Method and apparatus for attaching a wireless device to a foreign 3GPP wireless domain using alternative authentication mechanisms
    1.
    发明授权
    Method and apparatus for attaching a wireless device to a foreign 3GPP wireless domain using alternative authentication mechanisms 有权
    使用替代认证机制将无线设备附接到外部3GPP无线域的方法和装置

    公开(公告)号:US08929862B2

    公开(公告)日:2015-01-06

    申请号:US13178612

    申请日:2011-07-08

    摘要: A method and apparatus for attaching a wireless device to a foreign wireless domain of a 3GPP communication system using an alternative authentication mechanism, wherein wireless device performs the method, which includes: sending a first attach request message to an infrastructure device in the foreign wireless domain; receiving an attach reject message from the infrastructure device upon an unsuccessful attempt to obtain authentication credentials for the wireless device from a home wireless domain of the wireless device using a standard 3GPP authentication mechanism; responsive to the attach reject message sending a second attach request message to the infrastructure device, wherein the second attach request message indicates an alternative authentication mechanism to the standard 3GPP authentication mechanism; and receiving an attach accept message from the infrastructure device when the wireless device is successfully authenticated using the alternative authentication mechanism.

    摘要翻译: 一种使用替代认证机制将无线设备附加到3GPP通信系统的外部无线域的方法和装置,其中无线设备执行该方法,其包括:向外部无线域中的基础设施设备发送第一附加请求消息 ; 在使用标准3GPP认证机制从无线设备的归属无线域获得无线设备的认证凭证的尝试不成功时,从基础设施设备接收附着拒绝消息; 响应于所述附着拒绝消息向所述基础设施设备发送第二附加请求消息,其中所述第二附着请求消息指示对所述标准3GPP认证机制的替代认证机制; 以及当使用替代认证机制成功认证无线设备时,从基础设施设备接收附加接受消息。

    Methods for establishing a secure point-to-point call on a trunked network
    2.
    发明授权
    Methods for establishing a secure point-to-point call on a trunked network 有权
    在集群网络上建立安全点对点呼叫的方法

    公开(公告)号:US08724812B2

    公开(公告)日:2014-05-13

    申请号:US12983067

    申请日:2010-12-31

    IPC分类号: H04L9/08

    摘要: Methods for establishing secure point-to-point communications in a trunked radio system include receiving, at a trunking controller, a request from a source endpoint for a traffic channel for confidential communications between the source endpoint and a destination endpoint using a shared unique first symmetric key. The trunking controller provides keying material related to the symmetric key over the secured control channel to at least one of the source or destination endpoints and assigns a traffic channel. Moreover, in response to the request, the controller assigns a traffic channel. The keying material enables the unique first symmetric key to be securely established between the source and destination endpoints.

    摘要翻译: 用于在集群无线电系统中建立安全点对点通信的方法包括在中继控制器处,使用共享唯一的第一对称来在源端点和目的地端点之间接收来自源端点的业务信道的业务信道的请求 键。 中继控制器将与安全控制信道上的对称密钥相关的密钥材料提供给源端点或目的端点中的至少一个,并分配业务信道。 此外,响应于该请求,控制器分配业务信道。 密钥材料使得能够在源端点和目的端点之间安全地建立唯一的第一对称密钥。

    UTILIZING A STAPLING TECHNIQUE WITH A SERVER-BASED CERTIFICATE VALIDATION PROTOCOL TO REDUCE OVERHEAD FOR MOBILE COMMUNICATION DEVICES

    公开(公告)号:US20130159703A1

    公开(公告)日:2013-06-20

    申请号:US13328334

    申请日:2011-12-16

    IPC分类号: H04L29/06

    CPC分类号: H04L63/0823

    摘要: A certificate issuer (210) can periodically request, receive, and store current server-based certificate validation protocol (SCVP) staples (225) for supported relying parties (205) from at least one server-based certificate validation protocol (SCVP) responder (215). The certificate issuer (210) can receive a contact initiation request (220) from one of the relying parties (205). Responsive to receiving the contact initiation request (220), the certificate issuer (210) can identify a current SCVP staple from the saved staples that is applicable to the relying party (205). The certificate issuer (210) can conveying a response to the contact initiation request (220) to the relying party (205). The response can comprise the identified SCVP staple and a public key infrastructure (PKI) certificate (230) of the certificate issuer. The SCVP staple can validate a certification path between the PKI certificate (230) and a different certificate trusted by the relying party (205).

    Method and apparatus for distributing certificate revocation lists (CRLs) to nodes in an ad hoc network
    4.
    发明授权
    Method and apparatus for distributing certificate revocation lists (CRLs) to nodes in an ad hoc network 有权
    将证书撤销列表(CRL)分发到自组织网络中的节点的方法和装置

    公开(公告)号:US08438388B2

    公开(公告)日:2013-05-07

    申请号:US12059666

    申请日:2008-03-31

    IPC分类号: H04L9/32

    摘要: A method and apparatus for distributing Certificate Revocation List (CRL) information in an ad hoc network are provided. Ad hoc nodes in an ad hoc network can each transmit one or more certificate revocation list advertisement message(s) (CRLAM(s)). Each CRLAM includes an issuer certification authority (CA) field that identifies a certification authority (CA) that issued a particular certificate revocation list (CRL), a certificate revocation list (CRL) sequence number field that specifies a number that specifies the version of the particular certificate revocation list (CRL) that was issued by the issuer certification authority (CA). Nodes that receive the CRLAMs can then use the CRL information provided in the CRLAM to determine whether to retrieve the particular certificate revocation list (CRL).

    摘要翻译: 提供了一种在自组织网络中分发证书吊销列表(CRL)信息的方法和装置。 自组织网络中的自组织节点可以各自发送一个或多个证书撤销列表通告消息(一个或多个)。 每个CRLAM包括发行者证书颁发机构(CA)字段,用于标识颁发特定证书吊销列表(CRL)的证书颁发机构(CA),证书撤销列表(CRL)序列号字段,其指定指定版本的版本的证书颁发机构 特定证书撤销列表(CRL)由发行者证书颁发机构(CA)颁发。 接收CRLAM的节点可以使用CRLAM中提供的CRL信息来确定是否检索特定的证书吊销列表(CRL)。

    SYSTEM AND METHOD OF PROVISIONING OR MANAGING DEVICE CERTIFICATES IN A COMMUNICATION NETWORK
    5.
    发明申请
    SYSTEM AND METHOD OF PROVISIONING OR MANAGING DEVICE CERTIFICATES IN A COMMUNICATION NETWORK 审中-公开
    在通信网络中提供或管理设备证书的系统和方法

    公开(公告)号:US20120166796A1

    公开(公告)日:2012-06-28

    申请号:US12980250

    申请日:2010-12-28

    IPC分类号: H04L9/00

    摘要: A certificate manager transmits a certificate service advertisement to a plurality of certificate clients. The certificate service advertisement identifies the certificate manager and includes segregation data. The segregation data indicates a set of services offered or a set of clients for which the certificate manager offers service. Responsive to the transmitting of the certificate service advertisement, the certificate manager receives a certificate service request from at least one certificate client of the plurality of certificate clients. The certificate manager verifies that the at least one certificate client is associated with the set of clients for which the certificate manager offers service, and the certificate manager fulfills the certificate service request.

    摘要翻译: 证书管理器向多个证书客户端发送证书服务广告。 证书服务广告标识证书管理器并包括隔离数据。 隔离数据指示提供的一组服务或证书管理器为其提供服务的一组客户端。 响应于发送证书服务广告,证书管理器从多个证书客户端中的至少一个证书客户端接收证书服务请求。 证书管理器验证至少一个证书客户端与证书管理器提供服务的一组客户端相关联,并且证书管理器履行证书服务请求。

    METHODS AND DEVICE FOR SECURE TRANSFER OF SYMMETRIC ENCRYPTION KEYS
    6.
    发明申请
    METHODS AND DEVICE FOR SECURE TRANSFER OF SYMMETRIC ENCRYPTION KEYS 有权
    用于安全转发对称加密密钥的方法和设备

    公开(公告)号:US20110026714A1

    公开(公告)日:2011-02-03

    申请号:US12511731

    申请日:2009-07-29

    IPC分类号: H04L9/08 H04L9/00

    摘要: A sending device generates a first and a second KMM, wherein the first KMM includes a first KEK and a KMM encryption key, and the second KMM includes a set of symmetric encryption keys. The sending device further encrypts the set of symmetric encryption keys using the first KEK; encrypts the first KEK and the KMM encryption key using a first public key of a receiving device; and encrypts the second KMM using the KMM encryption key to generate an encrypted second KMM before sending the first KMM and the encrypted second KMM to the receiving device. The receiving device decrypts the first KEK and the KMM encryption key using a first private key that corresponds to the first public key; and decrypts the encrypted second KMM using the KMM encryption key to obtain the encrypted set of symmetric keys.

    摘要翻译: 发送设备生成第一和第二KMM,其中第一KMM包括第一KEK和KMM加密密钥,并且第二KMM包括一组对称加密密钥。 所述发送装置使用所述第一KEK进一步加密所述一组对称加密密钥; 使用接收设备的第一公钥加密第一KEK和KMM加密密钥; 并且使用KMM加密密钥对第二KMM进行加密,以在将第一KMM和加密的第二KMM发送到接收设备之前生成加密的第二KMM。 接收设备使用对应于第一公钥的第一私钥对第一KEK和KMM加密密钥进行解密; 并使用KMM加密密钥解密加密的第二KMM以获得加密的对称密钥集。

    METHOD AND DEVICE FOR DISTRIBUTING PUBLIC KEY INFRASTRUCTURE (PKI) CERTIFICATE PATH DATA
    7.
    发明申请
    METHOD AND DEVICE FOR DISTRIBUTING PUBLIC KEY INFRASTRUCTURE (PKI) CERTIFICATE PATH DATA 有权
    分配公钥基础结构(PKI)证书路径数据的方法和设备

    公开(公告)号:US20100031027A1

    公开(公告)日:2010-02-04

    申请号:US12181694

    申请日:2008-07-29

    IPC分类号: H04L9/00

    摘要: A method and device for distributing public key infrastructure (PKI) certificate path data enables relying nodes to efficiently authenticate other nodes in an autonomous ad-hoc network. The method includes compiling, at a certificate path management unit (CPMU), the PKI certificate path data (step 405). One or more available certificate paths are then determined at the CPMU for at least one relying node (step 410). Next, the PKI certificate path data are distributed by transmitting a certificate path data message from the CPMU to the at least one relying node (step 415). The certificate path data message includes information identifying one or more trusted certification authorities associated with the one or more available certificate paths.

    摘要翻译: 用于分发公共密钥基础设施(PKI)证书路径数据的方法和设备使得依赖节点有效地认证自治自组织网络中的其他节点。 该方法包括在证书路径管理单元(CPMU)下编译PKI证书路径数据(步骤405)。 然后在CPMU为至少一个依赖节点确定一个或多个可用证书路径(步骤410)。 接下来,通过从CPMU向至少一个依赖节点发送证书路径数据消息来分发PKI证书路径数据(步骤415)。 证书路径数据消息包括标识与一个或多个可用证书路径相关联的一个或多个可信证书颁发机构的信息。

    METHOD AND SYSTEM FOR FLOOR CONTROL IN A WIRELESS NETWORK
    8.
    发明申请
    METHOD AND SYSTEM FOR FLOOR CONTROL IN A WIRELESS NETWORK 有权
    无线网络地面控制方法与系统

    公开(公告)号:US20080043744A1

    公开(公告)日:2008-02-21

    申请号:US11462065

    申请日:2006-08-03

    IPC分类号: H04L12/56 H04L12/28

    摘要: A method and system for establishing floor control in a communication session enables remote control of devices in a network and provides a status update concerning floor ownership. The method includes processing at a floor controller a floor request message received from a first endpoint, where the floor request message requests that floor ownership be provided to a second endpoint (step 305). A floor control announcement message is then transmitted from the floor controller to at least both the first endpoint and the second endpoint, where the floor control announcement message indicates that the second endpoint has floor ownership (step 315).

    摘要翻译: 用于在通信会话中建立楼层控制的方法和系统能够远程控制网络中的设备,并提供有关楼层所有权的状态更新。 该方法包括在楼层控制器处处理从第一端点接收的楼层请求消息,其中楼层请求消息请求将楼层所有权提供给第二端点(步骤305)。 然后,楼层控制通知消息从楼层控制器发送到至少第一端点和第二端点两者,其中楼层控制通知消息指示第二端点具有楼层所有权(步骤315)。

    METHOD AND DEVICE FOR DYNAMICALLY UPDATING AND MAINTAINING CERTIFICATE PATH DATA ACROSS REMOTE TRUST DOMAINS
    9.
    发明申请
    METHOD AND DEVICE FOR DYNAMICALLY UPDATING AND MAINTAINING CERTIFICATE PATH DATA ACROSS REMOTE TRUST DOMAINS 审中-公开
    用于通过远程信任域动态更新和维护证书路径数据的方法和设备

    公开(公告)号:US20140068251A1

    公开(公告)日:2014-03-06

    申请号:US13601214

    申请日:2012-08-31

    IPC分类号: H04L29/06

    摘要: A method and device is provided for dynamically maintaining and updating public key infrastructure (PKI) certificate path data across remote trusted domains to enable relying parties to efficiently authenticate other nodes in an autonomous ad-hoc network. A certificate path management unit (CPMU) monitors a list of sources for an occurrence of a life cycle event capable of altering an existing PKI certificate path data. Upon determining that the life cycle event has occurred, the CPMU calculates a new PKI certificate path data to account for the occurrence of the life cycle event and provides the new PKI certificate path data to at least one of a relying party in a local domain or a remote CPMU in a remote domain.

    摘要翻译: 提供了一种方法和设备,用于在远程可信域之间动态地维护和更新公共密钥基础设施(PKI)证书路径数据,以使依赖方有效地认证自治自组织网络中的其他节点。 证书路径管理单元(CPMU)监视能够改变现有PKI证书路径数据的生命周期事件发生的源的列表。 在确定生命周期事件已经发生时,CPMU计算新的PKI证书路径数据以考虑生命周期事件的发生,并将新的PKI证书路径数据提供给本地域中的依赖方中的至少一个或 远程域中的远程CPMU。

    Method and device for distributing public key infrastructure (PKI) certificate path data
    10.
    发明授权
    Method and device for distributing public key infrastructure (PKI) certificate path data 有权
    用于分发公钥基础设施(PKI)证书路径数据的方法和设备

    公开(公告)号:US08595484B2

    公开(公告)日:2013-11-26

    申请号:US12181694

    申请日:2008-07-29

    IPC分类号: H04L9/00

    摘要: A method and device for distributing public key infrastructure (PKI) certificate path data enables relying nodes to efficiently authenticate other nodes in an autonomous ad-hoc network. The method includes compiling, at a certificate path management unit (CPMU), the PKI certificate path data (step 405). One or more available certificate paths are then determined at the CPMU for at least one relying node (step 410). Next, the PKI certificate path data are distributed by transmitting a certificate path data message from the CPMU to the at least one relying node (step 415). The certificate path data message includes information identifying one or more trusted certification authorities associated with the one or more available certificate paths.

    摘要翻译: 用于分发公共密钥基础设施(PKI)证书路径数据的方法和设备使得依赖节点有效地认证自治自组织网络中的其他节点。 该方法包括在证书路径管理单元(CPMU)下编译PKI证书路径数据(步骤405)。 然后在CPMU为至少一个依赖节点确定一个或多个可用证书路径(步骤410)。 接下来,通过从CPMU向至少一个依赖节点发送证书路径数据消息来分发PKI证书路径数据(步骤415)。 证书路径数据消息包括标识与一个或多个可用证书路径相关联的一个或多个可信证书颁发机构的信息。