公开(公告)号：US08769611B2

公开(公告)日：2014-07-01

申请号：US12131039

申请日：2008-05-31

申请人： Vidya Narayanan ,  Fatih Ulupinar ,  Jun Wang ,  Lakshminath Reddy Dondeti ,  Raymond Tah-Sheng Hsu

发明人： Vidya Narayanan ,  Fatih Ulupinar ,  Jun Wang ,  Lakshminath Reddy Dondeti ,  Raymond Tah-Sheng Hsu

IPC分类号： G06F7/04

CPC分类号： H04L63/06 ,  H04L9/0836 ,  H04L2209/76 ,  H04L2209/80 ,  H04W12/04 ,  H04W12/06 ,  H04W80/04 ,  H04W88/02

摘要： A method is provided for securing a PMIP tunnel between a serving gateway and a new access node through which an access terminal communicates. A PMIP key hierarchy unique to each access terminal is maintained by the gateway. The gateway uses a first node key to secure PMIP tunnels when authentication of the access terminal has been performed. A PMIP key is generated based on the first node key and the PMIP key is sent to the new access node to assist in establishing and securing a PMIP tunnel between the gateway and the new access node. Otherwise, when authentication of the access terminal has not been performed, the gateway generates a second node key and sends it to an intermediary network node which then generates and sends a PMIP key to the new access node. This second key is then used to secure the PMIP tunnel.

摘要翻译： 提供了一种用于保护服务网关和接入终端通过的新接入节点之间的PMIP隧道的方法。 每个接入终端唯一的PMIP密钥层级由网关维护。 当已经执行接入终端的认证时，网关使用第一节点密钥来保护PMIP隧道。 基于第一节点密钥生成PMIP密钥，并将PMIP密钥发送到新的接入节点，以协助建立和保护网关与新接入节点之间的PMIP隧道。 否则，当接入终端的认证尚未被执行时，网关生成第二节点密钥并将其发送到中间网络节点，然后生成PMIP密钥并将其发送到新的接入节点。 然后第二个密钥用于保护PMIP隧道。

公开(公告)号：US08145905B2

公开(公告)日：2012-03-27

申请号：US12113860

申请日：2008-05-01

申请人： Ravindra Patwardhan ,  Fatih Ulupinar ,  Jun Wang ,  Lakshminath Reddy Dondeti ,  Parag Arun Agashe ,  Peerapol Tinnakornsrisuphap ,  Raymond Tah-Sheng Hsu ,  Vidya Narayanan

发明人： Ravindra Patwardhan ,  Fatih Ulupinar ,  Jun Wang ,  Lakshminath Reddy Dondeti ,  Parag Arun Agashe ,  Peerapol Tinnakornsrisuphap ,  Raymond Tah-Sheng Hsu ,  Vidya Narayanan

IPC分类号： H04L29/06

CPC分类号： H04L63/06 ,  H04L63/08 ,  H04L63/105 ,  H04W12/04 ,  H04W12/06

摘要： Disclosed is a method for multiple EAP-based authentications in a wireless communication system. In the method, a first master session key (MSK) is generated in a first EAP-based authentication for a first-type access. A first temporal session key (TSK) is generated from the first master session key (MSK). A second EAP-based authentication is performed, using the first temporal session key (TSK), for a second-type access. First-type access and second-type access are provided after the first and second EAP-based authentications are successfully completed.

摘要翻译： 公开了一种在无线通信系统中用于多个基于EAP的认证的方法。 在该方法中，在第一类型访问的第一基于EAP的认证中生成第一主会话密钥（MSK）。 从第一主会话密钥（MSK）生成第一时间会话密钥（TSK）。 使用第一时间会话密钥（TSK）对第二类型访问执行第二基于EAP的认证。 在第一次和第二次基于EAP的验证成功完成后提供第一类访问和第二类访问。

公开(公告)号：US20080298595A1

公开(公告)日：2008-12-04

申请号：US12131039

申请日：2008-05-31

申请人： Vidya Narayanan ,  Fatih Ulupinar ,  Jun Wang ,  Lakshminath Reddy Dondeti ,  Raymond Tah-Sheng Hsu

发明人： Vidya Narayanan ,  Fatih Ulupinar ,  Jun Wang ,  Lakshminath Reddy Dondeti ,  Raymond Tah-Sheng Hsu

IPC分类号： H04L9/14

CPC分类号： H04L63/06 ,  H04L9/0836 ,  H04L2209/76 ,  H04L2209/80 ,  H04W12/04 ,  H04W12/06 ,  H04W80/04 ,  H04W88/02

摘要： A method is provided for securing a PMIP tunnel between a serving gateway and a new access node through which an access terminal communicates. A PMIP key hierarchy unique to each access terminal is maintained by the gateway. The gateway uses a first node key to secure PMIP tunnels when authentication of the access terminal has been performed. A PMIP key is generated based on the first node key and the PMIP key is sent to the new access node to assist in establishing and securing a PMIP tunnel between the gateway and the new access node. Otherwise, when authentication of the access terminal has not been performed, the gateway generates a second node key and sends it to an intermediary network node which then generates and sends a PMIP key to the new access node. This second key is then used to secure the PMIP tunnel.

摘要翻译： 提供了一种用于保护服务网关和接入终端通过的新接入节点之间的PMIP隧道的方法。 每个接入终端唯一的PMIP密钥层级由网关维护。 当已经执行接入终端的认证时，网关使用第一节点密钥来保护PMIP隧道。 基于第一节点密钥生成PMIP密钥，并将PMIP密钥发送到新的接入节点，以协助建立和保护网关与新接入节点之间的PMIP隧道。 否则，当接入终端的认证尚未被执行时，网关生成第二节点密钥并将其发送到中间网络节点，然后生成PMIP密钥并将其发送到新的接入节点。 然后第二个密钥用于保护PMIP隧道。

公开(公告)号：US20080294897A1

公开(公告)日：2008-11-27

申请号：US12113860

申请日：2008-05-01

申请人： Ravindra Patwardhan ,  Fatih Ulupinar ,  Jun Wang ,  Lakshminath Reddy Dondeti ,  Parag Arun Agashe ,  Peerapol Tinnakornsrisuphap ,  Raymond Tah-Sheng Hsu ,  Vidya Narayanan

发明人： Ravindra Patwardhan ,  Fatih Ulupinar ,  Jun Wang ,  Lakshminath Reddy Dondeti ,  Parag Arun Agashe ,  Peerapol Tinnakornsrisuphap ,  Raymond Tah-Sheng Hsu ,  Vidya Narayanan

IPC分类号： H04L9/00

CPC分类号： H04L63/06 ,  H04L63/08 ,  H04L63/105 ,  H04W12/04 ,  H04W12/06

摘要： Disclosed is a method for multiple EAP-based authentications in a wireless communication system. In the method, a first master session key (MSK) is generated in a first EAP-based authentication for a first-type access. A first temporal session key (TSK) is generated from the first master session key (MSK). A second EAP-based authentication is performed, using the first temporal session key (TSK), for a second-type access. First-type access and second-type access are provided after the first and second EAP-based authentications are successfully completed.

摘要翻译： 公开了一种在无线通信系统中用于多个基于EAP的认证的方法。 在该方法中，在第一类型访问的第一基于EAP的认证中生成第一主会话密钥（MSK）。 从第一主会话密钥（MSK）生成第一时间会话密钥（TSK）。 使用第一时间会话密钥（TSK）对第二类型访问执行第二基于EAP的认证。 在第一次和第二次基于EAP的验证成功完成后提供第一类访问和第二类访问。

公开(公告)号：US08406237B2

公开(公告)日：2013-03-26

申请号：US11941873

申请日：2007-11-16

申请人： Fatih Ulupinar ,  Jun Wang ,  Parag Arun Agashe ,  Raymond Tah-Sheng Hsu ,  Vidya Narayanan

发明人： Fatih Ulupinar ,  Jun Wang ,  Parag Arun Agashe ,  Raymond Tah-Sheng Hsu ,  Vidya Narayanan

IPC分类号： H04L12/28

CPC分类号： H04W8/04 ,  H04W8/085 ,  H04W8/26 ,  H04W60/00

摘要： A method for implementing proxy mobile Internet protocol (PMIP) in mobile IP foreign agent care-of-address mode may include determining a home address of an access terminal. The method may also include communicating with a home agent in order to bind an address of the network node with the home address of the access terminal and establish a tunnel between the network node and the home agent. The method may also include receiving first packets destined for the access terminal from the home agent via the tunnel and sending the first packets to the access terminal. The method may also include receiving second packets sent by the access terminal that are destined for a correspondent node and sending the second packets to the home agent via the tunnel.

摘要翻译： 用于在移动IP异地转交地址模式中实现代理移动因特网协议（PMIP）的方法可以包括确定接入终端的归属地址。 该方法还可以包括与归属代理进行通信，以便将网络节点的地址与接入终端的归属地址进行绑定，并在网络节点和归属代理之间建立隧道。 该方法还可以包括经由隧道从归属代理接收去往接入终端的第一分组，并将第一分组发送到接入终端。 该方法还可以包括接收由接入终端发送的目的地为通信节点的第二分组，并经由隧道向归属代理发送第二分组。

公开(公告)号：US20080159227A1

公开(公告)日：2008-07-03

申请号：US11941873

申请日：2007-11-16

申请人： Fatih Ulupinar ,  Jun Wang ,  Parag Arun Agashe ,  Raymond Tah-Sheng Hsu ,  Vidya Narayanan

发明人： Fatih Ulupinar ,  Jun Wang ,  Parag Arun Agashe ,  Raymond Tah-Sheng Hsu ,  Vidya Narayanan

IPC分类号： H04Q7/00

CPC分类号： H04W8/04 ,  H04W8/085 ,  H04W8/26 ,  H04W60/00

摘要： A method for implementing proxy mobile Internet protocol (PMIP) in mobile IP foreign agent care-of-address mode may include determining a home address of an access terminal. The method may also include communicating with a home agent in order to bind an address of the network node with the home address of the access terminal and establish a tunnel between the network node and the home agent. The method may also include receiving first packets destined for the access terminal from the home agent via the tunnel and sending the first packets to the access terminal. The method may also include receiving second packets sent by the access terminal that are destined for a correspondent node and sending the second packets to the home agent via the tunnel.

摘要翻译： 用于在移动IP异地转交地址模式中实现代理移动因特网协议（PMIP）的方法可以包括确定接入终端的归属地址。 该方法还可以包括与归属代理进行通信，以便将网络节点的地址与接入终端的归属地址进行绑定，并在网络节点和归属代理之间建立隧道。 该方法还可以包括经由隧道从归属代理接收去往接入终端的第一分组，并将第一分组发送到接入终端。 该方法还可以包括接收由接入终端发送的目的地为通信节点的第二分组，并经由隧道向归属代理发送第二分组。

公开(公告)号：US20080310335A1

公开(公告)日：2008-12-18

申请号：US12136684

申请日：2008-06-10

申请人： Jun Wang ,  Peerapol Tinnakornsrisuphap ,  Raymond Tah-Sheng Hsu ,  Fatih Ulupinar

发明人： Jun Wang ,  Peerapol Tinnakornsrisuphap ,  Raymond Tah-Sheng Hsu ,  Fatih Ulupinar

IPC分类号： H04Q7/00

CPC分类号： H04L12/14 ,  H01L2924/00013 ,  H04L12/1403 ,  H04M15/41 ,  H04M15/65 ,  H04M2215/204 ,  H04W4/24 ,  H01L2224/29099

摘要： In a converged communication network, IP data packet services are provided by a core network to access terminals via radio access nodes (RAN). By positioning accounting report triggering closer to the usage, accuracy and comprehensive of accounting is achieved, which can also reduce overhead burdens on the core network. Additional responsibility is given to an access gateway (AGW) between an enhanced base station (eBS) of the RAN and the core network that can reduce the volume and increase the accuracy of accounting message traffic to an authentication, authorization and accounting (AAA) server of the core network. The AGW informs the eBS of accounting rules to be used in making air link records that are merged and formatted in accordance with an accounting protocol for sending to the AAA server, to address duration and volume based accounting needs, postpaid and prepaid accounting types, and user, service and flow based accounting categories.

摘要翻译： 在融合通信网络中，IP数据分组业务由核心网提供，经由无线接入节点（RAN）接入终端。 通过定位会计报告更接近于使用，实现了会计的准确性和综合性，从而减轻了核心网络的负担。 对RAN的增强型基站（eBS）和核心网络之间的接入网关（AGW）进行额外的责任，能够减少认证，授权和计费（AAA）服务器的计费消息流量的容量并提高其准确性 的核心网络。 AGW通知会计规则的eBS，用于根据用于发送到AAA服务器的会计协议来合并和格式化空中链路记录，解决持续时间和基于卷的会计需求，后付费和预付费会计类型，以及 用户，服务和流程的会计类别。

公开(公告)号：US20080313332A1

公开(公告)日：2008-12-18

申请号：US12136584

申请日：2008-06-10

申请人： Jun Wang ,  Fatih Ulupinar ,  Peerapol Tinnakornsrisuphap ,  Raymond Tah-Sheng Hsu

发明人： Jun Wang ,  Fatih Ulupinar ,  Peerapol Tinnakornsrisuphap ,  Raymond Tah-Sheng Hsu

IPC分类号： G06F15/16

CPC分类号： H04L12/4633 ,  H04W8/04 ,  H04W60/06 ,  H04W76/30 ,  H04W80/045 ,  H04W88/182

摘要： A method for resource management in a communication network may include monitoring whether a Proxy Mobile Internet Protocol (PMIP) tunnel between a network entity and another network entity is still needed. The method may also include detecting an event which indicates that the PMIP tunnel is no longer needed. The method may also include cleaning resources of the network entity that support the PMIP tunnel.

摘要翻译： 通信网络中的资源管理方法可以包括监视是否仍然需要网络实体与另一网络实体之间的代理移动因特网协议（PMIP）隧道。 该方法还可以包括检测指示不再需要PMIP隧道的事件。 该方法还可以包括清理支持PMIP隧道的网络实体的资源。

公开(公告)号：US08155620B2

公开(公告)日：2012-04-10

申请号：US12136684

申请日：2008-06-10

申请人： Jun Wang ,  Peerapol Tinnakornsrisuphap ,  Raymond Tah-Sheng Hsu ,  Fatih Ulupinar

发明人： Jun Wang ,  Peerapol Tinnakornsrisuphap ,  Raymond Tah-Sheng Hsu ,  Fatih Ulupinar

IPC分类号： G06F15/16

CPC分类号： H04L12/14 ,  H01L2924/00013 ,  H04L12/1403 ,  H04M15/41 ,  H04M15/65 ,  H04M2215/204 ,  H04W4/24 ,  H01L2224/29099

摘要： In a converged communication network, IP data packet services are provided by a core network to access terminals via radio access nodes (RAN). By positioning accounting report triggering closer to the usage, accuracy and comprehensive of accounting is achieved, which can also reduce overhead burdens on the core network. Additional responsibility is given to an access gateway (AGW) between an enhanced base station (eBS) of the RAN and the core network that can reduce the volume and increase the accuracy of accounting message traffic to an authentication, authorization and accounting (AAA) server of the core network. The AGW informs the eBS of accounting rules to be used in making air link records that are merged and formatted in accordance with an accounting protocol for sending to the AAA server, to address duration and volume based accounting needs, postpaid and prepaid accounting types, and user, service and flow based accounting categories.

摘要翻译： 在融合通信网络中，IP数据分组业务由核心网提供，经由无线接入节点（RAN）接入终端。 通过定位会计报告更接近于使用，实现了会计的准确性和综合性，从而减轻了核心网络的负担。 对RAN的增强型基站（eBS）和核心网络之间的接入网关（AGW）进行额外的责任，能够减少认证，授权和计费（AAA）服务器的计费消息流量的容量并提高其准确性 的核心网络。 AGW通知会计规则的eBS，用于根据用于发送到AAA服务器的会计协议来合并和格式化空中链路记录，解决持续时间和基于卷的会计需求，后付费和预付费会计类型，以及 用户，服务和流程的会计类别。

公开(公告)号：US08792646B2

公开(公告)日：2014-07-29

申请号：US12055200

申请日：2008-03-25

申请人： Peerapol Tinnakornsrisuphap ,  Fatih Ulupinar ,  Parag Arun Agashe ,  Ravindra Patwardhan ,  Rajat Prakash ,  Vidya Narayanan

发明人： Peerapol Tinnakornsrisuphap ,  Fatih Ulupinar ,  Parag Arun Agashe ,  Ravindra Patwardhan ,  Rajat Prakash ,  Vidya Narayanan

IPC分类号： H04L9/08 ,  H04L29/06 ,  H04W12/04

CPC分类号： H04L9/0833 ,  H04L12/189 ,  H04L63/062 ,  H04L63/065 ,  H04W12/04 ,  H04W88/08

摘要： A novel group key distribution and management scheme for broadcast message security is provided that allows an access terminal to send a single copy of a broadcast message encrypted with a group key. Access nodes that are members of an active set of access nodes for the access terminal may decrypt and understand the message. The group key is generated and distributed by the access terminal to the access nodes in its active set using temporary unicast keys to secure the group key during distribution. A new group key is provided every time an access node is removed from the active set of access nodes for the access terminal.

摘要翻译： 提供了一种用于广播消息安全性的新颖的组密钥分配和管理方案，其允许接入终端发送用组密钥加密的广播消息的单个副本。 作为接入终端的有效的接入节点组的成员的接入节点可以解密和理解消息。 组密钥由接入终端使用临时单播密钥生成并分发给其活动集中的接入节点，以在分发期间保护组密钥。 每次从接入终端的活动接入节点集中移除接入节点时，都会提供一个新的组密钥。