公开(公告)号：US08467536B2

公开(公告)日：2013-06-18

申请号：US12962906

申请日：2010-12-08

Applicant: Adam C. Lewis ,  Thomas S. Messerges

Inventor： Adam C. Lewis ,  Thomas S. Messerges

IPC: H04L9/00 ,  H04L9/08 ,  H04L29/06 ,  H04K1/00

CPC classification number: H04L65/4061 ,  H04L63/06 ,  H04L65/607 ,  H04L2463/062 ,  H04W80/12

Abstract: A key message can include a key-encryption-key (KEK) associated with a KeyDomainID and a KeyGroupID. A session description message can describe streaming media initialization parameters containing media stream information for one or more media streams. For each media stream, the media stream information can include an IP address and a data port. The session description message can further contain a linkage for binding the KEK to a corresponding one of the media streams. The linkage can include the KeyDomainID and KeyGroupID or can include an abstract representation of the KeyDomainID and KeyGroupID. During session initialization, the key-encryption-key (KEK) can be bound to the media streams using the linkage of the session description message. Each of the media streams can be secured using a traffic key conveyed to user equipment (UE) under protection of the key-encryption-key (KEK).

Abstract translation: 密钥消息可以包括与KeyDomainID和KeyGroupID相关联的密钥加密密钥（KEK）。 会话描述消息可以描述包含用于一个或多个媒体流的媒体流信息的流媒体初始化参数。 对于每个媒体流，媒体流信息可以包括IP地址和数据端口。 会话描述消息还可以包含用于将KEK绑定到相应的一个媒体流的链接。 该链接可以包括KeyDomainID和KeyGroupID，或者可以包括KeyDomainID和KeyGroupID的抽象表示。 在会话初始化期间，密钥加密密钥（KEK）可以使用会话描述消息的链接绑定到媒体流。 可以使用在密钥加密密钥（KEK）的保护下传送到用户设备（UE）的业务密钥来保护每个媒体流。

公开(公告)号：US20110154024A1

公开(公告)日：2011-06-23

申请号：US12644977

申请日：2009-12-22

Applicant: Ananth Ignaci ,  Adam C. Lewis ,  Anthony R. Metke

Inventor： Ananth Ignaci ,  Adam C. Lewis ,  Anthony R. Metke

IPC: H04L29/06

CPC classification number: H04L63/102 ,  H04L9/3268 ,  H04L63/0823

Abstract: A certificate authority selection unit implements a method for selecting one of a plurality of certificate authorities servicing a plurality of administrative domains in a communication system. The method includes: receiving, from an end-entity via an interface, a certificate service request associated with an identifier; selecting, based on the identifier, one of the plurality of administrative domains in the communication system, wherein the plurality of administrative domains are serviced by a plurality of certificate authorities; retrieving a security profile for the end-entity; and selecting, based on the security profile for the end-entity, one of the plurality of certificate authorities to process the certificate service request.

Abstract translation: 认证机构选择单元实现在通信系统中选择服务于多个管理域的多个证书机构中的一个的方法。 该方法包括：从终端实体经由接口接收与标识符相关联的证书服务请求; 基于所述标识符来选择所述通信系统中的所述多个管理域中的一个，其中所述多个管理域由多个证书颁发机构提供服务; 检索终端实体的安全配置文件; 以及基于所述终端实体的安全简档来选择所述多个证书颁发机构之一来处理所述证书服务请求。

公开(公告)号：US20090046614A1

公开(公告)日：2009-02-19

申请号：US11839735

申请日：2007-08-16

Applicant: Adam C. Lewis ,  Surong Zeng

Inventor： Adam C. Lewis ,  Surong Zeng

IPC: H04H20/71

CPC classification number: H04W4/06 ,  H04L12/185 ,  H04L12/189

Abstract: A method and system for updating a multicast state of a multicast group at a first mesh access point as provided improves network efficiency. According to one aspect, the method includes processing a multicast member join request for the multicast group received from a first wireless node. A proxy update message for the first wireless node received from a third mesh access point is then processed. The first wireless node connects to a second mesh access point after joining the multicast group via the first mesh access point, and the third mesh access point is a root node of a mesh tree of which the second mesh access point is a node. An Internet Group Management Protocol (IGMP) query message for the multicast group is then generated. A multicast update (MUPD) packet is then transmitted to an upstream node, whereby a multicast state is updated at the upstream node.

Abstract translation: 一种在所提供的第一网状接入点上更新组播组的组播状态的方法和系统提供了网络效率。 根据一个方面，该方法包括处理从第一无线节点接收的多播组的多播成员加入请求。 然后处理从第三网格接入点接收到的第一无线节点的代理更新消息。 所述第一无线节点经由所述第一网状接入点加入所述多播组之后，连接到第二网状接入点，所述第三网状接入点是所述第二网状接入点为节点的网格树的根节点。 然后生成用于组播组的因特网组管理协议（IGMP）查询消息。 然后将多播更新（MUPD）分组发送到上游节点，由此在上游节点更新多播状态。

公开(公告)号：US08976813B2

公开(公告)日：2015-03-10

申请号：US13227555

申请日：2011-09-08

Applicant: Tyrone D. Bekiares ,  Robert A. Fredericks ,  Adam C. Lewis

Inventor： Tyrone D. Bekiares ,  Robert A. Fredericks ,  Adam C. Lewis

IPC: H04L9/00 ,  H04L29/06 ,  H04L12/851

CPC classification number: H04L63/1466 ,  H04L47/24

Abstract: Methods and apparatus are provided for communicating a flow of packets with a requested quality of service. An exemplary method involves receiving a first packet of a flow, determining a first reference value for the packet flow identification field of the first packet using a key value, and facilitating the requested quality of service for the first packet when the received value of the packet flow identification field of the first packet matches the first reference value. The method continues by receiving a second packet of the flow, determining a second reference value for the packet flow identification field using the key value, and facilitating the requested quality of service for the second packet when the received value of the packet flow identification field of the second packet matches the second reference value.

Abstract translation: 提供了用于传送具有所请求的服务质量的分组流的方法和装置。 一种示例性方法包括接收流的第一分组，使用密钥值确定第一分组的分组流标识字段的第一参考值，并且当接收到的分组的值时便于所请求的第一分组的服务质量 第一分组的流标识字段与第一参考值匹配。 该方法通过接收流的第二分组来继续，使用密钥值确定分组流识别字段的第二参考值，并且当第二分组的分组流识别字段的接收值有利时，便于所请求的第二分组的服务质量 第二分组匹配第二参考值。

公开(公告)号：US07894378B2

公开(公告)日：2011-02-22

申请号：US11839735

申请日：2007-08-16

Applicant: Adam C. Lewis ,  Surong Zeng

Inventor： Adam C. Lewis ,  Surong Zeng

IPC: H04J3/24

CPC classification number: H04W4/06 ,  H04L12/185 ,  H04L12/189

Abstract: A method and system for updating a multicast state of a multicast group at a first mesh access point as provided improves network efficiency. According to one aspect, the method includes processing a multicast member join request for the multicast group received from a first wireless node. A proxy update message for the first wireless node received from a third mesh access point is then processed. The first wireless node connects to a second mesh access point after joining the multicast group via the first mesh access point, and the third mesh access point is a root node of a mesh tree of which the second mesh access point is a node. An Internet Group Management Protocol (IGMP) query message for the multicast group is then generated. A multicast update (MUPD) packet is then transmitted to an upstream node, whereby a multicast state is updated at the upstream node.

Abstract translation: 一种在所提供的第一网状接入点上更新组播组的组播状态的方法和系统提供了网络效率。 根据一个方面，该方法包括处理从第一无线节点接收的多播组的多播成员加入请求。 然后处理从第三网格接入点接收到的第一无线节点的代理更新消息。 所述第一无线节点经由所述第一网状接入点加入所述多播组之后，连接到第二网状接入点，所述第三网状接入点是所述第二网状接入点为节点的网格树的根节点。 然后生成用于组播组的因特网组管理协议（IGMP）查询消息。 然后将多播更新（MUPD）分组发送到上游节点，由此在上游节点更新多播状态。

公开(公告)号：US07724702B2

公开(公告)日：2010-05-25

申请号：US11303492

申请日：2005-12-16

Applicant: Shmuel Silverman ,  Mark J. Johnson ,  Adam C. Lewis ,  Ron Rotstein

Inventor： Shmuel Silverman ,  Mark J. Johnson ,  Adam C. Lewis ,  Ron Rotstein

IPC: H04W4/00

CPC classification number: H04W88/06

Abstract: Multiple-configuration communication apparatus includes: a communication device (130) simultaneously maintaining at least a first and a second channel; a storage device (114, 116, 118) storing a plurality of communication configurations; and a configuration controller (120) determining a first time frame and during the first time frame, selecting a first communication configuration of the plurality of communication configurations and controlling the communication device to configure itself to the first communication configuration to at least one of transmit and receive information over the first channel, and determining a second time frame that is different from the first time frame and during the second time frame, selecting a second communication configuration of the plurality of communication configurations, and controlling the communication device to configure itself to the second communication configuration to at least one of transmit and receive information over the second channel.

Abstract translation: 多配置通信装置包括：通信设备（130）同时保持至少第一和第二信道; 存储多个通信配置的存储设备（114,116,118）; 以及配置控制器（120），其确定第一时间帧，并且在所述第一时间帧期间，选择所述多个通信配置的第一通信配置，并且控制所述通信设备将其自身配置为所述第一通信配置为发送和 通过第一信道接收信息，并且确定与第一时间帧不同的第二时间帧，并且在第二时间帧期间，选择多个通信配置的第二通信配置，并且控制通信设备将其自身配置为 第二通信配置到第二信道上的发送和接收信息中的至少一个。

公开(公告)号：US08582779B2

公开(公告)日：2013-11-12

申请号：US12972485

申请日：2010-12-19

Applicant: Thomas S. Messerges ,  Adam C. Lewis

Inventor： Thomas S. Messerges ,  Adam C. Lewis

IPC: H04L9/08

CPC classification number: H04L9/0833 ,  H04L9/321

Abstract: A system and method for secure communications in a communication system, wherein the system programs a computer to perform the method, which includes: receiving at least one authentication key, without an encryption key, from a key-management server; receiving a packet, which is encrypted, from a source device; authenticating the packet, using the at least one authentication key, without cryptographically altering the packet; and forwarding the authenticated packet to a destination device of the packet.

Abstract translation: 一种用于通信系统中的安全通信的系统和方法，其中所述系统对计算机进行编程以执行所述方法，其包括：从密钥管理服务器接收至少一个不具有加密密钥的认证密钥; 从源设备接收加密的分组; 使用所述至少一个认证密钥来认证所述分组，而不加密地改变所述分组; 并将认证的分组转发到分组的目的地设备。

公开(公告)号：US08379623B2

公开(公告)日：2013-02-19

申请号：US11775307

申请日：2007-07-10

Applicant: Adam C. Lewis ,  Christophe Janneteau ,  Alexandru Petrescu ,  George Popovich

Inventor： Adam C. Lewis ,  Christophe Janneteau ,  Alexandru Petrescu ,  George Popovich

IPC: H04J3/24 ,  H04L12/56 ,  H04L12/28

CPC classification number: H04L12/1836 ,  H04L12/185 ,  H04L63/0272 ,  H04W80/045

Abstract: A method (200, 300, 400) of communicating an IPv6 packet (120) over an IPv4 based network (102). The method can include receiving the IPv6 packet to be communicated to a remote unit (104), encapsulating the IPv6 packet in an IPv4 transition packet (122), and communicating the IPv4 transition packet to an IPv4 MVPN (114) server configured to communicate the packet to the remote unit via infrastructure of an IPv4 radio access network. Another aspect of the present invention relates to a method of processing an IPv6 packet received over an IPv4 based network. The method can include receiving from an MVPN server an IPv4 formatted packet that is being communicated to a remote unit, and removing from the packet at least one IPv4 header to result in the packet being formatted in accordance with IPv6.

Abstract translation: 一种在基于IPv4的网络（102）上传送IPv6分组（120）的方法（200,300,400）。 该方法可以包括接收要传送到远程单元（104）的IPv6分组，将IPv6分组封装在IPv4转换分组（122）中，以及将IPv4转换分组传送到被配置为传送该IPv4转发分组的IPv4 MVPN（114）服务器 通过IPv4无线电接入网络的基础设施将数据包分组到远程单元。 本发明的另一方面涉及一种处理通过基于IPv4的网络接收的IPv6分组的方法。 该方法可以包括从MVPN服务器接收正在传送到远程单元的IPv4格式的分组，以及从分组移除至少一个IPv4报头以导致根据IPv6格式化分组。

公开(公告)号：US20120148050A1

公开(公告)日：2012-06-14

申请号：US12962906

申请日：2010-12-08

Applicant: Adam C. Lewis ,  Thomas S. Messerges

Inventor： Adam C. Lewis ,  Thomas S. Messerges

IPC: H04L9/08

CPC classification number: H04L65/4061 ,  H04L63/06 ,  H04L65/607 ,  H04L2463/062 ,  H04W80/12

Abstract: A key message can include a key-encryption-key (KEK) associated with a KeyDomainID and a KeyGroupID. A session description message can describe streaming media initialization parameters containing media stream information for one or more media streams. For each media stream, the media stream information can include an IP address and a data port. The session description message can further contain a linkage for binding the KEK to a corresponding one of the media streams. The linkage can include the KeyDomainID and KeyGroupID or can include an abstract representation of the KeyDomainID and KeyGroupID. During session initialization, the key-encryption-key (KEK) can be bound to the media streams using the linkage of the session description message. Each of the media streams can be secured using a traffic key conveyed to user equipment (UE) under protection of the key-encryption-key (KEK).

Abstract translation: 密钥消息可以包括与KeyDomainID和KeyGroupID相关联的密钥加密密钥（KEK）。 会话描述消息可以描述包含用于一个或多个媒体流的媒体流信息的流媒体初始化参数。 对于每个媒体流，媒体流信息可以包括IP地址和数据端口。 会话描述消息还可以包含用于将KEK绑定到相应的一个媒体流的链接。 该链接可以包括KeyDomainID和KeyGroupID，或者可以包括KeyDomainID和KeyGroupID的抽象表示。 在会话初始化期间，密钥加密密钥（KEK）可以使用会话描述消息的链接绑定到媒体流。 可以使用在密钥加密密钥（KEK）的保护下传送到用户设备（UE）的业务密钥来保护每个媒体流。

公开(公告)号：US20120140928A1

公开(公告)日：2012-06-07

申请号：US12961992

申请日：2010-12-07

Applicant: THOMAS S. MESSERGES ,  ADAM C. LEWIS

Inventor： THOMAS S. MESSERGES ,  ADAM C. LEWIS

IPC: H04L9/00

CPC classification number: H04L63/06

Abstract: A method and apparatus for modifying the Multimedia Internet KEYing (MIKEY) protocol to support an extended key-management message (KMM), wherein the apparatus programs a computer to perform the method, which includes: determining that a KMM is directed to a target device; determining that the KMM is an extended KMM related to a key-management operation that is not supported by the standard MIKEY protocol; signaling the extended KMM in at least one field of a MIKEY message; and sending the MIKEY message to the target device.

Abstract translation: 一种用于修改多媒体互联网密钥（MIKEY）协议以支持扩展密钥管理消息（KMM）的方法和装置，其中所述装置对计算机进行编程以执行该方法，其包括：确定KMM被定向到目标设备 ; 确定KMM是与标准MIKEY协议不支持的密钥管理操作相关的扩展KMM; 在MIKEY消息的至少一个字段中发送扩展的KMM; 并将MIKEY消息发送到目标设备。