专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

WO2006082507A1 APPARATUS, METHOD AND COMPUTER PROGRAM PRODUCT TO REDUCE TCP FLOODING ATTACKS WHILE CONSERVING WIRELESS NETWORK BANDWIDTH 审中-公开
标题翻译：装置，方法和计算机程序产品，以减少无线网络带宽下的TCP流量攻击
公开(公告)号：WO2006082507A1
公开(公告)日：2006-08-10
申请号：PCT/IB2006/000208
申请日：2006-02-03
申请人： NOKIA CORPORATION , NOKIA, INC. , SWAMI, Yogesh, P. , LE, Franck
发明人： SWAMI, Yogesh, P. , LE, Franck
IPC分类号： H04L29/06
CPC分类号： H04L63/1458 , H04W12/12
摘要： A method for operating a firewall includes: in response to the firewall receiving a TCP SYN request packet that is sent towards a first node from a second node, said TCP SYN request packet comprising a sequence value ("seq"), sending to the second node a SYNæACK packet, said SYNæACK packet comprising a seq and an ack_ sequence value ("ack_seq"), where ack_seq of the SYNæACK packet is not equal to the TCP SYN request packet's seq+1; and in response to the firewall receiving a TCP RST packet from the second node, verifying that the seq in the TCP RST packet matches the ack_seq of the SYNæACK packet and, if it does, designating the connection with the second node as an authorized connection.
摘要翻译：一种用于操作防火墙的方法包括：响应于防火墙接收从第二节点向第一节点发送的TCP SYN请求分组，所述TCP SYN请求分组包括序列值（“seq”），发送到第二节点节点SYNACKACK分组，所述SYNACKACK分组包括seq和ack_序列值（“ack_seq”），其中SYNACKACK分组的ack_seq不等于TCP SYN请求分组的seq + 1; 并且响应于防火墙从第二节点接收到TCP RST分组，验证TCP RST分组中的seq与SYNACKACK分组的ack_seq匹配，如果是，则指定与第二节点的连接作为授权连接。

2. 发明申请

WO2003049486A2 APPARATUS, AND ASSOCIATED METHOD, FOR FACILITATING AUTHENTICATION OF A MOBILE STATION WITH A CORE NETWORK 审中-公开
标题翻译：装置和相关方法，用于促进移动站与核心网络的认证
公开(公告)号：WO2003049486A2
公开(公告)日：2003-06-12
申请号：PCT/US2002/038065
申请日：2002-11-27
申请人： NOKIA CORPORATION , NOKIA INC.
发明人： LE, Khiem , LE, Franck
IPC分类号： H04Q7/38
CPC分类号： H04W12/06 , H04L63/0884 , H04L65/1006 , H04L65/105 , H04L65/1073
摘要： Apparatus, and an associated method, facilitates authentication of a mobile station operable in a 3G cellular communication system having a core network and a plurality of access networks. A standard signaling protocol is used to communicate between an access network and the core network. When a request for authentication of a mobile station is generated, a signaling protocol message is generated at a proxy of the access network within which the mobile station is to be authenticated. Detection of the authentication request is made at the proxy, and a message is generated at the proxy which includes indicia associated with the authentication center associated with the access network. The signaling protocol message is sent to the core network, and the information indicia contained therein is used to facilitate authentication procedures to authenticate the mobile station.
摘要翻译：装置和相关联的方法有助于在具有核心网络和多个接入网络的3G蜂窝通信系统中可操作的移动台的认证。标准信令协议用于在接入网和核心网之间进行通信。当生成对移动台的认证请求时，在要认证移动台的接入网络的代理处生成信令协议消息。在代理处进行认证请求的检测，并且在代理处生成包括与与接入网络相关联的认证中心相关联的标记的消息。信令协议消息被发送到核心网络，并且其中包含的信息标记用于促进认证过程来认证移动台。

3. 发明申请

WO2002084504A1 METHOD AND APPARATUS FOR CLASSIFYING IP DATA 审中-公开
标题翻译：分类IP数据的方法和装置
公开(公告)号：WO2002084504A1
公开(公告)日：2002-10-24
申请号：PCT/IB2002/000450
申请日：2002-02-14
申请人： NOKIA CORPORATION , NOKIA INC.
发明人： LE, Franck , ZHENG, Haihong
IPC分类号： G06F15/16
CPC分类号： H04L69/161 , H04L29/06 , H04L45/00 , H04L45/34 , H04L47/10 , H04L47/2441 , H04L47/70 , H04L47/724 , H04L69/16 , H04L69/167 , H04L69/22
摘要： A method and methodology are provided for classifying Internet Protocol (IP) data in a packet switch network (100). Data may be received at a first node (20) and classified based on source routing information of said data. The source routing information may be provided within LSRR/SSRR of IPv4 data or may be provided within a routing header of Ipv6 data.
摘要翻译：提供了一种用于对分组交换网络（100）中的因特网协议（IP）数据进行分类的方法和方法。可以在第一节点（20）处接收数据，并且基于所述数据的源路由信息进行分类。源路由信息可以在IPv4数据的LSRR / SSRR内提供，或者可以在IPv6数据的路由报头内提供。

4. 发明申请

WO2004003679A3 METHOD OF REGISTERING HOME ADDRESS OF A MOBILE NODE WITH A HOME AGENT 审中-公开
公开(公告)号：WO2004003679A3
公开(公告)日：2004-01-08
申请号：PCT/IB2003/002511
申请日：2003-06-27
申请人： NOKIA CORPORATION , NOKIA INC.
发明人： LE, Franck , FACCIN, Stefano , PATIL, Basavaraj
IPC分类号： G06F15/16
摘要： A method for registering a home address of a mobile node with a home agent in a network. Instead of using the home address of the mobile node as the key element is identifying the mobile node, the home agent uses the network access identity of the mobile node included in a registration request (1) sent by the mobile node to the home agent in the registration process. Upon receiving the registration request, the home agent authenticates (2) the mobile node by selecting the appropriate security association (3) based on the network access identity. In response, the home agent (4) may send authentication and Key material to the mobile node so as to allow the mobile node to further provide the home agent with a mobile node authentication (5) for use in a challenge-response procedure.

5. 发明申请

WO2006085178A1 METHOD, APPARATUS AND COMPUTER PROGRAM PRODUCT ENABLING NEGOTIATION OF FIREWALL FEATURES BY ENDPOINTS 审中-公开
标题翻译：方法，装置和计算机程序产品使用端点启用防火功能的协商
公开(公告)号：WO2006085178A1
公开(公告)日：2006-08-17
申请号：PCT/IB2006/000193
申请日：2006-02-02
申请人： NOKIA CORPORATION , NOKIA, INC. , LE, Franck , SWAMI, Yogesh, Prem , BAJKO, Gabor
发明人： LE, Franck , SWAMI, Yogesh, Prem , BAJKO, Gabor
IPC分类号： H04L12/24 , H04L29/02
CPC分类号： H04L41/28 , H04L63/02 , H04L63/1441 , H04L63/20
摘要： Disclosed are examples of a method, system, devices and nodes to conduct communications between a device coupled to a communication network and a network security enforcement node, such as a firewall. An illustrative method includes, with a device coupled to a network security enforcement node through a communication network, requesting from the network security enforcement node information comprised of at least one of supported and enabled features and, in response to receiving the request, sending information descriptive of at least one of network security enforcement node supported and enabled features. The method may further include requesting by the device that at least one network security enforcement node feature be one of enabled or disabled.
摘要翻译：公开了用于在耦合到通信网络的设备与诸如防火墙的网络安全执行节点之间进行通信的方法，系统，设备和节点的示例。一种说明性方法包括：通过通信网络耦合到网络安全执行节点的设备，从网络请求安全执行节点包括支持和启用的特征中的至少一个的信息，并且响应于接收到请求，发送信息描述至少一个网络安全执行节点支持和启用的功能。该方法还可以包括：由设备请求至少一个网络安全执行节点特征是启用或禁用之一。

6. 发明申请

WO2003014935A1 EFFICIENT SECURITY ASSOCIATION ESTABLISHMENT NEGOTIATION TECHNIQUE 审中-公开
标题翻译：高效率的安全协调机构协调技术
公开(公告)号：WO2003014935A1
公开(公告)日：2003-02-20
申请号：PCT/IB2002/003135
申请日：2002-08-08
申请人： NOKIA CORPORATION , NOKIA INC.
发明人： FACCIN, Stefano , LE, Franck
IPC分类号： G06F11/30
CPC分类号： H04L63/04 , H04L63/061 , H04L63/08 , H04L63/0853 , H04L63/0892 , H04L63/12 , H04L63/205 , H04W12/04 , H04W12/06
摘要： A mobile terminal (200) is connected via a wireless interface to an agent (210) of a visited network (220) which is connected to a visited gateway (230) connected toa home gateway (240). A subscriber database/authentication center (260) is disposed within the home network (250). It is assumed that there is a pre-established security asociation between the visited GW (230), which can be the visited AAA server, and the agent (210). This Security Association may, for example, be set up offline throufh manual key entry, Internet Key Exchange Protocol or Key Distribution Server specific to the Visited Network (220). This provides security internally to the network so that the operator can choose the level and type of security to be implemented in its network. There is another pre-selected Security Association between Subscriber databse/Authentication Center (260) and the Home GW (240). This security Association may be established in the same fashion as that noted above and also serves to provide security internally to the network. There is still another pre-established Security ãssociation between the Home GW (240) and the Visited GW (230).
摘要翻译：移动终端（200）经由无线接口连接到被连接到连接到家庭网关（240）的访问网关（230）的访问网络（220）的代理（210）。订户数据库/认证中心（260）被布置在家庭网络（250）内。假设在被访问的GW（230）（可以是被访问的AAA服务器）和代理（210）之间存在预先建立的安全关联。例如，此安全关联可以设置离线通过手动密钥输入，特定于访问网络（220）的Internet密钥交换协议或密钥分发服务器。这为网络内部提供了安全性，以便运营商可以选择要在其网络中实现的安全级别和类型。在订户数据库/认证中心（260）和归属GW（240）之间还有一个预先选择的安全关联。该安全关联可以以与上述相同的方式建立，并且还用于向网络内部提供安全性。家庭GW（240）和被访问的GW（230）之间还有一个预先建立的安全性关联。

7. 发明申请

WO2005002172A1 SECURITY FOR PROTOCOL TRAVERSAL 审中-公开
标题翻译：协议保密协议
公开(公告)号：WO2005002172A1
公开(公告)日：2005-01-06
申请号：PCT/IB2004/002086
申请日：2004-06-23
申请人： NOKIA CORPORATION , LE, Franck , FACCIN, Stefano, M.
发明人： LE, Franck , FACCIN, Stefano, M.
IPC分类号： H04L29/06
CPC分类号： H04L63/123 , H04L9/3073 , H04L9/3247 , H04L9/3297 , H04L69/22 , H04L2209/80
摘要： The invention proposes a method for protecting packets to be sent from a first network node to a second network node, comprising the steps of generating (S21) validity information for a packet, generating (S22) a header for the packet, comprising the validity information, and sending (S23) the packet including the header from the first network node to the second network node, wherein the validity information comprises all necessary information required for performing a validity check of the packet. Thus, no pre-established security association or the like is necessary to verify the validity of a packet.
摘要翻译：本发明提出了一种保护要从第一网络节点发送到第二网络节点的分组的方法，包括以下步骤：产生（S21）分组的有效性信息，生成（S22）分组的报头，包括有效信息并且将包括所述报头的分组从所述第一网络节点发送（S23）到所述第二网络节点，其中所述有效性信息包括执行所述分组的有效性检查所需的所有必要信息。因此，不需要预先建立的安全关联等来验证分组的有效性。

8. 发明申请

WO2006021836A1 METHOD AND SYSTEM FOR CONFIGURING FIREWALLS IN THE PRESENCE OF PERFORMANCE ENHANCEMENT PROXIES 审中-公开
标题翻译：在性能增强项目存在下配置防火墙的方法和系统
公开(公告)号：WO2006021836A1
公开(公告)日：2006-03-02
申请号：PCT/IB2005/001749
申请日：2005-06-21
申请人： NOKIA CORPORATION , LE, Franck , LIU, Zhigang, C.
发明人： LE, Franck , LIU, Zhigang, C.
IPC分类号： H04L29/06
CPC分类号： H04L65/1006 , H04L63/0281 , H04L63/029 , H04L65/1016 , H04L65/105 , H04L65/1069 , H04L65/80 , H04L69/329
摘要： Signaling between a terminal equipment (10) and a session server (40) is provided which carries information on an expected media stream to or from the terminal equipment via a middle box (20) for optimizing the performance of data communications between the terminal equipment (10) and a correspondent node (30). On the basis of this information the session server (40) is enabled to create appropriate entries in a security entity (50) provided for the terminal equipment so that the media stream can successfully traverse the middle box (20) and the security entity (50).
摘要翻译：提供终端设备（10）和会话服务器（40）之间的信令，其经由用于优化终端设备（20）之间的数据通信的性能的中间盒（20）将期望媒体流的信息携带到终端设备或从终端设备 10）和通讯节点（30）。基于该信息，会话服务器（40）能够在为终端设备提供的安全实体（50）中创建适当的条目，使得媒体流可以成功地遍历中间盒（20）和安全实体（50））。

9. 发明申请

WO2003069872A1 DISCOVERY OF AN AGENT OR A SERVER IN AN IP NETWORK 审中-公开
标题翻译：在IP网络中发现代理或服务器
公开(公告)号：WO2003069872A1
公开(公告)日：2003-08-21
申请号：PCT/IB2003/000501
申请日：2003-02-14
申请人： NOKIA CORPORATION , LE, Franck , FACCIN, Stefano, M.
发明人： LE, Franck , FACCIN, Stefano, M.
IPC分类号： H04L29/12
CPC分类号： H04L29/12018 , H04L29/12933 , H04L61/10 , H04L61/6068 , H04L67/16 , H04W4/06 , H04W8/005 , H04W8/26 , H04W80/00 , H04W88/14
摘要： A method for discovering an agent in an IP environment comprising broadcasting router advertisement messages by router, wherein the messages comprise a first data element corresponding to a network prefix which identifies the network visited by a communication device; receiving the messages by the communication device; obtaining, by the communication device, a second data element identifying the agent; and computing an IP address of the agent by the communication device by using the first data element and the second data element.
摘要翻译：一种用于在IP环境中发现代理的方法，包括由路由器广播路由器通告消息，其中所述消息包括对应于识别由通信设备访问的网络的网络前缀的第一数据元素; 通过通信设备接收消息; 通过所述通信设备获得识别所述代理的第二数据元素; 以及通过使用第一数据元素和第二数据元素来计算通信设备的代理的IP地址。

10. 发明申请

WO2002068418A2 AUTHENTICATION AND DISTRIBUTION OF KEYS IN MOBILE IP NETWORK 审中-公开
标题翻译：移动IP网络中的认证和分发
公开(公告)号：WO2002068418A2
公开(公告)日：2002-09-06
申请号：PCT/IB2002/001658
申请日：2002-02-25
申请人： NOKIA CORPORATION , FACCIN, Stefano , LE, Franck
发明人： FACCIN, Stefano , LE, Franck
IPC分类号： C07D453/00
CPC分类号： H04L63/062 , H04L9/0841 , H04L63/0853 , H04L63/0869 , H04L2209/80 , H04W12/04 , H04W12/06 , H04W80/04
摘要： There is disclosed a method of establishing a connection between a mobile station and a serving domain, in which a first security association exists between the mobile node and an associated home domain, and a second security association exists between the serving domain and the home domain, the method comprising: transmitting a first message from the mobile node to the serving domain, the first message being encrypted in accordance with the first security association; transmitting the first message from the serving domain to the home domain; decrypting the first message in the home domain in accordance the first security association; transmitting a second message from the home domain to the serving domain, the second message being encrypted according to the first security association; transmitting the second message from the serving domain to the mobile node; decrypting the second message in the mobile node in accordance with the first security association.
摘要翻译：公开了一种在移动站和服务域之间建立连接的方法，其中在移动节点和相关联的归属域之间存在第一安全关联，并且在服务域和归属域之间存在第二安全关联，所述方法包括：从所述移动节点向所述服务域发送第一消息，所述第一消息根据所述第一安全关联进行加密; 将第一消息从服务域发送到归属域; 根据第一安全关联解密归属域中的第一消息; 将第二消息从所述归属域发送到所述服务域，所述第二消息根据所述第一安全关联进行加密; 将所述第二消息从所述服务域发送到所述移动节点; 根据第一安全关联在移动节点中解密第二消息。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式