摘要:
Providing a supplicant access to at least one requested service is described. An authentication request is received, wherein the authentication request comprises an association request and an identifier to a requested service. A relationship between the supplicant and the requested service based on the association request is created. Then, the association request for the requested service is fulfilled and an authentication server based upon the requested service identified in the authentication request is determined. Finally, the supplicant is authenticated for the requested service.
摘要:
Providing a supplicant access to at least one requested service is described. An authentication request is received, wherein the authentication request comprises an association request and an identifier to a requested service. A relationship between the supplicant and the requested service based on the association request is created. Then, the association request for the requested service is fulfilled and an authentication server based upon the requested service identified in the authentication request is determined. Finally, the supplicant is authenticated for the requested service.
摘要:
A method and device is provided for dynamically maintaining and updating public key infrastructure (PKI) certificate path data across remote trusted domains to enable relying parties to efficiently authenticate other nodes in an autonomous ad-hoc network. A certificate path management unit (CPMU) monitors a list of sources for an occurrence of a life cycle event capable of altering an existing PKI certificate path data. Upon determining that the life cycle event has occurred, the CPMU calculates a new PKI certificate path data to account for the occurrence of the life cycle event and provides the new PKI certificate path data to at least one of a relying party in a local domain or a remote CPMU in a remote domain.
摘要:
A method and device for distributing public key infrastructure (PKI) certificate path data enables relying nodes to efficiently authenticate other nodes in an autonomous ad-hoc network. The method includes compiling, at a certificate path management unit (CPMU), the PKI certificate path data (step 405). One or more available certificate paths are then determined at the CPMU for at least one relying node (step 410). Next, the PKI certificate path data are distributed by transmitting a certificate path data message from the CPMU to the at least one relying node (step 415). The certificate path data message includes information identifying one or more trusted certification authorities associated with the one or more available certificate paths.
摘要:
A method for external organization path length (EOPL) validation is provided. A relying party node of an organization receives an authentication request from a subject node of an external organization. The relying party node then obtains and evaluates certificates from a chain of certificates that link the subject node to a trust anchor of the relying party node wherein, at least one certificate from the chain of certificates comprises an enabled external organization flag (EOF) and/or an external organization path length constraint (EOPLC). The relying party node invalidates authentication of the subject node when the relying party node determines that a total number of enabled EOFs from certificates in the chain of certificates exceeds the lowest EOPLC value from certificates in the chain of certificates.
摘要:
A method for transmitting a packet from a transmitting node to a destination node in a communication network can enable improved network efficiency. The method includes receiving and storing identification information concerning at least one foreign node that is directly reachable in the communication network (block 505). It is then determined, using the identification information, whether the destination node is directly reachable in the communication network (block 510). Based on whether the destination node is directly reachable in the communication network, it is then determined whether to transmit the packet to the destination node using a tunneling protocol or without using a tunneling protocol (block 515). The packet is then transmitted from the transmitting node to the destination node (block 520).
摘要:
A certificate authority selection unit implements a method for selecting one of a plurality of certificate authorities servicing a plurality of administrative domains in a communication system. The method includes: receiving, from an end-entity via an interface, a certificate service request associated with an identifier; selecting, based on the identifier, one of the plurality of administrative domains in the communication system, wherein the plurality of administrative domains are serviced by a plurality of certificate authorities; retrieving a security profile for the end-entity; and selecting, based on the security profile for the end-entity, one of the plurality of certificate authorities to process the certificate service request.
摘要:
A method for merging of ad hoc network partitions within an ad hoc network, the method includes forming a plurality of network partitions by forming a security association among each of a group of partitioned nodes. Each network partition includes a Network Identifier. A node operating within one of the network partitions receives an update message from another node, compares its current Network Identifier to the received Network Identifier; and determines whether to update to the received Network Identifier using an arbitration method when the received Network Identifier is different from the current Network Identifier.
摘要:
Techniques are provided for selecting a root node in an ad hoc network that contains a plurality of nodes including a first node. According to one implementation of these techniques, a first node can receive a message from at least one of the other nodes. Each message includes a number of primary factors associated with a particular node regarding capabilities of the particular node. The primary factors associated with each node can then be evaluated, and an attempt can be made to select the root node based on the primary factors associated with each node. If the first node is unable to select the root node based on the primary factors associated with each node, then the root node can be selected based on secondary factors associated with each node.
摘要:
A method for providing reliable multicasting is described. A transmitted multicast packet is received at second devices, each of which in response transmits a first acknowledgement. If a second acknowledgement, which acknowledges the first acknowledgement, is not received within a predetermined time period, the first acknowledgement is retransmitted. If all first acknowledgements are not received within a preset time period, the multicast packet is retransmitted. If the retransmitted multicast packet has been received, at each of the second devices, if the second acknowledgement has not been received the first acknowledgement is retransmitted, while if the second acknowledgement has been received, the retransmitted multicast packet is ignored and no additional first acknowledgement is transmitted.