Tat Cheung Chan, 64Piperton, TN

7290141, Oct 30, 2007

Jun 27, 2002

10/180096

Senthil Sengodan - Burlington MA, US
Tat Chan - Wakefield MA, US

Nokia, Inc. - Irving TX

G06F 7/04
G06K 9/00
H04L 9/00

713168, 713155, 713170, 380252, 726 2, 726 5

A method and system for authenticating messages received from users across multiple remote devices are provided. A residential gateway authenticates a user using a modified digest authentication scheme by storing a sequence number in the nonce field. Access encryption keys and sequence number spaces may be assigned based on user or on user/remote device pairs. When sequence number spaces are assigned based on user, and the user uses multiple remote devices to access the residential gateway, the sequence number space may be divided into mini-sequence number spaces for each of the multiple remote devices. Access encryption may be two-tiered, such that a secondary key is generated based on a user's primary key, and the secondary key is only valid for a limited amount of time before it expires and a new secondary key must be generated.

7340771, Mar 4, 2008

Jun 13, 2003

10/461312

Tat Keung Chan - Wakefield MA, US
Ram Gopal Lakshmi Narayanan, Sr. - Woburn MA, US

Nokia Corporation - Espoo

H04L 9/00
H04L 29/26
H04L 29/00

726 12, 726 3, 726 11, 726 13, 726 15, 726 2, 713153, 713154, 709225, 709227, 709238

A communications system and method for dynamically creating at least one pinhole in a firewall are provided. The communications system includes a protected node capable of initiating a communication session with an outside node. In this regard, the protected node is capable of receiving flow parameters regarding the communication session as the communication session is setup. The system also includes a firewall disposed along a communications path between the protected node and the outside node. The protected node is capable of sending at least a portion of the flow parameters to a firewall-controlled proxy, which in turn, is capable of forwarding the portion of the flow parameters to the firewall. Thereafter, the firewall is capable of creating at least one pinhole based upon the portion of the flow parameters to thereby permit the transmission of information between the outside node and the protected node during the communication session.

2006009, May 4, 2006

Feb 15, 2005

11/057846

Govindarajan Krishnamurthi - Arlington MA, US
Tat Chan - La Jolla CA, US

H04L 9/00

713168000, 713151000

The present invention describes a novel security model in which security context is pre-negotiated and is used at future instances to secure messaging between nodes involved in sending and receiving data during the execution of the protocol. This anticipatory pre-negotiation of security context avoids expensive handshakes to establish security contexts that occur at future instances to secure sessions during the execution of the protocol.

2006027, Dec 7, 2006

Jun 3, 2005

11/145162

Govindarajan Krishnamurthi - Arlington MA, US
Tat Chan - San Diego CA, US

Nokia Corporation - Espoo

H04Q 7/00
H04Q 7/24
H04L 9/00

370331000, 370338000, 713155000

A system for connecting a mobile node includes a target network, and may include an anchor network. The anchor network can generate token information based upon a trust relationship between the mobile node and the anchor network, and a trust relationship between the target network and the anchor network. The anchor network can then transmit the token information to the mobile node. Thereafter, during connection of the mobile node, the target network is capable of establishing a link-layer connection with the mobile node over a previously established physical-layer connection. The target network is also capable receiving of a handoff attach message including the token information, and thereafter authenticating the mobile node based upon the handoff attach message. And if the mobile node is authenticated, the target network is capable of establishing a network-layer connection with the mobile node over the link-layer connection.

2007002, Feb 1, 2007

May 27, 2005

11/139449

Govindarajan Krishnamurthi - Arlington MA, US
Tat Chan - San Diego CA, US

H04Q 7/20

455440000

A mobile node includes first and second communication interfaces for connecting to first and second types of networks, respectively. The mobile node also includes a processor capable of connecting to a first type of network via the first communication interface. The processor can monitor location information from the first type of network, the location information being representative of a geographic area within which the mobile node is currently located and available as a result of the connection to the first type of network. The processor can determine if the mobile node is currently located in an area associated with a second type of network based upon the monitoring of the location information. If so, the processor can turn on the second communication interface, and effectuate a handoff of the mobile node from the first type of network to the second type of network via the second communication interface.