会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明授权
    • Method, apparatus and computer program product providing bootstrapping mechanism selection in generic bootstrapping architecture (GBA)
    • 在通用引导架构(GBA)中提供引导机制选择的方法,设备和计算机程序产品
    • US08087069B2
    • 2011-12-27
    • US11232494
    • 2005-09-21
    • Gabor BajkoTat Keung Chan
    • Gabor BajkoTat Keung Chan
    • G06F7/04
    • H04L9/0844H04L9/3271H04L63/08H04L63/14H04L63/1466H04L63/20H04L63/205H04L69/18H04L2209/80
    • In one exemplary and non-limiting aspect thereof this invention provides a method to execute a bootstrapping procedure between a node, such as a MN, and a wireless network (WN). The method includes sending the WN a first message that contains a list of authentication mechanisms supported by the MN; determining in the WN an authentication mechanism to be used for bootstrapping, based at least on the list received from the MN, and including in a first response message to the MN information pertaining to the determined authentication mechanism; and sending a second message to the WN that is at least partially integrity, the second message containing the list of authentication mechanisms that the MN supports in an integrity protected form. If authentication is successful, and if the list received in the second message matches the list received in the first message, the method further includes responding to the MN with a second response message that is at least partially integrity protected, where the second response message contains an indication of the selected authentication mechanism in an integrity protected form; and receiving the successful response message and verifying that the authentication mechanism used by the MN matches the authentication mechanism selected by the WN.
    • 在其一个示例性和非限制性方面,本发明提供了一种在诸如MN的节点与无线网络(WN)之间执行自举过程的方法。 该方法包括向WN发送包含由MN支持的认证机制的列表的第一消息; 至少基于从MN接收到的列表,在WN中确定要用于引导的认证机制,并且在与所确定的认证机制有关的MN的第一响应消息中包括MN信息; 以及向所述WN发送至少部分完整性的第二消息,所述第二消息包含所述MN以完整性保护形式支持的认证机制的列表。 如果认证成功,并且如果在第二消息中接收到的列表与第一消息中接收的列表匹配,则该方法还包括用至少部分完整性保护的第二响应消息来响应MN,其中第二响应消息包含 所选认证机制以完整性保护形式的指示; 并且接收到成功的响应消息并且验证由MN使用的认证机制与由WN选择的认证机制相匹配。
    • 2. 发明授权
    • Authentication in communications networks
    • 通信网络中的认证
    • US08484467B2
    • 2013-07-09
    • US11606910
    • 2006-12-01
    • Tat Keung ChanGabor Bajko
    • Tat Keung ChanGabor Bajko
    • H04L9/32G06F21/00G06F7/04
    • H04L9/0838H04L9/08H04L9/0841H04L9/3247H04L9/3265H04L9/3271H04L63/061H04L63/062H04L63/08H04L63/0823H04L63/0869H04L63/205H04L2209/38H04L2209/56H04L2209/80H04L2463/061H04W12/04H04W12/06H04W88/02
    • The invention relates to a method of authenticating a user equipment in a communications network. The method involves sending a message from a network entity to the user equipment. This message includes a set of options for an authentication procedure for authenticating an internet protocol communication over a first interface between the user equipment and the network entity; said options including a “shared key”-based authentication procedure. The method also involves selecting an option from the set. In the event that the “shared-key”-based authentication procedure is selected, a shared secret from a security key established in a generic bootstrapping architecture (GBA) is generated over a second interface between the user equipment and a bootstrapping service function. The shared secret is then used to compute and verify authentication payloads in the key-based authentication procedure for the communication over the first interface.
    • 本发明涉及一种在通信网络中认证用户设备的方法。 该方法涉及将消息从网络实体发送到用户设备。 该消息包括用于通过用户设备和网络实体之间的第一接口认证互联网协议通信的认证过程的一组选项; 所述选项包括基于“共享密钥”的认证过程。 该方法还涉及从集合中选择一个选项。 在选择基于“共享密钥”的认证过程的情况下,通过在通用引导体系结构(GBA)中建立的安全密钥的共享密钥在用户设备和引导服务功能之间的第二接口上生成。 然后,共享秘密用于在基于密钥的认证过程中通过第一接口进行通信的计算和验证认证有效载荷。
    • 3. 发明授权
    • Apparatus, method and computer program product providing mobile node identities in conjunction with authentication preferences in generic bootstrapping architecture (GBA)
    • 在泛型自举架构(GBA)中结合认证偏好提供移动节点身份的装置,方法和计算机程序产品,
    • US08353011B2
    • 2013-01-08
    • US11372333
    • 2006-03-08
    • Gabor BajkoTat Keung Chan
    • Gabor BajkoTat Keung Chan
    • H04L29/06
    • H04W12/06G06F21/305G06F21/31G06F21/43G06F21/575H04L9/3271H04L63/08H04L63/14H04L63/1441H04L63/1466H04L63/168H04L63/205H04L2209/80H04W12/10H04W12/12H04W80/10
    • In one exemplary and non-limiting aspect thereof a method is provided that includes sending a wireless network (WN) a first message that includes a list of authentication mechanisms supported by a node and, in association with each authentication mechanism, a corresponding identity; determining in the WN an authentication mechanism to be used for bootstrapping, based at least on the list received from the node; and including information in a second message that is sent to the node, the information including the determined authentication mechanism in conjunction with a corresponding identity. The method further includes protecting at least the list of authentication mechanisms supported by the node and the corresponding identities and sending a second message to the network, the second message including at least the list of authentication mechanisms and the corresponding identities. The method further includes receiving a second response message from the network that is at least partially integrity protected, where the second response message includes an indication of the selected authentication mechanism and the corresponding identity.
    • 在一个示例性和非限制性的方面,提供了一种方法,其包括发送无线网络(WN)第一消息,所述第一消息包括由节点支持的认证机制的列表,并且与每个认证机制相关联地具有对应的身份; 至少基于从节点接收的列表,在WN中确定要用于引导的认证机制; 并且包括发送到节点的第二消息中的信息,所述信息包括结合相应身份的确定的认证机制。 所述方法还包括至少保护所述节点支持的认证机制的列表和对应的身份,并向网络发送第二消息,所述第二消息至少包括认证机制列表和对应的身份。 该方法还包括从网络接收至少部分完整性保护的第二响应消息,其中第二响应消息包括所选择的认证机制的指示和对应的身份。
    • 7. 发明授权
    • Mobile security protocol negotiation
    • 移动安全协议协商
    • US09596597B2
    • 2017-03-14
    • US12927064
    • 2010-11-05
    • Basavaraj PatilGabor Bajko
    • Basavaraj PatilGabor Bajko
    • H04L29/06H04W12/04G06F15/16H04W80/04
    • H04W12/04H04L63/166H04L63/205H04W80/04
    • A security gateway/home agent controller HAC is used to assign one home agent HA from a plurality of HAs and to identify at least one security protocol that is common between a mobile node MN and the assigned HA. Establishment of a security association between the MN and the assigned HA is enabled according to the identified security protocol and utilizing bootstrapping parameters provided over a secure connection between the security gateway/HAC and the MN. The bootstrapping parameters include at least a home address for the MN, an address of the assigned HA and security credentials and security parameters for the identified at least one security protocol. In an exemplary embodiment the home address for the MN may be an IPv6 home address and the MN may have certain capabilities with respect to security protocols and ciphering suites which the MN sends to the security gateway.
    • 安全网关/归属代理控制器HAC用于从多个HA分配一个归属代理HA,并且识别在移动节点MN和所分配的HA之间共同的至少一个安全协议。 根据所识别的安全协议并利用通过安全网关/ HAC与MN之间的安全连接提供的引导参数来实现MN与所分配的HA之间的安全关联的建立。 引导参数至少包括MN的归属地址,所分配的HA的地址和用于所识别的至少一个安全协议的安全凭证和安全参数。 在示例性实施例中,MN的归属地址可以是IPv6家庭地址,并且MN可以具有关于MN向安全网关发送的安全协议和加密套件的某些能力。
    • 9. 发明授权
    • Method, apparatus, and computer program product for wireless network discovery through passive and active scanning
    • 通过被动和主动扫描无线网络发现的方法,设备和计算机程序产品
    • US08463175B2
    • 2013-06-11
    • US13234463
    • 2011-09-16
    • Gabor Bajko
    • Gabor Bajko
    • H04H20/74H04L12/28H04B7/00H04W4/00
    • H04W48/14H04W48/16H04W84/12
    • Method, apparatus, and computer program product embodiments of the invention are disclosed to improve the discovery of wireless networks having desired service offerings. In example embodiments of the invention, a method comprises: determining whether to perform passive or active scanning; transmitting a wireless generic advertisement service request specifying one or more required characteristics of a transmitting device, if the determination is to perform active scanning; passively listening for one or more wireless generic advertisement service responses sent to a broadcast address by one or more wireless devices, the responses including one or more required characteristics of a passive listening device, if the determination is to perform passive scanning; and receiving one or more wireless generic advertisement service responses sent to a broadcast address by one or more wireless devices having the characteristics specified in the transmitted request.
    • 公开了本发明的方法,装置和计算机程序产品实施例,以改进具有所需服务提供的无线网络的发现。 在本发明的示例实施例中,一种方法包括:确定是否执行被动或主动扫描; 如果确定要执行主动扫描,则发送指定发送设备的一个或多个所需特征的无线通用广告服务请求; 如果确定要执行被动扫描,则被动地监听由一个或多个无线设备发送到广播地址的一个或多个无线通用广告服务响应,所述响应包括被动收听设备的一个或多个所需特征; 以及接收由具有所发送的请求中指定的特征的一个或多个无线设备发送到广播地址的一个或多个无线通用广告服务响应。