公开(公告)号：AT491279T

公开(公告)日：2010-12-15

申请号：AT06817346

申请日：2006-10-23

Applicant: CISCO TECH INC

Inventor： PATEL ALPESH ,  LEUNG KENT ,  SALOWEY JOSEPH ,  SHAO YU-CHENG

IPC: H04L9/00 ,  H04L9/08 ,  H04W8/04 ,  H04W12/06 ,  H04W80/04

Abstract: Methods and apparatus for dynamically generating a set of Mobile IP keys are disclosed. The set of Mobile IP keys is dynamically generated using an existing HLR/AuC authentication infrastructure. This is accomplished, in part, by obtaining an International Mobile Subscriber Identity (IMSI) that uniquely identifies a particular Mobile Node. Once a set of Mobile IP keys is generated from authentication information associated with the IMSI, the Mobile Node may register with its Home Agent using the set of Mobile IP keys.

公开(公告)号：AU2004297933A1

公开(公告)日：2005-06-23

申请号：AU2004297933

申请日：2004-10-12

Applicant: CISCO TECH INC

Inventor： KRISCHER MARK ,  JAKKAHALLI PADMANABHA ,  STIEGLITZ JEREMY ,  ZHOU HAO ,  GILLAI SAAR ,  WINGET NANCY CAM ,  SALOWEY JOSEPH

IPC: H04L29/06

Abstract: System architecture and corresponding method for securing communication via a network (e.g. IEEE 802.11) is provided. In accordance with one embodiment, the present system and method protocol, may be suitably configured to achieve mutual authentication by using a shared secret to establish a tunnel used to protect weaker authentication methods (e.g. user names and passwords). The shared secret, referred to in this embodiment as the protected access credential may be advantageously used to mutually authenticate a server and a peer upon securing a tunnel for communication via a network. The present system and method disclosed and claimed herein, in one aspect thereof, comprises the steps of 1) providing a communication implementation between a first and a second party; 2) provisioning a secure credential between the first and the second party; and 3) establishing a secure tunnel between the first and the second party using the secure credential.

公开(公告)号：AU2004297933B2

公开(公告)日：2010-01-07

申请号：AU2004297933

申请日：2004-10-12

Applicant: CISCO TECH INC

Inventor： KRISCHER MARK ,  JAKKAHALLI PADMANABHA ,  STIEGLITZ JEREMY ,  ZHOU HAO ,  GILLAI SAAR ,  WINGET NANCY CAM ,  SALOWEY JOSEPH

IPC: H04L29/06

Abstract: System architecture and corresponding method for securing communication via a network (e.g. IEEE 802.11) is provided. In accordance with one embodiment, the present system and method protocol, may be suitably configured to achieve mutual authentication by using a shared secret to establish a tunnel used to protect weaker authentication methods (e.g. user names and passwords). The shared secret, referred to in this embodiment as the protected access credential may be advantageously used to mutually authenticate a server and a peer upon securing a tunnel for communication via a network. The present system and method disclosed and claimed herein, in one aspect thereof, comprises the steps of 1) providing a communication implementation between a first and a second party; 2) provisioning a secure credential between the first and the second party; and 3) establishing a secure tunnel between the first and the second party using the secure credential.

公开(公告)号：CA2548229A1

公开(公告)日：2005-07-28

申请号：CA2548229

申请日：2005-01-10

Applicant: CISCO TECH INC

Inventor： SALOWEY JOSEPH ,  MCGREW DAVID A ,  ZHOU HAO ,  CAM-WINGET NANCY ,  JAKKAHALLI PADMANABHA C

IPC: H04L9/14 ,  G06F15/16 ,  H04L9/00 ,  H04L29/06 ,  H04L29/08

Abstract: A method is disclosed for enabling stateless server-based pre-shared secrets . Based on a local key that is not known to a client, a server encrypts the client's state information. The client's state information may include, for example, the client's authentication credentials, the client's authorization characteristics, and a shared secret key that the client uses to derive session keys. By any of a variety of mechanisms, the encrypted client state information is provided to the client. The server may free memory that store d the client's state information. When the server needs the client's state information, the client sends, to the server, the encrypted state informatio n that the client stored. The server decrypts the client state information usi ng the local key. Because each client stores that client's own state informatio n in encrypted form, the server does not need to store any client's state information permanently.

公开(公告)号：CA2546553C

公开(公告)日：2011-12-06

申请号：CA2546553

申请日：2004-10-12

Applicant: CISCO TECH INC

Inventor： CAM WINGET NANCY ,  ZHOU HAO ,  KRISCHER MARK ,  SALOWEY JOSEPH ,  STIEGLITZ JEREMY ,  GILLAI SAAR ,  JAKKAHALLI PADMANABHA

IPC: H04L29/06

Abstract: System architecture and corresponding method for securing communication via a network (e.g. IEEE 802.11) is provided. In accordance with one embodiment, the present system and method protocol, may be suitably configured to achieve mutual authentication by using a shared secret to establish a tunnel used to protect weaker authentication methods (e.g. user names and passwords). The shared secret, referred to in this embodiment as the protected access credential may be advantageously used to mutually authenticate a server and a peer upon securing a tunnel for communication via a network. The present system and method disclosed and claimed herein, in one aspect thereof, comprises the steps of 1) providing a communication implementation between a first and a second party; 2) provisioning a secure credential between the first and the second party; and 3) establishing a secure tunnel between the first and the second party using the secure credential.

公开(公告)号：CA2546553A1

公开(公告)日：2005-06-23

申请号：CA2546553

申请日：2004-10-12

Applicant: CISCO TECH INC

Inventor： CAM WINGET NANCY ,  ZHOU HAO ,  KRISCHER MARK ,  GILLAI SAAR ,  SALOWEY JOSEPH ,  STIEGLITZ JEREMY ,  JAKKAHALLI PADMANABHA

IPC: H04L29/06

Abstract: System architecture and corresponding method for securing communication via a network (e.g. IEEE 802.11) is provided. In accordance with one embodiment, the present system and method protocol, may be suitably configured to achieve mutual authentication by using a shared secret to establish a tunnel used to protect weaker authentication methods (e.g. user names and passwords). The shared secret, referred to in this embodiment as the protected access credential may be advantageously used to mutually authenticate a server and a peer upon securing a tunnel for communication via a network. The present system and method disclosed and claimed herein, in one aspect thereof, comprises the steps of 1) providing a communication implementation between a first and a second party; 2) provisioning a secure credential between the first and the second party; and 3) establishing a secure tunnel between the first and the second party using the secure credential.

公开(公告)号：WO2006076382A3

公开(公告)日：2007-11-01

申请号：PCT/US2006000865

申请日：2006-01-10

Applicant: CISCO TECH INC ,  SALOWEY JOSEPH

Inventor： SALOWEY JOSEPH

IPC: G06F15/16

CPC classification number: H04L63/0823 ,  H04L63/20 ,  H04L2463/102

Abstract: A method for policy-based revocation of network security credentials comprises receiving and storing one or more credential revocation rules, wherein each of the credential revocation rules specifies one or more first attributes and first values of the first attributes, associated with one or more credentials to be revoked; receiving and storing one or more network credentials, wherein each of the network credentials comprises one or more second attributes and second values of the second attributes; and when second values of one or more second attributes of a particular network credential among the one or more network credentials match first values of one or more first attributes of one of the credential revocation rules, determining that the particular network credential is invalid, and performing a responsive action.

Abstract translation: 用于基于策略的撤销网络安全证书的方法包括接收和存储一个或多个凭证撤销规则，其中每个凭证撤销规则指定与一个或多个证书相关联的一个或多个第一属性和第一属性的第一值， 被撤销 接收和存储一个或多个网络凭证，其中每个所述网络凭证包括所述第二属性的一个或多个第二属性和第二值; 并且当所述一个或多个网络凭证中的特定网络凭证的一个或多个第二属性的第二值与凭证撤销规则之一的一个或多个第一属性的第一值匹配时，确定所述特定网络凭证无效，并执行 一个敏感的行动。

公开(公告)号：AT513403T

公开(公告)日：2011-07-15

申请号：AT04794759

申请日：2004-10-12

Applicant: CISCO TECH INC

Inventor： CAM WINGET NANCY ,  ZHOU HAO ,  KRISCHER MARK ,  SALOWEY JOSEPH ,  STIEGLITZ JEREMY ,  GILLAI SAAR ,  JAKKAHALLI PADMANABHA

IPC: H04L29/06

Abstract: System architecture and corresponding method for securing communication via a network (e.g. IEEE 802.11) is provided. In accordance with one embodiment, the present system and method protocol, may be suitably configured to achieve mutual authentication by using a shared secret to establish a tunnel used to protect weaker authentication methods (e.g. user names and passwords). The shared secret, referred to in this embodiment as the protected access credential may be advantageously used to mutually authenticate a server and a peer upon securing a tunnel for communication via a network. The present system and method disclosed and claimed herein, in one aspect thereof, comprises the steps of 1) providing a communication implementation between a first and a second party; 2) provisioning a secure credential between the first and the second party; and 3) establishing a secure tunnel between the first and the second party using the secure credential.

公开(公告)号：CA2548229C

公开(公告)日：2010-05-11

申请号：CA2548229

申请日：2005-01-10

Applicant: CISCO TECH INC

Inventor： CAM-WINGET NANCY ,  ZHOU HAO ,  JAKKAHALLI PADMANABHA C ,  SALOWEY JOSEPH ,  MCGREW DAVID A

IPC: H04L9/14 ,  G06F15/16 ,  H04L9/00 ,  H04L29/06 ,  H04L29/08

Abstract: A method is disclosed for enabling stateless server-based pre-shared secrets. Based on a local key that is not known to a client, a server encrypts the client's state information. The client's state information may include, for example, the client's authentication credentials, the client's authorization characteristics, and a shared secret key that the client uses to derive session keys. By any of a variety of mechanisms, the encrypted client state information is provided to the client. The server may free memory that stored the client's state information. When the server needs the client's state information, the client sends, to the server, the encrypted state information that the client stored. The server decrypts the client state information using the local key. Because each client stores that client's own state information in encrypted form, the server does not need to store any client's state information permanently.

公开(公告)号：AU2005204576B2

公开(公告)日：2009-03-19

申请号：AU2005204576

申请日：2005-01-10

Applicant: CISCO TECH INC

Inventor： ZHOU HAO ,  MCGREW DAVID A ,  SALOWEY JOSEPH ,  CAM-WINGET NANCY ,  JAKKAHALLI PADMANABHA C

IPC: H04L9/00 ,  G06F15/16 ,  H04L29/06 ,  H04L29/08

Abstract: A method is disclosed for enabling stateless server-based pre-shared secrets. Based on a local key that is not known to a client, a server encrypts the client's state information. The client's state information may include, for example, the client's authentication credentials, the client's authorization characteristics, and a shared secret key that the client uses to derive session keys. By any of a variety of mechanisms, the encrypted client state information is provided to the client. The server may free memory that stored the client's state information. When the server needs the client's state information, the client sends, to the server, the encrypted state information that the client stored. The server decrypts the client state information using the local key. Because each client stores that client's own state information in encrypted form, the server does not need to store any client's state information permanently.