-
1.发明授权公开(公告)号:US08948395B2
公开(公告)日:2015-02-03
申请号:US11843583
申请日:2007-08-22
CPC分类号: H04L63/062 , H04L9/0844 , H04L9/0891 , H04L2209/80 , H04L2463/061 , H04W12/04 , H04W36/08
摘要: A novel key management approach is provided for securing communication handoffs between and access terminal and two access points. This approach provides for securely handing off communications between an access terminal and access point without risking exposure a master key for the access terminal. Temporary master keys are derived for low latency handoffs and secure authentication between a new access point and the access terminal. In one aspect, a distributive key management scheme is provided in which a current access point generates a new security key (based on its own security key) that is used by the next access point with which an access terminal communicates. In another aspect, a centralized key management scheme is provided in which a central authenticator maintains, generates, and distributes new security keys (based on a master security key associated with the access terminal) to access points.
摘要翻译: 提供了一种新颖的密钥管理方法,用于保证接入终端与两个接入点之间的通信切换。 这种方法提供了安全地切断接入终端和接入点之间的通信,而不会冒着接入终端的主密钥的风险。 派生临时主密钥用于低延迟切换和新接入点与接入终端之间的安全认证。 一方面,提供一种分配密钥管理方案,其中当前接入点生成由接入终端与之通信的下一个接入点使用的新的安全密钥(基于其自身的安全密钥)。 在另一方面,提供一种集中式密钥管理方案,其中中央认证器维护,生成和分发新的安全密钥(基于与接入终端相关联的主安全密钥)到接入点。
-
公开(公告)号:US20080294897A1
公开(公告)日:2008-11-27
申请号:US12113860
申请日:2008-05-01
申请人: Ravindra Patwardhan , Fatih Ulupinar , Jun Wang , Lakshminath Reddy Dondeti , Parag Arun Agashe , Peerapol Tinnakornsrisuphap , Raymond Tah-Sheng Hsu , Vidya Narayanan
发明人: Ravindra Patwardhan , Fatih Ulupinar , Jun Wang , Lakshminath Reddy Dondeti , Parag Arun Agashe , Peerapol Tinnakornsrisuphap , Raymond Tah-Sheng Hsu , Vidya Narayanan
IPC分类号: H04L9/00
CPC分类号: H04L63/06 , H04L63/08 , H04L63/105 , H04W12/04 , H04W12/06
摘要: Disclosed is a method for multiple EAP-based authentications in a wireless communication system. In the method, a first master session key (MSK) is generated in a first EAP-based authentication for a first-type access. A first temporal session key (TSK) is generated from the first master session key (MSK). A second EAP-based authentication is performed, using the first temporal session key (TSK), for a second-type access. First-type access and second-type access are provided after the first and second EAP-based authentications are successfully completed.
摘要翻译: 公开了一种在无线通信系统中用于多个基于EAP的认证的方法。 在该方法中,在第一类型访问的第一基于EAP的认证中生成第一主会话密钥(MSK)。 从第一主会话密钥(MSK)生成第一时间会话密钥(TSK)。 使用第一时间会话密钥(TSK)对第二类型访问执行第二基于EAP的认证。 在第一次和第二次基于EAP的验证成功完成后提供第一类访问和第二类访问。
-
公开(公告)号:US08145905B2
公开(公告)日:2012-03-27
申请号:US12113860
申请日:2008-05-01
申请人: Ravindra Patwardhan , Fatih Ulupinar , Jun Wang , Lakshminath Reddy Dondeti , Parag Arun Agashe , Peerapol Tinnakornsrisuphap , Raymond Tah-Sheng Hsu , Vidya Narayanan
发明人: Ravindra Patwardhan , Fatih Ulupinar , Jun Wang , Lakshminath Reddy Dondeti , Parag Arun Agashe , Peerapol Tinnakornsrisuphap , Raymond Tah-Sheng Hsu , Vidya Narayanan
IPC分类号: H04L29/06
CPC分类号: H04L63/06 , H04L63/08 , H04L63/105 , H04W12/04 , H04W12/06
摘要: Disclosed is a method for multiple EAP-based authentications in a wireless communication system. In the method, a first master session key (MSK) is generated in a first EAP-based authentication for a first-type access. A first temporal session key (TSK) is generated from the first master session key (MSK). A second EAP-based authentication is performed, using the first temporal session key (TSK), for a second-type access. First-type access and second-type access are provided after the first and second EAP-based authentications are successfully completed.
摘要翻译: 公开了一种在无线通信系统中用于多个基于EAP的认证的方法。 在该方法中,在第一类型访问的第一基于EAP的认证中生成第一主会话密钥(MSK)。 从第一主会话密钥(MSK)生成第一时间会话密钥(TSK)。 使用第一时间会话密钥(TSK)对第二类型访问执行第二基于EAP的认证。 在第一次和第二次基于EAP的验证成功完成后提供第一类访问和第二类访问。
-
4.发明授权Methods and apparatus for event distribution and routing in peer-to-peer overlay networks 有权对等覆盖网络中事件分发和路由的方法和装置公开(公告)号:US08996726B2
公开(公告)日:2015-03-31
申请号:US12487513
申请日:2009-06-18
申请人: Ranjith S. Jayaram , Edward Thomas Lingham Hardie , Lakshminath Reddy Dondeti , Vidya Narayanan
发明人: Ranjith S. Jayaram , Edward Thomas Lingham Hardie , Lakshminath Reddy Dondeti , Vidya Narayanan
IPC分类号: G06F15/173 , G06F15/16 , H04L29/08 , H04L12/751 , H04L12/759
CPC分类号: H04L67/104 , H04L45/02 , H04L45/028 , H04L67/1059
摘要: Methods and apparatus for event distribution and routing in peer-to-peer overlay networks. A method is provided for event distribution and routing in a peer-to-peer overlay network that comprises a plurality of nodes. The method includes identifying a plurality of buckets on the overlay network, wherein each bucket includes one or more nodes, respectively, identifying bucket groups, wherein each bucket group includes a selected number of buckets, respectively, distributing events based on the bucket groups, and updating a routing table based on the events. A node includes a transceiver and a processor coupled to the transceiver and configured to identify a plurality of buckets on the overlay network, wherein each bucket includes one or more nodes, respectively, identify bucket groups, wherein each bucket group includes a selected number of buckets, respectively, distribute events based on the bucket groups, and update a routing table based on the events.
摘要翻译: 对等覆盖网络中事件分发和路由的方法和装置。 提供了一种用于包括多个节点的对等覆盖网络中的事件分发和路由的方法。 该方法包括识别覆盖网络上的多个桶,其中每个桶分别包括一个或多个节点,标识桶组,其中每个桶组分别包括选定数量的桶,基于桶组分配事件,以及 基于事件更新路由表。 节点包括收发机和处理器,其耦合到收发器并且被配置为识别覆盖网络上的多个桶,其中每个桶分别包括一个或多个节点,以识别桶组,其中每个桶组包括选定数量的桶 分别基于桶组分配事件,并根据事件更新路由表。
-
5.发明申请公开(公告)号:US20100162348A1
公开(公告)日:2010-06-24
申请号:US12343988
申请日:2008-12-24
IPC分类号: G06F21/00 , G06F15/177
CPC分类号: H04L63/105 , H04L63/102 , H04L63/205 , H04L67/14
摘要: A system and method are provided that allow an application on a first terminal to inquire about available network communication associations that it can use to send data to another terminal, thereby avoiding the establishment of a new network communication association with the other terminal. A security information module may serve to collect and/or store information about available network communication associations between the first terminal and another terminal across different layers. The security information module may also assess a trust level for the network communication associations based on security mechanisms used to establish each association and/or past experience information reported for these network communication associations. Upon receiving a request for available network communication associations, the security information module provides this to the requesting application which can use it to establish communications with a corresponding application on the other terminal.
摘要翻译: 提供一种系统和方法,其允许第一终端上的应用查询可用于向另一终端发送数据的可用网络通信关联,从而避免与另一终端建立新的网络通信关联。 安全信息模块可以用于收集和/或存储关于在不同层之间的第一终端和另一终端之间的可用网络通信关联的信息。 安全信息模块还可以基于用于建立每个关联的安全机制和/或为这些网络通信关联报告的过去体验信息来评估网络通信关联的信任级别。 在接收到可用的网络通信关联的请求时,安全信息模块将该信息提供给请求应用,该应用可以使用它来建立与另一终端上的相应应用的通信。
-
6.发明申请METHODS AND APPARATUS FOR PROVIDING PMIP KEY HIERARCHY IN WIRELESS COMMUNICATION NETWORKS 有权在无线通信网络中提供PMIP密钥分层的方法和设备公开(公告)号:US20080298595A1
公开(公告)日:2008-12-04
申请号:US12131039
申请日:2008-05-31
申请人: Vidya Narayanan , Fatih Ulupinar , Jun Wang , Lakshminath Reddy Dondeti , Raymond Tah-Sheng Hsu
发明人: Vidya Narayanan , Fatih Ulupinar , Jun Wang , Lakshminath Reddy Dondeti , Raymond Tah-Sheng Hsu
IPC分类号: H04L9/14
CPC分类号: H04L63/06 , H04L9/0836 , H04L2209/76 , H04L2209/80 , H04W12/04 , H04W12/06 , H04W80/04 , H04W88/02
摘要: A method is provided for securing a PMIP tunnel between a serving gateway and a new access node through which an access terminal communicates. A PMIP key hierarchy unique to each access terminal is maintained by the gateway. The gateway uses a first node key to secure PMIP tunnels when authentication of the access terminal has been performed. A PMIP key is generated based on the first node key and the PMIP key is sent to the new access node to assist in establishing and securing a PMIP tunnel between the gateway and the new access node. Otherwise, when authentication of the access terminal has not been performed, the gateway generates a second node key and sends it to an intermediary network node which then generates and sends a PMIP key to the new access node. This second key is then used to secure the PMIP tunnel.
摘要翻译: 提供了一种用于保护服务网关和接入终端通过的新接入节点之间的PMIP隧道的方法。 每个接入终端唯一的PMIP密钥层级由网关维护。 当已经执行接入终端的认证时,网关使用第一节点密钥来保护PMIP隧道。 基于第一节点密钥生成PMIP密钥,并将PMIP密钥发送到新的接入节点,以协助建立和保护网关与新接入节点之间的PMIP隧道。 否则,当接入终端的认证尚未被执行时,网关生成第二节点密钥并将其发送到中间网络节点,然后生成PMIP密钥并将其发送到新的接入节点。 然后第二个密钥用于保护PMIP隧道。
-
7.发明授权Methods and apparatus for automated local network formation using alternate connected interfaces 有权使用交替连接接口自动化本地网络形成的方法和装置公开(公告)号:US09301238B2
公开(公告)日:2016-03-29
申请号:US12717629
申请日:2010-03-04
摘要: The described apparatus and methods may include a local network formation module configured to join an overlay network via an available connection, retrieve from the overlay network at least one ad associated with forming a local network, determine if there is at least one matching ad to form the local network, and if no matching ads are determined, then publish an ad with a first local network configuration, or if one or more matching ads are determined, then join a local network according to a second local network configuration corresponding to one of the one or more matching ads.
摘要翻译: 所描述的装置和方法可以包括:本地网络形成模块,被配置为经由可用连接来连接覆盖网络,从覆盖网络检索与形成本地网络相关联的至少一个广告,确定是否存在至少一个匹配的广告以形成 本地网络,如果没有确定匹配的广告,则发布具有第一本地网络配置的广告,或者如果确定了一个或多个匹配的广告,则根据第二本地网络配置加入本地网络 一个或多个匹配的广告
-
公开(公告)号:US09240927B2
公开(公告)日:2016-01-19
申请号:US12712983
申请日:2010-02-25
CPC分类号: H04L41/12 , H04L67/104 , H04L67/1044
摘要: Methods and apparatus for enhanced overlay state maintenance in a peer-to-peer overlay network. A first method includes inferring that a first node is leaving the overlay network, and transmitting a decrement message to decrement a size counter value. A second method includes identifying a set of nodes associated with a first node of an overlay network, obtaining a segment length associated with each node of the set of nodes, and determining a size of the overlay network by dividing the total number of nodes in the set of nodes by the sum of the segment lengths. A third method includes identifying a set of nodes associated with a first node of an overlay network, obtaining a size estimate associated with the first node and with each node of the set of nodes, and determining a size of the overlay network by averaging the size estimates.
摘要翻译: 在对等覆盖网络中增强覆盖状态维护的方法和装置。 第一种方法包括推断第一个节点正在离开覆盖网络,并发送递减消息来减小大小计数器值。 第二种方法包括标识与覆盖网络的第一节点相关联的一组节点,获得与节点集合中的每个节点相关联的分段长度,以及通过划分覆盖网络中的节点总数来确定覆盖网络的大小 节点集合的段长度之和。 第三种方法包括识别与覆盖网络的第一节点相关联的一组节点,获得与第一节点和节点集合中的每个节点相关联的大小估计,以及通过对该覆盖网络的大小进行平均来确定覆盖网络的大小 估计。
-
公开(公告)号:US08607051B2
公开(公告)日:2013-12-10
申请号:US11733414
申请日:2007-04-10
IPC分类号: H04L9/32
CPC分类号: H04L63/08 , H04L63/0815 , H04L63/10 , H04L63/14 , H04L63/1466
摘要: Techniques for binding multiple authentications for a peer are described. In one design, multiple authentications for the peer may be bound based on a unique identifier for the peer. The unique identifier may be a pseudo-random number and may be exchanged securely between the peer, an authentication server, and an authenticator in order to prevent a man-in-the-middle attack. Data for all authentications bound by the unique identifier may be exchanged securely based on one or more cryptographic keys generated by all or a subset of these authentications. In another design, multiple levels of security may be used for multiple authentications for a peer. The peer may perform a first authentication with a first authentication server and obtain a first cryptographic key and may also perform a second authentication with the first authentication server or a second authentication server and obtain a second cryptographic key. The peer may thereafter securely exchange data using the two keys using nested security.
摘要翻译: 描述用于绑定对等体的多个认证的技术。 在一种设计中,可以基于对等体的唯一标识符来绑定对等体的多个认证。 唯一标识符可以是伪随机数,并且可以在对等体,认证服务器和认证器之间安全地交换,以便防止中间人攻击。 基于唯一标识符所绑定的所有认证的数据可以基于由这些认证的全部或一部分生成的一个或多个密码密钥进行安全交换。 在另一种设计中,可以将多级安全性用于对等体的多个认证。 对等体可以执行与第一认证服务器的第一认证并获得第一密码密钥,并且还可以对第一认证服务器或第二认证服务器执行第二认证,并获得第二密码密钥。 然后,对等体可以使用嵌套的安全性使用两个密钥安全地交换数据。
-
公开(公告)号:US20130191518A1
公开(公告)日:2013-07-25
申请号:US13358309
申请日:2012-01-25
申请人: Vidya Narayanan , Saumitra Mohan Das , Ashwin Swaminathan , Sanjiv Nanda , Ranjith Subramanian Jayaram , Lakshminath Reddy Dondeti
发明人: Vidya Narayanan , Saumitra Mohan Das , Ashwin Swaminathan , Sanjiv Nanda , Ranjith Subramanian Jayaram , Lakshminath Reddy Dondeti
IPC分类号: G06F15/177
摘要: Apparatus and methods for automatic service discovery and connectivity include acts of or components for retrieving service metadata associated with one or more service devices from a connectivity entity, wherein the service metadata comprises connectivity parameters, and configuring one or more links with at least one of the one or more service devices based on the service metadata. Further, the apparatus and methods may include acts of or components for using a service available from the one or more service devices through the one or more links.
摘要翻译: 用于自动服务发现和连接的设备和方法包括用于从连接实体检索与一个或多个服务设备相关联的服务元数据的动作或组件,其中所述服务元数据包括连接性参数,以及使用至少一个 基于服务元数据的一个或多个服务设备。 此外,装置和方法可以包括通过一个或多个链路使用可从一个或多个服务设备获得的服务的动作或组件。
-
-
-
-
-
-
-
-
-
搜索结果
117 条记录 (耗时 0.028 秒)
