In an exemplary method implementation, a method includes: designating a neighborhood administrator; receiving notification of a delinquent router from the designated neighborhood administrator; and excluding the delinquent router responsive to the notification. In an exemplary mesh router implementa
In an exemplary method implementation, a method includes: designating a neighborhood administrator; receiving notification of a delinquent router from the designated neighborhood administrator; and excluding the delinquent router responsive to the notification. In an exemplary mesh router implementation, a mesh router is capable of establishing a wireless mesh network with other mesh routers, the mesh router is further capable of designating a neighborhood administrator mesh router; and the mesh router is adapted to exclude another mesh router that is associated with a particular certificate when the particular certificate has been identified as delinquent by the designated neighborhood administrator. mesh router.
대표청구항▼
The invention claimed is: 1. A mesh router comprising: at least one processor; a network interface configured to communicatively couple the mesh router with one or more other mesh routers on a network; and one or more media configured to store a mesh-router- producing-entity-issued certificate of a
The invention claimed is: 1. A mesh router comprising: at least one processor; a network interface configured to communicatively couple the mesh router with one or more other mesh routers on a network; and one or more media configured to store a mesh-router- producing-entity-issued certificate of a plurality of certificates issued by a mesh-router-producing entity, the stored certificate comprising a name, a signature, and a public key, wherein the name corresponds to a name of the mesh router, the signature corresponds to an authentication by the mesh-router- -producing entity, and the public key certifying that the mesh-router-producing-entity-issued certificate is bound to the name of the mesh router and configured to store processor-executable instructions capable of being executed by the at least one processor, the processor-executable instructions configured to direct the router to perform actions comprising: initializing by designating the mesh router to be a single neighborhood administrator, the designated neighborhood administrator offering to be the neighborhood administrator and being designated by at least one other mesh router of the one or more other mesh routers on a network, granting, by the designated neighborhood administrator, access to the network to mesh routers that possess at least one of the plurality of certificates issued by the mesh-router-producing entity; detecting a delinquent mesh router of the one or more mesh routers of the network and deciding whether to exclude a delinquent mesh router certificate associated with the delinquent mesh router, the delinquent mesh router certificate comprising a name of the delinquent mesh router, a signature created by a producing entity, and a public key corresponding to the delinquent mesh router; receiving the delinquent mesh router certificate and notification of the associated delinquent mesh router from the designated neighborhood administrator, the notification being signed by the designated neighborhood administrator to authenticate the notification; and excluding the delinquent mesh router responsive to the authenticated notification based on the associated delinquent mesh router certificate; wherein the router comprises a mesh router that effectively treats the associated delinquent mesh router certificate as being revoked and/or invalid based on the authenticated notification from the designated neighborhood administrator even when the associated delinquent mesh router certificate is issued and authenticated by an entity other than the designated neighborhood administrator. 2. The mesh router as recited in claim 1, wherein the mesh router further comprises: a wireless transceiver that enables wireless communication with end devices and/or other routers. 3. The mesh router as recited in claim 1, wherein the mesh router is associated with a certificate; and wherein the certificate associated with the mesh router and the associated delinquent certificate of the delinquent mesh router are both signed by a producing entity. 4. The mesh router as recited in claim 1, wherein the one or more media further include a data structure; and wherein the processor-executable instructions are configured to direct the router to perform a further action comprising: mapping an exclusion indication in the data structure to at least one of (i) the associated delinquent certificate and (ii) an identifier of the delinquent router. 5. The mesh router as recited in claim 4, wherein the data structure further maps respective shared secret keys to respective routers. 6. A method for implementing an exclusion capability, the method comprising: communicatively coupling a mesh router with one or more other mesh routers on a network; storing a mesh-router-producing-entity-issued certificate of a plurality of certificates issued by a mesh-router producing entity, the stored certificate comprising a name, a signature, and a public key, wherein the name corresponds to a name of the mesh router, the signature corresponds to an authentication by the mesh-router-producing entity, and the public key certifying that the mesh-router-producing-entity-issued certificate is bound to the name of the mesh router and configured to store processor-executable instructions capable of being executed by at least one processor; initializing by designating by at least one other mesh router a single designated neighborhood administrator amongst a plurality of mesh routers of a network; granting, by the designated neighborhood administrator, access to the network to mesh routers that possess at least one of the plurality of certificates issued by the mesh-router-producing entity; detecting a delinquent mesh router of the one or more mesh routers of the network and deciding whether to exclude a delinquent mesh router certificate associated with the delinquent mesh router, the delinquent mesh router certificate comprising a name of the delinquent mesh router, a signature created by a producing entity, and a public key corresponding to the delinquent mesh router; receiving the delinquent mesh router certificate and a notification of the associated delinquent mesh router from the designated neighborhood administrator, the notification being signed by the designated neighborhood administrator to authenticate the notification; and excluding the delinquent mesh router responsive to the authenticated notification based on the associated delinquent mesh router certificate; wherein the receiving comprises receiving an identification of a certificate that is associated with the delinquent mesh router, the certificate comprising a name of the delinquent mesh router, a signature created by a producing entity, and a public key corresponding to the delinquent mesh router and further wherein the router comprises a mesh router that effectively treats the associated delinquent mesh router certificate as being revoked and/or invalid based on the authenticated notification from the designated neighborhood administrator even when the associated delinquent mesh router certificate is issued and authenticated by an entity other than the designated neighborhood administrator. 7. The method as recited in claim 6, further comprising: receiving an offer from a node to be the neighborhood administrator; and designating the node to be the neighborhood administrator by at least one other mesh router. 8. The method as recited in claim 6, wherein the receiving comprises: receiving one or more packets via at least one wireless communication. 9. The method as recited in claim 6, wherein the receiving comprises: receiving the notification via an out-of-band avenue. 10. The method as recited in claim 6, wherein the receiving comprises: receiving an identification of the delinquent router. 11. The method as recited in claim 6, wherein the identification of the certificate comprises a copy of the certificate. 12. The method as recited in claim 6, wherein the excluding comprises: storing an exclusion indication that is mapped to an identification of the delinquent router. 13. The method as recited in claim 6, wherein the excluding comprises: storing an exclusion indication that is mapped to a certificate that is associated with the delinquent router. 14. A mesh router that is capable of establishing a wireless mesh network with other mesh routers, the mesh router further capable of designating at least one other mesh router as a single neighborhood administrator, the neighborhood administrator deciding whether to exclude a delinquent mesh router certificate; the mesh router comprising at least one processor and one or more media configured to store a mesh-router-producing-entity-issued certificate of a plurality of certificates issued by a mesh-router-producing entity, the stored certificate comprising a name, a signature, and a public key, wherein the name corresponds to a name of the mesh router, the signature corresponds to an authentication by the mesh-router-producing entity, and the public key certifying that the mesh-router-producing-entity-issued certificate is bound to the name of the mesh router and configured to store processor-executable instructions capable of being executed by the at least on processor; the mesh router designated as the single neighborhood administrator configured to grant other mesh routers that possess at least one of the plurality of certificates issue by the mesh-router-producing entity, access to the wireless mesh network; the mesh router configured to exclude another mesh router that is associated with a particular certificate when the particular certificate has been identified as delinquent and sent by the designated neighborhood administrator; wherein the particular certificate that is associated with the another mesh router comprises a name of the another mesh router, a signature created by a producing entity, and a public key corresponding to the another mesh router. 15. The mesh router as recited in claim 14, wherein the certificate is included in the mesh router during production. 16. The mesh router as recited in claim 14, wherein the mesh router is further configured to exclude the other mesh router by refusing to forward packets that are authenticated by the other mesh router. 17. The mesh router as recited in claim 14, wherein the mesh router is further configured to exclude the other mesh router by refusing to perform an authentication key exchange protocol with the other mesh router. 18. The mesh router as recited in claim 14, wherein the mesh router is further configured to exclude the other mesh router by mapping, in a data structure of the mesh router, an exclusion indication to (i) an identifier of the other mesh router, (ii) the particular certificate, and/or (iii) a secret key shared between the mesh router and the other mesh router. 19. One or more processor-accessible computer storage media comprising processor-executable instructions that, when executed, direct a device to perform actions comprising: storing a mesh-router-producing-entity-issued certificate of a plurality of certificates issued by a mesh-router-producing entity, the stored certificate comprising a name, a signature, and a public key, wherein the name corresponds to a name of a mesh router, the signature corresponds to an authentication by the mesh-router-producing entity, and the public key certifying that the mesh-router-producing-entity-issued certificate is bound to the name of the mesh router; initializing by designating at least one other mesh router as a single neighborhood administrator, the initialized designated neighborhood administrator offering to be the neighborhood administrator, deciding whether to exclude a delinquent mesh router certificate; granting, by the single neighborhood administrator, access to a network to mesh routers that possess at least one of the plurality of certificates issued by the mesh-router-producing entity; receiving the delinquent mesh router certificate and notification of the associated delinquent mesh router from the single neighborhood administrator, the delinquent mesh router certificate comprising a name of the delinquent mesh router, the notification being signed by the single neighborhood administrator to authenticate the notification, and a public key corresponding to the delinquent mesh router; and excluding the delinquent mesh router certificate responsive to the authenticated notification received from the designated neighborhood administrator. 20. The one or more processor-accessible computer storage media as recited in claim 19, wherein the action of receiving comprises an action of: receiving the notification wherein the notification identifies the delinquent mesh router certificate such that a mesh router that is associated with the delinquent mesh router certificate can be determined directly from the delinquent mesh router certificate and from a stored data structure. 21. The one or more processor-accessible computer storage media as recited in claim 19, wherein the action of excluding comprises an action of: mapping an exclusion indication to at least one of the delinquent mesh router certificate and an identifier of a mesh router that is associated with the delinquent mesh router certificate. 22. A system for implementing an exclusion capability, the system comprising: coupling means for communicatively coupling a mesh router with one or more other mesh routers on a network; storing means for storing a mesh-router-producing-entity-issued certificate of a plurality of certificates issued by a mesh-router-producing entity, the stored certificate comprising a name, a signature, and a public key, wherein the name corresponds to a name of the mesh router, the signature corresponds to an authentication by the mesh-router-producing entity, and the public key certifying that the mesh-router-producing-entity-issued certificate is bound to the name of the mesh router and processor-executable instructions capable of being executed by the at least one processor; designation means for designating at least one other mesh router as a single neighborhood administrator, the neighborhood administrator deciding whether to exclude a delinquent mesh router certificate; granting means for granting access to the network to mesh routers that possess at least one of the plurality of certificates issued by the mesh-router-producing entity; detection means for detecting the delinquent mesh router of the one or more mesh routers of the network and deciding whether to exclude the delinquent mesh router certificate associated with the delinquent mesh router, the delinquent mesh router certificate comprising a name of the delinquent mesh router, a signature created by a producing entity, and a public key corresponding to the delinquent mesh router; receiving means for receiving the delinquent mesh router certificate and a notification of an associated delinquent mesh router from the designated neighborhood administrator; and exclusion means for excluding the delinquent mesh router responsive to the notification and based on the delinquent mesh router certificate associated with the delinquent mesh router, the delinquent mesh router certificate comprising the name of the delinquent mesh router, the signature created by a producing entity, and the public key corresponding to the delinquent mesh router. 23. The system as recited in claim 22, wherein the exclusion means comprises: refusal means for refusing to forward packets that are authenticated by the delinquent router and/or for refusing to perform an authentication key exchange protocol with the delinquent mesh router. 24. The system as recited in claim 22, wherein the system comprises a mesh router. 25. The system as recited in claim 22, wherein the system comprises one or more processor-accessible computer storage media.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (20)
Agrawal,Dharma P.; Venkataraman,Lakshmi, Authentication scheme for ad hoc and sensor wireless networks.
Dickinson, Alexander G.; Rohrbach, Mark D.; Clayton, Richard F.; Stark, Gregory H.; Ferrante, Michelle, Cryptographic server with provisions for interoperability between cryptographic systems.
Gasser Morrie (Saugus MA) Goldstein Andrew C. (Hudson MA) Kaufman Charles W. (Northborough MA), Method for performing group exclusion in hierarchical group structures.
Danknick Daniel A. (Orange CA), System for reducing bus contention using counter of outstanding acknowledgement in sending processor and issuing of ackn.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.