Patent application number | Description | Published |
20100031038 | METHOD TO ALLOW SECURE COMMUNICATIONS AMONG COMMUNICATION UNITS - A first communication unit receives an encrypted transmission from a second communication unit. The encrypted transmission was encrypted by the second communication unit using a first encryption key. The first communication unit compares the first encryption key to an encryption key associated with the first communication unit. If the first encryption key matches the encryption key associated with the first communication unit, the first communication unit processes the encrypted transmission further. If the first encryption key does not match the encryption key associated with the first communication unit, the first communication unit compares the first encryption key to an encryption key associated with the second communication unit. If the first encryption key matches the encryption key associated with the second communication unit, the first communication unit processes the encrypted transmission further; otherwise, the first communication unit does not process the encrypted transmission further. | 02-04-2010 |
20100165839 | ANTI-REPLAY METHOD FOR UNICAST AND MULTICAST IPSEC - A method for managing a packet in a communication system between two or more endpoints, a sender and one or more recipients, comprises receiving a first packet comprising a source identifier that uniquely identifies a sender of the first packet and a current source time assigned to the first packet by the sender, determining a received time for the first packet, retrieving a cached source time assigned by the sender to a second packet that was received prior to receiving the first packet, and determining whether to discard or process the first packet based on the current source time, the received time, and the cached source time. The current source time, the received time, and the cached time, in addition to predetermined parameters such as a maximum age and an anti-replay window allows a recipient to determine whether to process or discard a packet. | 07-01-2010 |
20110026714 | METHODS AND DEVICE FOR SECURE TRANSFER OF SYMMETRIC ENCRYPTION KEYS - A sending device generates a first and a second KMM, wherein the first KMM includes a first KEK and a KMM encryption key, and the second KMM includes a set of symmetric encryption keys. The sending device further encrypts the set of symmetric encryption keys using the first KEK; encrypts the first KEK and the KMM encryption key using a first public key of a receiving device; and encrypts the second KMM using the KMM encryption key to generate an encrypted second KMM before sending the first KMM and the encrypted second KMM to the receiving device. The receiving device decrypts the first KEK and the KMM encryption key using a first private key that corresponds to the first public key; and decrypts the encrypted second KMM using the KMM encryption key to obtain the encrypted set of symmetric keys. | 02-03-2011 |
20110075614 | METHOD AND APPARATUS FOR PROVIDING APPLICATION SERVICE BETWEEN A FIRST PROTOCOL AND A SECOND PROTOCOL - Application service is provided for a subscriber unit (SU), employing a first protocol, in a communication network employing a second protocol. The method includes receiving a CAI OTAR message from the SU. The CAI OTAR message includes at least a key management message (KMM) and a CAI header of the SU. The method then includes determining that the first protocol employed by the SU is different from the second protocol associated with the communication network based on the received CAI OTAR message. The method further includes creating a key management message (KMM) preamble, associated with the second protocol, based on at least one of the CAI header and configuration information of the SU, and creating a data link independent (DLI) OTAR message associated with the second protocol. The DLI OTAR message includes the received KMM. The method finally includes encapsulating the DLI OTAR message with the created KMM preamble, and sending the encapsulated DLI OTAR message to a key management facility (KMF) unit operating at a second protocol. | 03-31-2011 |
20120036567 | METHODS FOR ESTABLISHING A SECURITY SESSION IN A COMMUNICATIONS SYSTEM - A security gateway and an initiating device perform methods for establishing a security session. The methods includes the security gateway: receiving a first message from an initiating device, the first message including a first message authentication code; validating the first message using the message authentication code; and responsive to the validating, sending a second message to the initiating device, the second message including a timestamp and further including a second message authentication code for authenticating of the timestamp by the initiating device, wherein the first and second messages are used to establish the security session, and the authenticated timestamp is used for subsequent replay protection of messages between the security gateway and the initiating device. The method further includes the security gateway validating a dynamically assigned IP address for the initiating device to use in authorizing VPN traffic between the two devices. | 02-09-2012 |
20120183143 | METHOD FOR A COMMUNICATION DEVICE TO OPERATE WITH MULTIPLE KEY MANAGEMENT FACILITIES - A method for operating with KMFs includes a communication device having a memory device: receiving a designation of a primary KMF for the communication device, wherein only one primary KMF is designated for the communication device at any given time instance; receiving a designation of a secondary KMF for the communication device; storing, within the memory device, a first and a second set of crypto groups, wherein each crypto group within each set of crypto groups comprises at least one keyset, wherein each set of crypto groups is associated, within the memory device, to only one KMF identifier; associating, within the memory device, the first set of crypto groups to an identifier for the primary KMF; and associating, within the memory device, the second set of crypto groups to an identifier for the secondary KMF. | 07-19-2012 |
20130072155 | METHOD AND APPARATUS FOR AUTHENTICATING A DIGITAL CERTIFICATE STATUS AND AUTHORIZATION CREDENTIALS - A radio is authenticated at the site and unique authentication information for the radio is stored at the site. A subsequent non-authentication message from the radio is received at the site and authentication information in the non-authentication message is identified. The unique authentication information stored at the site is compared with authentication information identified in the non-authentication message. If there is a match, the non-authentication message is authenticated with an authentication code included in the non-authentication message, wherein a predefined portion of the authentication code is obtained from at least one of a header portion or a data portion of the non-authentication message. Upon successfully completing authentication, the site repeats the non-authentication message towards destination radios indicated in non-authentication message. | 03-21-2013 |
20130142335 | METHOD AND DEVICE FOR LINK LAYER DECRYPTING AND/OR ENCRYPTING A VOICE MESSAGE STREAM ALREADY SUPPORTING END TO END ENCRYPTION - Methods and systems for LLE encrypting and decrypting voice message streams (VMSs) already supporting eTe encryption are disclosed. In one example, LLE and eTe encryption initialization vectors (EIVs) are interleaved such that an LLE EIV retrieved from one of a header and a data unit is used to LLE decrypt both the header or data unit and a subsequent data unit. A recovered eTe EIV is used to eTe decrypt voice payloads in one or more subsequent data units. In another example, a base station dynamically LLE encrypts a VMS already supporting eTe encrypting by determining whether a received VMS is eTe encrypted, and ii it is not generating a new LLE EIV, and if it is, re-using the pre-existing eTe EIV for LLE encryption. The LLE encrypted (and perhaps eTe encrypted) VMS is then sent over the air to one or more mobile stations. | 06-06-2013 |
20130243195 | METHOD AND DEVICE FOR MANAGING ENCRYPTED GROUP REKEYING IN A RADIO NETWORK LINK LAYER ENCRYPTION SYSTEM - Disclosed is a radio system, method, and device for a mobile station to indicate to an authentication controller, in an authentication response message, which of a plurality of group key link layer encryption keys (GKEK)s it currently has in its possession, and to work with the authentication controller to more intelligently manage multiple GKEKs. The authentication controller can use the information obtained from the authentication response message to determine which of a plurality of GKEKs to advertise in a key announcement broadcast. Furthermore, individual requests for a future LLE key (LEK) to be used for link layer encryption (LLE) encrypting and decrypting inbound and outbound group communications between base station(s) and mobile station(s) are responded to with a broadcast GKEK-encrypted transmission including the future LEK. Only the requesting mobile station transmits an acknowledgment packet in response to the broadcast. | 09-19-2013 |
20140198916 | METHOD AND DEVICE FOR MANAGING ENCRYPTED GROUP REKEYING IN A RADIO NETWORK LINK LAYER ENCRYPTION SYSTEM - Disclosed is a radio system, method, and device for a mobile station to indicate to an authentication controller, in an authentication response message, which of a plurality of group key link layer encryption keys (GKEK)s it currently has in its possession, and to work with the authentication controller to more intelligently manage multiple GKEKs. The authentication controller can use the information obtained from the authentication response message to determine which of a plurality of GKEKs to advertise in a key announcement broadcast. Furthermore, individual requests for a future LLE key (LEK) to be used for link layer encryption (LLE) encrypting and decrypting inbound and outbound group communications between base station(s) and mobile station(s) are responded to with a broadcast GKEK-encrypted transmission including the future LEK. Only the requesting mobile station transmits an acknowledgment packet in response to the broadcast. | 07-17-2014 |
Patent application number | Description | Published |
20110073963 | SUPERIOR FILL CONDITIONS IN A REPLACEMENT GATE APPROACH BY CORNER ROUNDING PRIOR TO COMPLETELY REMOVING A PLACEHOLDER MATERIAL - In a replacement gate approach, a superior cross-sectional shape of the gate opening may be achieved by performing a material erosion process in an intermediate state of removing the placeholder material. Consequently, the remaining portion of the placeholder material may efficiently protect the underlying sensitive materials, such as a high-k dielectric material, when performing the corner rounding process sequence. | 03-31-2011 |
20110101470 | HIGH-K METAL GATE ELECTRODE STRUCTURES FORMED BY SEPARATE REMOVAL OF PLACEHOLDER MATERIALS IN TRANSISTORS OF DIFFERENT CONDUCTIVITY TYPE - In a replacement gate approach, a superior cross-sectional shape of the gate opening may be achieved by performing a material erosion process in an intermediate state of removing the placeholder material. Consequently, the remaining portion of the placeholder material may efficiently protect the underlying sensitive materials, such as a high-k dielectric material, when performing the corner rounding process sequence. | 05-05-2011 |
20130273729 | HIGH-K METAL GATE ELECTRODE STRUCTURES FORMED BY SEPARATE REMOVAL OF PLACEHOLDER MATERIALS IN TRANSISTORS OF DIFFERENT CONDUCTIVITY TYPE - In a replacement gate approach, a superior cross-sectional shape of the gate opening may be achieved by performing a material erosion process in an intermediate state of removing the placeholder material. Consequently, the remaining portion of the placeholder material may efficiently protect the underlying sensitive materials, such as a high-k dielectric material, when performing the corner rounding process sequence. | 10-17-2013 |