-
公开(公告)号:US20240121108A1
公开(公告)日:2024-04-11
申请号:US18105081
申请日:2023-02-02
申请人: John A. Nix
发明人: John A. Nix
CPC分类号: H04L9/3249 , H04L9/0852 , H04L9/0877 , H04L9/3252 , H04L9/3263
摘要: A server can record (i) a first digital signature algorithm with a first certificate, and a corresponding first private key, and (ii) a second digital signature algorithm with a second certificate, and a corresponding second private key. The server can select first data to sign for the first algorithm and the first private key in order to generate a first digital signature. The server can select second data to sign, wherein the second data to sign includes at least the first digital signature. The server can generate a second digital signature for the second data to sign using the second algorithm and the second private key. The server can transmit a message comprising (i) the first and second certificates, and (ii) the first and second digital signatures to a client device. Systems and methods can concurrently support the use of both post-quantum and classical cryptography to enhance security.
-
公开(公告)号:US20240113878A1
公开(公告)日:2024-04-04
申请号:US18527691
申请日:2023-12-04
申请人: John A. Nix
发明人: John A. Nix
CPC分类号: H04L9/304 , H04L9/0844 , H04L9/085
摘要: A device and a network can authenticate using a subscription concealed identifier (SUCI). The device can store (i) a plaintext subscription permanent identifier (SUPI) for the device, (ii) a network static public key, and (iii) a key encapsulation mechanism (KEM) for encryption using the network static public key. The network can store (i) a device database with the SUPI, (ii) a network static private key, and (iii) the KEM for decryption using the network static private key. The device can (i) combine a random number with the SUPI as input into the KEM to generate a ciphertext as the SUCI, and (ii) transmit the ciphertext/SUCI to the network. The network can (i) decrypt the ciphertext using the KEM to read the SUPI, (iii) select a key K from the device database using the SUPI, and (iv) conduct an Authentication and Key Agreement (AKA) with the selected key K.
-
公开(公告)号:US20230361994A1
公开(公告)日:2023-11-09
申请号:US18028499
申请日:2021-09-24
申请人: John A. Nix
发明人: John A. Nix
CPC分类号: H04L9/0852 , H04L9/0819 , H04L9/0618 , H04L9/085 , H04L9/3247
摘要: A server and a device can conduct a secure session with (i) multiple post-quantum cryptography (PQC) key encapsulation mechanisms (KEM) and (ii) forward secrecy. The device can store a server static public key (PK.server) before establishing a secure session with the server. The device can use PK.server to encrypt a device ephemeral public key (ePK.device) into a first ciphertext. The first ciphertext can also include a device digital signature. The server can receive and decrypt the first ciphertext. The server can use the ePK.device to encrypt a server ephemeral public key (ePK.server) into a second ciphertext. The second ciphertext can also include a server digital signature. The device can receive and decrypt the second ciphertext. The device can encrypt application data into a third ciphertext using both PK.server and ePK.server. PK.server can support a first PQC algorithm and ePK.server can support a different, second PQC algorithm.
-
公开(公告)号:US20220264300A1
公开(公告)日:2022-08-18
申请号:US17625296
申请日:2020-07-07
申请人: John A. Nix
发明人: John A. Nix
IPC分类号: H04W12/069 , H04L9/40 , H04L9/06 , H04L9/08
摘要: A device, mobile operator, network, and a device provider can exchange messages for EAP-TLS authentication. The network can include an authentication server function (AUSF). A device and a device provider can record both a device certificate and a device provider certificate. The network can receive an encrypted identity for the device and forward the identity to the device provider. The device provider can send the device certificate and the device provider certificate to the network. The network can (i) receive a “client hello”, (ii) select a network public key and private key, and (iii) send a certificate signing request to the device provider with the network public key, and (iv) receive a network certificate verified by the device provider certificate. The network can receive the device certificate from the device in a TLS handshake and mutually authenticate with the device using the received network certificate and the device certificate.
-
公开(公告)号:US10169587B1
公开(公告)日:2019-01-01
申请号:US16033996
申请日:2018-07-12
申请人: John A. Nix
发明人: John A. Nix
IPC分类号: H04L29/06 , H04L9/08 , H04L9/30 , G06F21/57 , H04L9/00 , H04W12/04 , H04W72/04 , G06K7/14 , H04W84/12 , H04W88/02
摘要: A network can operate a WiFi access point with credentials. An unconfigured device can (i) support a Device Provisioning Protocol (DPP), (ii) record responder bootstrap public and private keys, and (iii) be marked with a tag. The network can record initiator bootstrap public and private keys, as well as derived initiator ephemeral public and private keys. An initiator can (i) operate a DPP application, (ii) read the tag, (iii) establish a secure and mutually authenticated connection with the network, and (iv) send the network data within the tag. The network can record the responder bootstrap public key and derive an encryption key with the (i) recorded responder bootstrap public key and (ii) derived initiator ephemeral private key. The network can encrypt credentials using the derived encryption key and send the encrypted credentials to the initiator, which can forward the encrypted credentials to the device, thereby supporting a device configuration.
-
公开(公告)号:US09350767B2
公开(公告)日:2016-05-24
申请号:US13168578
申请日:2011-06-24
申请人: John A. Nix , Jeffrey S. Mumma
发明人: John A. Nix , Jeffrey S. Mumma
CPC分类号: H04L12/66 , H04L12/56 , H04L29/06027 , H04L61/605 , H04L65/1069 , H04M1/2535 , H04M7/1205 , H04M7/126 , H04M7/127 , H04W12/06
摘要: A system and method for providing packet-switched telephony service. The system provides call control, signaling, and/or delivery of voice, video, and other media in substantially real time. One embodiment of the system includes a call client application on a user device, and a call server located at a packet-switched telephony service provider. The call server is preferably operable to communicate with the call client in a non-native protocol and with the gateway in a native protocol.
-
7.发明授权Systems and methods for “machine-to-machine” (M2M) communications between modules, servers, and an application using public key infrastructure (PKI) 有权使用公共密钥基础设施(PKI)的模块,服务器和应用程序之间的“机器对机器”(M2M)通信的系统和方法公开(公告)号:US09276740B2
公开(公告)日:2016-03-01
申请号:US14055606
申请日:2013-10-16
申请人: John A. Nix
发明人: John A. Nix
IPC分类号: H04L29/06 , H04L9/08 , H04W52/02 , H04W12/04 , H04W4/00 , H04L9/32 , H04W12/06 , H04W12/02 , H04L29/08 , H04L9/00 , H04L9/30 , G06F21/35
CPC分类号: H04L9/0861 , G06F21/35 , G06F2221/2105 , G06F2221/2107 , G06F2221/2115 , H04J11/00 , H04L9/006 , H04L9/0816 , H04L9/0841 , H04L9/085 , H04L9/088 , H04L9/0894 , H04L9/14 , H04L9/30 , H04L9/3066 , H04L9/32 , H04L9/321 , H04L9/3239 , H04L9/3247 , H04L9/3249 , H04L9/3263 , H04L12/2854 , H04L63/0272 , H04L63/0435 , H04L63/0442 , H04L63/045 , H04L63/0464 , H04L63/061 , H04L63/0807 , H04L63/123 , H04L63/166 , H04L67/04 , H04L2209/24 , H04L2209/72 , H04L2209/805 , H04W4/70 , H04W8/082 , H04W12/02 , H04W12/04 , H04W12/06 , H04W40/005 , H04W52/0216 , H04W52/0235 , H04W52/0277 , H04W76/27 , H04W80/04 , H04W84/12 , H04W88/12 , H05K999/99 , Y02D70/00 , Y02D70/1222 , Y02D70/1224 , Y02D70/1242 , Y02D70/1244 , Y02D70/1262 , Y02D70/1264 , Y02D70/142 , Y02D70/144 , Y02D70/146 , Y02D70/162 , Y02D70/164 , Y02D70/166 , Y02D70/21 , Y02D70/24
摘要: Methods and systems are provided for supporting efficient and secure “Machine-to-Machine” (M2M) communications using a module, a server, and an application. A module can communicate with the server by accessing the Internet, and the module can include a sensor and/or an actuator. The module, server, and application can utilize public key infrastructure (PKI) such as public keys and private keys. The module can internally derive pairs of private/public keys using cryptographic algorithms and a first set of parameters. A server can authenticate the submission of derived public keys and an associated module identity. The server can use a first server private key and a second set of parameters to (i) send module data to the application and (ii) receive module instructions from the application. The server can use a second server private key and the first set of parameters to communicate with the module.
摘要翻译: 提供了用于支持使用模块,服务器和应用程序的有效和安全的“机器对机器”(M2M)通信的方法和系统。 模块可以通过访问因特网与服务器通信,并且模块可以包括传感器和/或致动器。 模块,服务器和应用程序可以使用诸如公钥和私钥的公钥基础设施(PKI)。 该模块可以使用加密算法和第一组参数在内部导出私钥/公钥对。 服务器可以验证派生公钥的提交和相关的模块标识。 服务器可以使用第一服务器私钥和第二组参数来(i)向应用发送模块数据,以及(ii)从应用接收模块指令。 服务器可以使用第二个服务器私钥和第一组参数与模块进行通信。
-
8.发明申请公开(公告)号:US20150180847A1
公开(公告)日:2015-06-25
申请号:US14139419
申请日:2013-12-23
申请人: John A. Nix
发明人: John A. Nix
IPC分类号: H04L29/06
CPC分类号: H04L63/08 , H04B1/3816 , H04L9/0819 , H04L9/0869 , H04L9/3271 , H04L63/0428 , H04L63/0435 , H04L63/06 , H04L63/062 , H04L63/101 , H04W4/70 , H04W12/06
摘要: A network with a set of servers can support authentication from a module, where the module includes an embedded universal integrated circuit card (eUICC). The network can send a first network module identity, a first key K, and an encrypted second key K for an eUICC profile to an eUICC subscription manager. The second key K can be encrypted with a symmetric key. The module can receive and activate the eUICC profile, and the network can authenticate the module using the first network module identity and the first key K. The network can (i) authenticate the user of the module using a second factor, and then (ii) send the symmetric key to the module. The module can decrypt the encrypted second key K using the symmetric key. The network can authenticate the module using the second key K. The module can comprise a mobile phone.
摘要翻译: 具有一组服务器的网络可以支持来自模块的认证,其中模块包括嵌入式通用集成电路卡(eUICC)。 网络可以向eUICC订阅管理器发送用于eUICC简档的第一网络模块标识,第一密钥K和加密的第二密钥K. 第二个密钥K可以用对称密钥加密。 该模块可以接收和激活eUICC配置文件,网络可以使用第一个网络模块标识和第一个密钥K来验证模块。网络可以(i)使用第二个因素对模块的用户进行认证,然后(ii )将对称密钥发送到模块。 该模块可以使用对称密钥对加密的第二密钥K进行解密。 网络可以使用第二密钥K来验证模块。模块可以包括移动电话。
-
">
9.发明申请Systems and Methods for "Machine-to-Machine" (M2M) Communications Between Modules, Servers, and an Application using Public Key Infrastructure (PKI) 有权使用公共密钥基础设施(PKI)的模块,服务器和应用程序之间的“机器对机器”(M2M)通信的系统和方法公开(公告)号:US20150106616A1
公开(公告)日:2015-04-16
申请号:US14055606
申请日:2013-10-16
申请人: John A. Nix
发明人: John A. Nix
CPC分类号: H04L9/0861 , G06F21/35 , G06F2221/2105 , G06F2221/2107 , G06F2221/2115 , H04J11/00 , H04L9/006 , H04L9/0816 , H04L9/0841 , H04L9/085 , H04L9/088 , H04L9/0894 , H04L9/14 , H04L9/30 , H04L9/3066 , H04L9/32 , H04L9/321 , H04L9/3239 , H04L9/3247 , H04L9/3249 , H04L9/3263 , H04L12/2854 , H04L63/0272 , H04L63/0435 , H04L63/0442 , H04L63/045 , H04L63/0464 , H04L63/061 , H04L63/0807 , H04L63/123 , H04L63/166 , H04L67/04 , H04L2209/24 , H04L2209/72 , H04L2209/805 , H04W4/70 , H04W8/082 , H04W12/02 , H04W12/04 , H04W12/06 , H04W40/005 , H04W52/0216 , H04W52/0235 , H04W52/0277 , H04W76/27 , H04W80/04 , H04W84/12 , H04W88/12 , H05K999/99 , Y02D70/00 , Y02D70/1222 , Y02D70/1224 , Y02D70/1242 , Y02D70/1244 , Y02D70/1262 , Y02D70/1264 , Y02D70/142 , Y02D70/144 , Y02D70/146 , Y02D70/162 , Y02D70/164 , Y02D70/166 , Y02D70/21 , Y02D70/24
摘要: Methods and systems are provided for supporting efficient and secure “Machine-to-Machine” (M2M) communications using a module, a server, and an application. A module can communicate with the server by accessing the Internet, and the module can include a sensor and/or an actuator. The module, server, and application can utilize public key infrastructure (PKI) such as public keys and private keys. The module can internally derive pairs of private/public keys using cryptographic algorithms and a first set of parameters. A server can authenticate the submission of derived public keys and an associated module identity. The server can use a first server private key and a second set of parameters to (i) send module data to the application and (ii) receive module instructions from the application. The server can use a second server private key and the first set of parameters to communicate with the module.
摘要翻译: 提供了用于支持使用模块,服务器和应用程序的有效和安全的“机器对机器”(M2M)通信的方法和系统。 模块可以通过访问因特网与服务器通信,并且模块可以包括传感器和/或致动器。 模块,服务器和应用程序可以使用诸如公钥和私钥的公钥基础设施(PKI)。 该模块可以使用加密算法和第一组参数在内部导出私钥/公钥对。 服务器可以验证派生公钥的提交和相关的模块标识。 服务器可以使用第一服务器私钥和第二组参数来(i)向应用发送模块数据,以及(ii)从应用接收模块指令。 服务器可以使用第二个服务器私钥和第一组参数与模块进行通信。
-
10.发明授权Efficient handover of media communications in heterogeneous IP networks using LAN profiles and network handover rules 有权使用LAN配置文件和网络切换规则在异构IP网络中进行媒体通信的高效切换公开(公告)号:US08493937B2
公开(公告)日:2013-07-23
申请号:US13423226
申请日:2012-03-18
申请人: John A. Nix
发明人: John A. Nix
IPC分类号: H04W4/00
CPC分类号: H04W36/0033 , H04L29/125 , H04L29/12528 , H04L61/2564 , H04L61/2575 , H04W80/04
摘要: Methods and systems are provided for efficient handover of a media session between heterogeneous IP networks. A mobile device with Internet access can operate a software program to communicate with a corresponding node. The corresponding node may access the Internet through either a NAT router or a firewall. The mobile device establishes a media session with a corresponding node via the transmission of a first media stream and receipt of a second media stream, and a media control channel can optionally be implemented. The mobile device acquires Internet access through a second IP address, and packets routed between the second IP address and the Internet may traverse a NAT router. The mobile device evaluates the type of NAT at the second IP address from a stored LAN profile. A software routine determines that handover of the media session from the first IP address to the second IP address is preferred.
摘要翻译: 提供了方法和系统,用于在异构IP网络之间进行媒体会话的有效切换。 具有因特网接入的移动设备可以操作软件程序以与对应的节点进行通信。 相应的节点可以通过NAT路由器或防火墙访问Internet。 移动设备经由第一媒体流的传输和第二媒体流的接收与对应节点建立媒体会话,并且可以可选地实现媒体控制信道。 移动设备通过第二IP地址获取Internet访问,并且在第二IP地址和因特网之间路由的分组可以穿过NAT路由器。 移动设备从存储的LAN配置文件评估第二IP地址上的NAT类型。 软件例程确定媒体会话从第一IP地址到第二IP地址的切换是优选的。
-
-
-
-
-
-
-
-
-
搜索结果
75 条记录 (耗时 0.051 秒)
