 依赖方使用状态信息对象中的信息验证证书，并将状态信息对象中存在的授权属性与与请求的服务相关联的策略属性进行比较。 策略属性是依赖方使用的一组约束，用于确定与证书主体相关联的授权属性是否足以允许证书访问所请求的服务。 如果状态信息对象中存在的授权属性与所请求的服务相关联的策略属性相匹配，则依赖方可以授权对所请求服务的证书对象访问。