-
1.发明授权公开(公告)号:US08724812B2
公开(公告)日:2014-05-13
申请号:US12983067
申请日:2010-12-31
IPC分类号: H04L9/08
CPC分类号: H04W12/04 , H04L63/045 , H04L63/061 , H04L63/0807 , H04L63/0823 , H04W12/06
摘要: Methods for establishing secure point-to-point communications in a trunked radio system include receiving, at a trunking controller, a request from a source endpoint for a traffic channel for confidential communications between the source endpoint and a destination endpoint using a shared unique first symmetric key. The trunking controller provides keying material related to the symmetric key over the secured control channel to at least one of the source or destination endpoints and assigns a traffic channel. Moreover, in response to the request, the controller assigns a traffic channel. The keying material enables the unique first symmetric key to be securely established between the source and destination endpoints.
摘要翻译: 用于在集群无线电系统中建立安全点对点通信的方法包括在中继控制器处,使用共享唯一的第一对称来在源端点和目的地端点之间接收来自源端点的业务信道的业务信道的请求 键。 中继控制器将与安全控制信道上的对称密钥相关的密钥材料提供给源端点或目的端点中的至少一个,并分配业务信道。 此外,响应于该请求,控制器分配业务信道。 密钥材料使得能够在源端点和目的端点之间安全地建立唯一的第一对称密钥。
-
公开(公告)号:US20110154024A1
公开(公告)日:2011-06-23
申请号:US12644977
申请日:2009-12-22
申请人: Ananth Ignaci , Adam C. Lewis , Anthony R. Metke
发明人: Ananth Ignaci , Adam C. Lewis , Anthony R. Metke
IPC分类号: H04L29/06
CPC分类号: H04L63/102 , H04L9/3268 , H04L63/0823
摘要: A certificate authority selection unit implements a method for selecting one of a plurality of certificate authorities servicing a plurality of administrative domains in a communication system. The method includes: receiving, from an end-entity via an interface, a certificate service request associated with an identifier; selecting, based on the identifier, one of the plurality of administrative domains in the communication system, wherein the plurality of administrative domains are serviced by a plurality of certificate authorities; retrieving a security profile for the end-entity; and selecting, based on the security profile for the end-entity, one of the plurality of certificate authorities to process the certificate service request.
摘要翻译: 认证机构选择单元实现在通信系统中选择服务于多个管理域的多个证书机构中的一个的方法。 该方法包括:从终端实体经由接口接收与标识符相关联的证书服务请求; 基于所述标识符来选择所述通信系统中的所述多个管理域中的一个,其中所述多个管理域由多个证书颁发机构提供服务; 检索终端实体的安全配置文件; 以及基于所述终端实体的安全简档来选择所述多个证书颁发机构之一来处理所述证书服务请求。
-
公开(公告)号:US08327424B2
公开(公告)日:2012-12-04
申请号:US12644977
申请日:2009-12-22
申请人: Ananth Ignaci , Adam C. Lewis , Anthony R. Metke
发明人: Ananth Ignaci , Adam C. Lewis , Anthony R. Metke
IPC分类号: H04L29/06
CPC分类号: H04L63/102 , H04L9/3268 , H04L63/0823
摘要: A certificate authority selection unit implements a method for selecting one of a plurality of certificate authorities servicing a plurality of administrative domains in a communication system. The method includes: receiving, from an end-entity via an interface, a certificate service request associated with an identifier; selecting, based on the identifier, one of the plurality of administrative domains in the communication system, wherein the plurality of administrative domains are serviced by a plurality of certificate authorities; retrieving a security profile for the end-entity; and selecting, based on the security profile for the end-entity, one of the plurality of certificate authorities to process the certificate service request.
摘要翻译: 认证机构选择单元实现在通信系统中选择服务于多个管理域的多个证书机构中的一个的方法。 该方法包括:从终端实体经由接口接收与标识符相关联的证书服务请求; 基于所述标识符来选择所述通信系统中的所述多个管理域中的一个,其中所述多个管理域由多个证书颁发机构提供服务; 检索终端实体的安全配置文件; 以及基于所述终端实体的安全简档来选择所述多个证书颁发机构中的一个以处理所述证书服务请求。
-
公开(公告)号:US20090161590A1
公开(公告)日:2009-06-25
申请号:US11959893
申请日:2007-12-19
IPC分类号: H04H20/71
CPC分类号: H04L12/185 , H04L12/1836 , H04L12/189 , H04L12/4641 , H04L63/0272 , H04L65/4076 , H04L65/605
摘要: An apparatus and method for multicast data stream selection in a communication system includes a first step 300 of providing an intermediate server between a service entity and mobile clients. A next step 302 includes receiving a join request from a mobile client. A next step 304 includes deriving subgroups with each subgroup having at least one associated multicast data stream. A next step 310 includes deriving subgroup outer tunnels. A next step 316 includes encoding different data streams for the associated subgroups. A next step 320 includes mapping each data stream to the respective outer tunnels for each subgroup. A next step 322 includes sourcing the mapped streams to each subgroup. A next step 324 includes converting the mapped streams to a form that can be recognized by the mobile clients.
摘要翻译: 用于通信系统中的组播数据流选择的装置和方法包括在服务实体和移动客户端之间提供中间服务器的第一步骤300。 下一步骤302包括从移动客户端接收加入请求。 下一步骤304包括导出子组,其中每个子组具有至少一个关联的多播数据流。 下一步骤310包括导出子组外部隧道。 下一步骤316包括对相关联的子组编码不同的数据流。 下一步骤320包括将每个数据流映射到每个子组的相应外部隧道。 下一步骤322包括将映射的流源发送到每个子组。 下一步骤324包括将映射的流转换成可由移动客户端识别的形式。
-
公开(公告)号:US08379623B2
公开(公告)日:2013-02-19
申请号:US11775307
申请日:2007-07-10
CPC分类号: H04L12/1836 , H04L12/185 , H04L63/0272 , H04W80/045
摘要: A method (200, 300, 400) of communicating an IPv6 packet (120) over an IPv4 based network (102). The method can include receiving the IPv6 packet to be communicated to a remote unit (104), encapsulating the IPv6 packet in an IPv4 transition packet (122), and communicating the IPv4 transition packet to an IPv4 MVPN (114) server configured to communicate the packet to the remote unit via infrastructure of an IPv4 radio access network. Another aspect of the present invention relates to a method of processing an IPv6 packet received over an IPv4 based network. The method can include receiving from an MVPN server an IPv4 formatted packet that is being communicated to a remote unit, and removing from the packet at least one IPv4 header to result in the packet being formatted in accordance with IPv6.
摘要翻译: 一种在基于IPv4的网络(102)上传送IPv6分组(120)的方法(200,300,400)。 该方法可以包括接收要传送到远程单元(104)的IPv6分组,将IPv6分组封装在IPv4转换分组(122)中,以及将IPv4转换分组传送到被配置为传送该IPv4转发分组的IPv4 MVPN(114)服务器 通过IPv4无线电接入网络的基础设施将数据包分组到远程单元。 本发明的另一方面涉及一种处理通过基于IPv4的网络接收的IPv6分组的方法。 该方法可以包括从MVPN服务器接收正在传送到远程单元的IPv4格式的分组,以及从分组移除至少一个IPv4报头以导致根据IPv6格式化分组。
-
6.发明申请METHOD FOR ENABLING MULTICAST TRAFFIC FLOWS OVER HYBRID MULTICAST CAPABLE AND NON-MULTICAST CAPABLE RADIO ACCESS NETWORKS (RANS) 审中-公开用于实现混合多播通道和非多播能力无线接入网络(RANS)的多播业务流量的方法公开(公告)号:US20090036152A1
公开(公告)日:2009-02-05
申请号:US11831485
申请日:2007-07-31
IPC分类号: H04B7/26
CPC分类号: H04L12/189 , H04L12/1836
摘要: A method for multicast packet communication by mobile entities (113) using one or more radio access networks (RANs) (107, 109, 111) that include receiving a multicast message at a router (105) and then determining multicast capabilities of a mobile entity (ME) (113). An optimal multicast delivery mode is selected for delivering a multicast message to the ME (113) at the radio access network (107, 109, 111). The multicast message is then delivered to the ME (113) at the radio access network (107, 109, 111) according to the selected delivery mode.
摘要翻译: 一种用于使用一个或多个无线电接入网络(RAN)(107,109,111)的移动实体(113)进行组播分组通信的方法,包括在路由器(105)处接收多播消息,然后确定移动实体的多播能力 (ME)(113)。 在无线接入网络(107,109,111)选择最佳组播递送模式以将多播消息传送到ME(113)。 然后根据所选择的传递模式,将多播消息传送到无线电接入网络(107,109,111)处的ME(113)。
-
公开(公告)号:US08677114B2
公开(公告)日:2014-03-18
申请号:US11619878
申请日:2007-01-04
申请人: Adam C. Lewis , George Popovich , Peter E. Thomas
发明人: Adam C. Lewis , George Popovich , Peter E. Thomas
CPC分类号: H04L63/0485 , H04L63/0227 , H04L63/04 , H04L63/164
摘要: Techniques are provided for enabling application steering/blocking in a secure network which includes a network entity, and a first tunnel endpoint coupled to the network entity over an encrypted tunnel. The first tunnel endpoint associates at least a first Security Parameter Index (SPI) to a first application identifier to generate first mapping information (MI), communicates the first MI to the network entity, and transmits an encrypted message to the network entity over the encrypted tunnel. The encrypted message includes an encrypted packet and an unencrypted header including the first SPI. The network entity determines the first SPI from the unencrypted header, determines the first application identifier based on the first SPI and the first MI, and identifies a first application associated with the first application identifier. The network entity can still perform application steering/blocking even though traffic passing through the tunnel is encrypted.
摘要翻译: 提供技术用于在包括网络实体的安全网络中实现应用导向/阻塞,以及通过加密隧道耦合到网络实体的第一隧道端点。 所述第一隧道端点将至少第一安全参数索引(SPI)与第一应用标识符相关联以生成第一映射信息(MI),将所述第一MI传送到所述网络实体,并且通过所述加密的消息向所述网络实体发送加密消息 隧道。 加密消息包括加密分组和包括第一SPI的未加密报头。 网络实体从未加密报头确定第一SPI,基于第一SPI和第一MI确定第一应用标识符,并识别与第一应用标识符相关联的第一应用。 即使通过隧道的流量被加密,网络实体仍然可以执行应用程序转向/阻塞。
-
8.发明授权公开(公告)号:US08001381B2
公开(公告)日:2011-08-16
申请号:US12037516
申请日:2008-02-26
申请人: Anthony E. Metke , Adam C. Lewis , George Popovich
发明人: Anthony E. Metke , Adam C. Lewis , George Popovich
CPC分类号: H04W12/06 , G06F21/445 , G06F2221/2129 , H04L9/3273 , H04L63/061 , H04L63/0823 , H04L63/0869 , H04L2209/80 , H04W84/18
摘要: A method as provided enables mutual authentication of nodes in a wireless communication network. The method includes processing at a first node a beacon message received from a second node, wherein the beacon message comprises a first nonce value (step 405). An association request message comprising a certificate of the first node, a first signed block of authentication data, and a second nonce value is then transmitted from the first node to the second node (step 410). The second node can then verify a signature of the certificate of the first node and verify a signature of the first signed block of authentication data. An association reply message received from the second node is then processed at the first node (step 415), whereby the first node verifies a signature of a certificate of the second node and verifies a signature of a second signed block of authentication data.
摘要翻译: 所提供的方法能够实现无线通信网络中的节点的相互认证。 该方法包括在第一节点处处理从第二节点接收的信标消息,其中信标消息包括第一随机值(步骤405)。 然后从第一节点向第二节点发送包括第一节点的证书,第一有符号的认证数据块和第二随机数值的关联请求消息(步骤410)。 然后,第二节点可以验证第一节点的证书的签名并验证第一签名的认证数据块的签名。 然后在第一节点处处理从第二节点接收到的关联应答消息(步骤415),由此第一节点验证第二节点的证书的签名并验证第二签名的认证数据块的签名。
-
9.发明申请公开(公告)号:US20090217043A1
公开(公告)日:2009-08-27
申请号:US12037516
申请日:2008-02-26
申请人: Anthony E. Metke , Adam C. Lewis , George Popovich
发明人: Anthony E. Metke , Adam C. Lewis , George Popovich
IPC分类号: H04L9/14
CPC分类号: H04W12/06 , G06F21/445 , G06F2221/2129 , H04L9/3273 , H04L63/061 , H04L63/0823 , H04L63/0869 , H04L2209/80 , H04W84/18
摘要: A method as provided enables mutual authentication of nodes in a wireless communication network. The method includes processing at a first node a beacon message received from a second node, wherein the beacon message comprises a first nonce value (step 405). An association request message comprising a certificate of the first node, a first signed block of authentication data, and a second nonce value is then transmitted from the first node to the second node (step 410). The second node can then verify a signature of the certificate of the first node and verify a signature of the first signed block of authentication data. An association reply message received from the second node is then processed at the first node (step 415), whereby the first node verifies a signature of a certificate of the second node and verifies a signature of a second signed block of authentication data.
摘要翻译: 所提供的方法能够实现无线通信网络中的节点的相互认证。 该方法包括在第一节点处处理从第二节点接收的信标消息,其中信标消息包括第一随机值(步骤405)。 然后从第一节点向第二节点发送包括第一节点的证书,第一有符号的认证数据块和第二随机数值的关联请求消息(步骤410)。 然后,第二节点可以验证第一节点的证书的签名并验证第一签名的认证数据块的签名。 然后在第一节点处处理从第二节点接收到的关联应答消息(步骤415),由此第一节点验证第二节点的证书的签名并验证第二签名的认证数据块的签名。
-
公开(公告)号:US20090059788A1
公开(公告)日:2009-03-05
申请号:US11846756
申请日:2007-08-29
申请人: Yuri Granovsky , Uri Kogan , Michael Spivak , Adam C. Lewis , Christophe Beaujean , Vidya Narayanan , George Popovich
发明人: Yuri Granovsky , Uri Kogan , Michael Spivak , Adam C. Lewis , Christophe Beaujean , Vidya Narayanan , George Popovich
摘要: An intermediate device of a network includes network and transport layers, a dispatcher, a splitter and a connections database. The splitter intercepts a message packet in the network layer and modifies the network routing header and transport header of the message packet to form a modified message packet. The dispatcher receives modified message packets from the transport layer, recovers information from the message packets, passes the modified message packets back to the transport layer and adapts the transport layer to adapt communication dependent upon the information recovered from the message packets. The connections database stores the original source address, the original destination address, the original source port identifier and the original destination port identifier of an incoming message packet. A message packet is modified, with reference to the connections database, so that message packets from the first and second nodes are routed through the dispatcher.
摘要翻译: 网络的中间设备包括网络和传输层,调度器,分离器和连接数据库。 分离器拦截网络层中的消息包,并修改消息包的网络路由头和传输头,以形成修改的消息包。 调度员从传输层接收修改的消息包,从消息包中恢复信息,将修改的消息包传递回传输层,并根据从消息包中恢复的信息调整传输层以适应通信。 连接数据库存储输入消息包的原始源地址,原始目的地址,原始源端口标识符和原始目的地端口标识符。 参考连接数据库修改消息包,以便来自第一和第二个节点的消息包通过调度器进行路由。
-
-
-
-
-
-
-
-
-
搜索结果
22 条记录 (耗时 0.029 秒)
