Method and apparatus for providing a supplicant access to a requested service
    1.
    发明申请
    Method and apparatus for providing a supplicant access to a requested service 有权
    用于向请求的服务提供请求者访问的方法和装置

    公开(公告)号:US20070143605A1

    公开(公告)日:2007-06-21

    申请号:US11311959

    申请日:2005-12-19

    IPC分类号: H04L9/00

    摘要: Providing a supplicant access to at least one requested service is described. An authentication request is received, wherein the authentication request comprises an association request and an identifier to a requested service. A relationship between the supplicant and the requested service based on the association request is created. Then, the association request for the requested service is fulfilled and an authentication server based upon the requested service identified in the authentication request is determined. Finally, the supplicant is authenticated for the requested service.

    摘要翻译: 描述对至少一个所请求的服务的请求者访问。 接收认证请求,其中所述认证请求包括关联请求和对所请求服务的标识符。 创建基于关联请求的请求者与请求的服务之间的关系。 然后,满足对所请求服务的关联请求,并且确定基于认证请求中标识的请求服务的认证服务器。 最后,请求者对所请求的服务进行身份验证。

    Method and apparatus for providing a supplicant access to a requested service
    2.
    发明授权
    Method and apparatus for providing a supplicant access to a requested service 有权
    用于向请求的服务提供请求者访问的方法和装置

    公开(公告)号:US08270947B2

    公开(公告)日:2012-09-18

    申请号:US11311959

    申请日:2005-12-19

    IPC分类号: H04M1/66

    摘要: Providing a supplicant access to at least one requested service is described. An authentication request is received, wherein the authentication request comprises an association request and an identifier to a requested service. A relationship between the supplicant and the requested service based on the association request is created. Then, the association request for the requested service is fulfilled and an authentication server based upon the requested service identified in the authentication request is determined. Finally, the supplicant is authenticated for the requested service.

    摘要翻译: 描述对至少一个所请求的服务的请求者访问。 接收认证请求,其中所述认证请求包括关联请求和对所请求服务的标识符。 创建基于关联请求的请求者与请求的服务之间的关系。 然后,满足对所请求服务的关联请求,并且确定基于认证请求中标识的请求服务的认证服务器。 最后,请求者对所请求的服务进行身份验证。

    METHOD AND DEVICE FOR DYNAMICALLY UPDATING AND MAINTAINING CERTIFICATE PATH DATA ACROSS REMOTE TRUST DOMAINS
    3.
    发明申请
    METHOD AND DEVICE FOR DYNAMICALLY UPDATING AND MAINTAINING CERTIFICATE PATH DATA ACROSS REMOTE TRUST DOMAINS 审中-公开
    用于通过远程信任域动态更新和维护证书路径数据的方法和设备

    公开(公告)号:US20140068251A1

    公开(公告)日:2014-03-06

    申请号:US13601214

    申请日:2012-08-31

    IPC分类号: H04L29/06

    摘要: A method and device is provided for dynamically maintaining and updating public key infrastructure (PKI) certificate path data across remote trusted domains to enable relying parties to efficiently authenticate other nodes in an autonomous ad-hoc network. A certificate path management unit (CPMU) monitors a list of sources for an occurrence of a life cycle event capable of altering an existing PKI certificate path data. Upon determining that the life cycle event has occurred, the CPMU calculates a new PKI certificate path data to account for the occurrence of the life cycle event and provides the new PKI certificate path data to at least one of a relying party in a local domain or a remote CPMU in a remote domain.

    摘要翻译: 提供了一种方法和设备,用于在远程可信域之间动态地维护和更新公共密钥基础设施(PKI)证书路径数据,以使依赖方有效地认证自治自组织网络中的其他节点。 证书路径管理单元(CPMU)监视能够改变现有PKI证书路径数据的生命周期事件发生的源的列表。 在确定生命周期事件已经发生时,CPMU计算新的PKI证书路径数据以考虑生命周期事件的发生,并将新的PKI证书路径数据提供给本地域中的依赖方中的至少一个或 远程域中的远程CPMU。

    Method and device for distributing public key infrastructure (PKI) certificate path data
    4.
    发明授权
    Method and device for distributing public key infrastructure (PKI) certificate path data 有权
    用于分发公钥基础设施(PKI)证书路径数据的方法和设备

    公开(公告)号:US08595484B2

    公开(公告)日:2013-11-26

    申请号:US12181694

    申请日:2008-07-29

    IPC分类号: H04L9/00

    摘要: A method and device for distributing public key infrastructure (PKI) certificate path data enables relying nodes to efficiently authenticate other nodes in an autonomous ad-hoc network. The method includes compiling, at a certificate path management unit (CPMU), the PKI certificate path data (step 405). One or more available certificate paths are then determined at the CPMU for at least one relying node (step 410). Next, the PKI certificate path data are distributed by transmitting a certificate path data message from the CPMU to the at least one relying node (step 415). The certificate path data message includes information identifying one or more trusted certification authorities associated with the one or more available certificate paths.

    摘要翻译: 用于分发公共密钥基础设施(PKI)证书路径数据的方法和设备使得依赖节点有效地认证自治自组织网络中的其他节点。 该方法包括在证书路径管理单元(CPMU)下编译PKI证书路径数据(步骤405)。 然后在CPMU为至少一个依赖节点确定一个或多个可用证书路径(步骤410)。 接下来,通过从CPMU向至少一个依赖节点发送证书路径数据消息来分发PKI证书路径数据(步骤415)。 证书路径数据消息包括标识与一个或多个可用证书路径相关联的一个或多个可信证书颁发机构的信息。

    METHOD AND APPARATUS FOR EXTERNAL ORGANIZATION PATH LENGTH VALIDATION WITHIN A PUBLIC KEY INFRASTRUCTURE (PKI)
    5.
    发明申请
    METHOD AND APPARATUS FOR EXTERNAL ORGANIZATION PATH LENGTH VALIDATION WITHIN A PUBLIC KEY INFRASTRUCTURE (PKI) 有权
    公共关键基础设施(PKI)中外部组织路线长度验证的方法和装置

    公开(公告)号:US20120210129A1

    公开(公告)日:2012-08-16

    申请号:US13452408

    申请日:2012-04-20

    IPC分类号: H04L9/30

    摘要: A method for external organization path length (EOPL) validation is provided. A relying party node of an organization receives an authentication request from a subject node of an external organization. The relying party node then obtains and evaluates certificates from a chain of certificates that link the subject node to a trust anchor of the relying party node wherein, at least one certificate from the chain of certificates comprises an enabled external organization flag (EOF) and/or an external organization path length constraint (EOPLC). The relying party node invalidates authentication of the subject node when the relying party node determines that a total number of enabled EOFs from certificates in the chain of certificates exceeds the lowest EOPLC value from certificates in the chain of certificates.

    摘要翻译: 提供了外部组织路径长度(EOPL)验证的方法。 组织的依赖方节点从外部组织的主题节点接收认证请求。 然后,依赖方节点从证书链中获得并评估证书,所述证书链将主体节点链接到依赖方节点的信任锚点,其中,来自证书链的至少一个证书包括启用的外部组织标志(EOF)和/ 或外部组织路径长度约束(EOPLC)。 当依赖方节点确定从证书链中的证书中启用的EOF的总数量超过证书链中的证书的最低EOPLC值时,依赖方节点使主体节点的认证无效。

    Method and device for transmitting data packets
    6.
    发明授权
    Method and device for transmitting data packets 有权
    用于传输数据包的方法和设备

    公开(公告)号:US08204034B2

    公开(公告)日:2012-06-19

    申请号:US11621803

    申请日:2007-01-10

    摘要: A method for transmitting a packet from a transmitting node to a destination node in a communication network can enable improved network efficiency. The method includes receiving and storing identification information concerning at least one foreign node that is directly reachable in the communication network (block 505). It is then determined, using the identification information, whether the destination node is directly reachable in the communication network (block 510). Based on whether the destination node is directly reachable in the communication network, it is then determined whether to transmit the packet to the destination node using a tunneling protocol or without using a tunneling protocol (block 515). The packet is then transmitted from the transmitting node to the destination node (block 520).

    摘要翻译: 在通信网络中从发送节点向目的地节点发送分组的方法可以提高网络效率。 该方法包括接收和存储关于在通信网络中可直接到达的至少一个外来节点的标识信息(方框505)。 然后,使用识别信息确定目的地节点是否可直接到达通信网络(方框510)。 基于目的地节点在通信网络中是否可直接到达,然后确定是否使用隧道协议向目的地节点发送分组,或者不使用隧道协议(框515)。 然后从发送节点向目的地节点发送分组(框520)。

    METHOD AND APPARATUS FOR SELECTING A CERTIFICATE AUTHORITY
    7.
    发明申请
    METHOD AND APPARATUS FOR SELECTING A CERTIFICATE AUTHORITY 有权
    选择认证机构的方法和设备

    公开(公告)号:US20110154024A1

    公开(公告)日:2011-06-23

    申请号:US12644977

    申请日:2009-12-22

    IPC分类号: H04L29/06

    摘要: A certificate authority selection unit implements a method for selecting one of a plurality of certificate authorities servicing a plurality of administrative domains in a communication system. The method includes: receiving, from an end-entity via an interface, a certificate service request associated with an identifier; selecting, based on the identifier, one of the plurality of administrative domains in the communication system, wherein the plurality of administrative domains are serviced by a plurality of certificate authorities; retrieving a security profile for the end-entity; and selecting, based on the security profile for the end-entity, one of the plurality of certificate authorities to process the certificate service request.

    摘要翻译: 认证机构选择单元实现在通信系统中选择服务于多个管理域的多个证书机构中的一个的方法。 该方法包括:从终端实体经由接口接收与标识符相关联的证书服务请求; 基于所述标识符来选择所述通信系统中的所述多个管理域中的一个,其中所述多个管理域由多个证书颁发机构提供服务; 检索终端实体的安全配置文件; 以及基于所述终端实体的安全简档来选择所述多个证书颁发机构之一来处理所述证书服务请求。

    Method for intelligent merging of ad hoc network partitions
    8.
    发明授权
    Method for intelligent merging of ad hoc network partitions 有权
    智能合并ad hoc网络分区的方法

    公开(公告)号:US07792050B2

    公开(公告)日:2010-09-07

    申请号:US11924859

    申请日:2007-10-26

    IPC分类号: H04L12/28

    摘要: A method for merging of ad hoc network partitions within an ad hoc network, the method includes forming a plurality of network partitions by forming a security association among each of a group of partitioned nodes. Each network partition includes a Network Identifier. A node operating within one of the network partitions receives an update message from another node, compares its current Network Identifier to the received Network Identifier; and determines whether to update to the received Network Identifier using an arbitration method when the received Network Identifier is different from the current Network Identifier.

    摘要翻译: 一种用于在自组织网络内合并自组织网络分区的方法,所述方法包括通过在一组分区节点中的每一个之间形成安全关联来形成多个网络分区。 每个网络分区包括一个网络标识符。 在一个网络分区内运行的节点从另一个节点接收更新消息,将其当前的网络标识符与接收到的网络标识符进行比较; 并且当所接收的网络标识符与当前网络标识符不同时,确定是否使用仲裁方法来更新所接收的网络标识符。

    Method and apparatus for omniscient root node selection in an ad hoc network
    9.
    发明授权
    Method and apparatus for omniscient root node selection in an ad hoc network 有权
    在自组织网络中全方位根节点选择的方法和装置

    公开(公告)号:US07697456B2

    公开(公告)日:2010-04-13

    申请号:US11363778

    申请日:2006-02-28

    IPC分类号: H04L12/28

    CPC分类号: H04W84/20 H04W28/18

    摘要: Techniques are provided for selecting a root node in an ad hoc network that contains a plurality of nodes including a first node. According to one implementation of these techniques, a first node can receive a message from at least one of the other nodes. Each message includes a number of primary factors associated with a particular node regarding capabilities of the particular node. The primary factors associated with each node can then be evaluated, and an attempt can be made to select the root node based on the primary factors associated with each node. If the first node is unable to select the root node based on the primary factors associated with each node, then the root node can be selected based on secondary factors associated with each node.

    摘要翻译: 提供技术用于选择自组织网络中包含包括第一节点的多个节点的根节点。 根据这些技术的一个实施方式,第一节点可以从其他节点中的至少一个接收消息。 每个消息包括与特定节点相关联的关于特定节点的能力的多个主要因素。 然后可以评估与每个节点相关联的主要因素,并且可以基于与每个节点相关联的主要因素来尝试选择根节点。 如果第一节点不能根据与每个节点相关联的主要因素来选择根节点,则可以基于与每个节点相关联的次要因素来选择根节点。

    Method of reliable multicasting
    10.
    发明授权
    Method of reliable multicasting 有权
    可靠组播方法

    公开(公告)号:US07561599B2

    公开(公告)日:2009-07-14

    申请号:US11229957

    申请日:2005-09-19

    IPC分类号: H04J3/06 H04L12/28

    CPC分类号: H04L12/1868 H04L12/189

    摘要: A method for providing reliable multicasting is described. A transmitted multicast packet is received at second devices, each of which in response transmits a first acknowledgement. If a second acknowledgement, which acknowledges the first acknowledgement, is not received within a predetermined time period, the first acknowledgement is retransmitted. If all first acknowledgements are not received within a preset time period, the multicast packet is retransmitted. If the retransmitted multicast packet has been received, at each of the second devices, if the second acknowledgement has not been received the first acknowledgement is retransmitted, while if the second acknowledgement has been received, the retransmitted multicast packet is ignored and no additional first acknowledgement is transmitted.

    摘要翻译: 描述了提供可靠多播的方法。 在第二设备处接收到传输的多播分组,其中每个设备响应地发送第一确认。 如果在预定时间段内没有接收到确认第一确认的第二确认,则重发第一确认。 如果在预设时间段内没有收到所有第一个确认,则重新发送组播数据包。 如果已经接收到重传的多播分组,则在每个第二设备处,如果没有接收到第二确认,则重发第一确认,而如果已经接收到第二确认,则重传的多播分组被忽略,并且没有附加的第一确认 被传送。