Method to control access to secured network based on three-element authentication of peer-to-peer objects

FIELD: information technologies.

SUBSTANCE: method to control access to a secured network based on three-element authentication of peer-to-peer objects includes the following: first of all, initialisation of reliability collectors and reliability verifier, then implementation of the protocol of three-element authentication of peer-to-peer objects with the help of a network access request initiator, a network access controller and a server of authentication policies at the level of network access control for realisation of double-sided authentication of a user between the initiator of access request and the access controller; if authentication is successful or the local policy requires to perform the process of reliability assessment by the TNC terminal, the TNC server and the server of reliability assessment at the level of assessment trusted to the platform, authentication of peer-to-peer objects for realisation of double-sided authentication of platforms reliability between the initiator of access requests and the access controller; finally, the initiator of access requests and the access controller control the ports by references generated by the terminal of the client TNAC and the terminal of the server TNAC.

EFFECT: improved reliability of access to the secured network.

10 cl, 4 dwg

 

For this application claims the priority of patent application, China No. 200710019093.2, entitled "Method of controlling access to the protected network based on the three-element peer authentication objects", filed in the patent office of China on November 16, 2007, which, therefore, incorporated by reference in full.

The technical FIELD

The present invention relates to the field of network security and, in particular, to a method of controlling access to a secure (trusted) network based on the three-element authentication peer-to-peer objects.

The LEVEL of TECHNOLOGY

Along with the development of Informatization arose very significant problem of malicious software such as viruses, worms, etc. currently, there are more than thirty-five thousand varieties of malicious software, and annual catches of more than four million computers. To suppress such attacks need not only to secure the transfer and validation of input data, but also protection from the source, i.e. from each terminal connected to the network. However, traditional approaches to security have failed to provide protection against numerous malware attacks.

International group the Trusted Computing Group (TCG) specifically to address this problem created the specification of network connection n the basis of trusted computing trusted network connect (TNC) is abbreviated, the TCG-TNC, which includes an open architecture integrity of terminal and set standards for guaranteed secure communications. This set of standards can protect the network, as required by the user, with a degree of protection, self-defined by the user. Essentially, the TCG-TNC is intended to establish the connection, since the integrity of the terminal. Operational status system in secure networks in the architecture of the TCG-TNC, you must create a set of policies so that if the access network can receive only terminal that complies with the policy, which is set for the network, then the network can isolate and localize those devices that do not meet policy. When using a trusted platform module (TPM) you can also block the attack rootkits. Rootkits are a variety of attack scenarios, a modified system program or set of attack scenarios and software tools that are used for the illegal acquisition of the highest privileges system management in the target system.

In the existing architecture of the TCG-TNC transfer information on a trusted network connection is such as illustrated in Fig. 1. To establish a network connection, the TNC client must under which otavite and send the necessary information platform integrity collector determine the integrity (IMC). In the terminal, provided by a trusted platform module (TPM), the above process also means that information about the platform required for the network policy is hashed and then stored in the respective registers platform configuration (PCR), and the TNC server must be installed and send the request to verify the integrity of the platform to the verifier measurement integrity (IMV). Specific procedure in this method is as follows:

(1) the requestor network access initiates the access request to block enforcement.

(2) Block enforcement sends a description of the access request to block authorization of network access.

(3) Block authorization of network access requestor network access after receiving a description of the access request from the requestor network access performs the user authentication Protocol. After successful user authentication unit authorization network forwards the access request to the access and information about the successful authentication of the user to the TNC server.

(4) the TNC Server starts the implementation of the bilateral authentication credential platform in the TNC client, such as the verification key authentication (AIK) platform after receiving the access request and information about the successful authentication of the user p is rezannoy from block authorization of network access.

(5) the TNC Client shall notify the collector of determining (measuring) the integrity of the beginning of the new network connection and the need for implementation of the Protocol confirm the integrity after a successful authentication credential platform. The collector determine the integrity of the returns requested information about the integrity of the platform through the interface of the collector determine the integrity of the IF-IMC. The TNC server sends information about the integrity of the platform to the verifier determine the integrity (IMV) through the interface verifier determine the integrity of the IF-IMV.

(6) the TNC Client and the TNC server to perform one or more data exchange for Protocol execution confirmation integrity, until no longer need the TNC server.

(7) the TNC Server finishes the execution of the Protocol confirm the integrity of the TNC client and forwards the recommendation to block authorization of network access request for access permission. As you can see, if there is an additional security measure, the decision point, policy-based may not be allowed access from the initiator requests access.

(8) Block authorization of network access passes to access the block of application policies, and the block enforcement in the exercise decision about access control initiator requests access.

Now the time on the market do not deliver the finished product architecture TCG-TNC. Some important technologies TCG-TNC architecture are still at the stage of research and standardization. As you can see in the way of prior art, because the predefined secure channel is located between node enforce policies and site decision-making policy-based, and site decision-making may manages a large number of nodes enforcement, this node decision must configure a large number of secure channels, what is the cause of complex control and subsequent poor extensibility. In addition, for security you need to protect data on the network access level, so between the initiator requests access and site decision based on the policies you need to create a secure channel, i.e. should be negotiation of the session key. However, it is also necessary to protect data between the initiator requests access and site policies, so again there should be negotiation of the session key between the initiator requests access AR and node execution policy, complicating thus, the reconciliation process is key. Also on site decision-making policy-based site-enforcement is transmitted to the primary key obtained as a result of negotiation between the initiator requests access and site printershare policy-based. Passing the key through the network may enter a new point of attack on the security, which leads to reduced security. In addition, dual key agreement session uses the same primary key, which may also reduce the security in the entire architecture of the trusted network connection. In addition, the initiator of the access requests may be unable to verify the AIK certificate of the node a decision based on policy. During the process of authentication credentials platform the initiator of the access requests and site decision-making policy-based use private keys and certificates AIK for bilateral authentication credentials, platform, and they both must verify the AIK certificate. If the node is a decision based on policy represents a service provider network access requestor, the requestor access cannot access any network without a trusted network connection, that is, the AIK certificate of the node decision cannot be verified, which may be unsafe. As a result, assessment of the integrity of the platform is not ad hoc. In the architecture of the TCG-TNC site decision-making policy-based evaluates the integrity of the platform in the initiator requests access, and site policies on the basis of the decision on the application node p is inate based solutions policies may know, whether the platform initiator requests access to a trusted, but the requestor access will not perform the assessment of the integrity of the platform in the site decision based on policy. If the host platform decision on the basis of the policy is not trusted, for example, due to malicious software, and so on, the connection is not trusted device may be unsafe for network access, and reliable line of communication from the initiator requests access to a trusted network can be terminated on site policies, but for ad hoc networks must trust in peer-to-peer network.

The INVENTION

The purpose of the invention is to provide a method of controlling access to the protected network based on the three-element peer entity authentication (TePA), which can solve the technical problems of the trusted network connection prior art, including poor scalability, complex process of matching key, low security, the inability of the initiator requests access to verify the AIK certificate and assessment of the reliability of the platform, which is not peer-to-peer.

Technical solutions according to the invention are as follows.

Method for controlling access to a secure network, depending on the three-element peer authentication objects including the t stages:

initialization using the requestor access and access controller, collectors of measurement reliability, TMC, on the level of measurement reliability for collecting desired for each other information about the reliability; and initialize with the administrative policies of the verifier to determine the reliability, TMV, at the level of determining the reliability to verify the information about the reliability of the initiator requests access and the access controller;

implementation of the Protocol element authentication, peer entity on the basis of the administrator's policies as a third party using the initiator requests access controller access and administrator-level policy network access control to perform bilateral user authentication between the initiator requests access and the access controller;

if the results of the user authentication indicate successful authentication or that the process of assessing the reliability of the platform required for local policies, the implementation of the Protocol element authentication, peer entity on the basis of the administrator's policies, acting as a third party, using the initiator's access requests, access controller and administrator-level policy evaluation trusted platform to perform bilateral assess the reliability of the platforms between the initiator requests access and the access controller; generating by the TNAC client of the initiator requests access and the TNAC server of the access controller according to the results of the reliability assessment platform in the process of assessing the reliability of the platform and transfer of appropriate recommendations to the initiator requests access and the access controller, respectively, to the requestor network access and the network access controller respectively managed ports mutual access according to the recommendations.

In particular, the control ports is as follows:

unmanaged port initiator requests access controls transmitting user authentication and data protocols key negotiation session Protocol data reliability assessment platform and data services Troubleshooting platform, and managed the port initiator requests access controls data transfer of the application services; and

unmanaged port access controller controls the transfer of user authentication and data protocols key negotiation session, and managed port access controller controls the data transfer Protocol reliability assessment platform, data services Troubleshooting platform and data application services.

In particular, the control ports is as follows:

(a) the object of the requester of the access requestor access the UPA and the object of user authentication at the access controller performs mutual user authentication and key agreement session through unmanaged ports, an object of user authentication in the access controller and the policy object authentication service administrator policies directly exchange information; and after successfully authenticate the user controlled port access controller changes the state to authenticated to allow data transfer Protocol assessing the reliability of the platform; and

(b) the object of the initiator requests access ID access requests, the object of assessing the reliability of the platform in the access controller and the service object evaluation policy administrator policy perform Protocol-element authentication, peer entity to perform bilateral assess the reliability of the platforms between the initiator requests access and the access controller; and in assessing the reliability of the platform object requestor access requestor access communicates through port unmanaged object of the reliability assessment platform in the access controller communicates via authenticated controlled port, and the object of assessing the reliability of the platform in the access controller and the service object evaluation policy administrator policy directly exchange information.

In particular, the control ports of the requestor and access controller access is performed after the process carried out to assess the reliability of the platforms in the following four ways:

if both platforms initiator access requests and access controller are trusted, both managed port in the requestor and the access controller are in a trusted state to allow the transfer of data service applications between the initiator requests access and the access controller.

Or, if the platform the initiator of the access requests is a trusted and platform access controller is not trusted, uncontrolled and controlled ports initiator requests access controller access remain in their original state, and the access controller retrieves information about the Troubleshooting platform configuration from the connected isolated domain for Troubleshooting platform. The access controller is connected and isolated domain and the secure domain.

Or, if the platform the initiator of the access requests is not trusted and platform access controller is a trusted controlled port that is denied Troubleshooting, change state, which allowed the fault to the requestor access could gain access to isolated domain via the access controller to retrieve information Troubleshooting platform configuration for Troubleshooting platform.

Or, if both platforms initiator access requests and access controller are not trusted, a controlled port that is denied Troubleshooting, access controller changes the state, which allowed the fault to the requestor access could gain access to isolated domain via the access controller to retrieve information about the Troubleshooting platform configuration for Troubleshooting platform.

In particular, the guidelines contain information about the permissions, information on prohibitions or access information about isolation and Troubleshooting.

In particular, if the recommendations adopted by the network access controller and the initiator requests network access, provides information about isolation and Troubleshooting, the requestor and the access controller perform Troubleshooting platform with information about the Troubleshooting platform configuration and perform the process of assessing the reliability of the platforms between the initiator requests access and the access controller.

In particular, the assessment of the reliability of the platform is as follows:

authenticated accounts platform: admin policies to verify the school is lnost the AIK certificate of the initiator of the access requests; and

performed verification platform reliability: admin policies verifies the reliability of the platform the initiator of the access requests and access controller.

In particular, the process of assessing the reliability of the platforms between the initiator requests access and the access controller includes:

transmitting information identifying the configuration of the platform the initiator of the access requests between the initiator requests access and administrator policies, and information that identifies the platform configuration of the access controller between the access controller and administrator policies through encrypted transmission;

transmission of the information exchanged between the TNAC client and the TNAC server using the session key; and

the generation and transfer with the administrative policies of the results of the reliability assessment platforms initiator requests access controller access to the TNAC client and the TNAC server.

In particular, the process of user authentication between the initiator requests access and the access controller includes:

the initiation of the access request from the requestor access to the access controller;

initiated by the controller of the access authentication process of the user after receiving the access request, and generating results of the user authentication initiator requests access and the access controller;

General the Yu initiator requests access controller access primary key upon successful authentication of the user;

the negotiation initiator requests access and the access controller of the session key using the primary key, and transmitting information about the successful authentication of the user respectively the TNAC client and the TNAC server.

In particular, the initialization collectors determine reliability, TMC, and verifiers to determine the reliability, TMV, on the level of trust contains:

the initialization of the TNAC client of the initiator requests access and the TNAC server of the access controller, collectors determine reliability, TMC, on the level of trust;

the initialization of the evaluation policy server EPS, administrator, politician, a verifier to determine the reliability, TMV, on the level of trust;

storage of the TPM, the TPM, the initiator requests access controller access is required to each other information about the reliability of the registers platform configuration, PCR;

the preparation of the TNAC client of the initiator requests access and the TNAC server of the access controller information about the reliability of the platforms needed for access controller and the initiator of the access requests, respectively, with the help collectors assess the reliability, TMC; and

the creation and distribution of access control policies by the administrator policies, including a policy initiator requests access to join podkluchen the th network policies and network access control access controller for initiator access.

The invention has the following advantages compared with the inventions of the prior art:

According to the method according to the invention description of the reliability of the platform can be extended and the reliability can be defined as an attribute of the platform state, determining (measuring) and evaluates the reliability of the platform, such as integrity, to increase, thus, the extensible access control to a secure network. In practical application, the administrator policies must manage a large number of access controllers, and the invention can eliminate the need for strict security Association between the access controller and administrator policies, thus increasing the scalability of access control to a secure network. In addition, the invention can further simplify the reconciliation process is key to improve the security of access control to a secure network. Key agreement between the requestor access and an access controller to direct data privacy process evaluation of the reliability of the platform and service data after controlling access to the protected network can be done without double key negotiation session, simplifying thus, the reconciliation process is key, and improving the security of access control to a secure network. Security key m which should be guaranteed because there is no need to transfer over the network primary key generated in the authentication process, which thus guarantees the security of this key. The invention additionally can improve process safety evaluation platform reliability and to simplify key management and verification mechanism reliability control access to the protected network. As a three-way authentication peer-to-peer objects of the invention adopted on the level of evaluation trusted platform, respectively, in the means for two-way authentication with the participation of a third party performs centralized authentication and verification of AIK certificates and reliability platforms initiator access requests and access controller, thereby improving process safety evaluation platform reliability and simplifying key management and the verification engine reliability architecture access control to a secure network. In addition, the invention can improve the security of full control access to the protected network. In the invention use a three-way authentication peer-to-peer sites and to authenticate the user-level network access control and for bilateral assess the reliability of the platform-level evaluation of the trusted platform. Thus, the invention has ucsay complete security architecture access control to a secure network.

In addition, the invention can additionally fix the problem that the chain of trust can be broken on the access device. As between the initiator requests access controller access is performed to assess the reliability of the platform, the invention eliminates the problem of violation of the chain of trust on the access controller from the access device.

In conclusion, in the method according to the invention apply multi-level governance ports. The access controller performs multi-level governance of the controlled port, tightly controlling, therefore, the privilege of the access requestor access and improving the safety and efficiency of the architecture of access control to a secure network. The device extends the description of the TPM. In the architecture of the TCG-TNC trusted platform module (TPM) is a microchip security of the motherboard. According to the invention the TPM can be abstract software module that is responsible for the assessment of the trusted platform. For example, a trusted platform module (TPM), implemented in the software scans the corresponding components of the platform and then generates and transmits the results of the security scan across the platform. Then the opposite platform evaluates the PE ulitity scan security in doing so, the assessment of the trusted platform.

BRIEF DESCRIPTION of DRAWINGS

Fig. 1 is a diagram of the transfer complete information to control access to a secure network in the existing architecture of the TCG-TNC.

Fig. 2 is a schematic diagram of the system control ports in the architecture of the TNAC according to the invention.

Fig. 3 is a schematic diagram according to the invention of complex transmit information to control access to a secure network architecture TNAC.

Fig. 4 is a schematic diagram of the invention process reliability assessment platform architecture TNAC.

The reference position is given below:

NS: a random number generated by the access controller; CertAC-AIK: the AIK certificate of the access controller; PCRsListAR: the controller access the list of parameters PCR from the initiator requests access; NAR: a random number generated by the initiator of the access requests; CertAR-AIK: the AIK certificate of the initiator of the access requests; PCRsListAC: need to query the list of parameters PCRs requested by the initiator of the access requests from the access controller; LogAR: requested by the access controller log definitions (dimensions), the corresponding PCR values; PCRsAR: requested by the access controller PCR values; [NS, PCRsAR]Sig: signature of requestor access to bazakucinga number, generated by the access controller NS and on the basis requested by the access controller of the corresponding PCR values; NAC: a random number generated by the user of the access controller; LogAC: requested by the requestor access log definitions (dimensions), the corresponding PCR values; PCRsAC: requested by the requestor access to the PCR values; [NAR, PCRsAC]Sig: the signature of the access controller on the basis of the random number NAR generated by the initiator of the access requests, and on the basis requested by the requestor access the corresponding PCR values; ResultAIK-PCRs: the authentication results of AIK certificate and verification of the reliability of the initiator requests access and the access controller; [ResultAIK-PCRs]Sig: signature of administrator policies on the basis of the authentication results of AIK certificate and verification of the reliability of the initiator requests access and the access controller; ReAC: the verification of the reliability of the platform the initiator of the access requests; ReAR-AIK: the verification of AIK certificate of the initiator of the access requests; ReAC-AIK: the verification of AIK certificate of the access controller; ReAccess: the trusted (secure) access; RemAR: information about Troubleshooting platform configuration initiator access requests; and RemAC: information about Troubleshooting platform configuration USB circuits the RA access.

DETAILED description of the INVENTION

The invention relates to a network connection based on trusted computing and method for controlling access to a secure network (TNAC) on the basis of the three-element peer entity authentication (TePA), which, in the first place, was offered to the disadvantages of the TNC architecture in the existing system TCG

The invention primarily consists of a level of network access control, level of assessment of a secure platform and determining (measuring) the reliability. The initiator of the access requests, the access controller and administrator policies, which according to the invention are three entities that can be distributed across a network. The requestor access is also designated as the requestor, terminal, etc., the access controller is also designated as the controller of the access authentication, the base station, block access services, etc., administrator, politician also known as the authentication server, a trusted server, back-end server, etc.

The level of network access control is responsible for directional authentication of the user, and to agree on common key between the initiator requests access and the access controller, and for mutual access control initiator access requests and access controller to the network authentication the requirements of the user and result reliability evaluation platform. The level of network access control can't take the way access control based on the three-element peer authentication objects, i.e. technology-based network access control, already adopted in the WLAN standard of China. Reliability the invention relates to the status attribute of the platform defining estimator) and the reliability of the platform, such as integrity.

Trusted platform module (TPM) according to the invention may be a trusted platform module (TPM) TNC architecture in the system TCG or abstract software module that is responsible for the assessment of the trusted platform. For example, a trusted platform module (TPM), implemented in the software scans the corresponding components of the platform and then generates and transmits the results of the security scan across the platform. Then the opposite platform evaluates the results of the security scan, thus fulfilling the assessment of the trusted platform.

The trusted platform is responsible for evaluating the reliability of the platform, including authentication accounts platform and the verification of the reliability of the platform between the initiator requests access and the access controller. Protocol three-element peer-to-peer authentication of objects, i.e. the Protocol on the basis of the TLD the third-party authentication with the participation of a third party, runs in the assessment level for trusted platform between the initiator requests access, the access controller and administrator, politician, and administrator policies verifies the validity of the AIK certificate of the initiator of the access requests and access controller and is responsible for verifying the reliability of the platforms initiator access requests and access controller.

The level of trust is responsible for the collection and verification of information related to the reliability of platforms, from the initiator requests access and the access controller.

In Fig. 3 illustrates a block diagram of interactions of processes full transmission of information to control access to a secure (trusted) network according to the invention. Specific implementation steps of the invention are as follows:

(1.) Initialization is performed. Collectors determine (measure) reliability (TMC) and the verifier determining (measuring) reliability (TMV) at the level of determining (measuring) the reliability initialized to establish a trusted network connection;

In particular, the initialization may include the following steps:

(1.1) the TNAC Client of the initiator requests access and the TNAC server of the access controller on the level of determining the reliability initialize the headers to determine the reliability (TMC) to collect necessary for each other information on which agnosti. The evaluation policy server (EPS) administrator-level policies to determine the reliability initializes the verifier to determine the reliability (TMV) to perform verification of the reliability of the platforms initiator access requests and access controller.

(1.2) Trusted platform modules (TPM) initiator access requests and access controller retain necessary for each other information about the reliability of the registers platform configuration (PCR). Information about the reliability associated with integrity, you should hash and store in registers platform configuration (PCR).

(1.3) the TNAC Client of the initiator requests access and the TNAC server of the access controller prepare information about the reliability of the platforms needed respectively to the access controller and the initiator requests access help collectors determine reliability (TMC).

(1.4) the Administrator policy sets and distributes policy network access control, including policies about joins if the initiator requests access to the connected network and policy management network access controller access requestor access. Administrator policies may establish and distribute a policy control network access requestor access and access controller according to national specifications multi-level security B. the safety information.

(1.5) the TNAC Client and the TNAC server prepare lists of parameters PCR, which are accordingly requested the initiator requests access and the access controller to verify each other according to policies, network access control, distributed by the administrator policies.

(2.) The initiator of the access requests, the access controller and administrator-level policy network access control perform Protocol-element authentication, peer entity on the basis of the administrator's policies, which plays the role of a third party, to perform two-way authentication peer-to-peer objects between the initiator requests access and the access controller.

In particular, step (2) may contain the following steps:

(2.1) the requestor access initiates the access request to the access controller.

(2.2) After receiving the access request, the access controller initiates the authentication process of the user and the initiator requests access, the network access controller and the policy server-level authentication network access control begin to implement the Protocol-element peer-to-peer authentication of objects, i.e. two-way authentication Protocol with the participation of a third party, where the authentication server policy plays the role of a third party to perform, thus, bilateral authentication is ificatio user between the initiator requests access and the access controller and to generate the results of the user authentication between the initiator requests access and the access controller. If two-way authentication of the user is successful, the initiator requests access controller access during user authentication generate the primary key between them.

(2.3) After you successfully authenticate the user, the requestor and the access controller will agree on a session key using the primary key generated during authentication of the user and then transmit the information about the successful authentication of the user to the TNAC client or server TNAC, respectively, and have ports initiator requests network access and network access controller, respectively, are managed according to the user authentication access controller and the initiator requests access, allowing, thus, the data transfer process reliability assessment.

(3.) When the results of the bilateral authentication of the user indicate successful authentication or that local policies necessary process reliability assessment platform, the initiator of the access requests, the access controller and administrator-level policies of the trusted platform evaluation perform Protocol-element authentication, peer entity on the basis of the administrator's policies, acting as a third party to perform bilateral reliability assessment platform IU the remote initiator requests access and the access controller.

In particular, step (3) can be done in the following way.

When receiving the TNAC server of the access controller information about the successful authentication of the user transmitted from the controller network access or process information evaluate reliability of the framework for local policy, the TNAC client, the TNAC server and the policy server level assessment assessment for trusted platform perform bilateral assessment of the reliability of the platforms initiator access requests and access controller using the Protocol, the three-element peer authentication objects. In the process of evaluating a robust platform for the exchange of information between the TNAC client is passed under the protection of the session key agreed upon in step (2.3).

In the evaluation process reliability between the requestor access and administrator policies must be transmitted information identifying the configuration of the platform the initiator of the access requests, such as log definitions corresponding to the values of the platform configuration registers (PCR), information about the Troubleshooting platform configuration, etc. that must be transferred as encrypted, thereby, prevents the understanding of information by the controller or by the cracker. Also between the access controller and administrator policy information, identify the existing configuration of the platform of the access controller, must be transmitted, being encrypted, thereby, prevents the understanding of information by the requestor access or cracker. Methods an encrypted transmission, which can be used in this invention may contain symmetric and asymmetric encryption keys. In assessing the reliability of the platform evaluation policy server plays the role of a third party, and the TNAC server, the TNAC client and the policy server also exchange information with collectors to determine the reliability and the verifier to determine the reliability on the upper level.

In particular, the assessment of the reliability of the platform in practical application as follows:

authenticated accounts platform: admin policies verifies the validity of the AIK certificate of the initiator requests access and the access controller; and

performed verification of reliability platforms: admin policies verifies the reliability of the platforms initiator access requests and access controller.

Referring to Fig. 3, a specific implementation of the evaluation of the reliability of the platform according to the invention may consist in the following:

(3.1) When receiving the TNAC server of the access controller information about the successful authentication of the user transmitted from the network access controller, or when confirmation of successful the th user authentication, the access controller transmits to the initiator requests access to a random number generated by the access controller NS, the AIK certificate of the access controller CertAC-AIK and necessary for the controller to access the list of parameters PCR from the initiator requests access PCRsListAR.

(3.2) After receiving the information transmitted from the access controller in step (3.1), the initiator requests access primarily extracts for the trusted platform module (TPM) the corresponding values of PCR, PCRsAR, requested by the access controller of the list of parameters PCR, and then signed with the private key of the AIK certificate of the PCR values, PCRAR extracted for the trusted platform module (TPM), and a random number generated by the access controller NS in a trusted platform module (TPM). Ultimately, the initiator transmits access requests to the access controller, a random number generated by the access controller, NS, a random number generated by the initiator requests access, NAR, the AIK certificate of the requestor access CertAR-AIK requested by the access controller, a list of parameters PCR, PCRsAR, from the access controller PCRsListAC requested by the access controller of the PCR values, PCRAR requested by the access controller log definitions corresponding PCR values, LogAR, and the signature of the requestor access to the private key of the AIK certificate to arenoso platform module (TPM) when the PCR values, PCRAR learned in the trusted platform module (TPM), and a random number generated by the access controller NS [NS, PCRsAR]Sig.

(3.3) After receiving the information transmitted from the initiator requests access to the stage (3.2), access controller, primarily for consistency verifies the random number generated by the access controller NS, and verifies the validity of the AIK signature [NS, PCRsAR]Sig initiator requests access public key of the AIK certificate of the initiator of the access requests, and then retrieves the appropriate values of PCR, PCRsAC, requested by the requestor access to the list of parameters of the PCR in the TPM (TPM). Then the access controller is signed with the private key of the AIK certificate of the PCR values, PCRsAC, extracted in the trusted platform module (TPM) and a random number NAR generated by the initiator requests access to a trusted platform module (TPM). Ultimately, the access controller sends to the administrator politician random number NS and a random number NAC generated by the access controller, a random number generated by the initiator of the query, NAR, the AIK certificate of the requestor access CertAR-AIK requested by the access controller of the PCR values, PCRsAR, requested by the access controller log definitions corresponding PCR values, LogAR, the AIK certificate to the key access CertAC-AIK requested by the requestor access the values of PCR, PCRsAC, and requested by the requestor access log definitions corresponding PCR values, LogAC.

(3.4) After receiving the information transmitted from the access controller in step (3.3) the administrator policies first of all to verify the validity of the AIK certificate of the initiator requests access and the access controller; then recalculates the corresponding values of PCR according to the logs definitions LogAR and LogAC of the corresponding PCR values extracted in the corresponding trusted platform modules (TPM) initiator access requests and access controller, and compares them with PCRsAR and PCRsAC, thereby verificarea registers definitions LogAR and LogAC integrity; then compares the value of definitions (dimensions) reliability of corresponding components of the platform registers definitions LogAR and LogAC with respective reference values to determine the reliability of the corresponding component of the platform in the database, to thereby ultimately generate the authentication results of AIK certificate and verification of the reliability of the platforms, ResultAIK-PCRs, the initiator requests access and the access controller, and signs the generated authentication results of AIK certificate and verification of the reliability of the platform closed the th key relevant certificate definitions administrator policies; and ultimately transmits the access controller, the authentication results of AIK certificate and verification of the reliability of the platforms initiator access requests and access controller, ResultAIK-PCRs, and the signature of the administrator authentication policies of the AIK certificate and verification of the reliability of the platforms initiator access requests and access controller, [ResultAIK-PCRs]Sig. The authentication results of AIK certificate and verification of the reliability of the platforms initiator access requests and access controller, ResultAIK-PCRs generated in step (3.4), contain a random number NAC and the random number NS generated by the access controller, the AIK certificate of the requestor access CertAR-AIK, the result of the verification of AIK certificate of the requestor access ReAR-AIK requested by the controller requests access the values of PCR, PCRsAR, the result of the verification of the reliability of the platform the initiator requests access ReAR, information about Troubleshooting platform configuration initiator requests access RemAR, a random number generated by the initiator requests access, NAR, certificate AIK of the access controller CertAC-AIK, the result of the verification of AIK certificate of the access controller ReAC-AIK requested by the requestor access the values of PCR, PCRsAC, the result of the verification of the reliability of the platform is RMI access controller ReAC, information about repairs to platforms access controller RemAC.

(3.5) After receiving the information transmitted from the administrator's policies on stage (3.4), the access controller first of all, verify, agree whether the random number NAC and the random number NS generated by the access controller, the AIK certificate initializer access requests CertAR-AIK requested by the access controller of the PCR values, PCRsAR, a random number generated by the initiator requests access, NAR, the AIK certificate of the access controller CertAC-AIK, and requested by the requestor access the values of PCR, PCRsAC, with the corresponding values in the information transmitted from the access controller in step (3.1.3); then verifies on the validity of the signature [ResultAIK-PCRs]Sig administrator policies with the public key corresponding to the certificate definitions administrator policies; then generates the secure access and ReAccess the result of evaluating the reliability of the platform the initiator of the access requests for the verification of the certificate ReAR-AIK initiator requests access and the verification of the reliability of the platform ReAR of the initiator requests access. Ultimately, the access controller sends to the requestor access information transmitted in step (3.4), a random number generated by the initiator requests access, NAR, the Conn is frame access and ReAccess the signature of the access controller with the private key of the AIK certificate in the trusted platform module (TPM) when the PCR values, extracted in the trusted platform module (TPM) and a random number generated by the initiator requests access, NAR, [NAR,PCRsAC]Sig. During the generation of the reliability assessment platform initiator requests access to the stage (3.5) the access controller will repeat the steps from (3.1) to (3.6) for the exchange and verification of information reliability again using the initiator requests access if the access controller is not satisfied with the result or request another network policy, and the process of verification of the validity of the AIK certificate and an additional process of determining the reliability of the platform is performed by the initiator of the access requests to the access controller, if necessary, can be optional.

(3.6) After receiving the information transmitted from the access controller in step (3.5), the initiator requests access first of all, verify, agree whether the random number generated by the access controller NS, the AIK certificate of the requestor access CertAR-AIK requested by the access controller of the PCR values, PCRsAR, and a random number generated by the initiator requests access NAR with the corresponding values in the information transmitted from the initiator requests access to the stage (3.2), and verifies validity of the signature of the AIK certificate of the access controller [NAR, PCRsAC]Sig public key certification is ATA AIK of the access controller; then verifies for validity the signature of the administrator policies [ResultAK-PCRs] with the public key corresponding to the certificate definitions administrator policies; and, ultimately, generates the verification of the reliability of the platform of the access controller according to the result of verification of AIK certificate of the access controller ReAC-AIK and the verification of the reliability of the platform access controller ReAC. In the generation process of the reliability assessment platform initiator requests access to the stage (3.6) the requestor access again repeats the steps from (3.2) to (3.6) for the exchange of information and verification of the reliability information using the access controller, if the initiator requests access not satisfied with the result or request another network policy, and the process of verification of the validity of the AIK certificate and an additional process of determining the reliability of the platform is performed by the controller of the access requestor access, if necessary, can be optional.

In a particular implementation of the above reliability assessment platform log definitions corresponding to the values of the platform configuration registers (PCR) initiator access requests must be sent to the administrator, politician, being encrypted, and information about how to troubleshoot faults the spines platform configuration initiator requests access generated by the administrator policies, must be sent to the requestor access also being encrypted; and similarly log definitions corresponding to the values of the platform configuration registers (PCR)collector access, must be sent to the administrator policies also being encrypted, and information about the Troubleshooting platform configuration of the access controller, generated by the administrator, a politician, you need to pass the access controller also being encrypted. Methods an encrypted transmission, which can be used in this invention may contain symmetric and asymmetric key encryption.

(4) the TNAC Client and the TNAC server in the evaluation process platform reliability evaluation reliability platforms generate and transmit recommendations to the initiator requests access and the access controller, respectively, to control the requestor access controller access ports mutual access to the relevant recommendations.

In particular, step (4) may contain the following steps:

The policy server platform in the process of assessing the reliability of the platform generates and then transmits the results of the reliability assessment platforms initiator requests access controller access to the TNAC client and the TNAC server.

The TNAC client and TNAC evaluation of the reliability of the platform, generated by the policy server platforms generate and transmit recommendations to the initiator of requests for network access and network access controller, respectively.

Recommendations transferred from the server TNAC client and the TNAC network access controller and the requestor network access may include permission, prohibition and isolation.

The requestor network access and network controller access control ports, respectively, obtained relevant recommendations, thereby performing control of mutual access requestor to the access controller access.

It should be noted that if the recommendations received by the requestor network access and network access controller, represent isolation, the requestor network access and the network access controller perform Troubleshooting according to the information about the correction of faults platform configuration, respectively, in the process of assessing the reliability of the platform and then perform the process of assessing the reliability of the platform. As can be seen, the invention can realize multi-level governance managed by the port, thereby improving the security of the entire access control to a secure network.

Referring to Fig. 2, the control port according to the invention in practicescomplaint can be carried out as follows.

For the initiator requests access and the access controller defined two types of logical ports: unmanaged and managed ports. Unmanaged port of the initiator of the access requests may share data with user authentication protocols and key agreement, Protocol data reliability assessment platform and data services Troubleshooting platform and managed the port of the initiator of the access requests can only transfer data application services. Unmanaged port access controller can transmit data only user authentication protocols and key negotiation, and managed port access controller may control transmission Protocol data reliability assessment platform, data services Troubleshooting platform and data application services in the form of multi-level governance. The initiator requests access controller access control managed ports on the results of user authentication and evaluation of the reliability of the platform.

Referring to Fig. 2, a specific process control ports according to the invention can be carried out as follows.

(a) initiator Object access requests in the system initiator requests access and the object of user authentication in the system access controller perform bilateral out what tificatio user and key agreement via unmanaged ports, but the object of user authentication in the system access controller and the policy object authentication services system administrator policies directly exchange information. After you successfully authenticate the unauthenticated user managed ports in the system access controller changes to the authenticated state so that the managed port access controller can transfer data Protocol assessing the reliability of the platform.

(b) initiator Object access requests in the system initiator requests access, the object evaluation system reliability in the system access controller and the service object policy evaluation in the system administrator's policies implementing the Protocol element authentication, peer entity to perform bilateral reliability assessment platform between the initiator requests access and the access controller. In assessing the reliability of the platform initiator object access requests in the system initiator requests access communicates through port unmanaged object of the reliability assessment platform in the system access controller communicates via authenticated controlled port and the object of assessing the reliability of the platform in the system access controller and the service object policy evaluation in the system administrator's watered is to directly exchange information.

It should be noted that after the implementation of bilateral reliability assessment platform for managing ports initiator requests access and the access controller may experience the following four cases. In the first case, if both platforms initiator access requests and access controller are trusted, they are not trusted managed port initiator requests access controller change the trust state for the data transfer application services between the initiator requests access and the access controller. In the second case, if the platform the initiator of the access requests is a trusted and platform access controller is not trusted, the status of the ports system initiator requests access and system access controller does not change, and the access controller Troubleshooting platform retrieves information about the Troubleshooting platform configuration from the connected stand-alone domain. In the third case, if the platform the initiator of the access requests is not trusted and platform access controller is a trusted controlled port that is denied Troubleshooting in the system access controller, changes the state, which allowed the fault to the requestor access the UPA could gain access to isolated domain through the system access controller Troubleshooting platform. In the fourth case, if both platforms initiator access requests and access controller are not trusted, a controlled port that is denied Troubleshooting in the system access controller, changes the state, which allowed the fault to the requestor access could gain access to isolated domain through the system access controller Troubleshooting platform and retrieve the access controller information about the Troubleshooting platform of the associated isolated domain for Troubleshooting platform.

1. A method of controlling access to a trusted network based on the three-element peer-to-peer authentication of objects containing:
initialization collectors determine reliability, TMS, and verifiers to determine the reliability, TMV, at the level of definition of reliability;
the implementation of the Protocol element authentication, peer entity on the basis of the administrator's policies, acting as a third party, using the initiator's access requests, access controller and administrator-level policy network access control to perform bilateral user authentication between the initiator requests access and the access controller;
if the authentication results p is Lisovets indicate successful authentication, or that the necessary process reliability assessment platform for local policies, the implementation of the Protocol element authentication, peer entity on the basis of the administrator's policies, which plays the role of a third party, using the initiator's access requests, access controller and administrator-level policy evaluation trusted platform to perform bilateral assess the reliability of the platforms between the initiator requests access and the access controller;
the generation of the TNAC client of the initiator requests access and the TNAC server of the access controller according to the results of the reliability assessment platform in the process of assessing the reliability of the platform and transfer of appropriate recommendations to the initiator requests access and the access controller, respectively, to the requestor network access and the network access controller managed ports mutual access, respectively, according to the recommendations.

2. A method of controlling access to a trusted network based on the three-element peer authentication objects according to claim 1, in which the control ports is as follows:
unmanaged port initiator requests access controls transmitting user authentication and data protocols key negotiation session Protocol data reliability assessment platform and data services Troubleshooting platform, and managed the port initiator requests access manipulated the data transfer application services; and
unmanaged port access controller controls the transfer of user authentication and data protocols key negotiation session, and managed port access controller controls the data transfer Protocol reliability assessment platform, data services Troubleshooting platform and data application services.

3. A method of controlling access to a trusted network based on the three-element peer authentication objects according to claim 2, in which the control ports is as follows:
(a) the object of the requester of the access requestor to the access and the object of user authentication at the access controller performs mutual user authentication and key agreement session through unmanaged ports, an object of user authentication in the access controller and the policy object authentication service administrator policies directly exchange information; and after successfully authenticate the user controlled port access controller changes the state to authenticated to allow data transfer Protocol assessing the reliability of the platform; and
(b) the object of the initiator requests access ID access requests, the object of assessing the reliability of the platform in the access controller and the service object evaluation policy in the administration of the ora policies perform Protocol-element authentication, peer entity to perform bilateral assess the reliability of the platforms between the initiator requests access and the access controller; and in the process of assessing the reliability of the platform object requestor access requestor access communicates through port unmanaged object of the reliability assessment platform in the access controller communicates via authenticated controlled port, and the object of assessing the reliability of the platform in the access controller and the service object evaluation policy administrator policy directly exchange information.

4. A method of controlling access to a trusted network based on the three-element peer authentication objects according to claim 3, in which the control ports of the initiator of the access requests and access controller is carried out after the process of assessing the reliability of the platform as follows:
if both platforms initiator access requests and access controller are trusted, both managed port in the requestor and the access controller are in a trusted state to allow the transfer of data service applications between the initiator requests access and the access controller; or,
if the platform the initiator of the access requests is a trusted and platform access controller is not trusted, uncontrolled and controlled ports of the initiator of the access requests in the access controller remains in the initial state, and the controller DOS the UPA retrieves information about the Troubleshooting platform configuration from the connected isolated domain for Troubleshooting platform; or,
if the platform the initiator of the access requests is not trusted and platform access controller is a trusted controlled port that is denied Troubleshooting, change state, which allowed the fault to the requester access could gain access to isolated domain via the access controller to retrieve information about platform configuration for Troubleshooting platform; or,
if both platforms initiator access requests and access controller are not trusted, a controlled port that is denied Troubleshooting, access controller changes the state, which allowed the fault to the requestor access could gain access to isolated domain via the access controller to retrieve information about the Troubleshooting platform configuration for Troubleshooting platform.

5. A method of controlling access to a trusted network based on the three-element peer authentication objects according to any one of claims 1 to 4, where recommendations include information about allow access, information about the denial of access or information about isolation and Troubleshooting.

6. A method of controlling access to a trusted network based on the e-element authentication, peer entity according to claim 5, in which, if the recommendations adopted by the network access controller and the initiator requests network access, provides information about isolation and Troubleshooting, the requestor and the access controller perform Troubleshooting platform with information about the Troubleshooting platform configuration and perform the process of assessing the reliability of the platforms between the initiator requests access and the access controller.

7. A method of controlling access to a trusted network based on the three-element peer authentication objects according to claim 4, in which the reliability of the platform is as follows:
authenticated accounts platform: admin policies verifies the validity of the AIK certificate of the initiator requests access and the access controller; and
performed verification platform reliability: admin policies verifies the reliability of the platforms initiator access requests and access controller.

8. A method of controlling access to a trusted network based on the three-element authentication, peer entity according to claim 7, in which the process of assessing the reliability of the platforms between the initiator requests access and the access controller includes:
transmitting information identifying the configuration of the platform is initiator access requests between the initiator requests access and administrator policies, and information identifying the platform configuration of the access controller between the access controller and administrator policies through encrypted transmission;
the transfer of the exchanged information between the TNAC client and the TNAC server using the session key; and
the generation and transfer with the administrative policies of the results of the reliability assessment platforms initiator requests access controller access to the TNAC client and the TNAC server.

9. A method of controlling access to a trusted network based on the three-element peer authentication objects according to claim 1, in which the process of user authentication between the initiator requests access and the access controller includes:
the initiation of the access request from the requestor access to the access controller;
initiated by the controller of the access authentication process of the user after receiving the access request, and generating results of the user authentication initiator requests access and the access controller;
the generation of the initiator requests access controller access primary key upon successful authentication of the user; and
the negotiation initiator requests access and the access controller of the session key using the primary key, and transmitting information about the successful authentication of the user respectively the TNAC client and the TNAC server.

10. A method of controlling access to a trusted network based on the three-element authentication, peer entity according to claim 9, in which the initialization collectors determine reliability, TMS, and verifiers to determine the reliability, TMV, on the level of trust contains:
the initialization of the TNAC client of the initiator requests access and the TNAC server of the access controller, collectors determine reliability, TMS, at the level of determining the reliability to collect necessary for each other information reliability;
the initialization of the evaluation policy server EPS, administrator, politician, a verifier to determine the reliability, TMV, at the level of determining the reliability to verify the reliability of the platforms initiator requests access and the access controller;
save TPM, TPM, initiator access requests and access controller are necessary to each other information about the reliability of the registers platform configuration, PCR;
the preparation of the TNAC client of the initiator requests access and the TNAC server of the access controller information about the reliability of the platforms needed for access controller and the initiator of the access requests, respectively, with the help collectors assess the reliability, TMS; and
the establishment and distribution of access control policies by the administrator policies, including a policy initiator of the request is offering access to join the network policies and network access control access controller for initiator access.



 

Same patents:

FIELD: information technologies.

SUBSTANCE: method includes paging of a user's terminal, which is registered in an unloaded switchboard of mobile communication, via a wireless access unit after the unloaded switchboard of mobile communication receives a command of the user's terminal upload; detection of receipt of the paging reception confirmation from the user's terminal by the unloaded mobile communication switchboard, and if the confirmation is received, sending a message to notify that the user's terminal is to be uploaded, and then releasing the current signal connection with the user's terminal.

EFFECT: higher speed of the user's terminal upload, as a result of which mobile communication switchboard maintenance is carried out timely.

13 cl, 10 dwg

FIELD: information technologies.

SUBSTANCE: method includes stages, at which the following is carried out: according to the system parameters, which are previously determined by the third object, the first object sends a packet of access authentication request to the second object, then the second object inspects authenticity, whether the signature of the first object is correct, and if yes, the general main key of the second object is calculated; the second object develops a packet of access authentication response and sends it to the first object, then the first object checks authenticity, whether the signature of the access authentication response and the code of message integrity check are correct; if yes, the general main key of the first object is calculated; the first object sends a packet of access authentication confirmation to the second object, the second object inspects authenticity of integrity of the access authentication confirmation packet, if, having passed the authenticity check, the general main key of the first object is matched with the general main key of the second object, access authentication is achieved.

EFFECT: higher reliability of authentication and reduced load at transfer of service signals.

6 cl, 1 dwg

FIELD: information technology.

SUBSTANCE: invention describes methods of sending data traffic and control information in a wireless network. In one configuration, a transmitter (e.g., node B or UE) can perform beam formation for sending data traffic on M layers based on a precoding matrix, where M can greater than or equal to 1. The transmitter can also perform beam formation for sending control information on up to M layers based on the same precoding matrix which was used for data traffic. The transmitter can send data traffic with the formed beam pattern over a first physical channel and can send the control information generated on the beam pattern over a second physical channel. The transmitter can multiplex data traffic with the formed beam pattern and control information with the formed beam pattern using time-division multiplexing (TDM) or frequency-division multiplexing (FDM).

EFFECT: efficient and reliable transmission of control information in order to achieve high throughput.

30 cl, 10 dwg

FIELD: communication.

SUBSTANCE: one of the variants of the realization the calls in multiple service layers can be received by the base station. Calls in the multiple layers may be differentiated on the base of at least one parameter. In one of the variants of realization for the calls in the different layers there are the support of different blocking frequencies, i.e. supporting lower blocking frequencies for the calls in higher layers. In another variant of realization for the call in different layers there can be supported different delays for putting the call into queue, i.e. supporting shorter delays in the queue for higher layers calls.

EFFECT: effective management of the incoming calls.

20 cl, 6 dwg, 3 tbl

FIELD: communication.

SUBSTANCE: method for scheduling resource comprises the following elements: the network element allocates resource for said user equipment for communication; both said user equipment and said network element detect the presence of said silence descriptor packet; the network element determines optimal amount of resource modules to be allocated to said user equipment during data packet transmission period going by the coding speed of abovementioned user equipment, chosen pattern of modulation coding and amount of valid transmissions, network element starts timing, and said user equipment stops using the allocated resource when said silence descriptor packet is detected, when said timing ends or when a request for allocating resource is received from said user equipment before the end of said timing; said network element allocates defined optimal amount of the resource modules of the equipment and said user equipment starts using defined optimal amount of the resource modules, said network element determines the end of the interval for transmitting said silence descriptor packet; and when said user equipment and said network element detect silence descriptor packet, said user equipment stops using defined optimal amount of resource modules while the network element releases defined optimal amount of resource modules.

EFFECT: balance between improved resource use and decreased signaling overload.

18 cl, 6 dwg

FIELD: communication.

SUBSTANCE: transmitter (i.e. node B) sends configuring information that transports the transformation for advertised services of long services identifiers (ID) into short services ID. The transmitter also sends information on planning that transports the transformation of short service ID into radio resources used for planned services in the current period of planning. Short service ID decreases the size of sent information on planning. In another aspect transmitter sends the information that classifies transmitted services and advertised but not transmitted services. Receivers (i.e. UE) can use the information to determine whether to send the request on interested services. In one more aspect the receiver sends configuring information for advertised but not transmitted services. It may, on request from receivers, allow the transmitter start the services faster.

EFFECT: effective support of broadcast group services in the wireless communication system.

18 cl, 19 dwg, 2 tbl

FIELD: communication.

SUBSTANCE: method allows the multitude of devices that control radio resources to exchange information and the information transferred relates to radio resources connected with each devices.

EFFECT: decreased interference from neighbouring or nearest transmitting advanced nodes (eNodeB) and interference in the moments of transfer of control over access terminals from one advanced node to another.

9 cl, 4 dwg

FIELD: communication.

SUBSTANCE: method allows the multitude of devices that control radio resources to exchange information and the information transferred relates to radio resources connected with each devices.

EFFECT: decreased interference from neighbouring or nearest transmitting advanced nodes (eNodeB) and interference in the moments of transfer of control over access terminals from one advanced node to another.

9 cl, 4 dwg

FIELD: communication.

SUBSTANCE: method for receiving emergency broadcast information at a subscriber station includes: periodically waking up to check at least one control channel cycle of a broadcast service; checking the first set of at least one slot of the control channel cycle during the wake-up for unicast information; checking the second set of at least one slot of the control channel cycle during the wake-up for emergency broadcast information, second set of slots being temporary-related to the first set of slots; and reception of the emergency broadcast information if it is present in the second set of slots of the control channel cycle before entering hibernation again.

EFFECT: decreased energy consumption.

25 cl, 18 dwg

FIELD: mobile communications.

SUBSTANCE: method defines whether the relevant User Equipment (UE) exists and whether the subscription data written in the Mobile Management Entity (MME) changes, and on the base of this check the bearer channel is modified or eliminated. The MME comprises a storage unit capable of saving user subscription data, a detection unit capable of defining whether the UE in question still exists after the user subscription data in the storage unit has changed, and a trigger unit capable of starting the modification of elimination of bearer channel on the base of the abovementioned check.

EFFECT: MME and SGSN resources are not wasted on the initiation of independent paging for bearer channel modification if the services are not available to the users.

10 cl, 6 dwg

FIELD: physics; communications.

SUBSTANCE: description is given of a method and device for switching wireless terminal channels. For this, several communication channels with different physical characteristics are supported in the cell of the base station. Each wireless terminal controls several channels and evaluates several channels at the same time, such that, there can be fast switching between channels. Information on the quality of the channel is sent from each wireless terminal to the base station. The wireless terminal or base station selects the channel, based on the evaluated quality of the channel. By supporting several channels and through periodical changes in channels in different implementation alternatives, the time taken before the wireless terminal finds good or suitable channel conditions is minimised, even if the wireless terminal changes position. Several antennae are used at the base station for simultaneous support of several channels, for example, through control of the directional pattern of the antennae.

EFFECT: reduced delays before wireless terminal finds suitable channel conditions.

66 cl, 26 dwg

FIELD: physics; communications.

SUBSTANCE: during different set conditions providing source of sound for company service information as substitutive audio signal for call return, receiver can determine whether source of sound for service information for subscriber or set time interval is provided for. Present invention provides for a method and device for obtaining substitutive repeating audio signal for call return based on choice or successively in accordance with a preset condition.

EFFECT: provision for several substitutive audio signals for call return.

26 cl, 6 dwg

FIELD: physics; communications.

SUBSTANCE: method consists of the following stages: reception of request for channel access from user terminal. Reception of the user terminal can be one of several active user terminals. The transmission cycle duration is determined as a result of reception of a request for channel access. The arrival time of data to the cycle is determined for the user terminal. The arrival time of data to the user terminal is set, so as to designate the channel for the user terminal, starting from the time of arrival of data.

EFFECT: reduced probability of collisions during transfer of data from different users.

31 cl, 8 dwg

FIELD: information technologies.

SUBSTANCE: method for assignment of band channel with adaptive modulation and coding (AMC) to subscriber stations (SS) is realised in wireless communication system, which separates full range of frequencies into multiple subcarrier bands, every of which represents set from previously specified quantity of subranges, every of which represents set of previously specified quantity of adjacent subcarriers. Method comprises the following stages: necessity in use of band channel with AMC is detected; quality of reception is measured in frequency bands; list of frequency bands with high quality of reception is formed; request is sent for assignment of band channel with AMC as well as foresaid list to base station (BS); response is received to mentioned request from BS; in compliance with response, changeover is done in SS in condition of use of band channel with AMC.

EFFECT: creation of flexible system that provides possibility for subscriber stations with proper condition of channel to realise high-speed communication with high throughput.

61 cl, 7 dwg, 3 tbl

FIELD: information technologies.

SUBSTANCE: service center (SZ) for transmission of information content should not know or define number of person who initiates loading, and sole connection (TKV) of communication from communication device (TKG) to service center (SZ) does not require making another communication contact, at that information content is requested in the first communication session (SI1) with the first notice (SN1) about service from service center (SZ), and is delivered from service center (SZ) in the second communication session (SI2) with at least one notice (SN2) about service.

EFFECT: reduction of power inputs and use of hardware resources.

18 cl, 5 dwg

FIELD: information technologies.

SUBSTANCE: system comprises subsystem of all-channel signaling processing, data base subsystem, services processing subsystem and operational maintenance subsystem, at that all subsystems are connected to communication network and accordingly realise information exchange; at that all-channel signaling processing subsystem performs function of OKC-7 processing; data base subsystem is used for storage of user data; services processing subsystem comprises one or more modules for processing of home location register services; operational maintenance subsystem comprises operational maintenance server, services acceptance terminal and close-range terminal of operational maintenance.

EFFECT: provision of possibility to service user of several types of networks via system of home location register.

5 cl, 2 dwg

FIELD: information technologies.

SUBSTANCE: in one version of realisation access network may assign group identifier (group ID) to every of pilot-signals associated with sector, for instance, on the basis of pilot-signals coverage areas, and transmit pilot-signals with appropriate group ID. PN shift may be used as group ID. Access terminal may group accepted pilot-signals in one or more pilot-signals group according to their group ID, and select representative pilot-signals from every group of pilot-signals for transmission of message about pilot-signal level. Access terminal may also use grouping of pilot-signals for efficient control of sets.

EFFECT: provision of efficient and reliable communication systems with multiple carriers.

32 cl, 13 dwg

FIELD: information technologies.

SUBSTANCE: wireless communication network comprises different base stations and subscriber stations. Every base station provides services of broadcasting content transfer to subscriber stations via communication channels of one of the following types: 1) common channel used by multiple subscriber stations, 2) individual channels, every of which is separated for use by separate subscriber station. In response to one or several preset changes of condition, i.e. change of number of subscriber stations that request the program, change of transmission power level used by base station, or in case of other change of network condition, communication channel type used for provisioning of broadcasting content to one or several subscriber stations is switched over.

EFFECT: delivery of broadcasting content with use of errors and individual channels combination, depending on whatever is more preferable in available circumstances.

5 cl, 28 dwg

FIELD: information technologies.

SUBSTANCE: one version of realisation comprises base station, which controls channel of speed indicator, decodes speed indicator channel with application of likelihood maximum decoder and determines availability of packet in speed indicator channel by comparison of probability to threshold, and analyses frame validity in packet-oriented channel on the basis of availability and content of packets accepted in speed indicator channel.

EFFECT: possibility to identify packets in speed indicator channel, high probability of good and bad frames identification in speed indicator channel and corresponding nonperiodical data transfer channel.

43 cl, 5 dwg

FIELD: information technologies.

SUBSTANCE: method and device are provided for provisioning of one or more communication services of point-point set type, such as multimedia service of broadcasting/multicasting (MBMS), to one or more mobile terminals, or subscriber devices (AA). When one or more mobile terminals are moved to new zone of mobile communication system controlled by other network component, after connection to service, information is transmitted between network elements by method.

EFFECT: facilitation of continuous service reception by mobile terminals that moved, preserving network resources and increasing efficiency of mobile communication system.

95 cl, 10 dwg

Up!