Patent application number | Description | Published |
20080307234 | USE OF MOBILE COMMUNICATION NETWORK CREDENTIALS TO PROTECT THE TRANSFER OF POSTURE DATA - In one embodiment, a method for using credentials for a mobile node to protect the transfer of posture data is provided. A network access device receives a message from a mobile node for access to a network. The message includes posture data encrypted using credentials for the mobile node. The credentials may be found in a storage card that is used to identify the mobile node. The network access device determines decryption information for the mobile node. For example, the credentials for the mobile node may be stored in a home location register (HLR) and are retrieved. The posture data is then decrypted using the credentials. The posture data is processed in a network admission control procedure for allowing access to the network. For example, a policy for access to the network may be installed based on the posture data. | 12-11-2008 |
20090136027 | PROVIDING SECURE COMMUNICATIONS FOR ACTIVE RFID TAGS - Described herein in an example embodiment, is a mechanism to distribute and implement secure credentials on a WLAN (wireless local area network) employing radio frequency identification (RFID) tags. Symmetric keys are provisioned to the tag in a manner that allows for optimized re-association and secure announcements. The provisioned keys are derived in a way that enables the controller to operate without having to maintain the key state for every tag. In an example embodiment, the controller generates keys for the RFID tags that are derived from a master key associated with the controller, an identifier assigned to the RFID tag and an address associated with the RFID tag. | 05-28-2009 |
20090258649 | CONTROLLING MULTI-MODE DEVICES - In an example embodiment, a technique for automatically controlling radio interfaces of a multi-mode device. Wireless interfaces are enabled or disabled based on the probability of network availability of the interfaces at a current geographical location. | 10-15-2009 |
20100180318 | Flexible supplicant access control - Systems, methods, and other embodiments associated with flexible supplicant access control are described. One example method includes collecting a network information associated with a network to which an endpoint is to be communicatively coupled. The network information comprises a network identification and information to facilitate the evaluation of network threats. The example method may also include classifying the network based, at least in part, on the network information, to assign a variable level access parameter (VLAP) to the network based on the policy locally configured on the endpoint or centrally managed by the administrator. The VLAP may establish three or more access levels for the network at the endpoint. The example method may also include communicating the network identification and the network VLAP to a second endpoint, a security agent, a security application, and so on. | 07-15-2010 |
20100220856 | PRIVATE PAIRWISE KEY MANAGEMENT FOR GROUPS - In an example embodiment, a key generation system (KGS) is used to generate private pairwise keys between peers belonging to a group. Each member of the group is provisioned with a set of parameters which allows each member to generate a key with any other member of the group; however, no group member can derive a key for pairings involving other group members. The private pairwise keys may be used to derive session keys between peers belonging to the group. Optionally, an epoch value may be employed to derive the private pairwise keys. | 09-02-2010 |
20120102207 | REGISTRATION OF AD-HOC GROUP MEMBERS INTO AN INFRASTRUCTURE NETWORK - In an example embodiment, a technique employing a device (registration assistant) that can communicate with an infrastructure network to configure devices via an ad hoc network to communicate with the infrastructure network. An ad hoc device associates with the registration assistant and sends a request to be configured. The registration assistant contacts a registration service on the infrastructure network and sends data identifying the ad hoc device to the registration service. The registration assistant upon receiving a registration response from the registration assistant forwards configuration data to the ad hoc device that can enable the ad hoc device to communicate with the infrastructure network. | 04-26-2012 |
20120149398 | CONTROLLING MULTI-MODE DEVICES - In an example embodiment, a technique for automatically controlling radio interfaces of a multi-mode device. Wireless interfaces are enabled or disabled based on the probability of network availability of the interfaces at a current geographical location. | 06-14-2012 |
20130111549 | Mechanisms to Use Network Session Identifiers for Software-As-A-Service Authentication | 05-02-2013 |
20140122242 | PRE-ASSOCIATION MECHANISM TO PROVIDE DETAILED DESCRIPTION OF WIRELESS SERVICES - In an example embodiment, an apparatus comprising a transceiver configured to send and receive data and logic coupled to the transceiver. The logic is configured to determine from a signal received by the transceiver whether an associated device sending the signal supports a protocol for advertising available services. The logic is configured to send a request for available services from the associated device via the transceiver responsive to determining the associated device supports the protocol. The logic is configured to receive a response to the request via the transceiver, the response comprising at least one service advertisement and a signature. The logic is configured to validate the response by confirming the signature. | 05-01-2014 |
20140237247 | SYSTEM AND METHOD FOR PROVISIONING AND AUTHENTICATING VIA A NETWORK - System architecture and corresponding method for securing communication via a network (e.g. IEEE 802.11) is provided. In accordance with one embodiment, the present system and method protocol, may be suitably configured to achieve mutual authentication by using a shared secret to establish a tunnel used to protect weaker authentication methods (e.g. user names and passwords). The shared secret, referred to in this embodiment as the protected access credential may be advantageously used to mutually authenticate a server and a peer upon securing a tunnel for communication via a network. The present system and method disclosed and claimed herein, in one aspect thereof, comprises the steps of 1) providing a communication implementation between a first and a second party; 2) provisioning a secure credential between the first and the second party; and 3) establishing a secure tunnel between the first and the second party using the secure credential. | 08-21-2014 |
20150067323 | Software Revocation Infrastructure - In one implementation, software components include an identity of a revocation authority. Prior to loading of the software in a given platform, the revocation authority is checked for any revocation messages. The revocation authority creates software component specific messages for any software components to be revoked, rather than using certificate revocation or individual licenses. The messages include mitigation information, such as instructions for automatically configuring already installed software without requiring an update or change in code. | 03-05-2015 |