公开(公告)号：US20140325079A1

公开(公告)日：2014-10-30

申请号：US14351252

申请日：2011-10-25

申请人： Teemu Savolainen ,  Gabor Bajko

发明人： Teemu Savolainen ,  Gabor Bajko

IPC分类号： H04L29/06

摘要： A method, apparatus and computer program product are provided for verifying an access network using for example a trusted protocol such as Hotspot 2.0. In this regard, a method is provided that includes causing at least one available network to be detected. The method may further include determining a fully qualified domain name (FQDN) for the at least one detected available network. The method may further include causing a registry entry to be accessed in a registry that corresponds to the determined FQDN, wherein the registry entry comprises at least one certificate for at least one network entity. The method may further include verifying received configuration information from the connected network, wherein verification comprises determining whether the received configuration information is signed with a digital certificate that corresponds to the at least one certificate in the accessed registry entry.

摘要翻译： 提供了一种方法，装置和计算机程序产品，用于使用例如Hotspot 2.0的可信协议验证访问网络。 在这方面，提供了一种包括使至少一个可用网络被检测的方法。 该方法还可以包括确定用于所述至少一个检测到的可用网络的完全限定域名（FQDN）。 该方法还可以包括使注册表项在与所确定的FQDN对应的注册表中被访问，其中注册表项包括至少一个网络实体的至少一个证书。 该方法还可以包括验证从所连接的网络接收到的配置信息，其中验证包括确定所接收的配置信息是否与对应于被访问的注册表项中的至少一个证书的数字证书进行签名。

公开(公告)号：US10701113B2

公开(公告)日：2020-06-30

申请号：US14351252

申请日：2011-10-25

申请人： Teemu Savolainen ,  Gabor Bajko

发明人： Teemu Savolainen ,  Gabor Bajko

IPC分类号： H04L29/06 ,  H04W12/06 ,  H04L12/24 ,  H04L29/12 ,  H04W48/08

摘要： A method, apparatus and computer program product are provided for verifying an access network using for example a trusted protocol such as Hotspot 2.0. In this regard, a method is provided that includes causing at least one available network to be detected. The method may further include determining a fully qualified domain name (FQDN) for the at least one detected available network. The method may further include causing a registry entry to be accessed in a registry that corresponds to the determined FQDN, wherein the registry entry comprises at least one certificate for at least one network entity. The method may further include verifying received configuration information from the connected network, wherein verification comprises determining whether the received configuration information is signed with a digital certificate that corresponds to the at least one certificate in the accessed registry entry.

公开(公告)号：US09807112B2

公开(公告)日：2017-10-31

申请号：US13143080

申请日：2008-12-30

申请人： Gabor Bajko ,  Teemu Ilmari Savolainen ,  Pasi Ismo Eronen ,  Lars Rene Eggert

发明人： Gabor Bajko ,  Teemu Ilmari Savolainen ,  Pasi Ismo Eronen ,  Lars Rene Eggert

IPC分类号： H04L29/06 ,  H04L29/12

CPC分类号： H04L63/1475 ,  H04L29/12924 ,  H04L61/2015 ,  H04L61/6063

摘要： A method, apparatus, and computer program product are provided for facilitating randomized port allocation. An apparatus may include a processor configured to receive a port allocation message from a network management entity. The port allocation message may comprise an encryption key, an initial input value, and a value indicating a number of ports allocated to the apparatus for communication on a network. The processor may be further configured to calculate at least one port allocated to the apparatus with an encryption function based at least in part upon the encryption key and initial input value. Corresponding methods and computer program products are also provided.

公开(公告)号：US09596597B2

公开(公告)日：2017-03-14

申请号：US12927064

申请日：2010-11-05

申请人： Basavaraj Patil ,  Gabor Bajko

发明人： Basavaraj Patil ,  Gabor Bajko

IPC分类号： H04L29/06 ,  H04W12/04 ,  G06F15/16 ,  H04W80/04

CPC分类号： H04W12/04 ,  H04L63/166 ,  H04L63/205 ,  H04W80/04

摘要： A security gateway/home agent controller HAC is used to assign one home agent HA from a plurality of HAs and to identify at least one security protocol that is common between a mobile node MN and the assigned HA. Establishment of a security association between the MN and the assigned HA is enabled according to the identified security protocol and utilizing bootstrapping parameters provided over a secure connection between the security gateway/HAC and the MN. The bootstrapping parameters include at least a home address for the MN, an address of the assigned HA and security credentials and security parameters for the identified at least one security protocol. In an exemplary embodiment the home address for the MN may be an IPv6 home address and the MN may have certain capabilities with respect to security protocols and ciphering suites which the MN sends to the security gateway.

摘要翻译： 安全网关/归属代理控制器HAC用于从多个HA分配一个归属代理HA，并且识别在移动节点MN和所分配的HA之间共同的至少一个安全协议。 根据所识别的安全协议并利用通过安全网关/ HAC与MN之间的安全连接提供的引导参数来实现MN与所分配的HA之间的安全关联的建立。 引导参数至少包括MN的归属地址，所分配的HA的地址和用于所识别的至少一个安全协议的安全凭证和安全参数。 在示例性实施例中，MN的归属地址可以是IPv6家庭地址，并且MN可以具有关于MN向安全网关发送的安全协议和加密套件的某些能力。

公开(公告)号：US09577984B2

公开(公告)日：2017-02-21

申请号：US13204175

申请日：2011-08-05

申请人： Basavaraj Patil ,  Gabor Bajko

发明人： Basavaraj Patil ,  Gabor Bajko

IPC分类号： G06F15/16 ,  H04L29/06 ,  H04W76/02 ,  H04W4/20 ,  H04W36/14

CPC分类号： H04L63/0272 ,  H04W4/20 ,  H04W36/14 ,  H04W76/12

摘要： Systems and techniques for managing local communication between a network access point and a host device. Upon connection by a host device to an access point, a local connection link is established between the access point and the host device. A network connection may be established between the access point and the host device, with the network connection being able to pass through the host device to enable communication with and beyond an access network to which the access point provides a connection. Local messages may be passed between the access point and the host device over the local connection link, separately from and independent of communication that may occur over the network connection.

摘要翻译： 用于管理网络接入点和主机设备之间本地通信的系统和技术。 在由主机设备连接到接入点时，在接入点和主机设备之间建立本地连接链路。 可以在接入点和主机设备之间建立网络连接，其中网络连接能够通过主机设备，以使得能够与接入点提供连接的接入网络进行通信。 可以通过本地连接链路在接入点和主机设备之间传递本地消息，与网络连接可能发生的通信分开并且独立于通信。

公开(公告)号：US08463175B2

公开(公告)日：2013-06-11

申请号：US13234463

申请日：2011-09-16

申请人： Gabor Bajko

发明人： Gabor Bajko

IPC分类号： H04H20/74 ,  H04L12/28 ,  H04B7/00 ,  H04W4/00

CPC分类号： H04W48/14 ,  H04W48/16 ,  H04W84/12

摘要： Method, apparatus, and computer program product embodiments of the invention are disclosed to improve the discovery of wireless networks having desired service offerings. In example embodiments of the invention, a method comprises: determining whether to perform passive or active scanning; transmitting a wireless generic advertisement service request specifying one or more required characteristics of a transmitting device, if the determination is to perform active scanning; passively listening for one or more wireless generic advertisement service responses sent to a broadcast address by one or more wireless devices, the responses including one or more required characteristics of a passive listening device, if the determination is to perform passive scanning; and receiving one or more wireless generic advertisement service responses sent to a broadcast address by one or more wireless devices having the characteristics specified in the transmitted request.

摘要翻译： 公开了本发明的方法，装置和计算机程序产品实施例，以改进具有所需服务提供的无线网络的发现。 在本发明的示例实施例中，一种方法包括：确定是否执行被动或主动扫描; 如果确定要执行主动扫描，则发送指定发送设备的一个或多个所需特征的无线通用广告服务请求; 如果确定要执行被动扫描，则被动地监听由一个或多个无线设备发送到广播地址的一个或多个无线通用广告服务响应，所述响应包括被动收听设备的一个或多个所需特征; 以及接收由具有所发送的请求中指定的特征的一个或多个无线设备发送到广播地址的一个或多个无线通用广告服务响应。

公开(公告)号：US20130078985A1

公开(公告)日：2013-03-28

申请号：US13700619

申请日：2010-05-28

申请人： Teemu Ilmari Savolainen ,  Gabor Bajko

发明人： Teemu Ilmari Savolainen ,  Gabor Bajko

IPC分类号： H04W48/18

CPC分类号： H04W48/18 ,  H04L29/12952 ,  H04L29/12971 ,  H04L61/6077 ,  H04L61/6086 ,  H04W8/26 ,  H04W88/06

摘要： A method and apparatus are provided for determining a network interface preference policy. An example method may include determining a network address family preference policy signaled to a host apparatus by an access point for a first network interface. The example method may additionally include selecting an interface from the first network interface and a second network interface for network traffic of the host apparatus based at least in part on the signaled preference policy. A corresponding apparatus is also provided.

摘要翻译： 提供了一种用于确定网络接口偏好策略的方法和装置。 示例性方法可以包括通过第一网络接口的接入点来确定向主机设备发信号的网络地址族偏好策略。 示例性方法可以另外包括至少部分地基于所述信号偏好策略从所述第一网络接口选择接口和用于所述主机设备的网络业务的第二网络接口。 还提供了相应的装置。

公开(公告)号：US08259692B2

公开(公告)日：2012-09-04

申请号：US12172153

申请日：2008-07-11

申请人： Gabor Bajko

发明人： Gabor Bajko

IPC分类号： H04W4/04

CPC分类号： H04W64/00 ,  H04W4/043

摘要： Positioning and/or navigation of an electronic device within a building when GPS signals are unavailable is provided. The electronic device scans for available Wireless Local Area Network (WLAN) Access Points (APs) upon, e.g., entering a building. The electronic device detects a signal (e.g., beacon) from at least one available WLAN AP, whereupon the electronic device retrieves the indoor location of the available WLAN AP. The location information can be directly downloaded from the WLAN AP while in state-1 via, e.g., a Native Query Protocol which includes an extension to currently defined Native Query info elements that returns location information. Alternatively, the Media Access Control (MAC) address of the WLAN AP can be read from the beacon signal, which is then used to retrieve the location of the WLAN AP from an associated database. Additionally, various embodiments may be implemented with or via a mapping application or service, where the mapping application is able to display any floor's floor plan of a building and determine/obtain the position of the electronic device inside the building relative to the floor plan.

摘要翻译： 提供GPS信号不可用时，建筑物内电子设备的定位和/或导航。 电子设备例如在进入建筑物时扫描可用的无线局域网（WLAN）接入点（AP）。 电子设备检测来自至少一个可用的WLAN AP的信号（例如，信标），于是电子装置检索可用的WLAN AP的室内位置。 该位置信息可以从WLAN AP直接下载，而在通过，例如，目前以限定的原生查询协议，它包括一个扩展原生查询信息元素状态-1，返回的位置信息。 可替换地，WLAN AP的媒体接入控制（MAC）地址可以从信标信号，然后将其用于从相关联的数据库中检索WLAN AP的位置来读出。 另外，各种实施例可以通过映射应用或服务来实现，其中映射应用能够显示建筑物的任何楼层的平面图，并且相对于平面图确定/获得建筑物内的电子设备的位置。

公开(公告)号：US20120072976A1

公开(公告)日：2012-03-22

申请号：US13234906

申请日：2011-09-16

申请人： Basavaraj Patil ,  Gabor Bajko

发明人： Basavaraj Patil ,  Gabor Bajko

IPC分类号： H04L9/00 ,  G06F15/16

CPC分类号： H04W12/06 ,  H04L63/162 ,  H04L63/164 ,  H04L63/166 ,  H04W48/14

摘要： A secure network access point transmits a beacon transmission. A user device receiving it determines it does not have credentials necessary to attach with the secure network access point oint, and so a preliminary association is formed between the user device and the secure network access point. During the preliminary association, the user device receives or creates credentials necessary to associate with the secure network access point, forms an association with the secure network access point using the received or created credentials, and obtains internet connectivity via the secure network access point. In this embodiment there is only the secure network access point, but in another embodiment there is also a non-secure network access point which transmits a beacon using the same SSID as the secure network access point, and the preliminary association is with the non-secure network access point.

摘要翻译： 安全网络接入点发送信标传输。 接收它的用户设备确定它不具有附加安全网络接入点软件所必需的凭证，因此在用户设备和安全网络接入点之间形成初步关联。 在初步关联期间，用户设备接收或创建与安全网络接入点关联所必需的凭证，使用接收或创建的证书与安全网络接入点形成关联，并且经由安全网络接入点获得互联网连接。 在该实施例中，仅存在安全网络接入点，但是在另一实施例中，还存在使用与安全网络接入点相同的SSID发送信标的非安全网络接入点， 安全网络接入点。

公开(公告)号：US08087069B2

公开(公告)日：2011-12-27

申请号：US11232494

申请日：2005-09-21

申请人： Gabor Bajko ,  Tat Keung Chan

发明人： Gabor Bajko ,  Tat Keung Chan

IPC分类号： G06F7/04

CPC分类号： H04L9/0844 ,  H04L9/3271 ,  H04L63/08 ,  H04L63/14 ,  H04L63/1466 ,  H04L63/20 ,  H04L63/205 ,  H04L69/18 ,  H04L2209/80

摘要： In one exemplary and non-limiting aspect thereof this invention provides a method to execute a bootstrapping procedure between a node, such as a MN, and a wireless network (WN). The method includes sending the WN a first message that contains a list of authentication mechanisms supported by the MN; determining in the WN an authentication mechanism to be used for bootstrapping, based at least on the list received from the MN, and including in a first response message to the MN information pertaining to the determined authentication mechanism; and sending a second message to the WN that is at least partially integrity, the second message containing the list of authentication mechanisms that the MN supports in an integrity protected form. If authentication is successful, and if the list received in the second message matches the list received in the first message, the method further includes responding to the MN with a second response message that is at least partially integrity protected, where the second response message contains an indication of the selected authentication mechanism in an integrity protected form; and receiving the successful response message and verifying that the authentication mechanism used by the MN matches the authentication mechanism selected by the WN.

摘要翻译： 在其一个示例性和非限制性方面，本发明提供了一种在诸如MN的节点与无线网络（WN）之间执行自举过程的方法。 该方法包括向WN发送包含由MN支持的认证机制的列表的第一消息; 至少基于从MN接收到的列表，在WN中确定要用于引导的认证机制，并且在与所确定的认证机制有关的MN的第一响应消息中包括MN信息; 以及向所述WN发送至少部分完整性的第二消息，所述第二消息包含所述MN以完整性保护形式支持的认证机制的列表。 如果认证成功，并且如果在第二消息中接收到的列表与第一消息中接收的列表匹配，则该方法还包括用至少部分完整性保护的第二响应消息来响应MN，其中第二响应消息包含 所选认证机制以完整性保护形式的指示; 并且接收到成功的响应消息并且验证由MN使用的认证机制与由WN选择的认证机制相匹配。