Patent application number | Description | Published |
20080205312 | METHOD AND DEVICE FOR ESTABLISHING A SECURE ROUTE IN A WIRELESS NETWORK - A method for establishing a secure route in a wireless network as provided improves network efficiency. According to one aspect, the method includes receiving at a first node in the wireless network a route request message from a second node, where the second node and the first node have not been mutually authenticated. The route request message is then forwarded from the first node to a third node. A route reply message is then received at the first node from the third node. The first node is then mutually authenticated with the second node in response to receiving the route reply message at the first node. | 08-28-2008 |
20080314681 | DYNAMIC RESOURCE ASSIGNMENT AND EXIT INFORMATION FOR EMERGENCY RESPONDERS - A method of providing situational awareness at an incident scene. Sensor data can be received from at least one sensor ( | 12-25-2008 |
20090109870 | METHOD FOR INTELLIGENT MERGING OF AD HOC NETWORK PARTITIONS - A method for merging of ad hoc network partitions within an ad hoc network, the method includes forming a plurality of network partitions by forming a security association among each of a group of partitioned nodes. Each network partition includes a Network Identifier. A node operating within one of the network partitions receives an update message from another node, compares its current Network Identifier to the received Network Identifier; and determines whether to update to the received Network Identifier using an arbitration method when the received Network Identifier is different from the current Network Identifier. | 04-30-2009 |
20090109891 | METHOD AND SYSTEM FOR DISTRIBUTED ADMISSION CONTROL IN MOBILE AD HOC NETWORKS (MANETS) - Techniques are provided for distributed admission control (AC) in a mobile ad hoc network (MANET). When the source node transmits a new communication stream (NCS) toward a destination node, other nodes allow transmission of the NCS during a temporary admission period even though the NCS has not yet been admitted. The nodes can determine whether the NCS causes degradation of any existing communication stream(s) (ECSs) supported by that node based on existing QoS requirements associated with the ECSs. In some implementations, nodes which determine that they are unable to support ECSs transmit an indicator which notifies other nodes that admission of the NCS is denied by that node. By contrast, if none of the nodes transmit an indicator during the temporary admission period, then the NCS is “admitted” to the MANET and the source node is permitted to keep transmitting the NCS, a variation thereof or another new communication stream. | 04-30-2009 |
20090164785 | METHOD FOR AUTHENTICATION IN A COMMUNICATION NETWORK - A method authenticates a first node to a communication network that includes a second node to which the first node desires to mutually authenticate. The method includes detecting a broadcast message from the second node and determining whether mutual authentication can be performed directly with the second node. When the first node is unable to mutually authenticate to the second node directly, the first node locates a node that can serve as an authentication bridge to authenticate the first node to the communication network. | 06-25-2009 |
20090249062 | METHOD AND APPARATUS FOR DISTRIBUTING CERTIFICATE REVOCATION LISTS (CRLs) TO NODES IN AN AD HOC NETWORK - A method and apparatus for distributing Certificate Revocation List (CRL) information in an ad hoc network are provided. Ad hoc nodes in an ad hoc network can each transmit one or more certificate revocation list advertisement message(s) (CRLAM(s)). Each CRLAM includes an issuer certification authority (CA) field that identifies a certification authority (CA) that issued a particular certificate revocation list (CRL), a certificate revocation list (CRL) sequence number field that specifies a number that specifies the version of the particular certificate revocation list (CRL) that was issued by the issuer certification authority (CA). Nodes that receive the CRLAMs can then use the CRL information provided in the CRLAM to determine whether to retrieve the particular certificate revocation list (CRL). | 10-01-2009 |
20090276841 | METHOD AND DEVICE FOR DYNAMIC DEPLOYMENT OF TRUST BRIDGES IN AN AD HOC WIRELESS NETWORK - A method for deploying a trust bridge in an ad hoc wireless network can provide interoperability for multi-organizational authentication. The method includes processing at a delegate certification authority (DCA) node device authorizations received from of a plurality of certification authorities (CAs) of different organizations, where the authorizations authorize the DCA node device to serve as a DCA representing the CAs (step | 11-05-2009 |
20100031027 | METHOD AND DEVICE FOR DISTRIBUTING PUBLIC KEY INFRASTRUCTURE (PKI) CERTIFICATE PATH DATA - A method and device for distributing public key infrastructure (PKI) certificate path data enables relying nodes to efficiently authenticate other nodes in an autonomous ad-hoc network. The method includes compiling, at a certificate path management unit (CPMU), the PKI certificate path data (step | 02-04-2010 |
20100070755 | METHOD AND DEVICE FOR CONFIRMING AUTHENTICITY OF A PUBLIC KEY INFRASTRUCTURE (PKI) TRANSACTION EVENT - A method and device for confirming authenticity of a public key infrastructure (PKI) transaction event between a relying node and a subject node in a communication network enables improved network security. According to some embodiments, the method includes establishing at a PKI event logging (PEL) server a process to achieve secure communications with the relying node (step | 03-18-2010 |
20100082975 | METHOD AND APPARATUS FOR EXTERNAL ORGANIZATION PATH LENGTH VALIDATION WITHIN A PUBLIC KEY INFRASTRUCTURE (PKI) - A method and apparatus for external organization (EO) path length (EOPL) validation are provided. A relying party node (RPN) stores a current EO path length constraint (EOPLC) value, and an EOPL counter that maintains a count of an actual external organization path length. The RPN obtains a chain of certificates that link a subject node (SN) to its trust anchor, and processes the certificates in the chain. When a certificate has a lower EOPLC than the current EOPLC value, the RPN replaces the current EOPLC value with the lower EOPLC. When the certificate currently being evaluated includes an enabled EO flag, the RPN increments the EOPL counter by one. The EOPL validation fails when the EOPL counter is greater than the current EOPLC value, and is successful when the last remaining certificate in the chain is processed without having the EOPL counter exceed the current EOPLC value. | 04-01-2010 |
20100115266 | METHOD AND DEVICE FOR ENABLING A TRUST RELATIONSHIP USING AN UNEXPIRED PUBLIC KEY INFRASTRUCTURE (PKI) CERTIFICATE - A method and device are useful for enabling a trust relationship using an unexpired public key infrastructure (PKI) certificate, where a current status of the PKI certificate is unavailable. The method includes determining at a relying party that a certificate status update for the PKI certificate is unavailable (step | 05-06-2010 |
20100115267 | METHOD AND DEVICE FOR ENABLING A TRUST RELATIONSHIP USING AN EXPIRED PUBLIC KEY INFRASTRUCTURE (PKI) CERTIFICATE - A method and device are useful for enabling a trust relationship using an expired public key infrastructure (PKI) certificate. The method includes determining at a relying party a maximum permissible grace period during which the PKI certificate can be conditionally granted a valid status (step | 05-06-2010 |
20100223659 | METHOD AND SYSTEM FOR ENSURING AUTHORIZED OPERATION OF A COMMUNICATION SYSTEM AS A SECONDARY USER - A communication system ( | 09-02-2010 |
20110026714 | METHODS AND DEVICE FOR SECURE TRANSFER OF SYMMETRIC ENCRYPTION KEYS - A sending device generates a first and a second KMM, wherein the first KMM includes a first KEK and a KMM encryption key, and the second KMM includes a set of symmetric encryption keys. The sending device further encrypts the set of symmetric encryption keys using the first KEK; encrypts the first KEK and the KMM encryption key using a first public key of a receiving device; and encrypts the second KMM using the KMM encryption key to generate an encrypted second KMM before sending the first KMM and the encrypted second KMM to the receiving device. The receiving device decrypts the first KEK and the KMM encryption key using a first private key that corresponds to the first public key; and decrypts the encrypted second KMM using the KMM encryption key to obtain the encrypted set of symmetric keys. | 02-03-2011 |
20110154024 | METHOD AND APPARATUS FOR SELECTING A CERTIFICATE AUTHORITY - A certificate authority selection unit implements a method for selecting one of a plurality of certificate authorities servicing a plurality of administrative domains in a communication system. The method includes: receiving, from an end-entity via an interface, a certificate service request associated with an identifier; selecting, based on the identifier, one of the plurality of administrative domains in the communication system, wherein the plurality of administrative domains are serviced by a plurality of certificate authorities; retrieving a security profile for the end-entity; and selecting, based on the security profile for the end-entity, one of the plurality of certificate authorities to process the certificate service request. | 06-23-2011 |
20110161659 | METHOD TO ENABLE SECURE SELF-PROVISIONING OF SUBSCRIBER UNITS IN A COMMUNICATION SYSTEM - A method to enable remote, secure, self-provisioning of a subscriber unit includes, a security provisioning server: receiving, from a subscriber unit, a certificate signing request having subscriber unit configuration trigger data; generating provisioning data for the subscriber unit using the subscriber unit configuration trigger data; and in response to the certificate signing request, providing to the subscriber unit the provisioning data and a subscriber unit certificate having authorization attributes associated with the provisioning data, to enable the self-provisioning of the subscriber unit. | 06-30-2011 |
20120117608 | CERTIFICATE POLICY MANAGEMENT TOOL - A certificate policy management tool ( | 05-10-2012 |
20120166796 | SYSTEM AND METHOD OF PROVISIONING OR MANAGING DEVICE CERTIFICATES IN A COMMUNICATION NETWORK - A certificate manager transmits a certificate service advertisement to a plurality of certificate clients. The certificate service advertisement identifies the certificate manager and includes segregation data. The segregation data indicates a set of services offered or a set of clients for which the certificate manager offers service. Responsive to the transmitting of the certificate service advertisement, the certificate manager receives a certificate service request from at least one certificate client of the plurality of certificate clients. The certificate manager verifies that the at least one certificate client is associated with the set of clients for which the certificate manager offers service, and the certificate manager fulfills the certificate service request. | 06-28-2012 |
20120170743 | METHODS FOR ESTABLISHING A SECURE POINT-TO-POINT CALL ON A TRUNKED NETWORK - Methods for establishing secure point-to-point communications in a trunked radio system include receiving, at a trunking controller, a request from a source endpoint for a traffic channel for confidential communications between the source endpoint and a destination endpoint using a shared unique first symmetric key. The trunking controller provides keying material related to the symmetric key over the secured control channel to at least one of the source or destination endpoints and assigns a traffic channel. Moreover, in response to the request, the controller assigns a traffic channel. The keying material enables the unique first symmetric key to be securely established between the source and destination endpoints. | 07-05-2012 |
20120210129 | METHOD AND APPARATUS FOR EXTERNAL ORGANIZATION PATH LENGTH VALIDATION WITHIN A PUBLIC KEY INFRASTRUCTURE (PKI) - A method for external organization path length (EOPL) validation is provided. A relying party node of an organization receives an authentication request from a subject node of an external organization. The relying party node then obtains and evaluates certificates from a chain of certificates that link the subject node to a trust anchor of the relying party node wherein, at least one certificate from the chain of certificates comprises an enabled external organization flag (EOF) and/or an external organization path length constraint (EOPLC). The relying party node invalidates authentication of the subject node when the relying party node determines that a total number of enabled EOFs from certificates in the chain of certificates exceeds the lowest EOPLC value from certificates in the chain of certificates. | 08-16-2012 |
20130036303 | PRIVATE CERTIFICATE VALIDATION METHOD AND APPARATUS - Methods and apparatuses for validating the status of digital certificates include a relying party receiving at least one digital certificate and determining if the at least one digital certificate is to be validated against a private certificate status database. The relying party accesses the private certificate status database and cryptographically validates the authenticity of data in the private certificate status database. The relying party also validates the at least one digital certificate based on information in at least one of the private certificate status database and a public certificate status database. | 02-07-2013 |
20130117558 | METHOD AND APPARATUS FOR AUTHENTICATING A DIGITAL CERTIFICATE STATUS AND AUTHORIZATION CREDENTIALS - A relying party obtains a certificate of a certificate subject and acquires a status information object for the certificate. The relying party validates the certificate using information in the status information object and compares authorization attributes present in the status information object with policy attributes associated with the requested service. A policy attribute is a set of constraints used by the relying party to determine if the authorization attributes associated with the certificate subject are sufficient to allow the certificate subject to access the requested service. If the authorization attributes present in the status information object match the policy attributes associated with the requested service, the relying party may grant the certificate subject access to the requested service. | 05-09-2013 |
20130159703 | UTILIZING A STAPLING TECHNIQUE WITH A SERVER-BASED CERTIFICATE VALIDATION PROTOCOL TO REDUCE OVERHEAD FOR MOBILE COMMUNICATION DEVICES - A certificate issuer ( | 06-20-2013 |
20140068251 | METHOD AND DEVICE FOR DYNAMICALLY UPDATING AND MAINTAINING CERTIFICATE PATH DATA ACROSS REMOTE TRUST DOMAINS - A method and device is provided for dynamically maintaining and updating public key infrastructure (PKI) certificate path data across remote trusted domains to enable relying parties to efficiently authenticate other nodes in an autonomous ad-hoc network. A certificate path management unit (CPMU) monitors a list of sources for an occurrence of a life cycle event capable of altering an existing PKI certificate path data. Upon determining that the life cycle event has occurred, the CPMU calculates a new PKI certificate path data to account for the occurrence of the life cycle event and provides the new PKI certificate path data to at least one of a relying party in a local domain or a remote CPMU in a remote domain. | 03-06-2014 |
20140189827 | SYSTEM AND METHOD FOR SCOPING A USER IDENTITY ASSERTION TO COLLABORATIVE DEVICES - A system and method for enabling a primary and a secondary communication device to share a user identity assertion is presented. The user identity assertion enables the devices to access an application system. The primary and secondary devices are paired to place them in collaboration with each other. The primary device requests an identity provider system to issue a user identity assertion scoped to the primary and secondary communication device. The identity provider system authenticates the primary device and generates the user identity assertion scoped to the primary device and the secondary device identified in the request. The primary communication device receives the user identity assertion and communicates the user identity assertion to the secondary device. The primary device may request the user identity assertion by communicating a user identity assertion scoped to the primary device and a single sign on session cookie or a request for an extension assertion. | 07-03-2014 |
20140189834 | METHOD AND APPARATUS FOR SINGLE SIGN-ON COLLABORATON AMONG MOBILE DEVICES - An apparatus for, and method of, single sign-on collaboration among a plurality of mobile devices, includes a server for issuing a first identity token to subsequently authenticate a user of a first of the mobile devices to a service provider, and for generating and sending a collaboration key to the first device based on the first identity token or user authentication. The first device generates and sends a collaboration credential based on the collaboration key to a second device paired with the first device. The server also issues a second identity token to subsequently authenticate to the service provider the user of the second device based on the collaboration credential received from the first device, to support single sign-on collaboration for the user across the plurality of mobile devices. | 07-03-2014 |
20140189840 | METHOD AND APPARATUS FOR SINGLE SIGN-ON COLLABORATION AMONG MOBILE DEVICES - A system for, and method of, single sign-on collaboration among a plurality of mobile devices, includes a server for issuing a first identity token to subsequently authenticate a user of a first of the mobile devices to a service provider, and for generating and sending a collaboration credential to the first device based on the first identity token or user authentication. The first device sends the collaboration credential generated by the server to a second device paired with the first device. The server also issues a second identity token to subsequently authenticate to the service provider the user of the second device based on the collaboration credential received from the first device, to support single sign-on collaboration for the user across the plurality of mobile devices. | 07-03-2014 |
20140189841 | APPARATUS FOR AND METHOD OF MULTI-FACTOR AUTHENTICATION AMONG COLLABORATING COMMUNICATION DEVICES - Multi-factor authentication is enabled across a plurality of communication devices. A user performs authentication by using a first authentication factor on a first of the communication devices, and by using a second authentication factor on a second of the communication devices. A collaboration credential is shared among the devices to enable the devices to collaborate with each other. Both of the authentication factors are bound together. A multi-factor identification token is issued to each device, to support multi-factor authentication for the user across the devices. | 07-03-2014 |