专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

21. 发明申请

WO2007142566A1 ACCESS TO SERVICES IN A TELECOMMUNICATIONS NETWORK 审中-公开
标题翻译：访问电信网络中的服务
公开(公告)号：WO2007142566A1
公开(公告)日：2007-12-13
申请号：PCT/SE2006/050189
申请日：2006-06-09
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , BARRIGA, Luis , BLOM, Rolf , NÄSLUND, Mats
发明人： BARRIGA, Luis , BLOM, Rolf , NÄSLUND, Mats
IPC分类号： H04L9/14 , H04L29/06 , H04Q7/38
CPC分类号： H04L65/1016 , H04L9/32 , H04L9/321 , H04L63/0421 , H04L63/062 , H04L63/08 , H04L63/0815 , H04L63/0853 , H04L2209/80 , H04W4/00 , H04W12/02 , H04W12/04 , H04W12/06 , H04W60/00 , H04W74/00 , H04W88/16
摘要： A method and arrangement is disclosed for providing a user, not previously having an individual subscription with a network operator, with credentials for secure access to network services. The arrangement includes a gateway, associated with a subscription for network services, having means for generating and exporting to a user entity personalized user security data derived from security data related to the subscription. !n particular, the derivation of credentials is based on a function that is shared between network and gateway and further conveniently makes use of bootstrapping on keying materia! from the subscription authentication. Pre-registered user identities are assigned trusted users who, thereafter, can download credentials and authenticate for service access. The invention may be implemented at a public place for providing temporary visitors network access whereby trust may exemplary be established by presenting a credit card.
摘要翻译：公开了一种方法和装置，用于提供先前不具有与网络运营商的单独订阅的用户，以及用于安全访问网络服务的凭证。该安排包括与网络服务的订阅相关联的网关，具有用于生成和导出到用户实体的个体化用户安全数据，该安全数据是从与订阅有关的安全数据导出的。特别地，凭证的推导是基于在网络和网关之间共享的功能，并进一步方便地利用键控材料的引导！从订阅认证。预先注册的用户身份被分配给受信任的用户，其后可以下载凭证并进行身份验证以进行服务访问。本发明可以在公共场所实现，以提供临时访问者网络访问，从而通过呈现信用卡可以示范地建立信任。

22. 发明申请

WO2009047113A1 APPARATUS FOR RECONFIGURATION OF A TECHNICAL SYSTEM BASED ON SECURITY ANALYSIS AND A CORRESPONDING TECHNICAL DECISION SUPPORT SYSTEM AND COMPUTER PROGRAM PRODUCT 审中-公开
标题翻译：基于安全分析的技术系统重新配置的设备和相应的技术决策支持系统和计算机程序产品
公开(公告)号：WO2009047113A1
公开(公告)日：2009-04-16
申请号：PCT/EP2008/062667
申请日：2008-09-23
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , NORRMAN, Karl , CEDERBERG, Jonathan , NÄSLUND, Mats
发明人： NORRMAN, Karl , CEDERBERG, Jonathan , NÄSLUND, Mats
IPC分类号： G06F21/00 , G06N5/00 , G06Q10/00
CPC分类号： G06Q10/06 , G06F21/577
摘要： The invention relates to an apparatus for analyzing and reconfiguring a technical system (2) with respect to security, as well as a corresponding decision support system and computer program product. A graph constructor (20) provides, based on technical information about the system (2) received via an input interface (10), a representation of potential attacks in a directed graph of attack nodes. A system/countermeasure analysis unit (30) ranks different sets of countermeasures to enable a selected set of countermeasures to be taken to improve security. The analysis unit (30) performs the following procedure for each set of countermeasures: i) logically apply the set of countermeasures to attacks in the directed graph, and ii) determine a rank of the applied set of countermeasures based on the effectiveness of the countermeasures with respect to the reduction of the risk of attacks. An output and/or control unit (40) may then provide appropriate control signaling and/or effectuate appropriate control actions for reconfiguration of the technical system (2).
摘要翻译：本发明涉及一种用于分析和重新配置关于安全性的技术系统（2）的装置，以及相应的决策支持系统和计算机程序产品。图形构造器（20）基于通过输入接口（10）接收的关于系统（2）的技术信息，提供攻击节点的有向图中的潜在攻击的表示。系统/对策分析单元（30）排列不同的对策组以使得能够采取所选择的一组对策来提高安全性。分析单元（30）对每组对策执行以下过程：i）在有向图中逻辑应用攻击对策，ii）根据对策的有效性确定所应用的一套对策的等级关于减少攻击的风险。然后，输出和/或控制单元（40）可以为技术系统（2）的重新配置提供适当的控制信令和/或实现适当的控制动作。

23. 发明申请

WO2007030043A1 METHOD AND ARRANGEMENT FOR USER FRIENDLY DEVICE AUTHENTICATION 审中-公开
标题翻译：用户友好设备认证的方法和安排
公开(公告)号：WO2007030043A1
公开(公告)日：2007-03-15
申请号：PCT/SE2005/001308
申请日：2005-09-08
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (publ) , BLOM, Rolf , NÄSLUND, Mats , NERBRANT, Per-Olof
发明人： BLOM, Rolf , NÄSLUND, Mats , NERBRANT, Per-Olof
IPC分类号： G06F21/00 , H04L9/32 , G06K9/00
CPC分类号： G06F21/31 , G06F2221/2129 , H04L9/3236 , H04L2209/80
摘要： The present invention relates to fraud prevention and authentication of a device to a user. The method of authenticating a personal device (210) according to the invention comprises a set up sequence (305-310), wherein at least a first preferred output format is selected by the user, and a device configuration verification sequence (315-355). In the device configuration verification sequence a checksum is calculated and converted to a user friendly output format based on the user selected preferred output format. In addition the checksum may be calculated based on variable, and user selectable, keying material. The personal device (210), after being authenticated according to the above, may be used to authenticate a second device (215).
摘要翻译：本发明涉及对用户的设备的防欺诈和认证。根据本发明的认证个人设备（210）的方法包括建立序列（305-310），其中用户选择至少第一优选输出格式和设备配置验证序列（315-355）。在设备配置验证序列中，基于用户选择的优选输出格式，计算校验和并将其转换为用户友好的输出格式。此外，可以基于可变和用户可选择的键控材料来计算校验和。在根据上述认证之后，个人设备（210）可用于认证第二设备（215）。

24. 发明申请

WO2009126083A1 ACCESS THROUGH NON-3GPP ACCESS NETWORKS 审中-公开
标题翻译：通过非3GPP接入网络访问
公开(公告)号：WO2009126083A1
公开(公告)日：2009-10-15
申请号：PCT/SE2008/051261
申请日：2008-11-05
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL) , NÄSLUND, Mats , ARKKO, Jari , BLOM, Rolf , LEHTOVIRTA, Vesa , NORRMAN, Karl , ROMMER, Stefan , SAHLIN, Bengt
发明人： NÄSLUND, Mats , ARKKO, Jari , BLOM, Rolf , LEHTOVIRTA, Vesa , NORRMAN, Karl , ROMMER, Stefan , SAHLIN, Bengt
IPC分类号： H04W12/06 , H04L29/06 , H04W76/02
CPC分类号： H04W12/06 , G06F21/30 , H04L63/0272 , H04L63/08 , H04L63/0892 , H04L63/1433 , H04L63/162 , H04L63/164 , H04L63/20 , H04W60/00 , H04W72/0493
摘要： When setting up communication from a user equipment UE (1), such as for providing IP access for the UE in order to allow it to use some service, information or an indication of at least one network property relatin g to a first network, e.g. the current access networ k (3, 3'), is sent to the UE from a node (13) in a sec ond network such as the home ne twork (5) of the subscriber of the UE. The information or indication can be sent in a first stage of an authentication procedure being part of the setting up of a connection from the UE. In particular, the network property can indicate whether the access networ k (3, 3') is trusted or not.
摘要翻译：当从用户设备UE（1）建立通信时，诸如用于为UE提供IP接入以允许其使用一些服务，信息或至少一个网络属性的指示与第一网络相关的信息，例如，当前接入网（3,3'）从诸如UE的用户的归属网（5）的秒网络中的节点（13）发送到UE。可以在认证过程的第一阶段中发送信息或指示，这是作为来自UE的连接的建立的一部分。特别地，网络属性可以指示访问网络（3,3'）是否被信任。

25. 发明申请

WO2012146282A1 AUTHENTICATING A DEVICE IN A NETWORK 审中-公开
标题翻译：验证网络中的设备
公开(公告)号：WO2012146282A1
公开(公告)日：2012-11-01
申请号：PCT/EP2011/056684
申请日：2011-04-27
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL) , NORRMAN, Karl , BLOM, Rolf , NÄSLUND, Mats
发明人： NORRMAN, Karl , BLOM, Rolf , NÄSLUND, Mats
IPC分类号： H04L29/06 , H04W12/06
CPC分类号： H04L63/08 , H04L63/062 , H04L63/0876 , H04L63/20 , H04W12/04 , H04W12/06
摘要： There is disclosed a system for authentication of a device in a network by establishing a second security context between the device and a serving network node when a first security context has previously been established, assisted by an authentication server, based on a random value and a secret shared between an identity module associated with the device and the authentication server. First re-use information from the establishment of the first security context is stored at the authentication server and at the device, the first re-use information enabling secure generation of the second security context from the random value and the secret. Second re-use information may be generated or stored at the device. A context regeneration request is generated at the device, the context regeneration request authenticated at least partly based on the secret. The context regeneration request is sent to the serving network node. The context regen eration req uest is sent from the servi ng n etwork node to the authentication server. The context regeneration request is verified at the authentication server. The second security context is generated at the authentication server based on at least the secret, the random value, and the first and second re-use information. The second security context is communicated from the authentication server to the serving network node.
摘要翻译：公开了一种用于通过基于随机值和由认证服务器辅助的先前建立第一安全上下文而在设备和服务网络节点之间建立第二安全上下文的网络中的设备认证的系统，在与设备相关联的身份模块和认证服务器之间共享秘密。来自建立第一安全上下文的第一重新使用信息被存储在认证服务器和设备处，第一重用信息使得能够从随机值和秘密安全地生成第二安全上下文。可以在设备上生成或存储第二重用信息。在设备上生成上下文再生请求，上下文再生请求至少部分地基于秘密进行认证。上下文再生请求被发送到服务网络节点。上下文重新发送请求从服务节点发送到认证服务器。认证服务器验证上下文再生请求。至少基于秘密，随机值以及第一和第二再利用信息，在认证服务器产生第二安全上下文。第二安全上下文从认证服务器传送到服务网络节点。

26. 发明申请

WO2012097883A1 METHOD AND APPARATUS FOR AUTHENTICATING A COMMUNICATION DEVICE 审中-公开
标题翻译：用于认证通信设备的方法和装置
公开(公告)号：WO2012097883A1
公开(公告)日：2012-07-26
申请号：PCT/EP2011/062361
申请日：2011-07-19
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL) , BLOM, Rolf , NÄSLUND, Mats , NORRMAN, Karl
发明人： BLOM, Rolf , NÄSLUND, Mats , NORRMAN, Karl
IPC分类号： H04W12/06 , H04L29/06
CPC分类号： H04L63/08 , H04L9/0833 , H04L9/321 , H04L9/3271 , H04L63/104 , H04L63/107 , H04L2209/80 , H04W4/70 , H04W12/06
摘要： According to an aspect of the present invention there is provided a method of operating a communication device, the communication device being part of a group comprising two or more communication devices that share a subscription to a communication network. The method comprises receiving a group authentication challenge from the network, at least part of the group authentication challenge having been generated using group authentication information that is associated with the shared subscription. The device then generates a device specific response to the group authentication challenge using the group authentication information and device specific authentication information and sends the device specific response to the network. The device is for example a member of a machine-type communication device group.
摘要翻译：根据本发明的一个方面，提供了一种操作通信设备的方法，所述通信设备是包括共享对通信网络的订阅的两个或更多个通信设备的组的一部分。该方法包括从网络接收组认证挑战，使用与共享订阅相关联的组认证信息已经生成了组认证挑战的至少一部分。然后，该设备使用组认证信息和设备特定认证信息生成对组认证挑战的设备特定响应，并将设备特定响应发送到网络。该设备例如是机器型通信设备组的成员。

27. 发明申请

WO2010071529A1 METHOD AND ARRANGEMENT FOR CREATION OF ASSOCIATION BETWEEN A USER EQUIPMENT AND AN ACCESS POINT 审中-公开
标题翻译：创建用户设备与访问点之间的关联的方法和装置
公开(公告)号：WO2010071529A1
公开(公告)日：2010-06-24
申请号：PCT/SE2008/051536
申请日：2008-12-19
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL) , SELANDER, Göran , VIKBERG, Jari , NORRMAN, Karl , BLOM, Rolf , NÄSLUND, Mats
发明人： SELANDER, Göran , VIKBERG, Jari , NORRMAN, Karl , BLOM, Rolf , NÄSLUND, Mats
IPC分类号： H04W48/20 , H04W48/02 , H04W60/00
CPC分类号： H04W12/08 , H04L63/101 , H04W84/045
摘要： A method and a computer program for creating, an association between a first user equipment and at least one access point assisted by a registration server in a telecommunication network. The method further including at least one communication device for communication between the first user equipment and the registration server. The method comprising the registration server responding to a first contact request carried out using a first association number for the access point, provided by the first user equipment; receiving a first association request for the association with the access point, provided by the first user equipment; authorizing the first association request based on a first authorization information provided by the first user equipment; registering the association between the first user equipment and the access point in case of a first successful authorization; whereby the first user equipment becomes an associated first user equipment associated with the access point, where the association is being administered by the registration server. Further the registration server comprises a registration server database, and a processor unit.
摘要翻译：一种用于在电信网络中创建由注册服务器辅助的第一用户设备和至少一个接入点之间的关联的方法和计算机程序。该方法还包括用于在第一用户设备和注册服务器之间进行通信的至少一个通信设备。所述方法包括：所述注册服务器响应于由所述第一用户设备提供的使用所述接入点的第一关联号码执行的第一联系请求; 由所述第一用户设备接收与所述接入点的关联的第一关联请求; 基于由所述第一用户设备提供的第一授权信息来授权所述第一关联请求; 在第一次成功授权的情况下注册第一用户设备和接入点之间的关联; 由此第一用户设备成为与接入点相关联的相关联的第一用户设备，其中由注册服务器管理该关联。此外，注册服务器包括注册服务器数据库和处理器单元。

28. 发明申请

WO2010053416A1 METHOD AND APPARATUS FOR FORWARDING DATA PACKETS USING AGGREGATING ROUTER KEYS 审中-公开
标题翻译：使用聚集路由器进行数据包的方法和装置
公开(公告)号：WO2010053416A1
公开(公告)日：2010-05-14
申请号：PCT/SE2008/051281
申请日：2008-11-07
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (publ) , CSÁSZÁR, András , MAGNUSSON, Lars G , NÄSLUND, Mats , WESTBERG, Lars
发明人： CSÁSZÁR, András , MAGNUSSON, Lars G , NÄSLUND, Mats , WESTBERG, Lars
IPC分类号： H04L12/56
CPC分类号： H04L45/00 , H04L63/0227
摘要： Method and apparatus for supporting the forwarding of received data packets in a router (402,702) of a packet- switched network. A forwarding table (706a) is configured in the router based on aggregating router keys and associated aggregation related instructions received from a key manager (400,700). Each aggregating router key represents a set of destinations. When a data packet (P) is received comprising an ingress tag derived from a sender key or router key, the ingress tag is matched with entries in the forwarding table. An outgoing port is selected for the packet according to a found matching table entry that further comprises an associated aggregation related instruction. An egress tag is then created according to the aggregation related instruction, and the packet with the created egress tag attached is sent from the selected outgoing port to a next hop router.
摘要翻译：用于支持在分组交换网络的路由器（402,702）中转发所接收的数据分组的方法和装置。基于从密钥管理器（400,700）接收的聚合路由器密钥和相关联的聚合相关指令，在路由器中配置转发表（706a）。每个聚合路由器密钥代表一组目的地。当接收到包含从发送方密钥或路由器密钥导出的入口标签的数据分组（P）时，入口标签与转发表中的条目匹配。根据发现的匹配表条目，为分组选择输出端口，进一步包括相关联的聚合相关指令。然后根据聚合相关指令创建出口标签，并将附加了创建的出口标签的数据包从所选出口端口发送到下一跳路由器。

29. 发明申请

WO2009065923A2 METHOD AND APPARATUS FOR USE IN A COMMUNICATIONS NETWORK 审中-公开
标题翻译：在通信网络中使用的方法和装置
公开(公告)号：WO2009065923A2
公开(公告)日：2009-05-28
申请号：PCT/EP2008/065967
申请日：2008-11-21
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , HADDAD, Wassim , NÄSLUND, Mats
发明人： HADDAD, Wassim , NÄSLUND, Mats
IPC分类号： H04W12/04 , H04W80/04
CPC分类号： H04W12/04 , H04L9/3239 , H04L63/0823 , H04L2209/80 , H04L2463/081 , H04W8/082 , H04W12/06 , H04W80/04 , H04W88/02 , H04W88/182
摘要： A method and apparatus for establishing a cryptographic relationship between a first node and a second node in a communications network. The first node receives at least part of a cryptographic attribute of the second node, uses the received at least part of the cryptographic attribute to generate an identifier for the first node. The cryptographic attribute may a public key belonging to the second node, and the identifier may be a Cryptographically Generated IP address. The cryptographic relationship allows the second node to establish with a third node that it is entitled to act on behalf of the first node.
摘要翻译：一种在通信网络中建立第一节点和第二节点之间的密码关系的方法和装置。第一节点接收第二节点的加密属性的至少一部分，使用所接收的至少部分密码属性来生成第一节点的标识符。加密属性可以是属于第二节点的公共密钥，并且该标识符可以是加密生成的IP地址。加密关系允许第二节点与第三节点建立它有权代表第一节点行动。

30. 发明申请

WO2008115126A2 PREFIX REACHABILITY DETECTION IN A COMMUNICATION 审中-公开
标题翻译：通信中的前缀可访问性检测
公开(公告)号：WO2008115126A2
公开(公告)日：2008-09-25
申请号：PCT/SE2008/050209
申请日：2008-02-26
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , HADDAD, Wassim , NÄSLUND, Mats
发明人： HADDAD, Wassim , NÄSLUND, Mats
IPC分类号： H04L29/06 , G06F21/00
CPC分类号： H04L63/1416 , H04L9/30 , H04L63/061 , H04L63/123 , H04L63/1466 , H04L2209/24
摘要： There is disclosed a method, and a communication system, and a communication node for implementing the claimed method, for attempting to enhance legitimacy assessment and thwart a man-in-the middle or similar false-location attack by evaluating the topology of a communication-session requesting node relative to the proposed communication path through a network between the requesting node and the requested node. Upon receiving the request,a PRD (Prefix Reachability Detection) protocol is initiated, either after or during a secure key exchange, if any, which if performed preferably includes an ART (address reachability text). The PRD is executed by sending a message to the communication node challenging the location-authenticity of the requesting device. The communication node, which may be for example an access router through which the requesting node accesses the network, determines if the requesting node is positioned behind the communication node topologically, and reports the result to the requested node. The requested node may then make a decision on whether to permit the communication. If so, the PRD may be repeated one or more times while the communication session is in progress.
摘要翻译：公开了一种用于实现所要求保护的方法的方法，通信系统和通信节点，用于通过评估通信的拓扑来尝试增强合法性评估并阻止中间或类似的假位置攻击中的人员，会话请求节点相对于所提出的通信路径通过请求节点和请求节点之间的网络。在接收到请求后，在安全密钥交换之后或期间，如果执行了PRD（前缀可达性检测）协议，如果执行的话，优先包括ART（地址可达性文本）。通过向通信节点发送消息来执行请求设备的位置真实性来执行PRD。通信节点，其可以是例如请求节点访问网络的接入路由器，确定请求节点是否在拓扑结构中位于通信节点后面，并将结果报告给所请求的节点。所请求的节点然后可以决定是否允许通信。如果是，则通信会话正在进行时，PRD可以重复一次或多次。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式