-
1.发明授权Method and system for automated and secure provisioning of service access credentials for on-line services to users of mobile communication terminals 有权用于为移动通信终端的用户提供在线服务的服务访问凭证的自动和安全提供的方法和系统公开(公告)号:US09015473B2
公开(公告)日:2015-04-21
申请号:US12085768
申请日:2005-11-30
申请人: Luciana Costa , Paolo De Lutiis , Federico Frosali
发明人: Luciana Costa , Paolo De Lutiis , Federico Frosali
CPC分类号: H04L63/0442 , H04L63/062 , H04L63/0823 , H04L63/10
摘要: In a communications network including at least one authentication entity adapted to authenticating a network access requestor in order to conditionally grant thereto access to the communications network, wherein the authenticating is based on public key cryptography, a method for automatically provisioning the network access requestor with service access credentials for accessing an on-line service offered by an on-line service provider accessible through the communications network. The method includes: during the authenticating the network access requestor, having an authentication entity request to the on-line service provider the generation of the service access credentials; at the on-line service provider, generating the service access credentials, encrypting the service access credentials by exploiting a public encryption key of the network access requestor and providing the encrypted service access credentials to the authentication entity; and having the authentication entity cause the network access requestor to be provided with the encrypted service access credentials.
摘要翻译: 在包括适于认证网络访问请求者的至少一个认证实体的通信网络中,以有条件地向其通知对通信网络的访问,其中所述认证是基于公开密钥密码术的方法,用于使用服务自动地配置网络接入请求者的方法 用于访问通过通信网络访问的在线服务提供商提供的在线服务的访问凭证。 该方法包括:在认证网络接入请求者期间,向在线服务提供商发送认证实体请求产生业务接入证书; 在在线服务提供商处,生成服务访问凭证,通过利用网络访问请求者的公共加密密钥来加密服务访问凭证,并将加密的服务访问凭证提供给认证实体; 并且使认证实体使网络访问请求者被提供加密的服务访问凭证。
-
2.发明申请Method and System for Automated and Secure Provisioning of Service Access Credentials for On-Line Services to Users of Mobile Communication Terminals 有权为移动通信终端的用户提供在线服务的服务访问凭证的自动和安全配置的方法和系统公开(公告)号:US20090158032A1
公开(公告)日:2009-06-18
申请号:US12085768
申请日:2005-11-30
申请人: Luciana Costa , Paolo De Lutiis , Federico Frosali
发明人: Luciana Costa , Paolo De Lutiis , Federico Frosali
CPC分类号: H04L63/0442 , H04L63/062 , H04L63/0823 , H04L63/10
摘要: In a communications network including at least one authentication entity adapted to authenticating a network access requestor in order to conditionally grant thereto access to the communications network, wherein the authenticating is based on public key cryptography, a method for automatically provisioning the network access requestor with service access credentials for accessing an on-line service offered by an on-line service provider accessible through the communications network. The method includes: during the authenticating the network access requestor, having an authentication entity request to the on-line service provider the generation of the service access credentials; at the on-line service provider, generating the service access credentials, encrypting the service access credentials by exploiting a public encryption key of the network access requestor and providing the encrypted service access credentials to the authentication entity; and having the authentication entity cause the network access requestor to be provided with the encrypted service access credentials.
摘要翻译: 在包括适于认证网络访问请求者的至少一个认证实体的通信网络中,以有条件地向其通知对通信网络的访问,其中所述认证是基于公开密钥密码术的方法,用于使用服务自动地配置网络接入请求者的方法 用于访问通过通信网络访问的在线服务提供商提供的在线服务的访问凭证。 该方法包括:在认证网络接入请求者期间,向在线服务提供商发送认证实体请求产生业务接入证书; 在在线服务提供商处,生成服务访问凭证,通过利用网络访问请求者的公共加密密钥来加密服务访问凭证,并将加密的服务访问凭证提供给认证实体; 并且使认证实体使网络访问请求者被提供加密的服务访问凭证。
-
3.发明申请METHOD FOR LOCALIZING AN OPTICAL TERMINATION DEVICE IN A PASSIVE OPTICAL NETWORK 有权在被动光网络中定位光终端设备的方法公开(公告)号:US20110262139A1
公开(公告)日:2011-10-27
申请号:US13142726
申请日:2008-12-29
申请人: Luciana Costa , Roberta D'Amico , Paolo De Lutiis , Luca Viale
发明人: Luciana Costa , Roberta D'Amico , Paolo De Lutiis , Luca Viale
IPC分类号: H04J14/00
CPC分类号: H04Q11/0067 , H04L12/2898 , H04Q2011/0079 , H04Q2011/009
摘要: A method for localizing an optical network termination (ONT) of a passive optical network is disclosed. The passive optical network comprises an optical line terminal (OLT) and an optical distribution network (ODN) having a plurality of optical links. The ONT is connectable to the OLT by a given optical link of the optical distribution network. The method includes the steps of detecting that the ONT has been connected to the OLT by an optical link of the optical distribution network; determining length information indicative of a length of the optical link; comparing the length information with a reference length information indicative of a length of the given optical link; and if the length information matches the reference length information, localizing the ONT by confirming that it is connected to the OLT by the given optical link.
摘要翻译: 公开了一种用于定位无源光网络的光网络终端(ONT)的方法。 无源光网络包括具有多个光链路的光线路终端(OLT)和光分配网络(ODN)。 ONT可以通过光分配网络的给定光链路连接到OLT。 该方法包括以下步骤:通过光分配网络的光链路检测ONT已经连接到OLT; 确定指示所述光链路的长度的长度信息; 将长度信息与指示给定光链路的长度的参考长度信息进行比较; 并且如果长度信息与参考长度信息匹配,则通过确定通过给定的光学链路连接到OLT来定位ONT。
-
公开(公告)号:US20110214160A1
公开(公告)日:2011-09-01
申请号:US13127404
申请日:2008-11-03
申请人: Luciana Costa , Roberta D'Amico , Paolo De Lutiis , Manuel Leone , Maurizio Valvo , Paolo Solina
发明人: Luciana Costa , Roberta D'Amico , Paolo De Lutiis , Manuel Leone , Maurizio Valvo , Paolo Solina
IPC分类号: G06F21/00
CPC分类号: H04L63/0869 , H04L63/06 , H04Q11/0067 , H04Q2011/0088
摘要: A method for security in a passive optical network is disclosed. The method includes, at an optical line termination (OLT): detecting an optical termination device and establishing a connection with the device; generating a first authentication message including a first random number; and transmitting the first authentication message through the established connection. At the optical termination device, the method may include: receiving the first authentication message; calculating a first authentication code by using the first random number and a secret code stored at the device; and generating and transmitting to the OLT a second authentication message including the first authentication code. The method may further include, at the OLT: receiving the second authentication message; calculating a second authentication code by using the first random number and a secret code stored at the OLT; and authenticating the optical termination device if the first authentication code matches the second authentication code.
摘要翻译: 公开了一种无源光网络中的安全性方法。 该方法包括:在光线路终端(OLT)处:检测光终端设备并建立与设备的连接; 生成包括第一随机数的第一认证消息; 以及通过建立的连接发送第一认证消息。 在光学终端装置中,该方法可以包括:接收第一认证消息; 通过使用存储在设备中的第一随机数和密码来计算第一认证码; 以及向所述OLT生成并发送包括所述第一认证码的第二认证消息。 该方法还可以包括:在OLT处:接收第二认证消息; 通过使用存储在OLT处的第一随机数和秘密码来计算第二认证码; 以及如果所述第一认证码与所述第二认证码匹配,则认证所述光学终端设备。
-
公开(公告)号:US08490159B2
公开(公告)日:2013-07-16
申请号:US13127404
申请日:2008-11-03
申请人: Luciana Costa , Roberta D'Amico , Paolo De Lutiis , Manuel Leone , Maurizio Valvo , Paolo Solina
发明人: Luciana Costa , Roberta D'Amico , Paolo De Lutiis , Manuel Leone , Maurizio Valvo , Paolo Solina
IPC分类号: G06F21/00
CPC分类号: H04L63/0869 , H04L63/06 , H04Q11/0067 , H04Q2011/0088
摘要: A method for security in a passive optical network is disclosed. The method includes, at an optical line termination (OLT): detecting an optical termination device and establishing a connection with the device; generating a first authentication message including a first random number; and transmitting the first authentication message through the established connection. At the optical termination device, the method may include: receiving the first authentication message; calculating a first authentication code by using the first random number and a secret code stored at the device; and generating and transmitting to the OLT a second authentication message including the first authentication code. The method may further include, at the OLT: receiving the second authentication message; calculating a second authentication code by using the first random number and a secret code stored at the OLT; and authenticating the optical termination device if the first authentication code matches the second authentication code.
摘要翻译: 公开了一种无源光网络中的安全性方法。 该方法包括:在光线路终端(OLT)处:检测光终端设备并建立与设备的连接; 生成包括第一随机数的第一认证消息; 以及通过建立的连接发送第一认证消息。 在光学终端装置中,该方法可以包括:接收第一认证消息; 通过使用存储在设备中的第一随机数和密码来计算第一认证码; 以及向所述OLT生成并发送包括所述第一认证码的第二认证消息。 该方法还可以包括:在OLT处:接收第二认证消息; 通过使用存储在OLT处的第一随机数和秘密码来计算第二认证码; 以及如果所述第一认证码与所述第二认证码匹配,则认证所述光学终端设备。
-
6.发明授权Method for localizing an optical termination device in a passive optical network 有权用于在无源光网络中定位光终端设备的方法公开(公告)号:US08145057B2
公开(公告)日:2012-03-27
申请号:US13142726
申请日:2008-12-29
申请人: Luciana Costa , Roberta D'Amico , Paolo De Lutiis , Luca Viale
发明人: Luciana Costa , Roberta D'Amico , Paolo De Lutiis , Luca Viale
CPC分类号: H04Q11/0067 , H04L12/2898 , H04Q2011/0079 , H04Q2011/009
摘要: A method for localizing an optical network termination (ONT) of a passive optical network is disclosed. The passive optical network comprises an optical line terminal (OLT) and an optical distribution network (ODN) having a plurality of optical links. The ONT is connectable to the OLT by a given optical link of the optical distribution network. The method includes the steps of detecting that the ONT has been connected to the OLT by an optical link of the optical distribution network; determining length information indicative of a length of the optical link; comparing the length information with a reference length information indicative of a length of the given optical link; and if the length information matches the reference length information, localizing the ONT by confirming that it is connected to the OLT by the given optical link.
摘要翻译: 公开了一种用于定位无源光网络的光网络终端(ONT)的方法。 无源光网络包括具有多个光链路的光线路终端(OLT)和光分配网络(ODN)。 ONT可以通过光分配网络的给定光链路连接到OLT。 该方法包括以下步骤:通过光分配网络的光链路检测ONT已经连接到OLT; 确定指示所述光链路的长度的长度信息; 将长度信息与指示给定光链路的长度的参考长度信息进行比较; 并且如果长度信息与参考长度信息匹配,则通过确定通过给定的光学链路连接到OLT来定位ONT。
-
7.发明申请METHOD AND APPRATUS TO CONTROL APPLICATION MESSAGES BETWEEN CLIENT AND A SERVER HAVING A PRIVATE NETWORK ADDRESS 有权控制客户与具有私有网络地址的服务器之间的应用程序信息的方法和设备公开(公告)号:US20110019547A1
公开(公告)日:2011-01-27
申请号:US12448646
申请日:2006-12-28
申请人: Paolo De Lutiis , Luca Viale , Vito Pistillo
发明人: Paolo De Lutiis , Luca Viale , Vito Pistillo
IPC分类号: H04L12/26
CPC分类号: H04L29/125 , H04L29/12207 , H04L61/20 , H04L61/2564 , H04L63/1416 , H04L63/1458
摘要: A method to control communication traffic in a communication network. The traffic includes application-level messages between a client and a server having a private network address. The method includes the steps of: sending by the client a request message requesting a service to the server using a first public network address associated with the server; processing the request message at an intermediate logic unit logically positioned between the client and the server; and receiving an alert signal at the intermediate unit. Upon receipt of said alert signal, the method provides for: mapping the private network address of the server to a second public network address associated with the server; and instructing the client to send the request message to the second public network address of the server, routing to the server only request messages directed to the second public network address.
摘要翻译: 一种控制通信网络中的通信流量的方法。 流量包括客户端和具有私有网络地址的服务器之间的应用级消息。 该方法包括以下步骤:使用与该服务器相关联的第一公网地址向客户端发送请求服务的请求消息; 在逻辑上位于客户端和服务器之间的中间逻辑单元处理请求消息; 以及在中间单元处接收警报信号。 在接收到所述警报信号时,该方法提供:将服务器的专用网络地址映射到与服务器相关联的第二公共网络地址; 并且指示客户端将请求消息发送到服务器的第二公网地址,到服务器的路由仅请求指向第二公网地址的消息。
-
8.发明申请Method and System For Transparently Authenticating a Mobile User to Access Web Services 有权用于透明地认证移动用户访问Web服务的方法和系统公开(公告)号:US20080127320A1
公开(公告)日:2008-05-29
申请号:US11666125
申请日:2005-09-30
IPC分类号: H04L9/32
CPC分类号: H04L61/2007 , H04L29/12216 , H04L29/12311 , H04L61/2084 , H04L63/0407 , H04L63/0815 , H04W4/18 , H04W8/26 , H04W12/00 , H04W12/02 , H04W12/06 , H04W74/00 , H04W88/06 , H04W88/16
摘要: A system and method for authenticating a subscriber of a first network to access application services through a second network, wherein the second network is a packet data network. The system includes a mobile station connected to a cellular network and apt to generate access-request messages enclosed in data packets, the access-request messages being expressed with a syntax that complies with an application-level protocol; an allocation server apt to allocate an address in the second network to the subscriber and to provide a mapping between the subscriber's address and a first subscriber's identifier; a gateway which interfaces the first network to the second network and assigns the subscriber's address to the mobile station; a service token injector linked with the gateway and apt to intercept the data packets generated from the endpoint station and directed to the second network through the gateway and to capture in the data packet at least the subscriber's address, and an identity authority logical entity linked with the service token injector.
摘要翻译: 一种用于认证第一网络的订户以通过第二网络访问应用服务的系统和方法,其中所述第二网络是分组数据网络。 该系统包括连接到蜂窝网络并且易于产生包围在数据分组中的接入请求消息的移动台,所述接入请求消息用符合应用级协议的语法表示; 分配服务器,其适于向所述用户分配所述第二网络中的地址,并且提供所述用户的地址和所述第一订户的标识符之间的映射; 将第一网络与第二网络接口并将用户地址分配给移动站的网关; 与网关链接并且易于拦截从端点站产生的数据分组并通过网关引导到第二网络并且至少在用户地址中捕获数据分组的服务令牌注入器,以及与数据分组链接的身份授权逻辑实体 服务令牌注入器。
-
9.发明授权Method and system for transparently authenticating a mobile user to access web services 有权用于透明地认证移动用户访问Web服务的方法和系统公开(公告)号:US07954141B2
公开(公告)日:2011-05-31
申请号:US11666125
申请日:2005-09-30
CPC分类号: H04L61/2007 , H04L29/12216 , H04L29/12311 , H04L61/2084 , H04L63/0407 , H04L63/0815 , H04W4/18 , H04W8/26 , H04W12/00 , H04W12/02 , H04W12/06 , H04W74/00 , H04W88/06 , H04W88/16
摘要: A system and method for authenticating a subscriber of a first network to access application services through a second network, wherein the second network is a packet data network. The system includes a mobile station connected to a cellular network and apt to generate access-request messages enclosed in data packets, the access-request messages being expressed with a syntax that complies with an application-level protocol; an allocation server apt to allocate an address in the second network to the subscriber and to provide a mapping between the subscriber's address and a first subscriber's identifier; a gateway which interfaces the first network to the second network and assigns the subscriber's address to the mobile station; a service token injector linked with the gateway and apt to intercept the data packets generated from the endpoint station and directed to the second network through the gateway and to capture in the data packet at least the subscriber's address, and an identity authority logical entity linked with the service token injector.
摘要翻译: 一种用于认证第一网络的订户以通过第二网络访问应用服务的系统和方法,其中所述第二网络是分组数据网络。 该系统包括连接到蜂窝网络并且易于产生包围在数据分组中的接入请求消息的移动台,所述接入请求消息用符合应用级协议的语法表示; 分配服务器,其适于向所述用户分配所述第二网络中的地址,并且提供所述用户的地址和所述第一订户的标识符之间的映射; 将第一网络与第二网络接口并将用户地址分配给移动站的网关; 与网关链接并且易于拦截从端点站产生的数据分组并通过网关引导到第二网络并且至少在用户地址中捕获数据分组的服务令牌注入器,以及与数据分组链接的身份授权逻辑实体 服务令牌注入器。
-
公开(公告)号:US08356350B2
公开(公告)日:2013-01-15
申请号:US11791719
申请日:2004-11-29
CPC分类号: H04L63/1408 , H04L63/1458
摘要: For managing denial of service situations at an application level in a communications network receiving message data, the message data are monitored in a sensor that sends an event message when detecting an alarm condition; a control logic detects a first analysis to be performed associated with the received event message and generates a request; an analysis module receives the request of analysis, performs the analysis and sends a result message; the control logic receives the result message and detects an action to be taken associated with the result message, the action being a countermeasure or a further analysis. For determining the analysis to be performed and the action to be taken, the control logic browses rules stored in a memory, each rule including a conditional clause and an associated action to be taken.
摘要翻译: 为了在接收消息数据的通信网络中的应用级管理拒绝服务情况,在检测到报警条件时发送事件消息的传感器中监视消息数据; 控制逻辑检测要与所接收的事件消息相关联地执行的第一分析并产生请求; 分析模块接收分析请求,执行分析并发送结果消息; 控制逻辑接收结果消息并检测与结果消息相关联的动作,该动作是对策或进一步的分析。 为了确定要执行的分析和要执行的操作,控制逻辑浏览存储在存储器中的规则,每个规则包括条件子句和要采取的相关联的动作。
-
-
-
-
-
-
-
-
-
搜索结果
20 条记录 (耗时 0.032 秒)
