专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07707412B2 Linked authentication protocols 有权
标题翻译：链接的认证协议
公开(公告)号：US07707412B2
公开(公告)日：2010-04-27
申请号：US10528161
申请日：2002-11-25
申请人： Kaisa Nyberg , Valtteri Niemi , Nadarajah Asokan
发明人： Kaisa Nyberg , Valtteri Niemi , Nadarajah Asokan
IPC分类号： H04L9/32
CPC分类号： H04L63/0869 , H04L63/162 , H04W12/06
摘要： A system and method for authenticating a terminal in a communication system is described. The method includes executing a terminal authentication protocol, whereby the executing the terminal authentication protocol includes authenticating an identity of a network entity by a terminal in a communication system. The method further includes executing a challenge authentication protocol, wherein the executing the challenge authentication protocol includes sharing challenge data between the terminal and the network entity, and forming at the terminal, test data by at least applying one authentication function to the challenge data using the identifier. The executing the challenge authentication protocol further includes transmitting a message including terminal authentication data from the terminal to the network entity, and determining, based on the terminal authentication data, whether to provide the terminal with access to a service.
摘要翻译：描述用于认证通信系统中的终端的系统和方法。该方法包括执行终端认证协议，由此执行终端认证协议包括通信系统中的终端认证网络实体的身份。该方法还包括执行挑战认证协议，其中执行挑战认证协议包括在终端和网络实体之间共享挑战数据，以及在终端上形成测试数据，至少使用一个认证功能将其应用于质询数据标识符执行挑战认证协议还包括从终端向网络实体发送包括终端认证数据的消息，并且基于终端认证数据确定是否向终端提供对服务的访问。

2. 发明授权

US07783041B2 System, method and computer program product for authenticating a data agreement between network entities 有权
标题翻译：系统，方法和计算机程序产品，用于认证网络实体之间的数据协议
公开(公告)号：US07783041B2
公开(公告)日：2010-08-24
申请号：US11242374
申请日：2005-10-03
申请人： Nadarajah Asokan , Kaisa Nyberg
发明人： Nadarajah Asokan , Kaisa Nyberg
IPC分类号： H04K1/00
CPC分类号： H04L9/0844 , H04L63/0428 , H04L63/08 , H04L63/18 , H04L2209/80
摘要： A method for authenticating a data agreement between first and second network entities can include the first network entity committing to the agreed data value, and transmitting the committed data value and a first random value to the second network entity. The first network entity can receive a second random value, and can then open the committed data value such that the second network entity can check the committed data value. If successful, the second network entity can calculate a third check string, and the first network entity can similarly calculate a fourth check string, based upon the data value and the first and second random values. The first network entity can calculate the fourth check string without the second network entity committing to the data value. The method can then include comparing the check strings such that the agreed data can be considered authenticated based upon the comparison.
摘要翻译：用于认证第一和第二网络实体之间的数据协议的方法可以包括提交到约定的数据值的第一网络实体，以及向第二网络实体发送所提交的数据值和第一随机值。第一网络实体可以接收第二随机值，然后可以打开提交的数据值，使得第二网络实体可以检查提交的数据值。如果成功，则第二网络实体可以计算第三检查字符串，并且第一网络实体可以基于数据值和第一和第二随机值类似地计算第四检查字符串。第一个网络实体可以计算第四个检查字符串，而第二个网络实体不提交数据值。该方法然后可以包括比较检查字符串，使得可以基于比较认可约定的数据。

3. 发明申请

US20050210251A1 Linked authentication protocols 有权
标题翻译：链接的认证协议
公开(公告)号：US20050210251A1
公开(公告)日：2005-09-22
申请号：US10528161
申请日：2002-11-25
申请人： Kaisa Nyberg , Valtteri Niemi , Nadarajah Asokan
发明人： Kaisa Nyberg , Valtteri Niemi , Nadarajah Asokan
IPC分类号： H04L12/56 , H04L29/06 , H04W12/06 , H04L9/00
CPC分类号： H04L63/0869 , H04L63/162 , H04W12/06
摘要： A method for authenticating a terminal in a communication system, the terminal comprising identification means for applying authentication functions to input data to form response data, and the communication system being arranged to utilise a first authentication protocol for authentication of the terminal, wherein an authentication functionality and the terminal share challenge data, the terminal forms response data and a first key by applying the authentication functions to the challenge data by means of the identification means, and returns the response data to the authentication functionality, and the authentication functionality authenticates the terminal by means of the response data and can apply an authentication function to the challenge data to duplicate the first key; the method comprising; executing a second authentication protocol wherein the terminal authenticates the identity of a network entity and the terminal and the network entity share a second key for use in securing subsequent communications between the terminal and the network entity; and subsequently executing a third authentication protocol by the steps of: sharing challenge data between the network entity and the terminal; forming at the terminal test data by at least applying one of the authentication functions to the challenge data by means of the identification means; transmitting a message comprising authentication data, from the terminal to the network entity; and determining based on the authentication data whether to provide the terminal with access to a service; wherein in the determining step the terminal is provided with access to the service only if the authentication data equals a predetermined function of at least the test data and the second key.
摘要翻译：一种用于在通信系统中认证终端的方法，所述终端包括识别装置，用于将认证功能应用于输入数据以形成响应数据，并且所述通信系统被布置为利用第一认证协议进行认证，其中认证功能终端共享挑战数据，终端通过识别装置将认证功能应用于质询数据，形成响应数据和第一密钥，并将响应数据返回给认证功能，并且认证功能通过响应数据的装置，并且可以将认证功能应用于质询数据以复制第一密钥; 该方法包括：执行第二认证协议，其中终端认证网络实体的身份，并且终端和网络实体共享用于保护终端和网络实体之间的后续通信的第二密钥; 并且随后通过以下步骤执行第三认证协议：在所述网络实体和所述终端之间共享挑战数据; 通过所述识别装置至少将所述认证功能中的一个应用于所述质询数据，在终端测试数据形成; 从终端向网络实体发送包括认证数据的消息; 以及基于所述认证数据确定是否向所述终端提供对服务的访问; 其中在所述确定步骤中，仅当所述认证数据等于至少所述测试数据和所述第二密钥的预定功能时，才向所述终端提供对所述服务的访问。

4. 发明申请

US20070076879A1 System, method and computer program product for authenticating a data agreement between network entities 有权
标题翻译：系统，方法和计算机程序产品，用于认证网络实体之间的数据协议
公开(公告)号：US20070076879A1
公开(公告)日：2007-04-05
申请号：US11242374
申请日：2005-10-03
申请人： Nadarajah Asokan , Kaisa Nyberg
发明人： Nadarajah Asokan , Kaisa Nyberg
IPC分类号： H04K1/00
CPC分类号： H04L9/0844 , H04L63/0428 , H04L63/08 , H04L63/18 , H04L2209/80
摘要： A method for authenticating a data agreement between first and second network entities can include the first network entity committing to the agreed data value, and transmitting the committed data value and a first random value to the second network entity. The first network entity can receive a second random value, and can then open the committed data value such that the second network entity can check the committed data value. If successful, the second network entity can calculate a third check string, and the first network entity can similarly calculate a fourth check string, based upon the data value and the first and second random values. The first network entity can calculate the fourth check string without the second network entity committing to the data value. The method can then include comparing the check strings such that the agreed data can be considered authenticated based upon the comparison.
摘要翻译：用于认证第一和第二网络实体之间的数据协议的方法可以包括提交到约定的数据值的第一网络实体，以及向第二网络实体发送所提交的数据值和第一随机值。第一网络实体可以接收第二随机值，然后可以打开提交的数据值，使得第二网络实体可以检查提交的数据值。如果成功，则第二网络实体可以计算第三检查字符串，并且第一网络实体可以基于数据值和第一和第二随机值类似地计算第四检查字符串。第一个网络实体可以计算第四个检查字符串，而第二个网络实体不提交数据值。该方法然后可以包括比较检查字符串，使得可以基于比较认可约定的数据。

5. 发明授权

US08386782B2 Authenticated group key agreement in groups such as ad-hoc scenarios 有权
标题翻译：认证组密钥协议在组中，如特设场景
公开(公告)号：US08386782B2
公开(公告)日：2013-02-26
申请号：US11649812
申请日：2007-01-05
申请人： Kaisa Nyberg , Nadarajah Asokan
发明人： Kaisa Nyberg , Nadarajah Asokan
IPC分类号： H04L29/06
CPC分类号： H04L9/0844 , H04L9/0833 , H04L63/065 , H04L2209/80 , H04W4/06 , H04W12/04 , H04W76/10 , H04W80/00 , H04W84/18
摘要： The invention provides a method, system, device and computer program product for setting up a secure session among three or more devices or parties of a communication group, including authenticating a key agreement between the devices or parties of the communication group, wherein the devices of the group start, preferably after a key is computed or agreed, a protocol, preferably a multi-party data integrity protocol, for authenticating the key agreement.
摘要翻译：本发明提供一种方法，系统，设备和计算机程序产品，用于在通信组的三个或更多个设备或方之间建立安全会话，包括认证通信组的设备或方之间的密钥协商，其中，优选地，在密钥计算或协商之后，组开始用于认证密钥协议的协议，优选地是多方数据完整性协议。

6. 发明授权

US07343014B2 Method for sharing the authorization to use specific resources 失效
标题翻译：共享授权使用特定资源的方法
公开(公告)号：US07343014B2
公开(公告)日：2008-03-11
申请号：US10621258
申请日：2003-07-15
申请人： Sampo Sovio , Nadarajah Asokan , Kaisa Nyberg , Valtteri Niemi
发明人： Sampo Sovio , Nadarajah Asokan , Kaisa Nyberg , Valtteri Niemi
IPC分类号： H04K9/00 , H04L9/00
CPC分类号： H04L9/0827 , H04L9/0863 , H04L9/3226 , H04L9/3247 , H04L2209/76
摘要： The invention relates to a method for sharing the authorization to use specific resources among multiple devices, which resources are accessible via messages on which a secret key operation was applied with a predetermined secret master key d available at a master device 11. In order to provide an optimized sharing of authorization, it is proposed that the master device 11 splits the secret master key d into two parts d1, d2. A piece of information relating to the first part d1 of the secret master key d is forwarded to the slave device 13 for enabling this slave device to perform a partial secret key operation on a message m. The second part d2 of the secret master key d is forwarded to a server 12 for enabling the server 12 to perform partial secret key operations on a message m received from the slave device 13.
摘要翻译：本发明涉及一种用于共享在多个设备之间使用特定资源的授权的方法，所述资源可以通过使用在主设备11上可用的预定秘密主密钥d应用秘密密钥操作的消息来访问。为了提供优化的授权共享，建议主设备11将秘密主密钥d分割成两部分d 2，d 2 2。与秘密主密钥d的第一部分d 1相关的信息被转发到从设备13，以使该从设备能够对消息m执行部分秘密密钥操作。秘密主密钥d的第二部分d 2 2被转发到服务器12，以使得服务器12能够对从设备13接收到的消息m执行部分秘密密钥操作。

7. 发明申请

US20070186109A1 Authenticated group key agreement in groups such as ad-hoc scenarios 有权
标题翻译：认证组密钥协议在组中，如特设场景
公开(公告)号：US20070186109A1
公开(公告)日：2007-08-09
申请号：US11649812
申请日：2007-01-05
申请人： Kaisa Nyberg , Nadarajah Asokan
发明人： Kaisa Nyberg , Nadarajah Asokan
IPC分类号： H04L9/00
CPC分类号： H04L9/0844 , H04L9/0833 , H04L63/065 , H04L2209/80 , H04W4/06 , H04W12/04 , H04W76/10 , H04W80/00 , H04W84/18
摘要： The invention provides a method, system, device and computer program product for setting up a secure session among three or more devices or parties of a communication group, including authenticating a key agreement between the devices or parties of the communication group, wherein the devices of the group start, preferably after a key is computed or agreed, a protocol, preferably a multi-party data integrity protocol, for authenticating the key agreement.
摘要翻译：本发明提供一种方法，系统，设备和计算机程序产品，用于在通信组的三个或更多个设备或方之间建立安全会话，包括认证通信组的设备或方之间的密钥协商，其中，优选地，在密钥计算或协商之后，组开始用于认证密钥协议的协议，优选地是多方数据完整性协议。

8. 发明授权

US08503676B2 Subscriber authentication 有权
标题翻译：用户认证
公开(公告)号：US08503676B2
公开(公告)日：2013-08-06
申请号：US10256256
申请日：2002-09-27
申请人： Kaisa Nyberg
发明人： Kaisa Nyberg
IPC分类号： H04L29/06
CPC分类号： H04W12/06 , H04W12/02
摘要： To provide reliable and customized authentication, a parameter to be used in authentication is defined for the operator. A secret which may be stored e.g. in a subscriber identity module is calculated from the operator parameter and a subscriber key. An authentication response is calculated from the secret and the challenge to be used in authentication with a one-way function.
摘要翻译：为了提供可靠和定制的认证，为操作者定义了用于认证的参数。可以存储的秘密。在用户身份模块中根据运营商参数和用户密钥计算。从使用单向功能认证的秘密和挑战中计算认证响应。

9. 发明授权

US07607012B2 Method for securing a communication 有权
标题翻译：确保通信的方法
公开(公告)号：US07607012B2
公开(公告)日：2009-10-20
申请号：US10677642
申请日：2003-10-01
申请人： Kaisa Nyberg
发明人： Kaisa Nyberg
IPC分类号： H04L9/32 , H04K1/00
CPC分类号： H04L63/061 , H04L9/0844 , H04L9/3273 , H04L63/08
摘要： A method for securing a communication between at least one initiator (I) and one responder (R) generates a first key (KEr) within the responder (R), generates a second key (K) within the responder (R), computes an authentication code (C) using the first key (KEr) and the second key within said responder (R), transmits the second key (K) and the authentication code (C) from the responder (R) to the initiator (I) using a first communication channel, transmits the first key (KEr) from the responder (R) to the initiator (I) using a second communication channel, computes a verification code (C′) using the first key (KEr) and the second key (K) within the initiator (I), and compares the verification code (C′) with the authentication code (C) within the initiator.
摘要翻译：一种用于确保至少一个发起者（I）和一个应答者（R）之间的通信的方法产生响应者（R）内的第一密钥（KEr），在响应者（R）内产生第二密钥（K），计算一个使用第一密钥（KEr）和所述应答器（R）内的第二密钥的认证码（C），使用应答器（R）将第二密钥（K）和认证码（C）发送到发起者（I），使用第一通信信道使用第二通信信道将响应者（R）的第一密钥（KEr）发送到发起者（I），使用第一密钥（KEr）和第二密钥（KEr）计算验证码（C' K），并且将验证码（C'）与发起者内的认证码（C）进行比较。

10. 发明授权

US07418595B2 Replay prevention mechanism for EAP/SIM authentication 有权
标题翻译： EAP / SIM认证重放防范机制
公开(公告)号：US07418595B2
公开(公告)日：2008-08-26
申请号：US10751300
申请日：2004-01-02
申请人： Pasi Eronen , Henry Haverinen , Kaisa Nyberg
发明人： Pasi Eronen , Henry Haverinen , Kaisa Nyberg
IPC分类号： H04L9/00
CPC分类号： H04L9/002 , H04L9/3236 , H04L9/3271 , H04L2209/80 , H04W12/06
摘要： A method for use by a telecommunication terminal (10) in checking whether a candidate RAND in an EAP/SIM RAND challenge is likely a replay, based on using a Bloom filter including a vector data structure (21) for determining (admittedly sometimes erroneously) whether the candidate RAND is in a set of previously used RAND values. The components of the vector data structure (21) are set to one or left at zero depending on whether pointers corresponding to the previously used RAND values point to them. The pointers can be hash functions or can be constructed from the previously used RAND values. To provide for smooth filter performance at points in time when the Bloom filter is full and cannot hold information for any new previously used RAND values, the vector data structure (21) is partitioned into more than one part, and only one part is reset and re-initialized at a time.
摘要翻译：基于使用包括矢量数据结构（21）的布隆过滤器来确定（确实有时是错误的）的方式，由通信终端（10）用于检查EAP / SIM RAND质询中的候选RAND是否可能是重播，候选RAND是否是一组先前使用的RAND值。取决于与先前使用的RAND值相对应的指针是否指向矢量数据结构（21）的分量被设置为一个或左边为零。指针可以是散列函数，也可以从先前使用的RAND值构造。为了在布隆过滤器已满并且不能保存任何新的先前使用的RAND值的信息的时间点提供平稳的滤波器性能，向量数据结构（21）被划分成多于一个部分，并且只有一个部分被重置，并且一次重新初始化。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式