Patent•
Use of static Diffie-Hellman key with IPSec for authentication
23 Mar 2004-
TL;DR: In this paper, the static Diffie-Hellman public key is used to authenticate devices and establish secure connections between devices using static Diffielink-hellman key pairs, which can be used for subsequent secure, authenticated communications sessions.
Abstract: Embodiments of the invention authenticate devices and establish secure connections between devices using static Diffie-Hellman key pairs. A first device obtains in a trusted manner a static DH public key of a second device prior to negotiation. The second device negotiates a secure connection to the first device using a shared secret created from the static DH public key, which serves as both a claim on the second device's identity and an encryption key. The static DH public key can be used to establish subsequent secure, authenticated communications sessions.
Citations
More filters
Patent•
06 Jun 2007
TL;DR: A technique for securing message traffic in a data network using a protocol such as IPsec, and more particularly various methods for distributing security policies among peer entities in a network while minimizing the passing and storage of detailed policy or key information except at the lowest levels of a hierarchy.
Abstract: A technique for securing message traffic in a data network using a protocol such as IPsec, and more particularly various methods for distributing security policies among peer entities in a network while minimizing the passing and storage of detailed policy or key information except at the lowest levels of a hierarchy.
92 citations
Patent•
18 Apr 2007
TL;DR: In this article, a one-way data transfer system with built-in data verification mechanism, comprising three nodes (Send Node, Receive Node, and Feedback Node) is presented.
Abstract: Embodiments of the present invention are directed to a one-way data transfer system with built-in data verification mechanism, comprising three nodes (Send Node, Receive Node, and Feedback Node) wherein (1) the three nodes are interconnected with each other by a one-way data link, and (2) the Feedback Node is designed solely for processing and relaying data verification information from the Receive Node to the Send Node. In these embodiments, the Send Node is capable of verifying the status of data it transferred to the Receive Node over a one-way data link without sacrificing the unidirectionality of data flow in the system and thereby compromising the level of security provided by use of one-way data links.
59 citations
Patent•
16 Jun 2005TL;DR: In this article, the authors present a method and an apparatus for automatic, secure, and confidential distribution of an asymmetric key security credential in a utility computing environment, where an isolated virtual network is established between the management server and the provisionable resource.
Abstract: Embodiments of the invention provide a method and an apparatus for automatic, secure, and confidential distribution of an asymmetric key security credential in a utility computing environment. In one method embodiment, the present invention provides an asymmetric key at a management server, the asymmetric key automatically associated with a logical device identifier of a provisionable resource. Additionally, an isolated virtual network is established between the management server and the provisionable resource for providing the asymmetric key to the provisionable resource. Then, after the asymmetric key is provided to the provisionable resource the isolated virtual network between the management server and the provisionable resource is dissolved.
50 citations
Patent•
17 Dec 2008
TL;DR: In this paper, the authors present a system for updating configuration settings, updating OS image, and booting an alternate OS on a portable data reader including a reading engine for reading data from an object.
Abstract: Systems and methods are provided for updating configuration settings, updating an OS image, and booting an alternate OS on a portable data reader including a reading engine for reading data from an object. Configuration settings of a portable data reader may be updated by detecting whether a storage device having a set of updated configuration settings stored thereon has been coupled to the portable data reader and, if so, updating one or more configuration settings on the portable data reader with one or more of the updated configuration settings from the storage device.
49 citations
Patent•
11 Apr 2011TL;DR: In this paper, a system and method, implementable using an authenticating device, are provided for authenticating requesting devices such as mobile devices and other communication devices over a network, where at least one group shared secret is provisioned on a plurality of requesting devices, which are further provided with other authentication credentials such as a shared secret for full authentication by the authenticated device.
Abstract: A system and method, implementable using an authenticating device, are provided for authenticating requesting devices such as mobile devices and other communication devices over a network. At least one group shared secret is provisioned on a plurality of requesting devices, which are further provided with other authentication credentials such as a shared secret for full authentication by the authenticating device. When authentication is sought, the requesting device transmits a pre-authentication request comprising one of the group shared secrets to the authenticating device, which verifies that group shared secret. The group shared secrets may be stored in volatile memory at the authenticating device. If the group shared secret is verified, the authenticating device will authenticate that same device in response to a subsequent authentication request.
35 citations
References
More filters
Patent•
21 Apr 2003TL;DR: In this paper, a MIMO radio transceiver is proposed to support processing of multiple signals for simultaneous transmission via corresponding ones of a plurality of antennas and to support receive processing of the multiple signals detected by corresponding ones.
Abstract: A MIMO radio transceiver to support processing of multiple signals for simultaneous transmission via corresponding ones of a plurality of antennas and to support receive processing of multiple signals detected by corresponding ones of the plurality of antennas. The radio transceiver provides, on a single semiconductor integrated circuit, a receiver circuit or path for each of a plurality of antennas and a transmit circuit or path for each of the plurality of antennas. Each receiver circuit downconverts the RF signal detected by its associated antenna to a baseband signal. Similarly, each transmit path upconverts a baseband signal to be transmitted by an assigned antenna.
380 citations
Patent•
20 Mar 2000TL;DR: In this paper, a storage unit made of a flash array (58) and a Universal Serial Bus (USB) controller (56) is implemented to be compatible with the USB specification.
Abstract: A storage unit made of a flash array (58) and a Universal Serial Bus (USB) controller (56) is implemented to be compatible with the USB specification. The unit (46) includes memory modules (58) which can accept write commands and read commands from a host (44), and are erasable and non-volatile, referred to as flash modules (58). The USB/flash controller (56) is configured to provide USB functionality and compatibility along with common flash operations such as programming, reading, and erasing the flash modules (58).
275 citations
Patent•
29 Oct 2001
TL;DR: A wideband radio transceiver system that features a wideband RF section and a flexible and scalable baseband signal processing section is described in this paper. But it does not consider the effects of a transmit signal on receive signal processing when signals are being transmitted and received simultaneously.
Abstract: A wideband radio transceiver system that features a wideband RF section and a flexible and scalable baseband signal processing section. The transceiver system architecture has configurable baseband processing to process signals for multiple communication protocol standards, or multiple instances of the same communication protocol standard, that operate over the same frequency band. Optional additional features include a transmit carrier suppressor and transmit interference canceller to suppress the effects of a transmit signal on receive signal processing when signals are being transmitted and received simultaneously.
266 citations
Patent•
IBM1
TL;DR: In this article, a data schema having an n-way tree-type structure with a root node layer, intermediate node layers, and a data layer for storing configuration data is described.
Abstract: Methods and apparatus are disclosed for providing a data framework and associated client/server protocol for storing and exchanging data among computers in a network. A data schema having an n-way tree-type structure with a root node layer, intermediate node layers, and a data layer for storing configuration data is described. The intermediate node layers contain a multitude of nodes containing categorical information relating to components and various aspects of the computer network. Following a tree structure, each intermediate node and root node has branches emanating to nodes below it. These subordinate nodes are referred to as children nodes. The data node layer is at the bottom of the tree and contains actual specific configuration data relating to components and other aspects of the computer network, such as information regarding users registered to use the network. Certain portions of the intermediate nodes and data nodes make up persistent dataspaces in which the actual specific configuration data in the data nodes is modified on either a client or a server computer, and is stored on the server computer. This allows the associated specific information to be nonvolatile and accessible by a multiplicity of client computers. The client/server protocol allows configuration data to be transferred between a client and server and for the maintenance of the connection between the client and the server. Configuration data and user profiles are stored on a server computer thereby minimizing the amount of memory needed by the client computer, which can be a device with low memory capabilities such as network computers, PDAs, or smart cards. The protocol also includes a method of coalescing configuration data before sending it to a client computer thereby reducing the memory requirements of the client computer.
177 citations
Patent•
26 Feb 2003TL;DR: In this article, a composite beamforming technique is proposed where a first communication device has a plurality of antennas and the second communication has a multiplicity of antennas, and the transmit signal is multiplied by a transmit weight vector for transmission by each the plurality of antenna nodes and the transmitted signals are received by the plurality at the second node.
Abstract: A composite beamforming technique is provided wherein a first communication device has a plurality of antennas and the second communication has a plurality of antennas. When the first communication device transmits to the second communication device, the transmit signal is multiplied by a transmit weight vector for transmission by each the plurality of antennas and the transmit signals are received by the plurality of antennas at the second communication device. The second communication device determines the best receive weight vector for the its antennas, and from that vector, derives a suitable transmit weight vector for transmission on the plurality of antennas back to the first communication device. Several techniques are provided to determine the optimum transmit weight vector and receive weight vector for communication between the first and second communication devices so that there is effectively joint or composite beamforming between the communication devices.
169 citations