Patents by Inventor Anssi Tuomas Aura

Anssi Tuomas Aura has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 7493652
    Abstract: A secure router protocol yields a secure router advertisement for inclusion in binding updates between a mobile node and a correspondent node. Inclusion of the mobile node's home address or other security data relating to the mobile node's identity in the secure routing advertisement allows a correspondent node to verify the identity of the mobile node. Furthermore, inclusion of the advertising access router's subnet prefix and signatures allows a correspondent node to verify that the mobile node that sent the binding update is located at the subnet prefix.
    Type: Grant
    Filed: December 15, 2003
    Date of Patent: February 17, 2009
    Assignee: Microsoft Corporation
    Inventor: Anssi Tuomas Aura
  • Patent number: 7409544
    Abstract: Disclosed is an authentication mechanism that provides much of the security of heavyweight authentication mechanisms, but with lower administrative and communicative overhead while at the same time not being limited to a 64-bit limit on the length of a cryptographic hash value. Removal of this limitation is achieved by increasing the cost of both address generation and brute-force attacks by the same parameterized factor while keeping the cost of address use and verification constant. The address owner computes two hash values using its public key and other parameters. The first hash value is used by the owner to derive its network address. The purpose of the second hash is to artificially increase that computational complexity of generating new addresses and, consequently, the cost of brute-force attacks. As another measure against brute-force attacks, the routing prefix (i.e., the non-node selectable portion) of the address is included in the first hash input.
    Type: Grant
    Filed: March 27, 2003
    Date of Patent: August 5, 2008
    Assignee: Microsoft Corporation
    Inventor: Anssi Tuomas Aura
  • Patent number: 7272381
    Abstract: Many examples exist of a mobile node moving between the operational zones of multiple network access points or base stations. To minimize delay in re-authenticating with the network through a new base station, an additional form authenticated access mode called “credential authenticated” access is provided. The mobile unit is fully authenticated in the first base station (e.g., the user has logged in and paid for service). Thereafter, the first base unit transmits a “credential” to the mobile node that may be used by other base stations to establish trust with the mobile node prior to full re-authentication. Upon entering the operational zone of the second base station, the mobile node can transmit the credential to the second base station, which may accept the credential and allow access by the mobile node to the network through the second base station before full authentication has completed.
    Type: Grant
    Filed: April 1, 2005
    Date of Patent: September 18, 2007
    Assignee: Microsoft Corporation
    Inventor: Anssi Tuomas Aura
  • Patent number: 6947725
    Abstract: Many examples exist of a mobile node moving between the operational zones of multiple network access points or base stations. To minimize delay in re-authenticating with the network through a new base station, an additional form authenticated access mode called “credential authenticated” access is provided. The mobile unit is fully authenticated in the first base station (e.g., the user has logged in and paid for service). Thereafter, the first base unit transmits a “credential” to the mobile node that may be used by other base stations to establish trust with the mobile node prior to full re-authentication. Upon entering the operational zone of the second base station, the mobile node can transmit the credential to the second base station, which may accept the credential and allow access by the mobile node to the network through the second base station before full authentication has completed.
    Type: Grant
    Filed: March 4, 2002
    Date of Patent: September 20, 2005
    Assignee: Microsoft Corporation
    Inventor: Anssi Tuomas Aura
  • Publication number: 20040193875
    Abstract: Disclosed is an authentication mechanism that provides much of the security of heavyweight authentication mechanisms, but with lower administrative and communicative overhead while at the same time not being limited to a 64-bit limit on the length of a cryptographic hash value. Removal of this limitation is achieved by increasing the cost of both address generation and brute-force attacks by the same parameterized factor while keeping the cost of address use and verification constant. The address owner computes two hash values using its public key and other parameters. The first hash value is used by the owner to derive its network address. The purpose of the second hash is to artificially increase that computational complexity of generating new addresses and, consequently, the cost of brute-force attacks. As another measure against brute-force attacks, the routing prefix (i.e., the non-node selectable portion) of the address is included in the first hash input.
    Type: Application
    Filed: March 27, 2003
    Publication date: September 30, 2004
    Applicant: Microsoft Corporation
    Inventor: Anssi Tuomas Aura
  • Publication number: 20030166397
    Abstract: Many examples exist of a mobile node moving between the operational zones of multiple network access points or base stations. To minimize delay in re-authenticating with the network through a new base station, an additional form authenticated access mode called “credential authenticated” access is provided. The mobile unit is fully authenticated in the first base station (e.g., the user has logged in and paid for service). Thereafter, the first base unit transmits a “credential” to the mobile node that may be used by other base stations to establish trust with the mobile node prior to full re-authentication. Upon entering the operational zone of the second base station, the mobile node can transmit the credential to the second base station, which may accept the credential and allow access by the mobile node to the network through the second base station before full authentication has completed.
    Type: Application
    Filed: March 4, 2002
    Publication date: September 4, 2003
    Applicant: Microsoft Corporation
    Inventor: Anssi Tuomas Aura