-
公开(公告)号:US20100165839A1
公开(公告)日:2010-07-01
申请号:US12345160
申请日:2008-12-29
申请人: THOMAS J. SENESE , MICHAEL W. BRIGHT , DIPENDRA M. CHOWDHARY , CHRIS A. KRUEGEL , LARRY MURRILL , TIMOTHY G. WOODWARD
发明人: THOMAS J. SENESE , MICHAEL W. BRIGHT , DIPENDRA M. CHOWDHARY , CHRIS A. KRUEGEL , LARRY MURRILL , TIMOTHY G. WOODWARD
IPC分类号: H04L12/26
CPC分类号: H04W28/06 , H04L43/106 , H04L43/16 , H04L63/0272 , H04L63/164 , H04L67/2842 , H04L69/28
摘要: A method for managing a packet in a communication system between two or more endpoints, a sender and one or more recipients, comprises receiving a first packet comprising a source identifier that uniquely identifies a sender of the first packet and a current source time assigned to the first packet by the sender, determining a received time for the first packet, retrieving a cached source time assigned by the sender to a second packet that was received prior to receiving the first packet, and determining whether to discard or process the first packet based on the current source time, the received time, and the cached source time. The current source time, the received time, and the cached time, in addition to predetermined parameters such as a maximum age and an anti-replay window allows a recipient to determine whether to process or discard a packet.
摘要翻译: 一种用于管理两个或多个端点之间的通信系统中的分组的方法,发送方和一个或多个接收者,包括:接收第一分组,其包括唯一地标识所述第一分组的发送者的源标识符和分配给所述第一分组的当前源时间 由发送方确定第一分组,确定接收到的第一分组的时间,将发送方分配的高速缓存的源时间检索到在接收第一分组之前接收的第二分组,以及基于是否丢弃或处理第一分组 当前源时间,接收时间和缓存的源时间。 除了诸如最大年龄和反重播窗口的预定参数之外,当前源时间,接收时间和缓存时间允许接收者确定是处理还是丢弃分组。
-
2.发明申请公开(公告)号:US20120036567A1
公开(公告)日:2012-02-09
申请号:US13174324
申请日:2011-06-30
IPC分类号: G06F21/20
CPC分类号: H04L9/0838 , H04L63/061 , H04L63/164
摘要: A security gateway and an initiating device perform methods for establishing a security session. The methods includes the security gateway: receiving a first message from an initiating device, the first message including a first message authentication code; validating the first message using the message authentication code; and responsive to the validating, sending a second message to the initiating device, the second message including a timestamp and further including a second message authentication code for authenticating of the timestamp by the initiating device, wherein the first and second messages are used to establish the security session, and the authenticated timestamp is used for subsequent replay protection of messages between the security gateway and the initiating device. The method further includes the security gateway validating a dynamically assigned IP address for the initiating device to use in authorizing VPN traffic between the two devices.
摘要翻译: 安全网关和启动设备执行用于建立安全会话的方法。 所述方法包括所述安全网关:从发起设备接收第一消息,所述第一消息包括第一消息认证码; 使用消息认证码验证第一个消息; 并且响应于验证,向所述发起设备发送第二消息,所述第二消息包括时间戳,并且还包括用于由所述发起设备认证所述时间戳的第二消息认证码,其中所述第一和第二消息用于建立 安全会话和经过身份验证的时间戳用于安全网关和启动设备之间的消息的后续重放保护。 该方法还包括安全网关验证动态分配的IP地址以用于发起设备用于授权两个设备之间的VPN流量。
-
3.发明申请METHOD AND APPARATUS FOR AUTHENTICATING A DIGITAL CERTIFICATE STATUS AND AUTHORIZATION CREDENTIALS 有权用于认证数字证书状态和授权证书的方法和装置公开(公告)号:US20130072155A1
公开(公告)日:2013-03-21
申请号:US13234640
申请日:2011-09-16
IPC分类号: H04W12/06
CPC分类号: H04W12/06 , H04L63/0823 , H04L63/123 , H04W12/10 , H04W84/08
摘要: A radio is authenticated at the site and unique authentication information for the radio is stored at the site. A subsequent non-authentication message from the radio is received at the site and authentication information in the non-authentication message is identified. The unique authentication information stored at the site is compared with authentication information identified in the non-authentication message. If there is a match, the non-authentication message is authenticated with an authentication code included in the non-authentication message, wherein a predefined portion of the authentication code is obtained from at least one of a header portion or a data portion of the non-authentication message. Upon successfully completing authentication, the site repeats the non-authentication message towards destination radios indicated in non-authentication message.
摘要翻译: 收音机在现场进行认证,无线电的唯一认证信息存储在现场。 在站点处接收到来自无线电的后续非认证消息,并且识别非认证消息中的认证信息。 将存储在站点的唯一认证信息与在非认证消息中识别的认证信息进行比较。 如果存在匹配,则使用包括在非验证消息中的认证码对非验证消息进行认证,其中从非标识符的头部部分或数据部分中的至少一个获得认证码的预定义部分, 认证信息。 在成功完成认证后,站点重复非认证消息到非认证消息中指示的目的无线电。
-
4.发明申请METHOD FOR A COMMUNICATION DEVICE TO OPERATE WITH MULTIPLE KEY MANAGEMENT FACILITIES 有权一种用于多种主要管理设施的通信设备的方法公开(公告)号:US20120183143A1
公开(公告)日:2012-07-19
申请号:US13008251
申请日:2011-01-18
IPC分类号: H04L9/14
CPC分类号: H04L9/088 , H04L9/083 , H04L9/16 , H04L63/062 , H04L2209/80 , H04W12/04
摘要: A method for operating with KMFs includes a communication device having a memory device: receiving a designation of a primary KMF for the communication device, wherein only one primary KMF is designated for the communication device at any given time instance; receiving a designation of a secondary KMF for the communication device; storing, within the memory device, a first and a second set of crypto groups, wherein each crypto group within each set of crypto groups comprises at least one keyset, wherein each set of crypto groups is associated, within the memory device, to only one KMF identifier; associating, within the memory device, the first set of crypto groups to an identifier for the primary KMF; and associating, within the memory device, the second set of crypto groups to an identifier for the secondary KMF.
摘要翻译: 一种使用KMF进行操作的方法包括具有存储装置的通信装置:接收用于通信装置的主要KMF的指定,其中在任何给定的时间实例中仅为通信装置指定一个主要的KMF; 接收通信设备的次级KMF的指定; 在所述存储器设备内存储第一组密码组和第二组加密组,其中每组密码组内的每个密码组包括至少一个密钥组,其中每组密码组在存储器设备内仅与一个密钥组相关联 KMF标识符 在所述存储设备内将所述第一组密码组与所述主KMF的标识符相关联; 以及在所述存储器装置内将所述第二组密码组关联到所述次级KMF的标识符。
-
公开(公告)号:US20100031038A1
公开(公告)日:2010-02-04
申请号:US12030441
申请日:2008-02-13
IPC分类号: H04L9/32
CPC分类号: H04L9/0833 , H04L63/065 , H04L2209/80
摘要: A first communication unit receives an encrypted transmission from a second communication unit. The encrypted transmission was encrypted by the second communication unit using a first encryption key. The first communication unit compares the first encryption key to an encryption key associated with the first communication unit. If the first encryption key matches the encryption key associated with the first communication unit, the first communication unit processes the encrypted transmission further. If the first encryption key does not match the encryption key associated with the first communication unit, the first communication unit compares the first encryption key to an encryption key associated with the second communication unit. If the first encryption key matches the encryption key associated with the second communication unit, the first communication unit processes the encrypted transmission further; otherwise, the first communication unit does not process the encrypted transmission further.
摘要翻译: 第一通信单元从第二通信单元接收加密的传输。 加密的传输由第二通信单元使用第一加密密钥加密。 第一通信单元将第一加密密钥与与第一通信单元相关联的加密密钥进行比较。 如果第一加密密钥与第一通信单元相关联的加密密钥匹配,则第一通信单元进一步处理加密的传输。 如果第一加密密钥与与第一通信单元相关联的加密密钥不匹配,则第一通信单元将第一加密密钥与与第二通信单元相关联的加密密钥进行比较。 如果第一加密密钥与第二通信单元相关联的加密密钥匹配,则第一通信单元进一步处理加密的传输; 否则,第一通信单元不进一步处理加密的传输。
-
6.发明申请SYSTEM AND METHOD FOR UPDATING AT LEAST ONE ATTRIBUTE STORED AT A MOBILE STATION 审中-公开用于在移动站上存储的最少一个属性的系统和方法公开(公告)号:US20080132204A1
公开(公告)日:2008-06-05
申请号:US11566401
申请日:2006-12-04
IPC分类号: H04M1/66
CPC分类号: H04W12/04 , H04L9/0891 , H04L9/3239 , H04W8/245 , H04W12/0023
摘要: A method for updating at least one attribute stored at a mobile station comprises determining a mobile station hash that is representative of a set of attributes that is currently stored at the mobile station and determining a desired hash that is representative of a set of desired attributes desired to be stored at the mobile station. The method additionally includes comparing the mobile station hash with the desired hash, and updating at least one attribute in the set of attributes that is currently stored at the mobile station when the mobile station hash is not equal to the desired hash.
摘要翻译: 一种用于更新存储在移动站中的至少一个属性的方法,包括:确定代表当前存储在移动站中的一组属性的移动站散列,并且确定代表期望属性集合的期望散列 被存储在移动台。 该方法还包括:当移动台散列不等于期望散列时,将移动台散列与期望的散列进行比较,以及更新当前存储在移动台的当前属性组中的至少一个属性。
-
-
-
-
-
搜索结果
6 条记录 (耗时 0.034 秒)
