| Patent application number | Description | Published |
|---|
| 20080205312 | METHOD AND DEVICE FOR ESTABLISHING A SECURE ROUTE IN A WIRELESS NETWORK - A method for establishing a secure route in a wireless network as provided improves network efficiency. According to one aspect, the method includes receiving at a first node in the wireless network a route request message from a second node, where the second node and the first node have not been mutually authenticated. The route request message is then forwarded from the first node to a third node. A route reply message is then received at the first node from the third node. The first node is then mutually authenticated with the second node in response to receiving the route reply message at the first node. | 08-28-2008 |
| 20080314681 | DYNAMIC RESOURCE ASSIGNMENT AND EXIT INFORMATION FOR EMERGENCY RESPONDERS - A method of providing situational awareness at an incident scene. Sensor data can be received from at least one sensor ( | 12-25-2008 |
| 20090109870 | METHOD FOR INTELLIGENT MERGING OF AD HOC NETWORK PARTITIONS - A method for merging of ad hoc network partitions within an ad hoc network, the method includes forming a plurality of network partitions by forming a security association among each of a group of partitioned nodes. Each network partition includes a Network Identifier. A node operating within one of the network partitions receives an update message from another node, compares its current Network Identifier to the received Network Identifier; and determines whether to update to the received Network Identifier using an arbitration method when the received Network Identifier is different from the current Network Identifier. | 04-30-2009 |
| 20090109891 | METHOD AND SYSTEM FOR DISTRIBUTED ADMISSION CONTROL IN MOBILE AD HOC NETWORKS (MANETS) - Techniques are provided for distributed admission control (AC) in a mobile ad hoc network (MANET). When the source node transmits a new communication stream (NCS) toward a destination node, other nodes allow transmission of the NCS during a temporary admission period even though the NCS has not yet been admitted. The nodes can determine whether the NCS causes degradation of any existing communication stream(s) (ECSs) supported by that node based on existing QoS requirements associated with the ECSs. In some implementations, nodes which determine that they are unable to support ECSs transmit an indicator which notifies other nodes that admission of the NCS is denied by that node. By contrast, if none of the nodes transmit an indicator during the temporary admission period, then the NCS is “admitted” to the MANET and the source node is permitted to keep transmitting the NCS, a variation thereof or another new communication stream. | 04-30-2009 |
| 20090164785 | METHOD FOR AUTHENTICATION IN A COMMUNICATION NETWORK - A method authenticates a first node to a communication network that includes a second node to which the first node desires to mutually authenticate. The method includes detecting a broadcast message from the second node and determining whether mutual authentication can be performed directly with the second node. When the first node is unable to mutually authenticate to the second node directly, the first node locates a node that can serve as an authentication bridge to authenticate the first node to the communication network. | 06-25-2009 |
| 20090249062 | METHOD AND APPARATUS FOR DISTRIBUTING CERTIFICATE REVOCATION LISTS (CRLs) TO NODES IN AN AD HOC NETWORK - A method and apparatus for distributing Certificate Revocation List (CRL) information in an ad hoc network are provided. Ad hoc nodes in an ad hoc network can each transmit one or more certificate revocation list advertisement message(s) (CRLAM(s)). Each CRLAM includes an issuer certification authority (CA) field that identifies a certification authority (CA) that issued a particular certificate revocation list (CRL), a certificate revocation list (CRL) sequence number field that specifies a number that specifies the version of the particular certificate revocation list (CRL) that was issued by the issuer certification authority (CA). Nodes that receive the CRLAMs can then use the CRL information provided in the CRLAM to determine whether to retrieve the particular certificate revocation list (CRL). | 10-01-2009 |
| 20090276841 | METHOD AND DEVICE FOR DYNAMIC DEPLOYMENT OF TRUST BRIDGES IN AN AD HOC WIRELESS NETWORK - A method for deploying a trust bridge in an ad hoc wireless network can provide interoperability for multi-organizational authentication. The method includes processing at a delegate certification authority (DCA) node device authorizations received from of a plurality of certification authorities (CAs) of different organizations, where the authorizations authorize the DCA node device to serve as a DCA representing the CAs (step | 11-05-2009 |
| 20100031027 | METHOD AND DEVICE FOR DISTRIBUTING PUBLIC KEY INFRASTRUCTURE (PKI) CERTIFICATE PATH DATA - A method and device for distributing public key infrastructure (PKI) certificate path data enables relying nodes to efficiently authenticate other nodes in an autonomous ad-hoc network. The method includes compiling, at a certificate path management unit (CPMU), the PKI certificate path data (step | 02-04-2010 |
| 20100070755 | METHOD AND DEVICE FOR CONFIRMING AUTHENTICITY OF A PUBLIC KEY INFRASTRUCTURE (PKI) TRANSACTION EVENT - A method and device for confirming authenticity of a public key infrastructure (PKI) transaction event between a relying node and a subject node in a communication network enables improved network security. According to some embodiments, the method includes establishing at a PKI event logging (PEL) server a process to achieve secure communications with the relying node (step | 03-18-2010 |
| 20100082975 | METHOD AND APPARATUS FOR EXTERNAL ORGANIZATION PATH LENGTH VALIDATION WITHIN A PUBLIC KEY INFRASTRUCTURE (PKI) - A method and apparatus for external organization (EO) path length (EOPL) validation are provided. A relying party node (RPN) stores a current EO path length constraint (EOPLC) value, and an EOPL counter that maintains a count of an actual external organization path length. The RPN obtains a chain of certificates that link a subject node (SN) to its trust anchor, and processes the certificates in the chain. When a certificate has a lower EOPLC than the current EOPLC value, the RPN replaces the current EOPLC value with the lower EOPLC. When the certificate currently being evaluated includes an enabled EO flag, the RPN increments the EOPL counter by one. The EOPL validation fails when the EOPL counter is greater than the current EOPLC value, and is successful when the last remaining certificate in the chain is processed without having the EOPL counter exceed the current EOPLC value. | 04-01-2010 |
| 20100115266 | METHOD AND DEVICE FOR ENABLING A TRUST RELATIONSHIP USING AN UNEXPIRED PUBLIC KEY INFRASTRUCTURE (PKI) CERTIFICATE - A method and device are useful for enabling a trust relationship using an unexpired public key infrastructure (PKI) certificate, where a current status of the PKI certificate is unavailable. The method includes determining at a relying party that a certificate status update for the PKI certificate is unavailable (step | 05-06-2010 |
| 20100115267 | METHOD AND DEVICE FOR ENABLING A TRUST RELATIONSHIP USING AN EXPIRED PUBLIC KEY INFRASTRUCTURE (PKI) CERTIFICATE - A method and device are useful for enabling a trust relationship using an expired public key infrastructure (PKI) certificate. The method includes determining at a relying party a maximum permissible grace period during which the PKI certificate can be conditionally granted a valid status (step | 05-06-2010 |
| 20100223659 | METHOD AND SYSTEM FOR ENSURING AUTHORIZED OPERATION OF A COMMUNICATION SYSTEM AS A SECONDARY USER - A communication system ( | 09-02-2010 |
| 20110026714 | METHODS AND DEVICE FOR SECURE TRANSFER OF SYMMETRIC ENCRYPTION KEYS - A sending device generates a first and a second KMM, wherein the first KMM includes a first KEK and a KMM encryption key, and the second KMM includes a set of symmetric encryption keys. The sending device further encrypts the set of symmetric encryption keys using the first KEK; encrypts the first KEK and the KMM encryption key using a first public key of a receiving device; and encrypts the second KMM using the KMM encryption key to generate an encrypted second KMM before sending the first KMM and the encrypted second KMM to the receiving device. The receiving device decrypts the first KEK and the KMM encryption key using a first private key that corresponds to the first public key; and decrypts the encrypted second KMM using the KMM encryption key to obtain the encrypted set of symmetric keys. | 02-03-2011 |
| 20110154024 | METHOD AND APPARATUS FOR SELECTING A CERTIFICATE AUTHORITY - A certificate authority selection unit implements a method for selecting one of a plurality of certificate authorities servicing a plurality of administrative domains in a communication system. The method includes: receiving, from an end-entity via an interface, a certificate service request associated with an identifier; selecting, based on the identifier, one of the plurality of administrative domains in the communication system, wherein the plurality of administrative domains are serviced by a plurality of certificate authorities; retrieving a security profile for the end-entity; and selecting, based on the security profile for the end-entity, one of the plurality of certificate authorities to process the certificate service request. | 06-23-2011 |
| 20110161659 | METHOD TO ENABLE SECURE SELF-PROVISIONING OF SUBSCRIBER UNITS IN A COMMUNICATION SYSTEM - A method to enable remote, secure, self-provisioning of a subscriber unit includes, a security provisioning server: receiving, from a subscriber unit, a certificate signing request having subscriber unit configuration trigger data; generating provisioning data for the subscriber unit using the subscriber unit configuration trigger data; and in response to the certificate signing request, providing to the subscriber unit the provisioning data and a subscriber unit certificate having authorization attributes associated with the provisioning data, to enable the self-provisioning of the subscriber unit. | 06-30-2011 |
