专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

11. 发明申请

WO2010104435A1 SETUP AND CONFIGURATION OF RELAY NODES 审中-公开
标题翻译：继电器的设置和配置
公开(公告)号：WO2010104435A1
公开(公告)日：2010-09-16
申请号：PCT/SE2009/050569
申请日：2009-05-20
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL) , RÁCZ, András , SELANDER, Göran , NÄSLUND, Mats , BARRIGA, Luis , LINDSTRÖM, Magnus , MILDH, Gunnar , JOHANSSON, Niklas
发明人： RÁCZ, András , SELANDER, Göran , NÄSLUND, Mats , BARRIGA, Luis , LINDSTRÖM, Magnus , MILDH, Gunnar , JOHANSSON, Niklas
IPC分类号： H04W12/06
CPC分类号： H04W12/06 , H04B7/15557 , H04L63/0838 , H04W8/205 , H04W24/02 , H04W84/047
摘要： Systems and methods for the configuration of network nodes without a secured connection in a telecommunications system are described herein. These network nodes can be wireless network nodes which are part of the network infrastructure, such as, wireless relays, wireless repeaters and self-backhauled eNodeBs.
摘要翻译：这里描述了用于在电信系统中配置没有安全连接的网络节点的系统和方法。这些网络节点可以是作为网络基础设施的一部分的无线网络节点，诸如无线中继，无线中继器和自回程的eNodeB。

12. 发明申请

WO2011081588A1 METHOD AND APPARATUS FOR SECURE ROUTING OF DATA PACKETS 审中-公开
标题翻译：数据包安全路由的方法和装置
公开(公告)号：WO2011081588A1
公开(公告)日：2011-07-07
申请号：PCT/SE2010/050001
申请日：2010-01-04
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL) , NÄSLUND, Mats , NORRMAN, Karl , YLITALO, Jukka , NIKANDER, Pekka
发明人： NÄSLUND, Mats , NORRMAN, Karl , YLITALO, Jukka , NIKANDER, Pekka
IPC分类号： H04L12/56
CPC分类号： H04L45/00 , H04L63/04 , H04L63/06
摘要： Methods and arrangements for supporting a forwarding process in routers (R1-R3) when routing data packets through a packet-switched network, by employing hierarchical parameters in which the hops of a predetermined transmission path between a sender (A) and a receiver are encoded. A name server (300) generates and distributes router-associated keys (K, K1-K3) to routers in the network which keys are used for computing the hierarchical parameters.
摘要翻译：在路由器（R1-R3）中通过分组交换网络路由数据分组时支持转发过程的方法和装置，通过采用其中编码发送器（A）和接收机之间的预定传输路径的跳数的分层参数。名称服务器（300）生成并将路由器相关密钥（K，K1-K3）分发给网络中用于计算层次参数的密钥的路由器。

13. 发明申请

WO2013117243A1 LAWFUL INTERCEPTION OF ENCRYPTED COMMUNICATIONS 审中-公开
标题翻译：严格界定加密通信
公开(公告)号：WO2013117243A1
公开(公告)日：2013-08-15
申请号：PCT/EP2012/057788
申请日：2012-04-27
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL) , NÄSLUND, Mats , IOVIENO, Maurizio , NORRMAN, Karl
发明人： NÄSLUND, Mats , IOVIENO, Maurizio , NORRMAN, Karl
IPC分类号： H04L29/06
CPC分类号： H04L63/0807 , H04L9/3213 , H04L63/0428 , H04L63/062 , H04L63/306
摘要： A method and apparatus for providing access to an encrypted communication between a sending node and a receiving node to a Law Enforcement Agency (LEA). A Key Management Server (KMS) function stores cryptographic information used to encrypt the communication at a database. The cryptographic information is associated with an identifier used to identify the encrypted communication between the sending node and the receiving node. The KMS receives a request for Lawful Interception, the request including an identity of a Lawful Interception target. The KMS uses the target identity to determine the identifier, and retrieves the cryptographic information associated with the identifier from the database. The cryptographic information can be used to decrypt the encrypted communication. The KMS then sends either information derived from the cryptographic information or a decrypted communication towards the LEA. This allows the LEA to obtain a decrypted version of the communication.
摘要翻译：一种用于向执法机构（LEA）提供对发送节点和接收节点之间的加密通信的访问的方法和装置。密钥管理服务器（KMS）功能存储用于加密数据库中的通信的加密信息。加密信息与用于识别发送节点和接收节点之间的加密通信的标识符相关联。 KMS收到合法侦听请求，该请求包括合法拦截目标的身份。 KMS使用目标身份确定标识符，并从数据库检索与标识符相关联的加密信息。加密信息可用于解密加密通信。然后，KMS将从加密信息或解密的通信导出的信息发送给LEA。这允许LEA获得通信的解密版本。

14. 发明申请

WO2011113873A1 ENHANCED KEY MANAGEMENT FOR SRNS RELOCATION 审中-公开
标题翻译：加强SRNS重点管理
公开(公告)号：WO2011113873A1
公开(公告)日：2011-09-22
申请号：PCT/EP2011/053999
申请日：2011-03-16
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL) , NORRMAN, Karl , HEDBERG, Tomas , NÄSLUND, Mats
发明人： NORRMAN, Karl , HEDBERG, Tomas , NÄSLUND, Mats
IPC分类号： H04W12/04 , H04W36/00
CPC分类号： H04L9/08 , H04L63/06 , H04W12/04 , H04W12/08 , H04W36/0038 , H04W36/12
摘要： A method comprises maintaining, in a first node serving a mobile terminal over a connection protected by at least one first key, said first key and information about the key management capabilities of the mobile terminal. Upon relocation of the mobile terminal to a second node the method includes: if, and only if, said key management capabilities indicate an enhanced key management capability supported by the mobile terminal, modifying, by said first node, the first key, thereby creating a second key, sending, from the first node to the second node, the second key, and transmitting to the second node the information about the key management capabilities of the mobile terminal.
摘要翻译：一种方法包括在通过由至少一个第一密钥保护的连接上为移动终端服务的第一节点中保留所述第一密钥和关于移动终端的密钥管理能力的信息。在将移动终端重定位到第二节点时，该方法包括：如果并且仅当所述密钥管理能力指示由移动终端支持的增强密钥管理能力时，由所述第一节点修改第一密钥，从而创建第二密钥，从第一节点向第二节点发送第二密钥，并向第二节点发送关于移动终端的密钥管理能力的信息。

15. 发明申请

WO2011099904A1 TRUST DISCOVERY IN A COMMUNICATIONS NETWORK 审中-公开
标题翻译：通信网络中的信任发现
公开(公告)号：WO2011099904A1
公开(公告)日：2011-08-18
申请号：PCT/SE2010/050167
申请日：2010-02-12
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL) , HADDAD, Wassim , BLOM, Rolf , NÄSLUND, Mats
发明人： HADDAD, Wassim , BLOM, Rolf , NÄSLUND, Mats
IPC分类号： H04L29/06 , H04W12/06
CPC分类号： H04W12/06 , H04L63/08 , H04L63/0823
摘要： A method and apparatus to establish trust between two nodes in a communications network. A first node receives from a network node authentication data unique to the first node, which can be used to derive a compact representation of verification data for the first node. The first node also receives a certified compact representation of verification data of all nodes in the network. The first node derives trust information from the authentication data for the node, and sends to a second node a message that includes the trust information and part of the authentication data. The second node has its own copy of the certified compact representation of verification data of all nodes in the network, and verifies the authenticity of the message from the first node using the compact representation of verification data of all nodes in the network and the received trust information and authentication data.
摘要翻译：一种在通信网络中的两个节点之间建立信任的方法和装置。第一节点从网络节点接收对第一节点唯一的认证数据，其可以用于导出用于第一节点的验证数据的紧凑表示。第一个节点还接收到网络中所有节点的验证数据的认证紧凑表示。第一节点从节点的认证数据中导出信任信息，并向第二节点发送包含信任信息和认证数据的一部分的消息。第二节点具有网络中所有节点的验证数据的经认证的紧凑表示的副本，并使用网络中所有节点的验证数据的紧密表示和接收到的信任来验证来自第一节点的消息的真实性信息和认证数据。

16. 发明申请

WO2010099823A1 IP MULTIMEDIA SECURITY 审中-公开
标题翻译： IP多媒体安全
公开(公告)号：WO2010099823A1
公开(公告)日：2010-09-10
申请号：PCT/EP2009/052560
申请日：2009-03-04
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , NÄSLUND, Mats , BLOM, Rolf , CHENG, Yi , LINDHOLM, Fredrik , NORRMAN, Karl
发明人： NÄSLUND, Mats , BLOM, Rolf , CHENG, Yi , LINDHOLM, Fredrik , NORRMAN, Karl
IPC分类号： H04L29/06 , H04W12/04
CPC分类号： H04L63/06 , H04L9/0844 , H04L2209/80 , H04W12/04
摘要： A method of establishing keys for at least partially securing media plane data exchanged between first and second end users via respective first and second media plane network nodes. The method comprises sending session set-up signalling from said first end point towards said second end point, said session set-up signalling including a session key generated by said first end point. The set-up signalling is intercepted at a first signalling plane network node and a determination made as to whether or not a signalling plane key has already been established for securing the signalling plane between said first end point and said first signalling plane network node. If a signalling plane key has already been established, then a media plane key is derived from that signalling plane key, and the media plane key sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node. If a signalling plane key has not already been established, then an alternative media plane key is derived from said session key and sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node.
摘要翻译：一种建立用于经由相应的第一和第二媒体平面网络节点至少部分地保护在第一和第二终端用户之间交换的媒体平面数据的密钥的方法。该方法包括从所述第一端点向所述第二端点发送会话建立信令，所述会话建立信令包括由所述第一端点产生的会话密钥。建立信令在第一信令平面网络节点被拦截，并且确定信令平面密钥是否已被建立用于在所述第一终端和所述第一信令平面网络节点之间保护信令平面。如果已经建立了信令平面密钥，则从该信令平面密钥导出媒体平面密钥，并且将媒体平面密钥发送到所述第一媒体平面网络节点，以将介质平面固定在所述第一终端用户和所述第一媒体之间平面网络节点。如果还没有建立信令平面密钥，则从所述会话密钥导出替代媒体平面密钥，并将其发送到所述第一媒体平面网络节点，以便在所述第一终端用户和所述第一媒体平面网络节点之间保护媒体平面。

17. 发明申请

WO2009070075A1 KEY MANAGEMENT FOR SECURE COMMUNICATION 审中-公开
标题翻译：安全通信的关键管理
公开(公告)号：WO2009070075A1
公开(公告)日：2009-06-04
申请号：PCT/SE2007/050927
申请日：2007-11-30
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , BLOM, Rolf , CHENG, Yi , LINDHOLM, Fredrik , MATTSSON, John , NÄSLUND, Mats , NORRMAN, Karl
发明人： BLOM, Rolf , CHENG, Yi , LINDHOLM, Fredrik , MATTSSON, John , NÄSLUND, Mats , NORRMAN, Karl
IPC分类号： H04L9/08
CPC分类号： H04L9/0838 , H04L9/083 , H04L9/0861 , H04L63/061 , H04L63/062 , H04L63/0884 , H04L65/1016
摘要： A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary.
摘要翻译：公开了一种用于管理用于通信网络中的第一和第二用户设备之间的安全通信的会话密钥的方法和装置。该方法的特征在于独立于每个用户设备为安全操作实现什么类型的凭证。第一用户从第一密钥管理服务器接收密钥信息和凭证并生成第一会话密钥。该凭证被转发到至少一个响应用户设备，在来自与第一密钥管理服务器通信的第二密钥管理服务器的支持下，解决凭证并确定第二会话密钥。此后，第一和第二会话密钥用于安全通信。在一个实施例中，通信遍及中间体，由此第一和第二会话密钥保护与相应的腿到中间的通信。

18. 发明申请

WO2005078988A1 KEY MANAGEMENT FOR NETWORK ELEMENTS 审中-公开
标题翻译：网络元素的关键管理
公开(公告)号：WO2005078988A1
公开(公告)日：2005-08-25
申请号：PCT/SE2004/000179
申请日：2004-02-11
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , BLOM, Rolf , NÄSLUND, Mats , CARRARA, Elisabetta , LINDHOLM, Fredrik , NORRMAN, Karl
发明人： BLOM, Rolf , NÄSLUND, Mats , CARRARA, Elisabetta , LINDHOLM, Fredrik , NORRMAN, Karl
IPC分类号： H04L9/00
CPC分类号： H04L9/0844 , H04L9/0891 , H04L2209/80
摘要： The invention provides an establishment of a secret session key shared Between two network elements (NEa, NEb) belonging to different network domains (NDa, NDb). A first network element (NEa) of a first network domain (NDa) requests security parameters from an associated key management center (KMC) (AAAa). Upon reception of the request, the KMC (AAAa) generates a freshness token (FRESH) and calculates the session key (K) based on this token (FRESH) and a master key (KAB) shared with a second network domain (NDb). The security parameters are (securely) provided to the network element (NEa), which extracts the session key (K) and forwards the freshness token (FRESH) to the KMC (AAAb) of the second domain (NDb) through a second network element (NEb). Based on the token (FRESH) and the shared master key (KAB), the KMC (AAAb) generates a copy of the session key (K), which is (securely) provided to the second network element (NEb). The two network elements (NEa, NEb) now have shares the session key (K), enabling them to securely communicate with each other.
摘要翻译：本发明提供了属于不同网络域（NDa，NDb）的两个网元（NEa，NEb）之间共享的秘密会话密钥的建立。第一网络域（NDa）的第一网元（NEa）从相关联的密钥管理中心（AAAa）请求安全参数。在接收到请求时，KMC（AAAa）生成新鲜令牌（FRESH），并且基于该令牌（FRESH）和与第二网络域（NDb）共享的主密钥（KAB）来计算会话密钥（K）。安全参数（安全地）被提供给提取会话密钥（K）的网元（NEa），并通过第二网络元件将新鲜度令牌（FRESH）转发到第二域（NDb）的KMC（AAAb）（鼻）。基于令牌（FRESH）和共享主密钥（KAB），KMC（AAAb）生成（安全地）提供给第二网元（NEb）的会话密钥（K）的副本。两个网元（NEa，NEb）现在已经共享了会话密钥（K），使得它们能够彼此安全地通信。

19. 发明申请

WO2008048179A2 CRYPTOGRAPHIC KEY MANAGEMENT IN COMMUNICATION NETWORKS 审中-公开
标题翻译：通信网络中的密码密钥管理
公开(公告)号：WO2008048179A2
公开(公告)日：2008-04-24
申请号：PCT/SE2007/050734
申请日：2007-10-11
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , BLOM, Rolf , NÄSLUND, Mats , NORRMAN, Karl
发明人： BLOM, Rolf , NÄSLUND, Mats , NORRMAN, Karl
IPC分类号： H04L9/08
CPC分类号： H04L9/321 , H04L63/062 , H04L63/08 , H04L2209/80 , H04L2463/061 , H04W12/04 , H04W12/06 , H04W36/0038
摘要： An authentication server and a system and method for managing cryptographic keys across different combinations of user terminals, access networks, and core networks. A Transformation Coder Entity, TCE, (25) creates a master key, Mk, which is used to derive keys during the authentication procedure. During handover between the different access types, the Mk or a transformed Mk is passed between two authenticator nodes (42, 43, 44) that hold the key in the respective access networks when a User Equipment, UE, terminal (41, 51, 52, 53) changes access. The transformation of the Mk is performed via a one-way function, and has the effect that if the Mk is somehow compromised, it is not possible to automatically obtain access to previously used master keys. The transformation is performed based on the type of authenticator node and type of UE/identity module with which the transformed key is to be utilized. The Mk is never used directly, but is only used to derive the keys that are directly used to protect the access link.
摘要翻译：
一种认证服务器以及一种用于管理用户终端，接入网络和核心网络的不同组合上的密钥的系统和方法。转换编码器实体TCE（25）创建主密钥Mk，该密钥用于在认证过程中导出密钥。在不同接入类型之间的切换期间，当用户设备UE终端（41,51,52）在两个认证者节点（42,43,44）之间传递Mk或变换后的Mk时，，53）改变访问权限。 Mk的变换通过单向函数执行，并且具有如果Mk以某种方式被破坏的效果，则不可能自动获得对以前使用的主密钥的访问。该转换基于认证器节点的类型以及将要使用变换的密钥的UE /身份模块的类型来执行。 Mk从不直接使用，但仅用于派生直接用于保护访问链接的密钥。

20. 发明申请

WO2010031600A1 KEY MANAGEMENT IN A COMMUNICATION NETWORK 审中-公开
标题翻译：通信网络中的主要管理
公开(公告)号：WO2010031600A1
公开(公告)日：2010-03-25
申请号：PCT/EP2009/052967
申请日：2009-03-13
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , BLOM, Rolf , NÄSLUND, Mats , NORRMAN, Karl , LINDHOLM, Fredrik
发明人： BLOM, Rolf , NÄSLUND, Mats , NORRMAN, Karl , LINDHOLM, Fredrik
IPC分类号： H04L29/06 , H04L9/08
CPC分类号： H04L63/0869 , H04L9/0819 , H04L9/083 , H04L9/3213 , H04L63/0428 , H04L63/06 , H04L63/08
摘要： A method and apparatus for key management in a communication network. A Key Management Server (KMS) receives from a first device a request for a token associated with a user identity, the user identity being associated with a second device. The KMS then sends the requested token and a user key associated with the user to the first device. The KMS subsequently receives the token from the second device. A second device key is generated using the user key and a modifying parameter associated with the second device. The modifying parameter is available to the first device for generating the second device key. The second device key is then sent from the KMS to the second device. The second device key can be used by the second device to authenticate itself to the first device, or for the first device to secure communications to the second device.
摘要翻译：一种用于通信网络中密钥管理的方法和装置。密钥管理服务器（KMS）从第一设备接收与用户身份相关联的令牌的请求，所述用户身份与第二设备相关联。然后，KMS将所请求的令牌和与用户相关联的用户密钥发送到第一设备。 KMS随后从第二个设备接收令牌。使用用户密钥和与第二设备相关联的修改参数来生成第二设备密钥。修改参数可用于第一设备用于生成第二设备密钥。然后，第二个设备密钥从KMS发送到第二个设备。第二设备密钥可以由第二设备用于向第一设备或第一设备认证自身以确保与第二设备的通信。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式