专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US09178696B2 Key management for secure communication 有权
标题翻译：安全通信的密钥管理
公开(公告)号：US09178696B2
公开(公告)日：2015-11-03
申请号：US12744986
申请日：2007-11-30
申请人： Rolf Blom , Yi Cheng , Fredrik Lindholm , John Mattsson , Mats Naslund , Karl Norrman
发明人： Rolf Blom , Yi Cheng , Fredrik Lindholm , John Mattsson , Mats Naslund , Karl Norrman
IPC分类号： H04L9/08 , H04L29/06
CPC分类号： H04L9/0838 , H04L9/083 , H04L9/0861 , H04L63/061 , H04L63/062 , H04L63/0884 , H04L65/1016
摘要： A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary.
摘要翻译：公开了一种用于管理用于通信网络中的第一和第二用户设备之间的安全通信的会话密钥的方法和装置。该方法的特征在于独立于每个用户设备为安全操作实现什么类型的凭证。第一用户从第一密钥管理服务器接收密钥信息和凭证并生成第一会话密钥。该凭证被转发到至少一个响应用户设备，在来自与第一密钥管理服务器通信的第二密钥管理服务器的支持下，解决凭证并确定第二会话密钥。此后，第一和第二会话密钥用于安全通信。在一个实施例中，通信遍及中间体，由此第一和第二会话密钥保护与相应的腿到中间的通信。

2. 发明申请

US20120254997A1 METHODS AND APPARATUSES FOR AVOIDING DAMAGE IN NETWORK ATTACKS 有权
标题翻译：避免网络攻击造成的损害的方法和设备
公开(公告)号：US20120254997A1
公开(公告)日：2012-10-04
申请号：US13177385
申请日：2011-07-06
申请人： Karl Norrman , John Mattsson , Vesa Petteri Lehtovirta , Oscar Ohlsson
发明人： Karl Norrman , John Mattsson , Vesa Petteri Lehtovirta , Oscar Ohlsson
IPC分类号： G06F12/14
CPC分类号： H04L63/14 , H04L63/1466 , H04L63/168 , H04L67/02 , H04L67/14 , H04L2463/061 , H04W12/04
摘要： Methods and apparatuses in a client terminal (400) and a web server (402) for enabling safe communication between said terminal and server. When the terminal obtains a web page from the server in a session, the terminal creates a context-specific key, Ks_NAF′, based on one or more context parameters, P1, . . . Pn, pertaining to said session and/or web page. The terminal then indicates the context-specific key in a login request to the server, and the server determines a context-specific key, Ks_NAF′, in the same manner to verify the client if the context-specific key determined in the web server matches the context-specific key received from the client terminal. The context-specific key is thus bound to and valid for the present context or session only and cannot be used in other contexts or sessions.
摘要翻译：客户终端（400）和网络服务器（402）中的方法和装置，用于使所述终端和服务器之间能够进行安全通信。当终端在会话中从服务器获得网页时，终端基于一个或多个上下文参数P1创建上下文特定密钥Ks_NAF'。。。 Pn，涉及所述会话和/或网页。终端然后在向服务器的登录请求中指示上下文特定密钥，并且服务器以相同的方式确定上下文特定密钥Ks_NAF'，以验证客户端，如果在web服务器中确定的上下文特定密钥匹配从客户终端接收到的上下文相关密钥。因此，上下文特定的密钥被绑定到并且仅对于当前上下文或会话有效，并且不能在其他上下文或会话中使用。

3. 发明授权

US08990563B2 Sending protected data in a communication network 有权
标题翻译：在通信网络中发送受保护的数据
公开(公告)号：US08990563B2
公开(公告)日：2015-03-24
申请号：US13155822
申请日：2011-06-08
申请人： Rolf Blom , John Mattsson , Oscar Ohlsson
发明人： Rolf Blom , John Mattsson , Oscar Ohlsson
IPC分类号： H04L9/32 , H04L29/06 , H04L9/08 , H04W12/04 , H04W12/06
CPC分类号： H04L63/062 , H04L9/0827 , H04L9/083 , H04L9/3213 , H04L63/0807 , H04W12/04 , H04W12/06
摘要： A method and apparatus for sending protected data from a sender unit to a receiver unit via an intermediate unit. A Transfer Init message that contains a ticket associated with the receiver unit is sent from the intermediate unit to the sender unit. The intermediate unit then receives a transfer response message from the sender unit, and also data which has been protected using at least one security key associated with the ticket and obtained from a Key Management Server. A message is sent to the receiver unit, the message including information required for security processing of the protected data. The protected data is then sent to the receiver unit, allowing the receiver unit to access the protected data.
摘要翻译：一种用于经由中间单元将保护的数据从发送器单元发送到接收器单元的方法和装置。包含与接收器单元相关联的票据的传送初始化消息从中间单元发送到发送器单元。中间单元然后从发送者单元接收传输响应消息，以及使用至少一个与该票相关联并从密钥管理服务器获得的安全密钥进行保护的数据。将消息发送到接收器单元，该消息包括对受保护数据进行安全处理所需的信息。然后将受保护的数据发送到接收器单元，允许接收器单元访问受保护的数据。

4. 发明授权

US08966105B2 Sending secure media streams 有权
标题翻译：发送安全媒体流
公开(公告)号：US08966105B2
公开(公告)日：2015-02-24
申请号：US12999178
申请日：2009-02-20
申请人： Rolf Blom , Yi Cheng , John Mattsson , Mats Nåslund , Karl Norrman
发明人： Rolf Blom , Yi Cheng , John Mattsson , Mats Nåslund , Karl Norrman
IPC分类号： G06F15/16 , H04L29/06
CPC分类号： H04L65/605 , H04L63/0428 , H04L65/608
摘要： A method and apparatus for sending a first secured media stream having a payload via an intermediate node. The intermediate node receives from a sender the first secured media stream. An end-to-end context identifier and a hop-by-hop context identifier are determined for the first secured media stream, where the hop-by-hop context identifier relates to the intermediate node and the end-to-end identifier relates to the sender. A second secured media stream is generated, which includes at least the payload of the first secured media stream and the context identifiers to identify the first secured media stream. The second secured media stream is sent to a receiving node, and the context identifiers are also sent to the receiving node. The context identifiers are usable by the receiving node to recover the first secured media stream.
摘要翻译：一种用于经由中间节点发送具有有效载荷的第一安全媒体流的方法和装置。中间节点从发送器接收第一安全媒体流。针对第一安全媒体流确定端到端上下文标识符和逐跳上下文标识符，其中逐跳上下文标识符与中间节点相关，并且端到端标识符与发件人。生成第二安全媒体流，其包括至少第一安全媒体流的有效载荷和上下文标识符以识别第一安全媒体流。第二安全媒体流被发送到接收节点，并且上下文标识符也被发送到接收节点。上下文标识符可由接收节点使用以恢复第一安全媒体流。

5. 发明申请

US20110093609A1 Sending Secure Media Streams 有权
标题翻译：发送安全媒体流
公开(公告)号：US20110093609A1
公开(公告)日：2011-04-21
申请号：US12999178
申请日：2009-02-20
申请人： Rolf Blom , Yi Cheng , John Mattsson , Mats Näslund , Karl Norrman
发明人： Rolf Blom , Yi Cheng , John Mattsson , Mats Näslund , Karl Norrman
IPC分类号： G06F15/16
CPC分类号： H04L65/605 , H04L63/0428 , H04L65/608
摘要： A method and apparatus for sending a first secured media stream having a payload via an intermediate node. The intermediate node receives from a sender the first secured media stream. An end-to-end context identifier and a hop-by-hop context identifier are determined for the first secured media stream, where the hop-by-hop context identifier relates to the intermediate node and the end-to-end identifier relates to the sender. A second secured media stream is generated, which includes at least the payload of the first secured media stream and the context identifiers to identify the first secured media stream. The second secured media stream is sent to a receiving node, and the context identifiers are also sent to the receiving node. The context identifiers are usable by the receiving node to recover the first secured media stream.
摘要翻译：一种用于经由中间节点发送具有有效载荷的第一安全媒体流的方法和装置。中间节点从发送器接收第一安全媒体流。针对第一安全媒体流确定端到端上下文标识符和逐跳上下文标识符，其中逐跳上下文标识符与中间节点相关，并且端到端标识符与发件人。生成第二安全媒体流，其包括至少第一安全媒体流的有效载荷和上下文标识符以识别第一安全媒体流。第二安全媒体流被发送到接收节点，并且上下文标识符也被发送到接收节点。上下文标识符可由接收节点使用以恢复第一安全媒体流。

6. 发明授权

US09467433B2 Authentication of warning messages in a network 有权
标题翻译：认证网络中的警告消息
公开(公告)号：US09467433B2
公开(公告)日：2016-10-11
申请号：US14130166
申请日：2012-06-14
申请人： Monica Wifvesson , Michael Liljenstam , John Mattsson , Karl Norrman
发明人： Monica Wifvesson , Michael Liljenstam , John Mattsson , Karl Norrman
IPC分类号： H04L29/06 , H04W12/10 , H04W4/22
CPC分类号： H04L63/08 , H04L63/123 , H04W4/90 , H04W12/10
摘要： There is described herein a device (101) for communicating with a network. The device (101) comprises a communications unit for receiving data, a notification device for providing a notification to a user, and a control unit for controlling the operation of the communications unit and notification unit. The communications unit is configured to receive an information message (110, 112, 115), and to receive security authentication data (110, 112, 115) associated with the information message if such security authentication data is available. The control unit is configured to operate in a first or second configuration. In the first configuration it ignores the security authentication data, (111, 113), and instructs the notification unit to convey the notification to the user. In the second configuration, it verifies the information message (116) on the basis of the security authentication data and instructs the notification unit to convey the notification to the user if the verification is successful. The communications unit is configured to receive a configuration message (114) indicating the configuration in which the control unit should operate, and the control unit is configured to change configuration if the indicated configuration is different to the current configuration.
摘要翻译：这里描述了用于与网络通信的设备（101）。设备（101）包括用于接收数据的通信单元，用于向用户提供通知的通知装置，以及用于控制通信单元和通知单元的操作的控制单元。通信单元被配置为接收信息消息（110,112,115），并且如果这种安全认证数据可用，则接收与该信息消息相关联的安全认证数据（110,112,115）。控制单元被配置为以第一或第二配置操作。在第一配置中，它忽略安全认证数据（111,113），并指示通知单元向用户传达通知。在第二配置中，它根据安全认证数据来验证信息消息（116），并且如果验证成功则指示通知单元向用户传达该通知。通信单元被配置为接收指示控制单元应该运行的配置的配置消息（114），并且如果所指示的配置与当前配置不同，则配置控制单元来改变配置。

7. 发明授权

US08903095B2 Methods and apparatuses for avoiding damage in network attacks 有权
标题翻译：避免网络攻击造成的破坏的方法和设备
公开(公告)号：US08903095B2
公开(公告)日：2014-12-02
申请号：US13177385
申请日：2011-07-06
申请人： Karl Norrman , John Mattsson , Vesa Petteri Lehtovirta , Okcar Ohlsson
发明人： Karl Norrman , John Mattsson , Vesa Petteri Lehtovirta , Okcar Ohlsson
IPC分类号： H04L29/06 , H04W12/04 , H04L29/08
CPC分类号： H04L63/14 , H04L63/1466 , H04L63/168 , H04L67/02 , H04L67/14 , H04L2463/061 , H04W12/04
摘要： Methods and apparatuses in a client terminal (400) and a web server (402) for enabling safe communication between said terminal and server. When the terminal obtains a web page from the server in a session, the terminal creates a context-specific key, Ks_NAF′, based on one or more context parameters, P1, . . . Pn, pertaining to said session and/or web page. The terminal then indicates the context-specific key in a login request to the server, and the server determines a context-specific key, Ks_NAF′, in the same manner to verify the client if the context-specific key determined in the web server matches the context-specific key received from the client terminal. The context-specific key is thus bound to and valid for the present context or session only and cannot be used in other contexts or sessions.
摘要翻译：客户终端（400）和网络服务器（402）中的方法和装置，用于使所述终端和服务器之间能够进行安全通信。当终端在会话中从服务器获得网页时，终端基于一个或多个上下文参数P1创建上下文特定密钥Ks_NAF'。。。 Pn，涉及所述会话和/或网页。终端然后在向服务器的登录请求中指示上下文特定密钥，并且服务器以相同的方式确定上下文特定密钥Ks_NAF'，以验证客户端，如果在web服务器中确定的上下文特定密钥匹配从客户终端接收到的上下文相关密钥。因此，上下文特定的密钥被绑定到并且仅对于当前上下文或会话有效，并且不能在其他上下文或会话中使用。

8. 发明申请

US20120191970A1 Sending Protected Data in a Communication Network 有权
标题翻译：在通信网络中发送受保护的数据
公开(公告)号：US20120191970A1
公开(公告)日：2012-07-26
申请号：US13498970
申请日：2009-10-01
申请人： Rolf Blom , Fredrik Lindholm , John Mattsson
发明人： Rolf Blom , Fredrik Lindholm , John Mattsson
IPC分类号： H04L29/06
CPC分类号： H04L9/0841 , H04L9/3249 , H04L9/3263 , H04L63/04 , H04L63/06 , H04L63/0823 , H04L65/1006 , H04L65/1016 , H04L65/4076 , H04L65/608 , H04L2209/34
摘要： A method of sending protected data from a sender unit to a receiver unit via an intermediate unit. The intermediate unit stores information associated with a certificate belonging to the receiver unit, and information associated with a certificate belonging to the intermediate unit, which has previously been signed by the receiver unit. The intermediate unit receives a request from the sender unit to send protected data to the receiver unit, and so it sends a response to the sender unit. The response includes the information associated with the certificate belonging to the receiver unit, which allows the sender unit to verify that the intermediate unit is authorised to receive data on behalf of the receiver unit. The intermediate unit then receives data from the sender unit that is protected using the information associated with the certificate belonging to the receiver unit for subsequent forwarding to the receiver unit. Having the receiver unit sign the intermediate unit's certificate allows the exchange of credentials to allow a sender unit to send protected data to a receiver unit via an intermediate unit.
摘要翻译：一种通过中间单元将保护的数据从发送器单元发送到接收器单元的方法。中间单元存储与属于接收器单元的证书相关联的信息，以及与属于中间单元的证书相关联的信息，该信息先前已被接收器单元签名。中间单元接收来自发送器单元的请求以将受保护的数据发送到接收器单元，并且因此向发送器单元发送响应。响应包括与属于接收器单元的证书相关联的信息，其允许发送器单元验证中间单元是否被授权代表接收器单元接收数据。然后中间单元从使用与属于接收机单元的证书相关联的信息来保护的来自发送器单元的数据接收用于随后转发到接收器单元的数据。使接收器单元签署中间单元的证书允许交换凭证以允许发送器单元经由中间单元将保护的数据发送到接收器单元。

9. 发明申请

US20120066496A1 Sending Protected Data in a Communication Network 有权
标题翻译：在通信网络中发送受保护的数据
公开(公告)号：US20120066496A1
公开(公告)日：2012-03-15
申请号：US13155822
申请日：2011-06-08
申请人： Rolf BLOM , John MATTSSON , Oscar OHLSSON
发明人： Rolf BLOM , John MATTSSON , Oscar OHLSSON
IPC分类号： H04L9/32
CPC分类号： H04L63/062 , H04L9/0827 , H04L9/083 , H04L9/3213 , H04L63/0807 , H04W12/04 , H04W12/06
摘要： A method and apparatus for sending protected data from a sender unit to a receiver unit via an intermediate unit. A Transfer Init message that contains a ticket associated with the receiver unit is sent from the intermediate unit to the sender unit. The intermediate unit then receives a transfer response message from the sender unit, and also data which has been protected using at least one security key associated with the ticket and obtained from a Key Management Server. A message is sent to the receiver unit, the message including information required for security processing of the protected data. The protected data is then sent to the receiver unit, allowing the receiver unit to access the protected data.
摘要翻译：一种用于经由中间单元将保护的数据从发送器单元发送到接收器单元的方法和装置。包含与接收器单元相关联的票据的传送初始化消息从中间单元发送到发送器单元。中间单元然后从发送者单元接收传输响应消息，以及使用至少一个与该票相关联并从密钥管理服务器获得的安全密钥进行保护的数据。将消息发送到接收器单元，该消息包括对受保护数据进行安全处理所需的信息。然后将受保护的数据发送到接收器单元，允许接收器单元访问受保护的数据。

10. 发明申请

US20100268937A1 KEY MANAGEMENT FOR SECURE COMMUNICATION 有权
标题翻译：安全通信的关键管理
公开(公告)号：US20100268937A1
公开(公告)日：2010-10-21
申请号：US12744986
申请日：2007-11-30
申请人： Rolf Blom , Yi Cheng , Fredrik Lindholm , John Mattsson , Mats Naslund , Karl Norrman
发明人： Rolf Blom , Yi Cheng , Fredrik Lindholm , John Mattsson , Mats Naslund , Karl Norrman
IPC分类号： H04L9/32 , H04L29/06 , H04L9/08
CPC分类号： H04L9/0838 , H04L9/083 , H04L9/0861 , H04L63/061 , H04L63/062 , H04L63/0884 , H04L65/1016
摘要： A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary.
摘要翻译：公开了一种用于管理用于通信网络中的第一和第二用户设备之间的安全通信的会话密钥的方法和装置。该方法的特征在于独立于每个用户设备为安全操作实现什么类型的凭证。第一用户从第一密钥管理服务器接收密钥信息和凭证并生成第一会话密钥。该凭证被转发到至少一个响应用户设备，在来自与第一密钥管理服务器通信的第二密钥管理服务器的支持下，解决凭证并确定第二会话密钥。此后，第一和第二会话密钥用于安全通信。在一个实施例中，通信遍及中间体，由此第一和第二会话密钥保护与相应的腿到中间的通信。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式