-
公开(公告)号:US20090150665A1
公开(公告)日:2009-06-11
申请号:US12327598
申请日:2008-12-03
申请人: John Kaippallimalil , Yun Pu , Ruobin Zheng
发明人: John Kaippallimalil , Yun Pu , Ruobin Zheng
CPC分类号: H04L63/062 , H04L9/0847 , H04L63/08 , H04L63/0884 , H04L2209/80
摘要: An apparatus comprising a supplicant proxy port authorization entity (PAE) configured to communicate with a user equipment (UE) and a network, wherein the supplicant proxy PAE causes a communication path to forward or block communications between the UE and the network. Included is a network component comprising at least one processor configured to implement a method comprising authenticating a UE with a network using an Institute of Electrical and Electronics Engineers (IEEE) 802.1X protocol, and exchanging a secure key with the UE using an IEEE 802.1 AF protocol. Also included is a method comprising authenticating a user UE configured for a first authentication protocol with a network configured for a second authentication protocol using a port entity configured for the first authentication protocol and the second authentication protocol, and securing the UE's access to the network by completing a security key agreement using the first authentication protocol.
摘要翻译: 一种装置,包括被配置为与用户设备(UE)和网络通信的请求者代理端口授权实体(PAE),其中所述请求者代理PAE使通信路径转发或阻止所述UE与所述网络之间的通信。 包括的网络组件包括至少一个处理器,其被配置为实现包括使用电气和电子工程师协会(IEEE)802.1X协议使用网络来认证UE的方法,以及使用IEEE802.1FX与UE交换安全密钥 协议。 还包括一种方法,包括:使用为第一认证协议和第二认证协议配置的端口实体,认证配置为第一认证协议的用户UE与配置为第二认证协议的网络,以及通过以下方式保护UE对网络的访问: 使用第一认证协议完成安全密钥协议。
-
2.发明申请Apparatus and Method of Flow Movement for Network-Based Mobility Management Protocol 有权基于网络的移动性管理协议的流动运动的装置和方法公开(公告)号:US20100202427A1
公开(公告)日:2010-08-12
申请号:US12702087
申请日:2010-02-08
IPC分类号: H04W8/02
CPC分类号: H04W36/12 , H04W8/08 , H04W36/0011 , H04W80/04
摘要: An apparatus comprising a local mobility anchor (LMA) configured to forward a flow to a mobile node (MN) via a first mobile access gateway (MAG) in a first network and via a second MAG in a second network, and to bind the flow to the second MAG from the first MAG, wherein the first MAG is configured to manage the MN mobility in the first network and the second MAG is configured to manage the MN mobility in the second network, wherein the first MAG sends a binding update comprising a flow description information to the LMA, and wherein the LMA replies to the binding update with a binding acknowledgement.
摘要翻译: 一种包括本地移动锚(LMA)的装置,其被配置为经由第一网络中的第一移动接入网关(MAG)并且经由第二网络中的第二MAG将流转发到移动节点(MN),并且将流 到第一MAG的第二MAG,其中第一MAG被配置为管理第一网络中的MN移动性,并且第二MAG被配置为管理第二网络中的MN移动性,其中第一MAG发送绑定更新,其包括 流描述信息到LMA,并且其中LMA用绑定确认回复绑定更新。
-
公开(公告)号:US20090055898A1
公开(公告)日:2009-02-26
申请号:US12192486
申请日:2008-08-15
申请人: John Kaippallimalil
发明人: John Kaippallimalil
IPC分类号: H04L9/32
CPC分类号: H04L63/162 , H04L63/164 , H04W12/06
摘要: A network component comprising at least one processor configured to implement a method comprising deriving a Master Session Key (MSK) using a secret key and at least one parameter obtained from an Extensible Authentication Protocol (EAP) sequence, deriving a first Pairwise Master Key (PMK) and a second PMK from the MSK, authenticating with a home gateway (HG) using the first PMK, and authenticating with an end point using the second PMK. Included is an apparatus comprising a node comprising an access controller (AC) and a protocol for carrying authentication for network access (PANA) Authentication Agent (PAA), wherein the AC is configured to manage authentication for a UE, and wherein the PAA is configured to implement a PANA to forward authentication information related to the UE.
摘要翻译: 一种网络组件,包括至少一个处理器,其被配置为实现包括使用秘密密钥导出主会话密钥(MSK)和从可扩展认证协议(EAP)序列获得的至少一个参数,导出第一成对主密钥(PMK) )和来自MSK的第二PMK,使用第一PMK与家庭网关(HG)进行认证,并且使用第二PMK用终点进行认证。 包括一种装置,包括包括访问控制器(AC)和用于承载网络访问(PANA)认证代理(PAA)的认证的协议的节点,其中AC被配置为管理针对UE的认证,并且其中配置PAA 实现PANA转发与UE相关的认证信息。
-
公开(公告)号:US20090054037A1
公开(公告)日:2009-02-26
申请号:US12192488
申请日:2008-08-15
申请人: John Kaippallimalil
发明人: John Kaippallimalil
CPC分类号: H04L63/08 , H04L63/162
摘要: An apparatus comprising a node comprising an access controller (AC) and an authentication, authorization and accounting (AAA) proxy (AAA-P), wherein the AC is configured to manage authentication for a user equipment (UE), and wherein the AAA-P is configured to exchange authentication information related to the UE with an AAA server. Included is a network component comprising at least one processor configured to implement a method comprising establishing a first tunnel with a home gateway (HG), wherein the HG communicates wirelessly with a UE, and establishing a second tunnel between the UE and a Network Access Server (NAS). Also included is a network component comprising at least one processor configured to implement a method comprising receiving a Pairwise Master Key (PMK) from an AAA mediator (AAA-M), and authenticating a UE using the PMK.
摘要翻译: 一种装置,包括包括访问控制器(AC)和认证,授权和计费(AAA)代理(AAA-P)的节点,其中所述AC被配置为管理用户设备(UE)的认证,并且其中所述AAA- P被配置为与AAA服务器交换与UE相关的认证信息。 包括的网络组件包括至少一个处理器,其被配置为实现包括与家庭网关(HG)建立第一隧道的方法,其中HG与UE进行无线通信,并且在UE与网络接入服务器之间建立第二隧道 (NAS)。 还包括网络组件,其包括至少一个处理器,其被配置为实现包括从AAA中介器(AAA-M)接收成对主密钥(PMK)并且使用PMK认证UE的方法。
-
公开(公告)号:US20070258455A1
公开(公告)日:2007-11-08
申请号:US11745881
申请日:2007-05-08
申请人: John Kaippallimalil
发明人: John Kaippallimalil
IPC分类号: H04L12/56
CPC分类号: H04L12/18 , H04L29/06027 , H04L65/1006 , H04L65/4076
摘要: A method of multicast access control in an IP multicast system is disclosed. The method provides a distributed architecture separating a session control in a service stratum from an access control in a transport stratum.
摘要翻译: 公开了一种IP组播系统中组播接入控制的方法。 该方法提供了将服务层中的会话控制与传输层中的访问控制分离的分布式架构。
-
公开(公告)号:US20110173678A1
公开(公告)日:2011-07-14
申请号:US12200347
申请日:2008-08-28
申请人: John Kaippallimalil , Yangsong Xia
发明人: John Kaippallimalil , Yangsong Xia
CPC分类号: H04L63/18 , G06F21/31 , G06F2221/2105 , G06F2221/2129 , G06F2221/2141 , G06F2221/2149 , H04L41/0896 , H04L63/0272 , H04L63/0876 , H04L63/102 , H04L63/105 , H04L63/162 , H04W12/06 , H04W12/08
摘要: A network component comprising at least one processor configured to implement a method comprising granting a user restricted access at a reduced rate without authenticating the user, attempting to authenticate the user, and granting the user unrestricted access at a full rate if the user authentication is successful. Included is a method comprising authenticating a user device, a user line, or both using a first communication, and authenticating a user using a second communication separate from the first communication. Also included is an apparatus comprising an access node (AN) configured to couple to an access network and communicate with a user equipment (UE) via the access network, wherein the UE is authenticated using either line authentication or device authentication based on the access network.
摘要翻译: 一种网络组件,包括至少一个处理器,所述至少一个处理器被配置为实现一种方法,所述方法包括以不降低的速率授权用户限制的访问,而不验证所述用户,尝试对所述用户进行认证,以及如果所述用户认证成功则授予所述用户全速率的无限制访问 。 包括的方法包括使用第一通信认证用户设备,用户线路或二者,以及使用与第一通信分离的第二通信来认证用户。 还包括一种装置,包括被配置为耦合到接入网络并且经由接入网络与用户设备(UE)进行通信的接入节点(AN),其中使用基于接入网络的线路认证或设备认证对所述UE进行认证 。
-
公开(公告)号:US08509440B2
公开(公告)日:2013-08-13
申请号:US12192486
申请日:2008-08-15
申请人: John Kaippallimalil
发明人: John Kaippallimalil
IPC分类号: H04K1/00
CPC分类号: H04L63/162 , H04L63/164 , H04W12/06
摘要: A network component comprising at least one processor configured to implement a method comprising deriving a Master Session Key (MSK) using a secret key and at least one parameter obtained from an Extensible Authentication Protocol (EAP) sequence, deriving a first Pairwise Master Key (PMK) and a second PMK from the MSK, authenticating with a home gateway (HG) using the first PMK, and authenticating with an end point using the second PMK. Included is an apparatus comprising a node comprising an access controller (AC) and a protocol for carrying authentication for network access (PANA) Authentication Agent (PAA), wherein the AC is configured to manage authentication for a UE, and wherein the PAA is configured to implement a PANA to forward authentication information related to the UE.
摘要翻译: 一种网络组件,包括至少一个处理器,其被配置为实现包括使用秘密密钥导出主会话密钥(MSK)和从可扩展认证协议(EAP)序列获得的至少一个参数,导出第一成对主密钥(PMK) )和来自MSK的第二PMK,使用第一PMK与家庭网关(HG)进行认证,并且使用第二PMK用终点进行认证。 包括一种装置,包括包括访问控制器(AC)和用于承载网络访问(PANA)认证代理(PAA)的认证的协议的节点,其中AC被配置为管理针对UE的认证,并且其中配置PAA 实现PANA转发与UE相关的认证信息。
-
8.发明申请Internet Protocol Version Six (IPv6) Addressing and Packet Filtering in Broadband Networks 有权互联网协议第六版(IPv6)宽带网络中的寻址和包过滤公开(公告)号:US20090285215A1
公开(公告)日:2009-11-19
申请号:US12415740
申请日:2009-03-31
申请人: John Kaippallimalil , Yangsong Xia
发明人: John Kaippallimalil , Yangsong Xia
IPC分类号: H04L12/56
CPC分类号: H04L29/12933 , H04L29/12028 , H04L29/12915 , H04L61/103 , H04L61/2015 , H04L61/6059 , H04L61/6068 , H04L63/08
摘要: A method comprising sending a dynamic host configuration protocol (DHCP) message comprising an Identity Association for Prefix Delegation (IA_PD) Prefix option comprising a Internet Protocol version 6 (IPv6) prefix and a length of the IPv6 prefix to a device having a media access control (MAC) address, receiving from the device a packet comprising a source MAC address and a source IPv6 address, and dropping the packet when the MAC address is equal to the source MAC address and the leftmost bits of the source IPv6 address defined by the length are not equal to the IPv6 prefix.
摘要翻译: 一种方法,包括发送动态主机配置协议(DHCP)消息,所述动态主机配置协议(DHCP)消息包括用于前缀委派的身份关联(IA_PD)前缀选项,其包括因特网协议版本6(IPv6)前缀和所述IPv6前缀的长度到具有媒体访问控制的设备 (MAC)地址,从设备接收包括源MAC地址和源IPv6地址的分组,并且当MAC地址等于源MAC地址时,丢弃该分组,并且由源MAC地址定义的源IPv6地址的最左边比特 不等于IPv6前缀。
-
公开(公告)号:US20090210542A1
公开(公告)日:2009-08-20
申请号:US12199985
申请日:2008-08-28
申请人: Yangsong Xia , John Kaippallimalil
发明人: Yangsong Xia , John Kaippallimalil
IPC分类号: G06F15/16
CPC分类号: H04L63/08 , H04L29/1283 , H04L61/2015 , H04L61/6018 , H04L63/0892 , H04L63/162
摘要: Methods and system for simplified Protocol for Carrying Authentication for Network Access (sPANA) are disclosed. In the broadband architecture such as Broadband forum or WiMAX forum, a Network Access server (NAS) is one IP hop away from a user. Therefore, it is possible to relax the need in PANA to obtain an IP address prior to authentication. A PANA client (PaC) may use an unspecified IP address (e.g. 0.0.0.0 in TPv4) as a source address for authentication. A PANA Authentication Agent (PAA) may use an IP broadcast address as a network layer destination address (e.g. oxffffffff). The present invention defines PANA Attribute-Value Pairs (AVPs) and procedures that allow a Challenge-Handshake Authentication Protocol (CHAP) exchange to occur in PANA. The PANA CHAP support may facilitate smooth migration from Point-to-Point Protocol (PPP) sessions to IP sessions in a DSL Broadband network environment. The sPANA can be desirably compatible with the PANA.
摘要翻译: 披露了用于进行网络访问认证的简化协议(sPANA)的方法和系统。 在诸如宽带论坛或WiMAX论坛的宽带架构中,网络接入服务器(NAS)是远离用户的一个IP跳。 因此,可以放松在PANA中的需要以在认证之前获得IP地址。 PANA客户端(PaC)可以使用未指定的IP地址(例如TPv4中的0.0.0.0)作为用于认证的源地址。 PANA认证代理(PAA)可以使用IP广播地址作为网络层目的地址(例如,oxffffffff)。 本发明定义了PANA属性值对(AVP)和允许在PANA中发生质询握手认证协议(CHAP)交换的过程。 PANA CHAP支持可以促进从点对点协议(PPP)会话到DSL宽带网络环境中的IP会话的平滑迁移。 sPANA可以理想地与PANA兼容。
-
10.发明申请公开(公告)号:US20080013556A1
公开(公告)日:2008-01-17
申请号:US11777896
申请日:2007-07-13
申请人: John Kaippallimalil
发明人: John Kaippallimalil
IPC分类号: H04L12/56
CPC分类号: H04W8/065 , H04W60/005 , H04W88/06
摘要: A system for link-independent multihoming in a network having heterogeneous access network technologies is disclosed, providing such multihoming in a manner transparent to IP connections. The system of the present invention provides constructs and methods for: discovering and selecting a multihoming server; selecting a primary media access control (MAC) address; associating multiple link addresses with a MAC address; and forwarding packets via the multihoming server based on certain defined policies.
摘要翻译: 公开了一种具有异构接入网技术的网络中与链路无关多宿主的系统,以IP连接透明的方式提供这样的多宿主机。 本发明的系统提供了用于发现和选择多宿主服务器的构造和方法; 选择主媒体访问控制(MAC)地址; 将多个链路地址与MAC地址相关联; 并且基于某些定义的策略经由多宿主服务器转发数据包。
-
-
-
-
-
-
-
-
-
搜索结果
23 条记录 (耗时 0.017 秒)
