公开(公告)号：US08484467B2

公开(公告)日：2013-07-09

申请号：US11606910

申请日：2006-12-01

申请人： Tat Keung Chan ,  Gabor Bajko

发明人： Tat Keung Chan ,  Gabor Bajko

IPC分类号： H04L9/32 ,  G06F21/00 ,  G06F7/04

CPC分类号： H04L9/0838 ,  H04L9/08 ,  H04L9/0841 ,  H04L9/3247 ,  H04L9/3265 ,  H04L9/3271 ,  H04L63/061 ,  H04L63/062 ,  H04L63/08 ,  H04L63/0823 ,  H04L63/0869 ,  H04L63/205 ,  H04L2209/38 ,  H04L2209/56 ,  H04L2209/80 ,  H04L2463/061 ,  H04W12/04 ,  H04W12/06 ,  H04W88/02

摘要： The invention relates to a method of authenticating a user equipment in a communications network. The method involves sending a message from a network entity to the user equipment. This message includes a set of options for an authentication procedure for authenticating an internet protocol communication over a first interface between the user equipment and the network entity; said options including a “shared key”-based authentication procedure. The method also involves selecting an option from the set. In the event that the “shared-key”-based authentication procedure is selected, a shared secret from a security key established in a generic bootstrapping architecture (GBA) is generated over a second interface between the user equipment and a bootstrapping service function. The shared secret is then used to compute and verify authentication payloads in the key-based authentication procedure for the communication over the first interface.

摘要翻译： 本发明涉及一种在通信网络中认证用户设备的方法。 该方法涉及将消息从网络实体发送到用户设备。 该消息包括用于通过用户设备和网络实体之间的第一接口认证互联网协议通信的认证过程的一组选项; 所述选项包括基于“共享密钥”的认证过程。 该方法还涉及从集合中选择一个选项。 在选择基于“共享密钥”的认证过程的情况下，通过在通用引导体系结构（GBA）中建立的安全密钥的共享密钥在用户设备和引导服务功能之间的第二接口上生成。 然后，共享秘密用于在基于密钥的认证过程中通过第一接口进行通信的计算和验证认证有效载荷。

公开(公告)号：US08353011B2

公开(公告)日：2013-01-08

申请号：US11372333

申请日：2006-03-08

申请人： Gabor Bajko ,  Tat Keung Chan

发明人： Gabor Bajko ,  Tat Keung Chan

IPC分类号： H04L29/06

CPC分类号： H04W12/06 ,  G06F21/305 ,  G06F21/31 ,  G06F21/43 ,  G06F21/575 ,  H04L9/3271 ,  H04L63/08 ,  H04L63/14 ,  H04L63/1441 ,  H04L63/1466 ,  H04L63/168 ,  H04L63/205 ,  H04L2209/80 ,  H04W12/10 ,  H04W12/12 ,  H04W80/10

摘要： In one exemplary and non-limiting aspect thereof a method is provided that includes sending a wireless network (WN) a first message that includes a list of authentication mechanisms supported by a node and, in association with each authentication mechanism, a corresponding identity; determining in the WN an authentication mechanism to be used for bootstrapping, based at least on the list received from the node; and including information in a second message that is sent to the node, the information including the determined authentication mechanism in conjunction with a corresponding identity. The method further includes protecting at least the list of authentication mechanisms supported by the node and the corresponding identities and sending a second message to the network, the second message including at least the list of authentication mechanisms and the corresponding identities. The method further includes receiving a second response message from the network that is at least partially integrity protected, where the second response message includes an indication of the selected authentication mechanism and the corresponding identity.

摘要翻译： 在一个示例性和非限制性的方面，提供了一种方法，其包括发送无线网络（WN）第一消息，所述第一消息包括由节点支持的认证机制的列表，并且与每个认证机制相关联地具有对应的身份; 至少基于从节点接收的列表，在WN中确定要用于引导的认证机制; 并且包括发送到节点的第二消息中的信息，所述信息包括结合相应身份的确定的认证机制。 所述方法还包括至少保护所述节点支持的认证机制的列表和对应的身份，并向网络发送第二消息，所述第二消息至少包括认证机制列表和对应的身份。 该方法还包括从网络接收至少部分完整性保护的第二响应消息，其中第二响应消息包括所选择的认证机制的指示和对应的身份。

公开(公告)号：US07835528B2

公开(公告)日：2010-11-16

申请号：US11397837

申请日：2006-04-04

申请人： Gabor Bajko ,  Tat Keung Chan

发明人： Gabor Bajko ,  Tat Keung Chan

IPC分类号： H04L9/00 ,  H04L9/08

CPC分类号： H04L9/0891 ,  H04L9/3271 ,  H04L63/067 ,  H04L63/068 ,  H04L2209/56 ,  H04L2209/80 ,  H04W12/04

摘要： An approach is provided for refreshing keys in a communication system. An application request is transmitted to a network element configured to provide secure services. A message is received, in response to the application request, indicating refreshment of a key that is used to provide secure communications with the network element. A refreshed key is derived based on the received message.

摘要翻译： 提供了一种用于在通信系统中刷新密钥的方法。 将应用请求发送到被配置为提供安全服务的网元。 响应于应用请求，接收到指示用于提供与网络元件的安全通信的密钥的刷新的消息。 基于接收到的消息导出刷新密钥。

公开(公告)号：US08087069B2

公开(公告)日：2011-12-27

申请号：US11232494

申请日：2005-09-21

申请人： Gabor Bajko ,  Tat Keung Chan

发明人： Gabor Bajko ,  Tat Keung Chan

IPC分类号： G06F7/04

CPC分类号： H04L9/0844 ,  H04L9/3271 ,  H04L63/08 ,  H04L63/14 ,  H04L63/1466 ,  H04L63/20 ,  H04L63/205 ,  H04L69/18 ,  H04L2209/80

摘要： In one exemplary and non-limiting aspect thereof this invention provides a method to execute a bootstrapping procedure between a node, such as a MN, and a wireless network (WN). The method includes sending the WN a first message that contains a list of authentication mechanisms supported by the MN; determining in the WN an authentication mechanism to be used for bootstrapping, based at least on the list received from the MN, and including in a first response message to the MN information pertaining to the determined authentication mechanism; and sending a second message to the WN that is at least partially integrity, the second message containing the list of authentication mechanisms that the MN supports in an integrity protected form. If authentication is successful, and if the list received in the second message matches the list received in the first message, the method further includes responding to the MN with a second response message that is at least partially integrity protected, where the second response message contains an indication of the selected authentication mechanism in an integrity protected form; and receiving the successful response message and verifying that the authentication mechanism used by the MN matches the authentication mechanism selected by the WN.

摘要翻译： 在其一个示例性和非限制性方面，本发明提供了一种在诸如MN的节点与无线网络（WN）之间执行自举过程的方法。 该方法包括向WN发送包含由MN支持的认证机制的列表的第一消息; 至少基于从MN接收到的列表，在WN中确定要用于引导的认证机制，并且在与所确定的认证机制有关的MN的第一响应消息中包括MN信息; 以及向所述WN发送至少部分完整性的第二消息，所述第二消息包含所述MN以完整性保护形式支持的认证机制的列表。 如果认证成功，并且如果在第二消息中接收到的列表与第一消息中接收的列表匹配，则该方法还包括用至少部分完整性保护的第二响应消息来响应MN，其中第二响应消息包含 所选认证机制以完整性保护形式的指示; 并且接收到成功的响应消息并且验证由MN使用的认证机制与由WN选择的认证机制相匹配。

公开(公告)号：US20060280305A1

公开(公告)日：2006-12-14

申请号：US11372333

申请日：2006-03-08

申请人： Gabor Bajko ,  Tat Keung Chan

发明人： Gabor Bajko ,  Tat Keung Chan

IPC分类号： H04K1/00

CPC分类号： H04W12/06 ,  G06F21/305 ,  G06F21/31 ,  G06F21/43 ,  G06F21/575 ,  H04L9/3271 ,  H04L63/08 ,  H04L63/14 ,  H04L63/1441 ,  H04L63/1466 ,  H04L63/168 ,  H04L63/205 ,  H04L2209/80 ,  H04W12/10 ,  H04W12/12 ,  H04W80/10

摘要： In one exemplary and non-limiting aspect thereof a method is provided that includes sending a wireless network (WN) a first message that includes a list of authentication mechanisms supported by a node and, in association with each authentication mechanism, a corresponding identity; determining in the WN an authentication mechanism to be used for bootstrapping, based at least on the list received from the node; and including information in a second message that is sent to the node, the information including the determined authentication mechanism in conjunction with a corresponding identity. The method further includes protecting at least the list of authentication mechanisms supported by the node and the corresponding identities and sending a second message to the network, the second message including at least the list of authentication mechanisms and the corresponding identities. The method further includes receiving a second response message from the network that is at least partially integrity protected, where the second response message includes an indication of the selected authentication mechanism and the corresponding identity.

公开(公告)号：US08898469B2

公开(公告)日：2014-11-25

申请号：US13021384

申请日：2011-02-04

申请人： Tat Keung Chan ,  Paul D. Baker ,  Christopher P. Gardner ,  Mark E. Gregotski ,  Ted R. Michaud ,  Xin Qiu ,  Jinsong Zheng

发明人： Tat Keung Chan ,  Paul D. Baker ,  Christopher P. Gardner ,  Mark E. Gregotski ,  Ted R. Michaud ,  Xin Qiu ,  Jinsong Zheng

IPC分类号： H04L9/32 ,  G06F21/10

CPC分类号： G06F21/10 ,  Y10S705/902 ,  Y10S705/911

摘要： A method enables selected features of a software product residing on an end user electronic device with a license delivered from a licensing provider to a service provider of the end user electronic device. The method includes requesting at least one license to authorize a first service provider. An encrypted installation key uniquely associated with the first service provider is received as well as an authorization agent module for installation on one or more authorization agent devices associated with the first service provider. The encrypted installation key and the authorization agent module are installed on the authorization agent devices. A device-unique identifier (DUID) is generated for each authorization agent device based on hardware characteristics of the respective authorization agent devices. The DUID and the encrypted installation key are sent from the authorization agent device to a licensing provider to obtain the requested license. The requested license is received by the authorization agent devices if the DUID and the encrypted installation key are validated by the licensing provider. The license on authorization agent device authorizes and enables the selected features of the software product on an end user electronic device.

摘要翻译： 一种方法使得驻留在最终用户电子设备上的软件产品的选定特征具有从许可提供者向最终用户电子设备的服务提供商提供的许可证。 该方法包括请求至少一个许可证以授权第一服务提供商。 接收与第一服务提供商唯一相关联的加密安装密钥以及用于安装在与第一服务提供商相关联的一个或多个授权代理设备上的授权代理模块。 加密安装密钥和授权代理模块安装在授权代理设备上。 基于相应的授权代理设备的硬件特性，为每个授权代理设备生成设备唯一标识符（DUID）。 DUID和加密的安装密钥从授权代理设备发送到许可提供商以获取所请求的许可证。 如果DUID和加密安装密钥由许可提供商验证，则授权代理设备将收到所请求的许可证。 授权代理设备的许可证在最终用户电子设备上授权并启用软件产品的选定功能。

公开(公告)号：US08589674B2

公开(公告)日：2013-11-19

申请号：US13350072

申请日：2012-01-13

申请人： Alexander Medvinsky ,  Tat Keung Chan ,  Eric J. Sprunk

发明人： Alexander Medvinsky ,  Tat Keung Chan ,  Eric J. Sprunk

IPC分类号： H04L9/00

CPC分类号： H04L9/0891 ,  H04L9/12 ,  H04L9/3268

摘要： In one embodiment, a method includes receiving a revocation request for revoking a model type of a device. A first computing device determines a list of device unit identifiers (UIDs) that are associated with the model type from a database. The device UIDs are for devices of the model type manufactured by a first entity. The method adds the list of device UIDs to a device revocation list and outputs the device revocation list to revoke a validity of secure information associated with devices associated with the list of device UIDs.

摘要翻译： 在一个实施例中，一种方法包括接收用于撤销设备的模型类型的吊销请求。 第一计算设备确定与数据库中的模型类型相关联的设备单元标识符（UID）的列表。 设备UID用于由第一实体制造的型号类型的设备。 该方法将设备UID的列表添加到设备撤销列表，并输出设备撤销列表以撤销与设备UID列表相关联的设备相关联的安全信息的有效性。

公开(公告)号：US20130185173A1

公开(公告)日：2013-07-18

申请号：US13353309

申请日：2012-01-18

申请人： Jinsong Zheng ,  Tat Keung Chan ,  David B. Prickett ,  Xin Qiu

发明人： Jinsong Zheng ,  Tat Keung Chan ,  David B. Prickett ,  Xin Qiu

IPC分类号： G06Q30/06

CPC分类号： G06Q30/06

摘要： A method and apparatus for provisioning devices. One method includes authenticating a first customer as an authenticated user and receiving from a first customer a first request to establish a credit record for a specified number of upgraded feature licenses. The upgraded feature licenses are obtainable from a third party supplier and are associated with components available from the third party supplier. The credit record includes feature credits to be made available to the first customer to obtain the upgraded feature licenses from the third party supplier. A second request is received from the first customer to release the feature credits to a credit pool associated with the first customer so that the feature credits are available to the first customer. The upgraded feature licenses are generated and the credit pool associated with the first customer is debited for the number of credits needed to obtain the upgraded feature licenses.

摘要翻译： 一种供应设备的方法和装置。 一种方法包括将第一客户认证为经认证的用户，并从第一客户接收针对指定数量的升级特征许可证建立信用记录的第一请求。 升级后的功能许可证可从第三方供应商获得，并与第三方供应商提供的组件相关联。 信用记录包括要向第一客户提供的特征信用以从第三方供应商获得升级的功能许可证。 从第一客户接收到第二请求，以将特征信用释放到与第一客户相关联的信用卡，使得特征信用可用于第一客户。 生成升级的功能许可证，并且与第一个客户相关联的信用额度被扣除获得升级的功能许可证所需的信用点数。

公开(公告)号：US08050285B2

公开(公告)日：2011-11-01

申请号：US11845019

申请日：2007-08-24

申请人： Tat Keung Chan

发明人： Tat Keung Chan

IPC分类号： H04L12/56

CPC分类号： H04B3/542 ,  H04B2203/5445 ,  H04B2203/5466

摘要： A power line module and method. In a preferred embodiment, the power line module is adapted to couple to a power line outlet, which is provided on a power line network within a spatial region. A power line chip is within a housing. In a preferred embodiment. the power line chip has an input/output port and is capable of converting a power line telecommunication signal having a data rate of greater than about 80 Megabits per second from the power line network to an Ethernet signal for use in a local area network segment. The module has a coupling device coupled to the input/output port of the power line chip. In a preferred embodiment, the module has a first pin comprising a plurality of first spring members operably coupled the coupling device. The first pin is insertable into a first site of the power outlet. The module has a second pin comprising a plurality of second spring members operably coupled to the coupling device.

摘要翻译： 电力线模块及方法。 在优选实施例中，电力线模块适于耦合到设置在空间区域内的电力线网络上的电力线路出口。 电源线芯片在外壳内。 在优选实施例中。 电力线芯片具有输入/输出端口，并且能够将具有大于约80兆比特每秒的数据速率的电力线电信信号从电力线网络转换成用于局域网段的以太网信号。 该模块具有耦合到电力线芯片的输入/输出端口的耦合装置。 在优选实施例中，模块具有包括可操作地联接耦合装置的多个第一弹簧构件的第一销。 第一个引脚可插入电源插座的第一个位置。 模块具有第二销，其包括可操作地联接到联接装置的多个第二弹簧构件。

公开(公告)号：US07769907B2

公开(公告)日：2010-08-03

申请号：US11841877

申请日：2007-08-20

申请人： Tat Keung Chan ,  Songly Mu

发明人： Tat Keung Chan ,  Songly Mu

IPC分类号： G06F15/16 ,  G06F15/173

CPC分类号： H04B3/542 ,  H04B2203/5408 ,  H04B2203/5441 ,  H04B2203/5445 ,  H04B2203/5466 ,  H04B2203/5479 ,  H04B2203/5483 ,  H04B2203/5491 ,  H04L12/66

摘要： A system for powerline networking. The system has an external data source, which is derived from a world wide networks of computers. A router is coupled to the external data source and coupled to a first datasource connection. A powerline network switch apparatus is coupled to the first datasource connection. The apparatus has a second datasource connection, which is coupled to the first data source connection. The apparatus has a powerline device coupled to the second datasource connection. The powerline device is adapted to receive and transmit information in a first format from the second data source connection and adapted to receive and transmit information in a second format. The apparatus has a virtual local area network device including a first input/output port and a plurality of second input/output ports. Each of the second input/output ports is numbered from 1 through N, where N is an integer greater than 1.

摘要翻译： 电力线网络系统。 该系统具有外部数据源，源自全球计算机网络。 路由器耦合到外部数据源并耦合到第一数据源连接。 电力线网络交换设备耦合到第一数据源连接。 该装置具有第二数据源连接，其连接到第一数据源连接。 该装置具有耦合到第二数据源连接的电力线装置。 电力线设备适于从第二数据源连接接收和发送以第一格式的信息，并适于以第二格式接收和发送信息。 该装置具有包括第一输入/输出端口和多个第二输入/输出端口的虚拟局域网设备。 每个第二输入/输出端口从1到N编号，其中N是大于1的整数。