公开(公告)号：WO2005057507A2

公开(公告)日：2005-06-23

申请号：PCT/US2004/040172

申请日：2004-12-02

Applicant: KOOLSPAN, INC ,  FASCENDA, Anthony, C.

Inventor： FASCENDA, Anthony, C.

IPC: G07F

CPC classification number: H04L9/3234 ,  G06Q20/02 ,  G06Q20/3829 ,  G07F7/1016 ,  H04L9/0822 ,  H04L9/0877 ,  H04L63/0478 ,  H04L63/062 ,  H04L2463/062 ,  H04W12/04

Abstract: The present invention discloses a technique provisioning network cryptographic keys to a client when direct physical transfer is not feasible. In an embodiment of the invention, a client token generates a temporary key encrypted with a first secret key known only in a master token database and passes this on to an enterprise network token of a network to which service is requested. The enterprise network token then further encrypts the encrypted temporary key with a second secret key and passes that on to the master token database. Since the second secret key is also known by the master token database, the originally encrypted temporary key can be securely decoded only by a master token coupled to the master token database. The decrypted temporary key can then be re-encrypted with a key known only by the enterprise network token and the master token, and returned to the enterprise network token. This allows the enterprise network token to gain secure access to the temporary key of the client token, thereby allowing the enterprise network token to securely provision the remote client token with the appropriate enterprise Network Keys.

Abstract translation: 本发明公开了当直接物理传送不可行时向客户端提供网络加密密钥的技术。 在本发明的一个实施例中，客户机令牌产生用仅在主令牌数据库中已知的第一秘密密钥加密的临时密钥，并将其传递给请求了服务的网络的企业网络令牌。 企业网络令牌然后用第二秘密密钥进一步加密加密的临时密钥，并将其传递到主令牌数据库。 由于主令牌数据库也知道第二秘密密钥，所以原始加密的临时密钥只能由耦合到主令牌数据库的主令牌进行安全解码。 然后可以用仅由企业网络令牌和主令牌所知的密钥重新加密解密的临时密钥，并返回到企业网络令牌。 这允许企业网络令牌获得对客户端令牌的临时密钥的安全访问，从而允许企业网络令牌使用适当的企业网络密钥安全地提供远程客户端令牌。

公开(公告)号：WO2005038608A2

公开(公告)日：2005-04-28

申请号：PCT/US2004/033933

申请日：2004-10-15

Applicant: KOOLSPAN, INC. ,  FASCENDA, Anthony, C.

Inventor： FASCENDA, Anthony, C.

IPC: G06F

CPC classification number: H04L9/3271 ,  H04L9/0838 ,  H04L63/0428 ,  H04L63/0853 ,  H04L63/0876 ,  H04L2209/80 ,  H04W12/04 ,  H04W12/06

Abstract: An authentication and mass subscriber management technique is provided by employing a key table derived as a subset of a larger key pool, a network edge device, and authentication tokens attached on both the network edge device and on a subscriber’s computing device. The network edge device and subscriber’s computing device are provided with secure, tamper-resistant network keys for encrypting all transactions across the wired/wireless segment between supplicant (subscriber) and authenticator (network edge device ). In an embodiment of the invention, a secure, secret user key is shared between a number of subscribers based upon commonalities between serial numbers of those subscribers’ tokens. In another embodiment of the invention, a unique session key is generated for each subscriber even though multiple subscribers connected to the same network connection point might have identical pre-stored secret keys.

Abstract translation: 通过采用导出为较大密钥池的子集的密钥表，网络边缘设备和附接在网络边缘设备和用户计算设备上的认证令牌来提供认证和大量用户管理技术。 网络边缘设备和用户的计算设备提供有安全的防篡改网络密钥，用于在请求方（用户）和认证者（网络边缘设备）之间的有线/无线网段上加密所有事务。 在本发明的一个实施例中，基于这些订户令牌的序列号之间的共同点，在多个订户之间共享安全的秘密用户密钥。 在本发明的另一实施例中，即使连接到相同网络连接点的多个用户可能具有相同的预先存储的秘密密钥，也为每个用户生成唯一会话密钥。

公开(公告)号：WO2008153531A1

公开(公告)日：2008-12-18

申请号：PCT/US2007/014472

申请日：2007-06-21

Applicant: KOOLSPAN, INC. ,  FASCENDA, Anthony, C. ,  STURNIOLO, Emil

Inventor： FASCENDA, Anthony, C. ,  STURNIOLO, Emil

IPC: H04L9/00

CPC classification number: H04K1/00 ,  H04L9/0822 ,  H04L9/0844 ,  H04L9/0869 ,  H04L63/0457 ,  H04L63/065 ,  H04L63/0853 ,  H04L2209/601 ,  H04L2463/061

Abstract: A method of encrypting broadcast and multicast data communicated between two or more parties, each party having knowledge of a shared key, is provided. The key is calculated using values, some of which are communicated between the parties, so that the shared key is not itself transferred. Avoiding the transfer of the key offers several advantages over existing encryption methods.

Abstract translation: 提供了一种加密在两个或多个方之间传送的广播和多播数据的方法，每个方面具有共享密钥知识。 密钥是使用值计算的，其中一些是在双方之间传达的，以致共享密钥本身不被转移。 与现有的加密方法相比，避免转移密钥提供了几个优点。

公开(公告)号：WO2009099458A1

公开(公告)日：2009-08-13

申请号：PCT/US2008/064970

申请日：2008-05-28

Applicant: KOOLSPAN, INC. ,  FASCENDA, Anthony, C. ,  STURNIOLO, Emil ,  CICHIELO, Robert ,  BENWARE, Paul

Inventor： FASCENDA, Anthony, C. ,  STURNIOLO, Emil ,  CICHIELO, Robert ,  BENWARE, Paul

IPC: H04M1/66

CPC classification number: G10L19/24 ,  H04K1/06 ,  H04L1/0014 ,  H04L1/007 ,  H04L63/0428

Abstract: A method of processing a codec sample is provided. The method includes: removing from a first portion of the codec sample, a first number of first information bits. The first information bits are indicative of frame information associated with the codec sample. The method also includes inserting at the first portion of the codec sample from a second portion of the codec sample, a second number of data bits. The first number of the first information bits is greater than or equal to the second number of the data bits. The method also includes removing the second portion of the codec sample. The method may also include encrypting and decrypting the codec sample. In some embodiments, the codec sample is an adaptive multi-rate codec sample. In some embodiments, the adaptive multi-rate codec sample is a 5.15 mode adaptive multi-rate codec sample.

Abstract translation: 提供了一种处理编解码器样本的方法。 该方法包括：从编解码器采样的第一部分移除第一数量的第一信息位。 第一信息比特指示与编解码器样本相关联的帧信息。 该方法还包括在编解码器采样的第二部分的第一部分处插入第二数量的数据位。 第一个信息位的第一个数目大于或等于第二个数据位数。 该方法还包括去除编解码器样本的第二部分。 该方法还可以包括加密和解密编解码器样本。 在一些实施例中，编解码器样本是自适应多速率编解码器样本。 在一些实施例中，自适应多速率编解码器采样是5.15模式自适应多速率编解码器样本。

公开(公告)号：WO2005057341A2

公开(公告)日：2005-06-23

申请号：PCT/US2004/040173

申请日：2004-12-02

Applicant: KOOLSPAN, INC. ,  FASCENDA, Anthony, C.

Inventor： FASCENDA, Anthony, C.

IPC: G06F

CPC classification number: H04L9/3234 ,  H04L9/3273 ,  H04L63/0272 ,  H04L63/0428 ,  H04L63/0853 ,  H04L2209/80 ,  H04W12/06

Abstract: The present invention provides a technique for automatically establishing efficient, remote, secure client connections to one or more locations using a smart card enabled client driver and a smart card enabled network edge device ("Subnet Box") capable of establishing an end-to-end hardware encrypted tunnel between itself and the client. In an embodiment of the invention, a method of establishing a secure communications tunnel comprises the steps of: authenticating a remote client to a subnet box on a private network, wherein the remote client is connected to the subnet box via a public network, establishing a tunnel between the remote client and the subnet box, and encapsulating all traffic in the tunnel, wherein the tunnel is established only when a unique physical token is coupled to the remote device. The unique physical token comprises a smartcard and is configured to be inserted into a communications port of the remote device. The step of authenticating comprises the steps of: receiving an authentication packet, wherein the first authentication packet comprises an identifier identifying the unique physical token and a first random number, and transmitting a response authentication packet, wherein the response authentication packet comprise a second random number. The step of establishing a secure communications tunnel comprises the step of generating a cryptographic key based on the first and second random numbers.

Abstract translation: 本发明提供一种技术，用于使用启用智能卡的客户端驱动器和启用智能卡的网络边缘设备（“子网箱”）来自动建立到一个或多个位置的有效的，远程的，安全的客户端连接，该技术能够建立端对端， 它们与客户端之间的终端硬件加密隧道。 在本发明的实施例中，建立安全通信隧道的方法包括以下步骤：将远程客户端认证到专用网络上的子网箱，其中所述远程客户端经由公共网络连接到所述子网箱，建立 在远程客户端和子网框之间的隧道，以及封装隧道中的所有业务，其中只有当独特的物理令牌耦合到远程设备时才建立隧道。 唯一物理令牌包括智能卡，并被配置为插入到远程设备的通信端口中。 认证步骤包括以下步骤：接收认证包，其中第一认证包包括标识唯一物理令牌的标识符和第一随机数，并发送响应认证包，其中响应认证包包括第二随机数 。 建立安全通信隧道的步骤包括基于第一和第二随机数生成加密密钥的步骤。

公开(公告)号：WO2005026976A1

公开(公告)日：2005-03-24

申请号：PCT/US2004/029110

申请日：2004-09-08

Applicant: KOOLSPAN, INC. ,  FASCENDA, Anthony, C.

Inventor： FASCENDA, Anthony, C.

IPC: G06F15/16

CPC classification number: H04L63/0428 ,  H04L63/0853 ,  H04L63/0876 ,  H04L63/12 ,  H04W12/06 ,  H04W12/08 ,  H04W12/10 ,  H04W84/12

Abstract: The invention provides an external in-line device ("Subnet Box") placed between a network and an access point to achieve secure Wi-Fi communications without needing to modify the access point. The Subnet Box comprises an embedded token and will authenticate users based on pre-stored access rights. In at least one embodiment of the invention, the Subnet Box comprises: a first communications port for intercepting data packets communicated to and from a wired communications network; a second communications port for intercepting data packets communicated to and from a wireless access point, wherein the wireless access point is an edge device of the wired communications network; a database comprising a number of serial numbers each associated with a client token and a secret cryptographic key; and a processor for determining whether a computing device having a client token can access the wired communications network via the wireless access point. The processor establishes a secure tunnel between the computing device and the first communications port.

Abstract translation: 本发明提供一种放置在网络和接入点之间的外部在线设备（“子网箱”），以实现安全的Wi-Fi通信，而不需要修改接入点。 该子网框包括嵌入式令牌，并将基于预先存储的访问权限对用户进行身份验证。 在本发明的至少一个实施例中，子网箱包括：用于拦截与有线通信网络通信的数据分组的第一通信端口; 用于拦截与无线接入点通信的数据分组的第二通信端口，其中无线接入点是有线通信网络的边缘设备; 数据库，其包括与客户端令牌和秘密密码密钥相关联的多个序列号; 以及用于确定具有客户端令牌的计算设备是否可以经由无线接入点访问有线通信网络的处理器。 处理器在计算设备和第一通信端口之间建立安全通道。

公开(公告)号：WO2009064279A1

公开(公告)日：2009-05-22

申请号：PCT/US2007/026441

申请日：2007-12-28

Applicant: KOOLSPAN, INC. ,  FASCENDA, Anthony, C. ,  STURNIOLO, Emil ,  BENWARE, Paul ,  CICHIELO, Robert

Inventor： FASCENDA, Anthony, C. ,  STURNIOLO, Emil ,  BENWARE, Paul ,  CICHIELO, Robert

IPC: H04M1/66

CPC classification number: H04K1/00 ,  H04L9/3226 ,  H04L63/0428 ,  H04L2209/80 ,  H04W12/06

Abstract: An system for and method of providing end-to-end encrypted real-time phone calls using a commodity mobile phone and without requiring service provider cooperation is presented. The system and method improve upon prior art techniques by omitting any requirement for mobile phones that are specially manufactured to include end-to-end encryption functionality.

Abstract translation: 提出了使用商品移动电话提供端到端加密的实时电话呼叫并且不需要服务提供商协作的系统和方法。 该系统和方法通过省略特别制造以包括端到端加密功能的移动电话的任何要求来改进现有技术。

公开(公告)号：WO2008156452A1

公开(公告)日：2008-12-24

申请号：PCT/US2007/014459

申请日：2007-06-21

Applicant: KOOLSPAN, INC. ,  FASCENDA, Anthony, C. ,  STURNIOLO, Emil

Inventor： FASCENDA, Anthony, C. ,  STURNIOLO, Emil

IPC: H04K1/04 ,  H04K1/06 ,  H04L9/00

CPC classification number: H04L9/0844 ,  H04L63/0428 ,  H04L63/0457 ,  H04L63/0853 ,  H04L2209/80

Abstract: A method of per-packet keying for encrypting and decrypting data transferred between two or more parties, each party having knowledge of a shared key that allows a per-packet key to differ for each packet is provided. Avoiding the use of a static session key during encryption offers several advantages over existing encryption methods. For example, rejecting packets received with duplicate sequence numbers, or sequence numbers that are beyond a specified deviation range mitigates Replay Attacks.

Abstract translation: 提供了一种用于加密和解密在两个或多个方之间传送的数据的每分组密钥的方法，每个方面具有允许每个分组密钥对每个分组不同的共享密钥的知识。 在加密期间避免使用静态会话密钥提供了优于现有加密方法的几个优点。 例如，拒绝使用重复的序列号接收的数据包，或超出指定的偏差范围的序列号可以减轻重播攻击。

公开(公告)号：WO2007106548A2

公开(公告)日：2007-09-20

申请号：PCT/US2007/006516

申请日：2007-03-15

Applicant: KOOLSPAN, INC. ,  FASCENDA, Anthony, C. ,  GIBBONS, James

Inventor： FASCENDA, Anthony, C. ,  GIBBONS, James

IPC: H04N7/167

CPC classification number: H04N7/1675 ,  H04N21/2347 ,  H04N21/26613 ,  H04N21/4405

Abstract: A system for and method of providing encrypted network communications is presented. The system and method involve creating encrypted frames used for secure communications between cooperating peers that are the same size as the original unencrypted frames. The system and method thus provide secure communications with essentially the same transmission characteristics as non-encrypted communications.

Abstract translation: 提出了一种提供加密网络通信的系统和方法。 该系统和方法涉及创建用于与原始未加密帧相同大小的协作对等体之间的安全通信的加密帧。 因此，该系统和方法提供具有与非加密通信基本相同的传输特性的安全通信。

公开(公告)号：WO2004034213A2

公开(公告)日：2004-04-22

申请号：PCT/US2003/031930

申请日：2003-10-08

Applicant: KOOLSPAN ,  FASCENDA, Anthony, C.

Inventor： FASCENDA, Anthony, C.

IPC: G06F

CPC classification number: H04W12/06 ,  G06F2221/2153 ,  H04L9/0844 ,  H04L63/0428 ,  H04L63/0853 ,  H04L63/104 ,  H04L63/205 ,  H04L2209/80 ,  H04W12/08 ,  H04W84/04 ,  H04W84/12 ,  H04W88/08

Abstract: The invention provides a secure Wi-Fi communications method and system. In an embodiment of the invention, unique physical keys, or tokens, are installed at an access point and each client device of the network. Each key comprises a unique serial number and a common network send cryptographic key and a common network receive cryptographic key used only during the authentication phase by all components on the LAN. Each client key further includes a secret cryptographic key unique to each client device. During authentication, two random numbers are generated per communications session and are known by both sides of the wireless channel. Only the random numbers are sent across the wireless channel and in each case these numbers are encrypted. A transposed cryptographic key is derived from the unique secret cryptographic key using the random numbers generated during authentication. Thus, both sides of the wireless channel know the transposed cryptographic key without it ever being transmitted between the two.

Abstract translation: 本发明提供了一种安全的Wi-Fi通信方法和系统。 在本发明的实施例中，独特的物理密钥或令牌被安装在网络的接入点和每个客户端设备处。 每个密钥包括唯一的序列号和公共网络发送加密密钥和仅在认证阶段期间由LAN上的所有组件使用的公共网络接收加密密钥。 每个客户端密钥还包括每个客户端设备唯一的秘密加密密钥。 在认证期间，每个通信会话生成两个随机数，并且由无线信道的两侧都知道。 只有随机号码通过无线信道发送，在这种情况下，这些号码是加密的。 使用在认证期间生成的随机数从独特的秘密加密密钥导出转置的加密密钥。 因此，无线信道的两侧都知道转置的加密密钥，而不会在两者之间传输。