公开(公告)号：US09071611B2

公开(公告)日：2015-06-30

申请号：US12932456

申请日：2011-02-23

申请人： Navindra Yadav ,  Atul Mahamuni ,  Azim Ozakil ,  Bora A. Akyol ,  Peirong Feng ,  Thomas J. Enderwick ,  Aji Joseph ,  Shashi Kumar ,  Sambasivam Valliappan

发明人： Navindra Yadav ,  Atul Mahamuni ,  Azim Ozakil ,  Bora A. Akyol ,  Peirong Feng ,  Thomas J. Enderwick ,  Aji Joseph ,  Shashi Kumar ,  Sambasivam Valliappan

IPC分类号： H04L29/06

CPC分类号： H04L63/102 ,  H04L63/0227 ,  H04L63/0236 ,  H04L63/0892

摘要： In one embodiment, a method includes receiving a communication from an endpoint device at a network access device located within a data path between the endpoint device and a network, identifying a network admission control policy for the endpoint device, enforcing at the network access device, the network admission control policy for traffic received from the endpoint device, and forwarding at the network access device, traffic from the endpoint device to the network in accordance with the network admission control policy. An apparatus is also disclosed.

摘要翻译： 在一个实施例中，一种方法包括：在位于端点设备和网络之间的数据路径内的网络接入设备处从端点设备接收通信，识别端点设备的网络接纳控制策略，在网络接入设备处执行， 根据网络接纳控制策略，从端点设备接收的流量的网络准入控制策略以及在网络接入设备处的转发，从端点设备到网络的业务。 还公开了一种装置。

公开(公告)号：US20120216239A1

公开(公告)日：2012-08-23

申请号：US12932456

申请日：2011-02-23

申请人： Navindra Yadav ,  Atul Mahamuni ,  Azim Ozakil ,  Bora A. Akyol ,  Peirong Feng ,  Thomas J. Enderwick ,  Aji Joseph ,  Shashi Kumar ,  Sambasivam Valliappan

发明人： Navindra Yadav ,  Atul Mahamuni ,  Azim Ozakil ,  Bora A. Akyol ,  Peirong Feng ,  Thomas J. Enderwick ,  Aji Joseph ,  Shashi Kumar ,  Sambasivam Valliappan

IPC分类号： G06F21/24 ,  G06F15/173

CPC分类号： H04L63/102 ,  H04L63/0227 ,  H04L63/0236 ,  H04L63/0892

摘要： In one embodiment, a method includes receiving a communication from an endpoint device at a network access device located within a data path between the endpoint device and a network, identifying a network admission control policy for the endpoint device, enforcing at the network access device, the network admission control policy for traffic received from the endpoint device, and forwarding at the network access device, traffic from the endpoint device to the network in accordance with the network admission control policy. An apparatus is also disclosed.

摘要翻译： 在一个实施例中，一种方法包括：在位于端点设备和网络之间的数据路径内的网络接入设备处从端点设备接收通信，识别端点设备的网络接纳控制策略，在网络接入设备处执行， 根据网络接纳控制策略，从端点设备接收的流量的网络准入控制策略以及在网络接入设备处的转发，从端点设备到网络的业务。 还公开了一种装置。

公开(公告)号：US20130054784A1

公开(公告)日：2013-02-28

申请号：US13219773

申请日：2011-08-29

申请人： Navindra Yadav ,  Atul Mahamuni

发明人： Navindra Yadav ,  Atul Mahamuni

IPC分类号： G06F15/173

CPC分类号： H04L43/0876 ,  H04L43/04 ,  H04L43/08 ,  H04L43/0829 ,  H04L43/0852 ,  H04L43/087 ,  H04L43/106 ,  H04L43/16 ,  H04L43/18

摘要： Techniques are provided to facilitate monitoring of utility application traffic streams. At a network device that routes utility application traffic for utility devices, control information is received, where the control information is configured to cause the network device to monitor utility application traffic that passes through the network device. The network device monitors a header inserted into utility application traffic messages based on the control information.

摘要翻译： 提供技术以便于监控公用应用业务流。 在用于实用设备路由实用程序应用程序流量的网络设备上，接收控制信息，其中控制信息被配置为使得网络设备监视通过网络设备的应用程序流量。 网络设备基于控制信息监视插入到应用程序业务消息中的报头。

公开(公告)号：US08806573B2

公开(公告)日：2014-08-12

申请号：US13206012

申请日：2011-08-09

申请人： Atul Mahamuni ,  Navindra Yadav ,  Jonathan Hui ,  Alec Woo ,  Wei Hong

发明人： Atul Mahamuni ,  Navindra Yadav ,  Jonathan Hui ,  Alec Woo ,  Wei Hong

IPC分类号： H04L9/32

CPC分类号： H04W12/06 ,  Y02D70/142 ,  Y02D70/144 ,  Y02D70/146 ,  Y02D70/22

摘要： Techniques are provided for the controlled scheduling of the authentication of devices in a lossy network, such as a mesh network. An authenticator device that is configured to authenticate devices in a lossy network receives an authentication start message from a particular device to be authenticated. The authenticator device determines a schedule for engaging in an authentication procedure for the particular device based on an indication of current network utilization.

摘要翻译： 提供技术用于有损网络（例如网状网络）中的设备的认证的受控调度。 被配置为对有损网络中的设备进行认证的认证设备从特定设备接收认证开始消息以进行认证。 认证器设备基于当前网络利用率的指示来确定用于参与特定设备的认证过程的调度。

公开(公告)号：US08990892B2

公开(公告)日：2015-03-24

申请号：US13176857

申请日：2011-07-06

申请人： Navindra Yadav ,  Atul Mahamuni ,  Jonathan Hui ,  Alec Woo

发明人： Navindra Yadav ,  Atul Mahamuni ,  Jonathan Hui ,  Alec Woo

IPC分类号： H04L29/06 ,  H04W12/06

CPC分类号： H04L63/0884 ,  H04W12/06

摘要： Techniques are provided for adaptive routing of authentication packets in a network, such as a wireless mesh network. At an authenticated device in the network, an authentication packet is received over the network from a device that is seeking authentication. The authentication packet is encapsulated for transmission in Layer 3 packets over an Internet Protocol (IP) tunnel to an authenticator device associated in the network. Similarly, for an authentication packet encapsulated in Layer 3 packets from the authenticator device over the IP tunnel, the authentication packet is decapsulated from the Layer 3 packets and transmitted over the network to the device seeking authentication.

摘要翻译： 提供技术用于网络中的认证分组的自适应路由选择，例如无线网状网络。 在网络中的认证设备上，通过网络从正在寻求认证的设备接收认证报文。 认证分组被封装以通过到网络中相关联的认证设备的因特网协议（IP）隧道在三层分组中传输。 类似地，对于通过IP隧道从认证设备封装在三层报文中的认证报文，认证报文从三层报文中解封装，并通过网络发送到寻求认证的设备。

公开(公告)号：US08959607B2

公开(公告)日：2015-02-17

申请号：US13196960

申请日：2011-08-03

申请人： Navindra Yadav ,  Atul Mahamuni ,  Jonathan Hui ,  Wei Hong ,  Alec Woo

发明人： Navindra Yadav ,  Atul Mahamuni ,  Jonathan Hui ,  Wei Hong ,  Alec Woo

IPC分类号： H04L9/32 ,  H04L9/08 ,  H04L29/06 ,  H04W12/04 ,  H04W12/06 ,  H04W84/18

CPC分类号： H04L9/0819 ,  H04L9/0827 ,  H04L9/0833 ,  H04L9/088 ,  H04L9/0891 ,  H04L9/14 ,  H04L9/321 ,  H04L9/3273 ,  H04L63/065 ,  H04L63/068 ,  H04L63/0823 ,  H04L63/12 ,  H04L2209/24 ,  H04L2463/061 ,  H04W12/04 ,  H04W12/06 ,  H04W12/10 ,  H04W84/18

摘要： According to one embodiment, techniques are provided to enable secure communication among devices in a mesh network using a group temporal key. An authenticator device associated with a mesh network stores a pairwise master key for each of a plurality of devices in a mesh network upon authentication of the respective devices. Using the pairwise master key, the authenticator device initiates a handshake procedure with a particular device in the mesh network to mutually derive a pairwise temporal key from the pairwise master key. The authenticator device encrypts and signs a group temporal key using the pairwise temporal key for the particular device and sends the group temporal key encrypted and signed with the pairwise temporal key to the particular device.

摘要翻译： 根据一个实施例，提供了使用组时间密钥来实现网状网络中的设备之间的安全通信的技术。 与网状网络相关联的认证装置在对各个装置进行认证时，为网状网络中的多个装置中的每一个存储成对的主密钥。 使用成对主密钥，认证器设备发起与网状网络中的特定设备的握手过程，以从成对主密钥互相导出成对的时间密钥。 认证器设备使用特定设备的成对时间密钥加密和签署组时间密钥，并将具有成对时间密钥加密和签名的组时间密钥发送到特定设备。

公开(公告)号：US20130042301A1

公开(公告)日：2013-02-14

申请号：US13206012

申请日：2011-08-09

申请人： Atul Mahamuni ,  Navindra Yadav ,  Jonathan Hui ,  Alec Woo ,  Wei Hong

发明人： Atul Mahamuni ,  Navindra Yadav ,  Jonathan Hui ,  Alec Woo ,  Wei Hong

IPC分类号： G06F21/20

CPC分类号： H04W12/06 ,  Y02D70/142 ,  Y02D70/144 ,  Y02D70/146 ,  Y02D70/22

摘要： Techniques are provided for the controlled scheduling of the authentication of devices in a lossy network, such as a mesh network. An authenticator device that is configured to authenticate devices in a lossy network receives an authentication start message from a particular device to be authenticated. The authenticator device determines a schedule for engaging in an authentication procedure for the particular device based on an indication of current network utilization.

摘要翻译： 提供技术用于有损网络（例如网状网络）中的设备的认证的受控调度。 被配置为对有损网络中的设备进行认证的认证设备从特定设备接收认证开始消息以进行认证。 认证器设备基于当前网络利用率的指示来确定用于参与特定设备的认证过程的调度。

公开(公告)号：US08688828B2

公开(公告)日：2014-04-01

申请号：US13219773

申请日：2011-08-29

申请人： Navindra Yadav ,  Atul Mahamuni

发明人： Navindra Yadav ,  Atul Mahamuni

IPC分类号： G06F15/173

CPC分类号： H04L43/0876 ,  H04L43/04 ,  H04L43/08 ,  H04L43/0829 ,  H04L43/0852 ,  H04L43/087 ,  H04L43/106 ,  H04L43/16 ,  H04L43/18

摘要： Techniques are provided to facilitate monitoring of utility application traffic streams. At a network device that routes utility application traffic for utility devices, control information is received, where the control information is configured to cause the network device to monitor utility application traffic that passes through the network device. The network device monitors a header inserted into utility application traffic messages based on the control information.

摘要翻译： 提供技术以便于监控公用应用业务流。 在用于实用设备路由实用程序应用程序流量的网络设备上，接收控制信息，其中控制信息被配置为使得网络设备监视通过网络设备的应用程序流量。 网络设备基于控制信息监视插入到应用程序业务消息中的报头。

公开(公告)号：US20130036305A1

公开(公告)日：2013-02-07

申请号：US13196960

申请日：2011-08-03

申请人： Navindra Yadav ,  Atul Mahamuni ,  Jonathan Hui ,  Wei Hong ,  Alec Woo

发明人： Navindra Yadav ,  Atul Mahamuni ,  Jonathan Hui ,  Wei Hong ,  Alec Woo

IPC分类号： H04L9/32

CPC分类号： H04L9/0819 ,  H04L9/0827 ,  H04L9/0833 ,  H04L9/088 ,  H04L9/0891 ,  H04L9/14 ,  H04L9/321 ,  H04L9/3273 ,  H04L63/065 ,  H04L63/068 ,  H04L63/0823 ,  H04L63/12 ,  H04L2209/24 ,  H04L2463/061 ,  H04W12/04 ,  H04W12/06 ,  H04W12/10 ,  H04W84/18

摘要： According to one embodiment, techniques are provided to enable secure communication among devices in a mesh network using a group temporal key. An authenticator device associated with a mesh network stores a pairwise master key for each of a plurality of devices in a mesh network upon authentication of the respective devices. Using the pairwise master key, the authenticator device initiates a handshake procedure with a particular device in the mesh network to mutually derive a pairwise temporal key from the pairwise master key. The authenticator device encrypts and signs a group temporal key using the pairwise temporal key for the particular device and sends the group temporal key encrypted and signed with the pairwise temporal key to the particular device.

公开(公告)号：US20130014217A1

公开(公告)日：2013-01-10

申请号：US13176857

申请日：2011-07-06

申请人： Navindra Yadav ,  Atul Mahamuni ,  Jonathan Hui ,  Alec Woo

发明人： Navindra Yadav ,  Atul Mahamuni ,  Jonathan Hui ,  Alec Woo

IPC分类号： G06F21/00 ,  H04W12/06

CPC分类号： H04L63/0884 ,  H04W12/06

摘要： Techniques are provided for adaptive routing of authentication packets in a network, such as a wireless mesh network. At an authenticated device in the network, an authentication packet is received over the network from a device that is seeking authentication. The authentication packet is encapsulated for transmission in Layer 3 packets over an Internet Protocol (IP) tunnel to an authenticator device associated in the network. Similarly, for an authentication packet encapsulated in Layer 3 packets from the authenticator device over the IP tunnel, the authentication packet is decapsulated from the Layer 3 packets and transmitted over the network to the device seeking authentication.

摘要翻译： 提供技术用于网络中的认证分组的自适应路由选择，例如无线网状网络。 在网络中的认证设备上，通过网络从正在寻求认证的设备接收认证报文。 认证分组被封装以通过到网络中相关联的认证设备的因特网协议（IP）隧道在三层分组中传输。 类似地，对于通过IP隧道从认证设备封装在三层报文中的认证报文，认证报文从三层报文中解封装，并通过网络发送到寻求认证的设备。