专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08484467B2 Authentication in communications networks 有权
标题翻译：通信网络中的认证
公开(公告)号：US08484467B2
公开(公告)日：2013-07-09
申请号：US11606910
申请日：2006-12-01
申请人： Tat Keung Chan , Gabor Bajko
发明人： Tat Keung Chan , Gabor Bajko
IPC分类号： H04L9/32 , G06F21/00 , G06F7/04
CPC分类号： H04L9/0838 , H04L9/08 , H04L9/0841 , H04L9/3247 , H04L9/3265 , H04L9/3271 , H04L63/061 , H04L63/062 , H04L63/08 , H04L63/0823 , H04L63/0869 , H04L63/205 , H04L2209/38 , H04L2209/56 , H04L2209/80 , H04L2463/061 , H04W12/04 , H04W12/06 , H04W88/02
摘要： The invention relates to a method of authenticating a user equipment in a communications network. The method involves sending a message from a network entity to the user equipment. This message includes a set of options for an authentication procedure for authenticating an internet protocol communication over a first interface between the user equipment and the network entity; said options including a “shared key”-based authentication procedure. The method also involves selecting an option from the set. In the event that the “shared-key”-based authentication procedure is selected, a shared secret from a security key established in a generic bootstrapping architecture (GBA) is generated over a second interface between the user equipment and a bootstrapping service function. The shared secret is then used to compute and verify authentication payloads in the key-based authentication procedure for the communication over the first interface.
摘要翻译：本发明涉及一种在通信网络中认证用户设备的方法。该方法涉及将消息从网络实体发送到用户设备。该消息包括用于通过用户设备和网络实体之间的第一接口认证互联网协议通信的认证过程的一组选项; 所述选项包括基于“共享密钥”的认证过程。该方法还涉及从集合中选择一个选项。在选择基于“共享密钥”的认证过程的情况下，通过在通用引导体系结构（GBA）中建立的安全密钥的共享密钥在用户设备和引导服务功能之间的第二接口上生成。然后，共享秘密用于在基于密钥的认证过程中通过第一接口进行通信的计算和验证认证有效载荷。

2. 发明授权

US08353011B2 Apparatus, method and computer program product providing mobile node identities in conjunction with authentication preferences in generic bootstrapping architecture (GBA) 有权
标题翻译：在泛型自举架构（GBA）中结合认证偏好提供移动节点身份的装置，方法和计算机程序产品，
公开(公告)号：US08353011B2
公开(公告)日：2013-01-08
申请号：US11372333
申请日：2006-03-08
申请人： Gabor Bajko , Tat Keung Chan
发明人： Gabor Bajko , Tat Keung Chan
IPC分类号： H04L29/06
CPC分类号： H04W12/06 , G06F21/305 , G06F21/31 , G06F21/43 , G06F21/575 , H04L9/3271 , H04L63/08 , H04L63/14 , H04L63/1441 , H04L63/1466 , H04L63/168 , H04L63/205 , H04L2209/80 , H04W12/10 , H04W12/12 , H04W80/10
摘要： In one exemplary and non-limiting aspect thereof a method is provided that includes sending a wireless network (WN) a first message that includes a list of authentication mechanisms supported by a node and, in association with each authentication mechanism, a corresponding identity; determining in the WN an authentication mechanism to be used for bootstrapping, based at least on the list received from the node; and including information in a second message that is sent to the node, the information including the determined authentication mechanism in conjunction with a corresponding identity. The method further includes protecting at least the list of authentication mechanisms supported by the node and the corresponding identities and sending a second message to the network, the second message including at least the list of authentication mechanisms and the corresponding identities. The method further includes receiving a second response message from the network that is at least partially integrity protected, where the second response message includes an indication of the selected authentication mechanism and the corresponding identity.
摘要翻译：在一个示例性和非限制性的方面，提供了一种方法，其包括发送无线网络（WN）第一消息，所述第一消息包括由节点支持的认证机制的列表，并且与每个认证机制相关联地具有对应的身份; 至少基于从节点接收的列表，在WN中确定要用于引导的认证机制; 并且包括发送到节点的第二消息中的信息，所述信息包括结合相应身份的确定的认证机制。所述方法还包括至少保护所述节点支持的认证机制的列表和对应的身份，并向网络发送第二消息，所述第二消息至少包括认证机制列表和对应的身份。该方法还包括从网络接收至少部分完整性保护的第二响应消息，其中第二响应消息包括所选择的认证机制的指示和对应的身份。

3. 发明授权

US07835528B2 Method and apparatus for refreshing keys within a bootstrapping architecture 有权
标题翻译：在自举架构中刷新密钥的方法和装置
公开(公告)号：US07835528B2
公开(公告)日：2010-11-16
申请号：US11397837
申请日：2006-04-04
申请人： Gabor Bajko , Tat Keung Chan
发明人： Gabor Bajko , Tat Keung Chan
IPC分类号： H04L9/00 , H04L9/08
CPC分类号： H04L9/0891 , H04L9/3271 , H04L63/067 , H04L63/068 , H04L2209/56 , H04L2209/80 , H04W12/04
摘要： An approach is provided for refreshing keys in a communication system. An application request is transmitted to a network element configured to provide secure services. A message is received, in response to the application request, indicating refreshment of a key that is used to provide secure communications with the network element. A refreshed key is derived based on the received message.
摘要翻译：提供了一种用于在通信系统中刷新密钥的方法。将应用请求发送到被配置为提供安全服务的网元。响应于应用请求，接收到指示用于提供与网络元件的安全通信的密钥的刷新的消息。基于接收到的消息导出刷新密钥。

4. 发明授权

US08087069B2 Method, apparatus and computer program product providing bootstrapping mechanism selection in generic bootstrapping architecture (GBA) 有权
标题翻译：在通用引导架构（GBA）中提供引导机制选择的方法，设备和计算机程序产品
公开(公告)号：US08087069B2
公开(公告)日：2011-12-27
申请号：US11232494
申请日：2005-09-21
申请人： Gabor Bajko , Tat Keung Chan
发明人： Gabor Bajko , Tat Keung Chan
IPC分类号： G06F7/04
CPC分类号： H04L9/0844 , H04L9/3271 , H04L63/08 , H04L63/14 , H04L63/1466 , H04L63/20 , H04L63/205 , H04L69/18 , H04L2209/80
摘要： In one exemplary and non-limiting aspect thereof this invention provides a method to execute a bootstrapping procedure between a node, such as a MN, and a wireless network (WN). The method includes sending the WN a first message that contains a list of authentication mechanisms supported by the MN; determining in the WN an authentication mechanism to be used for bootstrapping, based at least on the list received from the MN, and including in a first response message to the MN information pertaining to the determined authentication mechanism; and sending a second message to the WN that is at least partially integrity, the second message containing the list of authentication mechanisms that the MN supports in an integrity protected form. If authentication is successful, and if the list received in the second message matches the list received in the first message, the method further includes responding to the MN with a second response message that is at least partially integrity protected, where the second response message contains an indication of the selected authentication mechanism in an integrity protected form; and receiving the successful response message and verifying that the authentication mechanism used by the MN matches the authentication mechanism selected by the WN.
摘要翻译：在其一个示例性和非限制性方面，本发明提供了一种在诸如MN的节点与无线网络（WN）之间执行自举过程的方法。该方法包括向WN发送包含由MN支持的认证机制的列表的第一消息; 至少基于从MN接收到的列表，在WN中确定要用于引导的认证机制，并且在与所确定的认证机制有关的MN的第一响应消息中包括MN信息; 以及向所述WN发送至少部分完整性的第二消息，所述第二消息包含所述MN以完整性保护形式支持的认证机制的列表。如果认证成功，并且如果在第二消息中接收到的列表与第一消息中接收的列表匹配，则该方法还包括用至少部分完整性保护的第二响应消息来响应MN，其中第二响应消息包含所选认证机制以完整性保护形式的指示; 并且接收到成功的响应消息并且验证由MN使用的认证机制与由WN选择的认证机制相匹配。

5. 发明申请

US20060280305A1 Apparatus, method and computer program product providing mobile node identities in conjunction with authentication preferences in generic bootstrapping architecture (GBA) 有权
公开(公告)号：US20060280305A1
公开(公告)日：2006-12-14
申请号：US11372333
申请日：2006-03-08
申请人： Gabor Bajko , Tat Keung Chan
发明人： Gabor Bajko , Tat Keung Chan
IPC分类号： H04K1/00
CPC分类号： H04W12/06 , G06F21/305 , G06F21/31 , G06F21/43 , G06F21/575 , H04L9/3271 , H04L63/08 , H04L63/14 , H04L63/1441 , H04L63/1466 , H04L63/168 , H04L63/205 , H04L2209/80 , H04W12/10 , H04W12/12 , H04W80/10
摘要： In one exemplary and non-limiting aspect thereof a method is provided that includes sending a wireless network (WN) a first message that includes a list of authentication mechanisms supported by a node and, in association with each authentication mechanism, a corresponding identity; determining in the WN an authentication mechanism to be used for bootstrapping, based at least on the list received from the node; and including information in a second message that is sent to the node, the information including the determined authentication mechanism in conjunction with a corresponding identity. The method further includes protecting at least the list of authentication mechanisms supported by the node and the corresponding identities and sending a second message to the network, the second message including at least the list of authentication mechanisms and the corresponding identities. The method further includes receiving a second response message from the network that is at least partially integrity protected, where the second response message includes an indication of the selected authentication mechanism and the corresponding identity.

6. 发明授权

US08997252B2 Downloadable security based on certificate status 有权
标题翻译：基于证书状态的可下载的安全性
公开(公告)号：US08997252B2
公开(公告)日：2015-03-31
申请号：US12794305
申请日：2010-06-04
申请人： Alexander Medvinsky , Tat Keung Chan
发明人： Alexander Medvinsky , Tat Keung Chan
IPC分类号： G06F21/00 , H04L29/06 , G06F21/10 , G06F21/33
CPC分类号： H04L63/06 , G06F21/10 , G06F21/33 , G06F2221/2105 , G06F2221/2145 , H04L63/0823 , H04L63/20 , H04L2463/101
摘要： A conditional access system (CAS) computer in a downloadable CAS receives a downloadable management certificate (DMC) and determines, using the DMC, security information including a DMC key size and an expiration time of a DMC subordinate certificate authority (sub-CA) certificate, for the client device. The CAS computer then determines whether the DMC is valid based on the expiration time of the DMC sub-CA certificate. If the DMC is determined to be valid, the CAS server sends a cryptographic identity for the client device and a CAS client to the client device protected using the DMC. At a later time, if the DMC key size is considered to be still sufficiently secure, the validity of the DMC is extended by issuing a new DMC sub-CA certificate with the same public key as the original DMC sub-CA certificate.
摘要翻译：可下载的CAS中的条件访问系统（CAS）计算机接收可下载的管理证书（DMC），并使用DMC确定包括DMC下属认证机构（子CA）证书的DMC密钥大小和到期时间的安全信息，用于客户端设备。 CAS计算机然后根据DMC子CA证书的到期时间确定DMC是否有效。如果DMC确定为有效，CAS服务器将客户端设备和CAS客户端的加密身份发送到使用DMC保护的客户端设备。稍后，如果DMC密钥大小被认为仍然足够安全，则DMC的有效性通过发布与DMC DMC-CA认证相同的公钥的新的DMC子CA证书来扩展。

7. 发明授权

US08269622B2 Method and system for intelligent energy network management control system 失效
公开(公告)号：US08269622B2
公开(公告)日：2012-09-18
申请号：US12550382
申请日：2009-08-30
申请人： Tat Keung Chan , Elsa A. Chan
发明人： Tat Keung Chan , Elsa A. Chan
IPC分类号： G08B1/08
CPC分类号： H04L12/2818 , G01D4/004 , H04L12/2836 , H04L12/40039 , Y02B90/242 , Y02B90/246 , Y04S20/322 , Y04S20/42 , Y04S20/46
摘要： A system for providing network infrastructure for energy management and control is disclosed. A controller integrates powerline and wireless networking technologies in order to provide an integrated network. A gateway sends and receives command and control data across the integrated network. Client devices may connect to the integrated network and perform a variety of functions. An appliance module may send and receive data across the integrated network in relation to a particular appliance. A panel meter may send and receive data across the integrated network in relation to data measured at a distribution panel. A serial bridge may connect various devices to the integrated network. Computing devices may remotely or locally connect to the integrated network and send and receive data.

8. 发明申请

US20120042160A1 SYSTEM AND METHOD FOR COGNIZANT TRANSPORT LAYER SECURITY (CTLS) 有权
标题翻译：有效运输层安全系统与方法（CTLS）
公开(公告)号：US20120042160A1
公开(公告)日：2012-02-16
申请号：US13207394
申请日：2011-08-10
申请人： Madjid F. Nakhjiri , Tat Keung Chan , Alexander Medvinsky
发明人： Madjid F. Nakhjiri , Tat Keung Chan , Alexander Medvinsky
IPC分类号： H04L29/06 , H04L9/32 , G06F15/16
CPC分类号： H04L63/0884 , H04L9/0844 , H04L9/321 , H04L9/3271 , H04L63/067 , H04L63/0892 , H04L63/105 , H04L63/166
摘要： A method of authentication and authorization over a communications system is provided. Disclosed herein are systems and methods for creating a cryptographic evidence, called authentication/authorization evidence, AE, when a successful authentication/authorization between a client and an authentication server is complete. There are a variety of methods for generating AE. For instance, the AE can be data that is exchanged during the authentication signaling or data that results from it. A distinctive point being that AE results from the authentication process and is used as prior state for the following TLS exchange. An example for creation of AE, is as follows: EAP authentications typically result in an Extended Master Session Key (EMSK). The EMSK can be used to create an Evidence Master Key (EMK) that can then be used to create AE for a variety of servers.
摘要翻译：提供了一种通信系统的认证和授权方法。本文公开了当客户端和认证服务器之间的成功认证/授权完成时，用于创建加密证据的系统和方法，称为认证/授权证据。有多种生成AE的方法。例如，AE可以是在认证信令期间交换的数据或由其产生的数据。一个独特之处在于，AE来自认证过程，并被用作以下TLS交换的先前状态。创建AE的示例如下：EAP认证通常导致扩展主会话密钥（EMSK）。 EMSK可用于创建证据主密钥（EMK），然后可用于为各种服务器创建AE。

9. 发明申请

US20100238003A1 METHOD AND SYSTEM FOR INTELLIGENT ENERGY NETWORK MANAGEMENT CONTROL SYSTEM 失效
标题翻译：智能能源网络管理控制系统的方法与系统
公开(公告)号：US20100238003A1
公开(公告)日：2010-09-23
申请号：US12550382
申请日：2009-08-30
申请人： Tat Keung Chan , Elsa A. Chan
发明人： Tat Keung Chan , Elsa A. Chan
IPC分类号： G05B11/01
CPC分类号： H04L12/2818 , G01D4/004 , H04L12/2836 , H04L12/40039 , Y02B90/242 , Y02B90/246 , Y04S20/322 , Y04S20/42 , Y04S20/46
摘要： A system for providing network infrastructure for energy management and control is disclosed. A controller integrates powerline and wireless networking technologies in order to provide an integrated network. A gateway sends and receives command and control data across the integrated network. Client devices may connect to the integrated network and perform a variety of functions. An appliance module may send and receive data across the integrated network in relation to a particular appliance. A panel meter may send and receive data across the integrated network in relation to data measured at a distribution panel. A serial bridge may connect various devices to the integrated network. Computing devices may remotely or locally connect to the integrated network and send and receive data.
摘要翻译：公开了一种用于提供用于能量管理和控制的网络基础设施的系统。控制器集成电力线和无线网络技术，以提供集成网络。网关通过集成网络发送和接收命令和控制数据。客户端设备可以连接到集成网络并执行各种功能。设备模块可以相对于特定设备跨集成网络发送和接收数据。面板仪可以通过集成网络发送和接收与配电盘测量的数据相关的数据。串行桥可以将各种设备连接到集成网络。计算设备可以远程或本地连接到集成网络并发送和接收数据。

10. 发明授权

US07778152B2 Non-intrusive method and system for coupling powerline communications signals to a powerline network 有权
标题翻译：将电力线通信信号耦合到电力线网络的非侵入性方法和系统
公开(公告)号：US07778152B2
公开(公告)日：2010-08-17
申请号：US12031372
申请日：2008-02-14
申请人： Tat Keung Chan
发明人： Tat Keung Chan
IPC分类号： H04J11/00
CPC分类号： H04B3/54 , H01R13/6463 , H01R13/6473 , H04B3/56 , H04B2203/5408 , H04B2203/5441 , H04B2203/5445 , H04B2203/5454 , H04B2203/5466 , H04B2203/5483
摘要： In one embodiment, a powerline system includes a data connection, a powerline module coupled to the data connection, a physical socket coupled to the powerline module and including a female connector device, a male connector device inserted into the female connector device, and a pair of wires coupled to and extending from the male connector device. The female connector device comprises a first female connector and a second female connector. The male connector device comprises a first male connector coupled to the first female connector and a second male connector coupled to the second female connector. The first wire of the pair of wires is coupled to and extending from the first male connector, and the second wire of the pair of wires is coupled to and extending from the second male connector respectively.
摘要翻译：在一个实施例中，电力线系统包括数据连接，耦合到数据连接的电力线模块，耦合到电力线模块的物理插座，并且包括阴连接器装置，插入到母连接器装置中的公连接器装置和一对耦合到阳连接器装置并从阳连接器装置延伸的导线。阴连接器装置包括第一阴连接器和第二阴连接器。阳连接器装置包括耦合到第一阴连接器的第一阳连接器和耦合到第二阴连接器的第二阳连接器。一对电线的第一线耦合到第一阳连接器并从第一阳连接器延伸，并且一对电线的第二线分别耦合到第二阳连接器并从第二阳连接器延伸。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式