公开(公告)号：US20100105419A1

公开(公告)日：2010-04-29

申请号：US12553955

申请日：2009-09-03

申请人： Yong Jin Kim ,  Lakshminath R. Dondeti ,  Stephen J. Shellhammer ,  Wenyi Zhang

发明人： Yong Jin Kim ,  Lakshminath R. Dondeti ,  Stephen J. Shellhammer ,  Wenyi Zhang

IPC分类号： H04B7/00

CPC分类号： H04W24/00 ,  H04W72/02 ,  H04W72/082 ,  H04W84/18

摘要： A spatio-temporal random voting scheme is provided that incorporates location distribution, spatial randomness, and temporal randomness in the collection of information from a plurality of sensing devices within the cognitive network. The region is divided into a plurality of sectors, where each sector is a portion of the region. A subset of sectors is selected from the plurality of sectors in the region to provide spatial randomness. A device is randomly selected from each sector in the subset of sectors to provide additional spatial randomness to the information collection process. Temporal randomness may be introduced by randomly selecting a timeslot within a sensing window period in which devices are to scan a frequency spectrum band to determine if a signal energy above a threshold is detected. Sensing reports are then collected from the selected sensing devices and used to determine whether the frequency spectrum band is available or in use.

摘要翻译： 提供了一种时空随机投票方案，其包括来自认知网络内的多个感测装置的信息收集中的位置分布，空间随机性和时间随机性。 该区域被分成多个扇区，其中每个扇区是区域的一部分。 从区域中的多个扇区中选择扇区的子集以提供空间随机性。 从扇区子集中的每个扇区随机选择一个设备，以向信息收集过程提供额外的空间随机性。 可以通过在感测窗口周期内随机选择时隙来引入时间随机性，其中设备将扫描频谱带以确定是否检测到高于阈值的信号能量。 然后从所选择的感测装置收集感测报告，并用于确定频谱带是可用还是正在使用。

公开(公告)号：US08494513B2

公开(公告)日：2013-07-23

申请号：US12553955

申请日：2009-09-03

申请人： Yong Jin Kim ,  Lakshminath R. Dondeti ,  Stephen J. Shellhammer ,  Wenyi Zhang

发明人： Yong Jin Kim ,  Lakshminath R. Dondeti ,  Stephen J. Shellhammer ,  Wenyi Zhang

IPC分类号： H04W24/00

CPC分类号： H04W24/00 ,  H04W72/02 ,  H04W72/082 ,  H04W84/18

摘要： A spatio-temporal random voting scheme is provided that incorporates location distribution, spatial randomness, and temporal randomness in the collection of information from a plurality of sensing devices within the cognitive network. The region is divided into a plurality of sectors, where each sector is a portion of the region. A subset of sectors is selected from the plurality of sectors in the region to provide spatial randomness. A device is randomly selected from each sector in the subset of sectors to provide additional spatial randomness to the information collection process. Temporal randomness may be introduced by randomly selecting a timeslot within a sensing window period in which devices are to scan a frequency spectrum band to determine if a signal energy above a threshold is detected. Sensing reports are then collected from the selected sensing devices and used to determine whether the frequency spectrum band is available or in use.

公开(公告)号：US08996716B2

公开(公告)日：2015-03-31

申请号：US12619174

申请日：2009-11-16

申请人： Peerapol Tinnakornsrisuphap ,  Anand Palanigounder ,  Ranjith S. Jayaram ,  Lakshminath R. Dondeti ,  Jun Wang

发明人： Peerapol Tinnakornsrisuphap ,  Anand Palanigounder ,  Ranjith S. Jayaram ,  Lakshminath R. Dondeti ,  Jun Wang

IPC分类号： G06F15/16 ,  H04W92/02 ,  H04W12/06 ,  H04W76/02 ,  H04L29/06 ,  H04W84/04 ,  H04W84/10 ,  H04W88/16

CPC分类号： H04W92/02 ,  H04L63/0272 ,  H04L63/0281 ,  H04L63/061 ,  H04L63/0884 ,  H04L63/10 ,  H04L63/101 ,  H04L63/164 ,  H04W12/06 ,  H04W12/08 ,  H04W76/12 ,  H04W84/045 ,  H04W84/105 ,  H04W88/16

摘要： Multiple protocol tunnels (e.g., IPsec tunnels) are deployed to enable an access terminal that is connected to a network to access a local network associated with a femto access point. A first protocol tunnel is established between a security gateway and the femto access point. A second protocol tunnel is then established in either of two ways. In some implementations the second protocol tunnel is established between the access terminal and the security gateway. In other implementations the second protocol tunnel is established between the access terminal and the femto access point, whereby a portion of the tunnel is routed through the first tunnel.

摘要翻译： 多个协议隧道（例如，IPsec隧道）被部署以使得连接到网络的接入终端能够访问与毫微微接入点相关联的本地网络。 在安全网关和毫微微接入点之间建立第一协议隧道。 然后以两种方式之一建立第二协议隧道。 在一些实现中，在接入终端和安全网关之间建立第二协议隧道。 在其他实现中，在接入终端和毫微微接入点之间建立第二协议隧道，由此隧道的一部分被路由穿过第一隧道。

公开(公告)号：US20100125899A1

公开(公告)日：2010-05-20

申请号：US12619174

申请日：2009-11-16

申请人： Peerapol Tinnakornsrisuphap ,  Anand Palanigounder ,  Ranjith S. Jayaram ,  Lakshminath R. Dondeti ,  Jun Wang

发明人： Peerapol Tinnakornsrisuphap ,  Anand Palanigounder ,  Ranjith S. Jayaram ,  Lakshminath R. Dondeti ,  Jun Wang

IPC分类号： G06F15/16 ,  G06F21/00

CPC分类号： H04W92/02 ,  H04L63/0272 ,  H04L63/0281 ,  H04L63/061 ,  H04L63/0884 ,  H04L63/10 ,  H04L63/101 ,  H04L63/164 ,  H04W12/06 ,  H04W12/08 ,  H04W76/12 ,  H04W84/045 ,  H04W84/105 ,  H04W88/16

摘要： Multiple protocol tunnels (e.g., IPsec tunnels) are deployed to enable an access terminal that is connected to a network to access a local network associated with a femto access point. A first protocol tunnel is established between a security gateway and the femto access point. A second protocol tunnel is then established in either of two ways. In some implementations the second protocol tunnel is established between the access terminal and the security gateway. In other implementations the second protocol tunnel is established between the access terminal and the femto access point, whereby a portion of the tunnel is routed through the first tunnel.

摘要翻译： 多个协议隧道（例如，IPsec隧道）被部署以使得连接到网络的接入终端能够访问与毫微微接入点相关联的本地网络。 在安全网关和毫微微接入点之间建立第一协议隧道。 然后以两种方式之一建立第二协议隧道。 在一些实现中，在接入终端和安全网关之间建立第二协议隧道。 在其他实现中，在接入终端和毫微微接入点之间建立第二协议隧道，由此隧道的一部分被路由穿过第一隧道。

公开(公告)号：US20100125670A1

公开(公告)日：2010-05-20

申请号：US12416046

申请日：2009-03-31

申请人： Lakshminath R. Dondeti ,  Ranjith S. Jayaram ,  Vidya Narayanan

发明人： Lakshminath R. Dondeti ,  Ranjith S. Jayaram ,  Vidya Narayanan

IPC分类号： G06F15/173

CPC分类号： H04L67/104 ,  H04L63/0823 ,  H04L67/1065 ,  H04L67/1076

摘要： Storage authorization and access control of data stored on a peer-to-peer overlay network is provided. A publishing node stores data on a storage node in the overlay network. The publishing node is adapted to facilitate data storage authorization by generating a resource identifier as a function of a usage string associated with a data type to be stored. A storage request is generated that includes the resource identifier and data to be stored. The storage request may be sent to the storage node. The storage device receives the storage request sent by a publishing node, including a resource identifier and data to be stored. Independent storage authorization is performed by the storage node at an overlay level by verifying the resource identifier. The data in the storage request is stored at the storage node if the resource identifier is successfully verified.

摘要翻译： 提供存储在对等覆盖网络上的数据的存储授权和访问控制。 发布节点将数据存储在覆盖网络中的存储节点上。 发布节点适于通过根据与要存储的数据类型相关联的使用字符串生成资源标识符来促进数据存储授权。 生成包含要存储的资源标识符和数据的存储请求。 存储请求可以被发送到存储节点。 存储装置接收由发布节点发送的存储请求，包括资源标识符和要存储的数据。 通过验证资源标识符，通过存储节点在覆盖级别执行独立存储授权。 如果资源标识符被成功验证，则存储请求中的数据被存储在存储节点处。

公开(公告)号：US06263435B1

公开(公告)日：2001-07-17

申请号：US09401450

申请日：1999-09-22

申请人： Lakshminath R. Dondeti ,  Sarit Mukherjee ,  Ashok Samal

发明人： Lakshminath R. Dondeti ,  Sarit Mukherjee ,  Ashok Samal

IPC分类号： H04L900

CPC分类号： H04L9/0836 ,  H04L9/0822 ,  H04L9/0891 ,  H04L63/0442 ,  H04L63/064 ,  H04L63/065 ,  H04L63/0823 ,  H04L63/104

摘要： A logical tree structure and method for managing membership in a multicast group provides scalability and security from internal attacks. The structure defines key groups and subgroups, with each subgroup having a subgroup manager. Dual encryption allows the sender of the multicast data to manage distribution of a first set of encryption keys whereas the individual subgroup managers manage the distribution of a second set of encryption keys. The two key sets allow the sender to delegate much of the group management responsibilities without compromising security because a key from each set is required to access the multicast data. Security is further maintained via a method in which subgroup managers can be either member subgroup managers or participant subgroup managers. Access to both keys is provided to member subgroup managers whereas access to only one key is provided to participant subgroup managers. Nodes can be added without the need to generate a new encryption key at the top level which provides improved scalability.

摘要翻译： 用于管理多播组中的成员资格的逻辑树结构和方法提供来自内部攻击的可扩展性和安全性。 该结构定义了关键组和子组，每个子组都有一个子组管理器。 双重加密允许多播数据的发送者管理第一组加密密钥的分发，而各个子组管理器管理第二组加密密钥的分发。 两个密钥集允许发送方委托大量的组管理职责，而不会影响安全性，因为需要每组密钥来访问组播数据。 通过子组管理员可以是成员子组管理员或参与者子组管理器的方法进一步维护安全性。 向成员子组管理员提供对这两个密钥的访问，而只向一个密钥的访问提供给参与者子组管理器。 可以添加节点，而无需在顶层生成新的加密密钥，从而提供改进的可扩展性。

公开(公告)号：US09288216B2

公开(公告)日：2016-03-15

申请号：US12486415

申请日：2009-06-17

申请人： Edward T. L. Hardie ,  Lakshminath R. Dondeti ,  Ranjith S. Jayaram ,  Vidya Narayanan

发明人： Edward T. L. Hardie ,  Lakshminath R. Dondeti ,  Ranjith S. Jayaram ,  Vidya Narayanan

IPC分类号： G06F21/20 ,  G06F15/173 ,  H04L29/06 ,  H04L29/08

CPC分类号： H04L63/126 ,  H04L63/1416 ,  H04L67/104 ,  H04L67/1044

摘要： Methods and apparatus for reducing the effectiveness of chosen location attacks in a peer-to-peer overlay network. A method includes determining that new node identifiers are to be generated for a plurality of nodes in the network, inputting parameters to a hash function to generate a selected node identifier, and adopting a location in the network associated with the selected node identifier. Another method includes receiving a node identifier associated with a selected node, inputting parameters associated with the selected node to a hash function to generate a corresponding node identifier, comparing the node identifier with the corresponding node identifier, and determining that the selected node is a potential attacker if the node identifiers do not match. Another method includes detecting responsibility for initiating an update to one or more node identifiers, generating parameters to generate the node identifiers, and transmitting the parameters on the network.

摘要翻译： 降低对等覆盖网络中选定位置攻击有效性的方法和装置。 一种方法包括确定将为网络中的多个节点生成新的节点标识符，将参数输入到散列函数以生成所选择的节点标识符，以及采用与所选节点标识符相关联的网络中的位置。 另一种方法包括接收与所选节点相关联的节点标识符，将与所选节点相关联的参数输入到散列函数以生成对应的节点标识符，将节点标识符与对应的节点标识符进行比较，以及确定所选择的节点是潜在的 攻击者如果节点标识符不匹配。 另一种方法包括检测发起对一个或多个节点标识符的更新的责任，生成参数以生成节点标识符，以及在网络上发送参数。

公开(公告)号：US08886164B2

公开(公告)日：2014-11-11

申请号：US12625047

申请日：2009-11-24

申请人： Anand Palanigounder ,  Arungundram C. Mahendran ,  Lakshminath R. Dondeti

发明人： Anand Palanigounder ,  Arungundram C. Mahendran ,  Lakshminath R. Dondeti

IPC分类号： H04M1/68 ,  H04W12/06 ,  H04W84/04 ,  H04L29/06

CPC分类号： H04W12/06 ,  H04L63/0823 ,  H04L65/1073 ,  H04W84/045

摘要： Methods, apparatus, and systems to perform secure registration of a femto access point for trusted access to an operator-controlled network element. Method steps include establishing a security association for at least one said femto access point, making a request using the security association to an operator-controlled network element, which requests a secure registration credential from an authorizing component. The operator-controlled network element constructs a secure registration credential and sends the secure registration credential to the requesting femto access point, thus authorizing trusted access by the requesting femto access point to access operator-controlled network elements. Embodiments include establishing a security association via an IPsec security association received from a security gateway which is within an operator-controlled domain and using an operator-controlled database of IPsec inner addresses. In some embodiments the femto access point conducts message exchanges using one or more IMS protocols and components, including call session control function elements, which elements in turn may authorize a femto access point within the IMS domain, may or access non-IMS network elements for authorization.

摘要翻译： 用于执行毫微微接入点的安全注册的方法，装置和系统，用于对操作者控制的网络元件的可信访问。 方法步骤包括为至少一个所述毫微微接入点建立安全关联，使用安全关联向来自授权组件请求安全注册凭证的操作员控制的网络元件进行请求。 运营商控制的网络元件构造安全注册凭证，并将安全注册凭证发送到请求的毫微微接入点，从而授权请求的毫微微接入点的可信访问访问运营商控制的网络元件。 实施例包括通过从操作者控制的域内的安全网关接收的IPsec安全关联来建立安全关联，并且使用操作者控制的IPsec内部地址的数据库。 在一些实施例中，毫微微接入点使用一个或多个IMS协议和组件进行消息交换，所述IMS协议和组件包括呼叫会话控制功能元件，哪些元件又可以授权IMS域内的毫微微接入点，或可以访问非IMS网络元件 授权

公开(公告)号：US08606967B2

公开(公告)日：2013-12-10

申请号：US12485538

申请日：2009-06-16

申请人： Vidya Narayanan ,  Ranjith S. Jayaram ,  Lakshminath R. Dondeti ,  Edward T. L. Hardie ,  Noam A. Ziv ,  Ramachandran Subramanian

发明人： Vidya Narayanan ,  Ranjith S. Jayaram ,  Lakshminath R. Dondeti ,  Edward T. L. Hardie ,  Noam A. Ziv ,  Ramachandran Subramanian

IPC分类号： G06F13/00

CPC分类号： H04L67/104 ,  H04L67/1063 ,  H04L67/1065 ,  H04L67/1091 ,  H04L67/1093 ,  H04L67/2814

摘要： Methods and apparatus for proxying of devices and services using overlay networks. A method for operating a proxy includes obtaining meta-data associated with at least one of a device and a service, generating a searchable index of the meta-data, and publishing the searchable index on the overlay network as at least one of a distributed index and a centralized index. Another method includes receiving a request from a device or a service using a non overlay protocol to receive at least one of data and services from the overlay network, searching an index of meta-data on the overlay network based on the request, identifying a node associated with the at least one of data and services based on the index, establishing a direct connection with the node, and obtaining the at least one of data and services using the direct connection.

摘要翻译： 使用覆盖网络代理设备和服务的方法和设备。 用于操作代理的方法包括获得与设备和服务中的至少一个相关联的元数据，生成元数据的可搜索索引，以及在覆盖网络上发布可搜索索引作为分布式索引 和集中索引。 另一种方法包括使用非覆盖协议从设备或服务接收请求，以从覆盖网络接收数据和服务中的至少一个，基于该请求搜索覆盖网络上的元数据的索引，识别节点 与所述索引中的所述至少一个数据和服务相关联，建立与所述节点的直接连接，以及使用所述直接连接来获得所述数据和服务中的至少一个。

公开(公告)号：US20100130171A1

公开(公告)日：2010-05-27

申请号：US12625047

申请日：2009-11-24

申请人： Anand Palanigounder ,  Arungundram C. Mahendran ,  Lakshminath R. Dondeti

发明人： Anand Palanigounder ,  Arungundram C. Mahendran ,  Lakshminath R. Dondeti

IPC分类号： H04W12/00

CPC分类号： H04W12/06 ,  H04L63/0823 ,  H04L65/1073 ,  H04W84/045

摘要： Methods, apparatus, and systems to perform secure registration of a femto access point for trusted access to an operator-controlled network element. Method steps include establishing a security association for at least one said femto access point, making a request using the security association to an operator-controlled network element, which requests a secure registration credential from an authorizing component. The operator-controlled network element constructs a secure registration credential and sends the secure registration credential to the requesting femto access point, thus authorizing trusted access by the requesting femto access point to access operator-controlled network elements. Embodiments include establishing a security association via an IPsec security association received from a security gateway which is within an operator-controlled domain and using an operator-controlled database of IPsec inner addresses. In some embodiments the femto access point conducts message exchanges using one or more IMS protocols and components, including call session control function elements, which elements in turn may authorize a femto access point within the IMS domain, may or access non-IMS network elements for authorization.

摘要翻译： 用于执行毫微微接入点的安全注册的方法，装置和系统，用于对操作者控制的网络元件的可信访问。 方法步骤包括为至少一个所述毫微微接入点建立安全关联，使用安全关联向来自授权组件请求安全注册凭证的操作员控制的网络元件进行请求。 运营商控制的网络元件构造安全注册凭证，并将安全注册凭证发送到请求的毫微微接入点，从而授权请求的毫微微接入点的可信访问访问运营商控制的网络元件。 实施例包括通过从操作者控制的域内的安全网关接收的IPsec安全关联来建立安全关联，并且使用操作者控制的IPsec内部地址的数据库。 在一些实施例中，毫微微接入点使用一个或多个IMS协议和组件进行消息交换，所述IMS协议和组件包括呼叫会话控制功能元件，哪些元件又可以授权IMS域内的毫微微接入点，或可以访问非IMS网络元件 授权