专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明公开

EP1371206A1 METHOD AND SYSTEM FOR DELEGATION OF SECURITY PROCEDURES TO A VISITED DOMAIN 有权
标题翻译：方法和设备进行委派安全措施以AN一带走访
公开(公告)号：EP1371206A1
公开(公告)日：2003-12-17
申请号：EP02701075.0
申请日：2002-01-24
申请人： Nokia Corporation , Faccin, Stefano M.
发明人： FACCIN, Stefano , LE, Franck
IPC分类号： H04L29/06 , H04Q7/38
CPC分类号： H04L63/08 , H04L9/083 , H04L9/321 , H04L9/3271 , H04L63/067 , H04L63/0892 , H04L63/107 , H04L63/123 , H04L2209/80 , H04L2463/061 , H04W12/04 , H04W12/06 , H04W36/0038
摘要： A method and system for delegation of security procedures to a second domain. A first key is generated for a mobile node. The first key is stored at the mobile node and at a home domain of the mobile node. The mobile node is moved to the second domain. A request is sent from the second domain to the home domain to authenticate the mobile node. A second key is generated at the home domain using the first key and a random number. The random number and the second key are sent to the second domain. The random number is sent to the mobile node by the second domain. The mobile node generates the second key using the random number and the first key. The second key is used for authentication procedures and/or key derivation procedures between the mobile node and the second domain.
摘要翻译：一种安全程序委派方法和系统的第二域。第一密钥被用于移动节点生成。第一密钥存储在移动节点和移动节点的归属域。移动节点被移动到所述第二结构域。的请求从第二域发送到归属域来认证移动节点。第二个关键是在使用第一密钥和随机数的归属域生成。随机数和第二密钥发送到第二域。该随机数由所述第二域发送到移动节点。移动节点基因费率使用随机数和所述第一密钥的第二密钥。第二密钥被用于认证的程序和/或移动节点，并且所述第二结构域之间密钥推导过程。

2. 发明申请

WO2007080495A2 ROAMING QUERIES PRIOR TO ASSOCIATION/AUTHENTICATION 审中-公开
标题翻译：在协会/认证前的漫游查询
公开(公告)号：WO2007080495A2
公开(公告)日：2007-07-19
申请号：PCT/IB2007/000064
申请日：2007-01-09
申请人： NOKIA CORPORATION , NOKIA INC.
发明人： FACCIN, Stefano
IPC分类号： H04L12/28 , H04Q7/38
CPC分类号： H04L67/2819 , H04L67/04 , H04L67/28 , H04L67/2861 , H04W36/0005 , H04W36/0011 , H04W48/08 , H04W48/14 , H04W48/16 , H04W80/04 , H04W88/08 , Y02D70/142
摘要： A mechanism to enable roaming queries prior to association/authentication while maintaining the advantages of power saving mechanisms can be implemented. The mechanism can involve requiring a mobile terminal to request the desired information a second time so that the access point may take sufficient time to obtain the desired information. The mechanism can be implemented in conjunction with IEEE 802.11.
摘要翻译：可以实现在保持关机/认证之前进行漫游查询同时保持省电机制的优点的机制。该机制可以涉及要求移动终端第二次请求所需信息，使得接入点可能需要足够的时间来获得期望的信息。该机制可以结合IEEE 802.11实现。

3. 发明申请

WO2006103536A1 AUTHENTICATION MECHANISM FOR UNLICENSED MOBILE ACCESS 审中-公开
标题翻译：未经许可的移动接入认证机制
公开(公告)号：WO2006103536A1
公开(公告)日：2006-10-05
申请号：PCT/IB2006/000722
申请日：2006-03-29
申请人： NOKIA CORPORATION , ZHENG, Haihong , FACCIN, Stefano
发明人： ZHENG, Haihong , FACCIN, Stefano
IPC分类号： H04Q7/38 , H04L12/28
CPC分类号： H04L63/162 , H04L63/08 , H04L63/0892 , H04W12/06 , H04W36/0038 , H04W84/12
摘要： Unlicensed Mobile Access (UMA) authentication techniques are provided. These techniques may use existing authentication mechanisms, such as a Cellular Authentication and Voice Encryption (CAVE) algorithm-based or Message Digest 5 (MD5) algorithm-based authentication mechanism.
摘要翻译：提供非授权移动访问（UMA）认证技术。这些技术可以使用现有的认证机制，例如基于蜂窝认证和语音加密（CAVE）算法或消息摘要5（MD5）算法的认证机制。

4. 发明申请

WO2006032046A1 APPARATUS, AND AN ASSOCIATED METHOD, FOR FACILITATING FAST TRANSITION IN A NETWORK SYSTEM 审中-公开
标题翻译：装置和相关方法，用于促进网络系统中的快速过渡
公开(公告)号：WO2006032046A1
公开(公告)日：2006-03-23
申请号：PCT/US2005/033350
申请日：2005-09-15
申请人： NOKIA CORPORATION , NOKIA INC. , FACCIN, Stefano , EDNEY, Jonathan, P.
发明人： FACCIN, Stefano , EDNEY, Jonathan, P.
IPC分类号： H04L12/28
CPC分类号： H04L63/083 , H04L9/0844 , H04L63/123 , H04L2209/80 , H04W8/005 , H04W12/06 , H04W36/0016 , H04W36/08 , H04W48/16 , H04W84/12 , H04W88/08
摘要： An apparatus, system, computer-readable medium, and method to facilitate quick transition of communications of a mobile station between network stations of a radio communication system, such as a WLAN operable to a variant of an IEEE 802 operating specification, is provided. Implementations of embodiments described herein reduce the transition duration by a pre-keying mechanism that performs authentication procedures prior to commencement of reassociation procedures. In other embodiments, a mobile station is allowed to select whether to perform pre-keying processes over an air interface with a target transition access point or whether to perform the pre-keying processes over a distribution system.
摘要翻译：提供了一种装置，系统，计算机可读介质和方法，用于促进移动站在无线电通信系统（例如可操作为IEEE802操作规范的变体的WLAN）的网络站之间的通信的快速转换。本文描述的实施例的实现通过在重新关联过程开始之前执行认证过程的预密钥机制来减少转换持续时间。在其他实施例中，允许移动台选择是否通过与目标转换接入点的空中接口执行预密钥处理，或者是否通过分发系统执行预密钥处理。

5. 发明申请

WO2005120010A1 EXTENSIONS TO FILTER ON IPV6 HEADER 审中-公开
标题翻译：扩展IPV6头过滤器
公开(公告)号：WO2005120010A1
公开(公告)日：2005-12-15
申请号：PCT/IB2005/001401
申请日：2005-05-23
申请人： NOKIA CORPORATION , NOKIA INC.
发明人： LE, Frank , FACCIN, Stefano
IPC分类号： H04L29/06
CPC分类号： H04L63/0227 , H04L63/029 , H04L69/22
摘要： A network implementing at least one firewall for providing protection for users on the network. The network includes at least one host system protected by the at least one firewall, the host system being configured to send and receive information from external host systems through the at least one firewall. The at least one firewall including installation means for installing policy rules that are transmitted form at least one network entity to the at least one firewall. The policy rules include an option field for allowing the at least one network entity to send additional information to the firewall. The additional information relating to at least one type of information used in at least one of a Internet Protocol version 6 protocol or a mobile Internet Protocol version 6 protocol. The additional information is optionally used by the at least one firewall to filter on data travelling through the at least one firewall.
摘要翻译：实现至少一个防火墙的网络，用于为网络上的用户提供保护。该网络包括由至少一个防火墙保护的至少一个主机系统，主机系统被配置为通过至少一个防火墙从外部主机系统发送和接收信息。所述至少一个防火墙包括用于安装从至少一个网络实体发送到所述至少一个防火墙的策略规则的安装装置。策略规则包括用于允许至少一个网络实体向防火墙发送附加信息的选项字段。关于在因特网协议版本6协议或移动因特网协议版本6协议中的至少一个中使用的至少一种类型的信息的附加信息。所述附加信息可选地由所述至少一个防火墙使用以过滤穿过所述至少一个防火墙的数据。

6. 发明申请

WO2005064890A1 A METHOD TO SUPPORT MOBILE IP MOBILITY IN 3GPP NETWORKS WITH SIP ESTABLISHED COMMUNICATIONS 审中-公开
标题翻译：支持3GPP网络中移动IP移动性的方法与SIP建立通信
公开(公告)号：WO2005064890A1
公开(公告)日：2005-07-14
申请号：PCT/IB2004/004256
申请日：2004-12-15
申请人： NOKIA CORPORATION , LE, Franck , FACCIN, Stefano , PURNADI, Rene , GRECH, Sandro
发明人： LE, Franck , FACCIN, Stefano , PURNADI, Rene , GRECH, Sandro
IPC分类号： H04L29/06
CPC分类号： H04L63/0236 , H04L29/06027 , H04L63/0254 , H04L63/029 , H04L65/1006 , H04L65/1016 , H04L65/80 , H04W80/04 , H04W80/10
摘要： The invention proposes a method for controlling a connection between a first network node and a second network node, wherein the connection is controlled by a packet filtering function filtering packets such that a packet is discarded in case a source address and/or a destination address do not comply with a filtering rule, wherein the packet filtering function is configured at a connection set up, and at least one of the first or second network node is adapted to change its address, the method comprising the steps of informing the packet filtering function about the new address of the network node having changed its address, and updating the packet filter of the packet filtering function by using the new address of the network node having changed its address. The invention also proposes a corresponding network system comprising at least a network node and a packet filtering network element. Furthermore, the invention proposes a corresponding packet filtering network device.
摘要翻译：本发明提出了一种用于控制第一网络节点和第二网络节点之间的连接的方法，其中所述连接由过滤分组的分组过滤功能控制，使得在源地址和/或目的地地址做的情况下丢弃分组不符合过滤规则，其中所述包过滤功能被配置在建立的连接处，并且所述第一或第二网络节点中的至少一个适于改变其地址，所述方法包括以下步骤：通知所述包过滤功能关于网络节点的新地址已经改变了其地址，并且通过使用已经改变了其地址的网络节点的新地址来更新分组过滤功能的分组过滤器。本发明还提出了至少包括网络节点和分组过滤网络元件的对应网络系统。此外，本发明提出了一种相应的分组过滤网络设备。

7. 发明申请

WO2005053275A1 METHOD AND SYSTEM FOR FILTERING MULTIMEDIA TRAFFIC BASED ON IP ADDRESS BINDINGS 审中-公开
标题翻译：基于IP地址绑定过滤多媒体业务的方法和系统
公开(公告)号：WO2005053275A1
公开(公告)日：2005-06-09
申请号：PCT/IB2004/003850
申请日：2004-11-24
申请人： NOKIA CORPORATION , LE, Frank , FACCIN, Stefano
发明人： LE, Frank , FACCIN, Stefano
IPC分类号： H04L29/12
CPC分类号： H04L63/0209 , H04L29/12009 , H04L29/1233 , H04L29/12358 , H04L29/12547 , H04L41/0604 , H04L61/251 , H04L61/2582 , H04L63/0254 , H04L63/029 , H04L65/1006 , H04L65/1016
摘要： Methods and correspondent nodes (CN) to filter IP communications through firewalls (TW) in scenarios where dynamic pinholes are created to ensure an appropriate level of security is disclosed. The invention is based on creating a secure and authorized anchor (TrGW) for communications where all the communications are routed through before a firewall (TW) performs the packet filtering. A Translator Gateway (TrGW) switches addresses in the header according to a stored Mapping Table and an interface between a CPS (or a SIP proxy) and the TrGW. This interface allows the CPS to request the TrGW to provide bindings data between IP addresses upon session initiation, the TrGW to provide the bindings data to the CPS and the CPS to release the bindings at session release. The firewall (TW) accepts incoming packets whose IP address belongs to the pool of addresses of the TrGW. Thus any incoming packet that does not correspond to an existing call will be dropped at the TrGW, and a valid packet will go through the firewall which will verify that the packet is not a malformed message or other attack.
摘要翻译：在创建动态针孔以确保适当的安全级别的情况下，通过防火墙（TW）过滤IP通信的方法和通信节点（CN）。本发明基于为通信创建安全和授权的锚（TrGW），其中所有通信在防火墙（TW）执行分组过滤之前被路由通过。转换器网关（TrGW）根据存储的映射表和CPS（或SIP代理）与TrGW之间的接口切换报头中的地址。该接口允许CPS请求TrGW在会话发起时在IP地址之间提供绑定数据，TrGW向CPS提供绑定数据，CPS将会话释放时释放绑定。防火墙（TW）接受IP地址属于TrGW地址池的传入数据包。因此，任何不对应于现有呼叫的传入分组将在TrGW处丢弃，并且有效的分组将通过防火墙，这将验证分组不是格式错误的消息或其他攻击。

8. 发明申请

WO2004003679A3 METHOD OF REGISTERING HOME ADDRESS OF A MOBILE NODE WITH A HOME AGENT 审中-公开
公开(公告)号：WO2004003679A3
公开(公告)日：2004-01-08
申请号：PCT/IB2003/002511
申请日：2003-06-27
申请人： NOKIA CORPORATION , NOKIA INC.
发明人： LE, Franck , FACCIN, Stefano , PATIL, Basavaraj
IPC分类号： G06F15/16
摘要： A method for registering a home address of a mobile node with a home agent in a network. Instead of using the home address of the mobile node as the key element is identifying the mobile node, the home agent uses the network access identity of the mobile node included in a registration request (1) sent by the mobile node to the home agent in the registration process. Upon receiving the registration request, the home agent authenticates (2) the mobile node by selecting the appropriate security association (3) based on the network access identity. In response, the home agent (4) may send authentication and Key material to the mobile node so as to allow the mobile node to further provide the home agent with a mobile node authentication (5) for use in a challenge-response procedure.

9. 发明申请

WO2007003992A2 METHOD, SYSTEM & COMPUTER PROGRAM PRODUCT FOR DISCOVERING CHARACTERISTICS OF MIDDLEBOXES 审中-公开
标题翻译：用于发现中间盒特性的方法，系统和计算机程序产品
公开(公告)号：WO2007003992A2
公开(公告)日：2007-01-11
申请号：PCT/IB2006/001361
申请日：2006-05-25
申请人： NOKIA CORPORATION , LE, Franck , FACCIN, Stefano
发明人： LE, Franck , FACCIN, Stefano
CPC分类号： H04L29/12528 , H04L29/12471 , H04L29/12509 , H04L61/2553 , H04L61/2567 , H04L61/2575
摘要： A method, computer program product, communications device and system for enabling an end node or terminal to discover one or more characteristics of a firewall on the communications path between the end node and a data network are provided. In particular, middlebox configuration protocols have been extended to allow a user to run additional tests in order to determine, for example, whether a discovered firewall blocks unsolicited incoming requests, as well as what the length of time associated with a particular state created by the discovered firewall is.
摘要翻译：提供了用于使端节点或终端能够发现端节点和数据网络之间的通信路径上的防火墙的一个或多个特征的方法，计算机程序产品，通信设备和系统。特别是，中间件配置协议已经扩展到允许用户运行附加测试，以便确定例如发现的防火墙是否阻止未经请求的传入请求，以及与由该应用程序创建的特定状态相关的时间长度发现的防火墙是。

10. 发明申请

WO2006031974A1 REQUESTING AND/OR ALLOCATING COMMUNICATION RESOURCES AT A NEW ACCESS POINT BEFORE TRANSMITTING A REASSOCIATION REQUEST 审中-公开
标题翻译：在发送重新申请请求之前，要求和/或分配新的访问点的通信资源
公开(公告)号：WO2006031974A1
公开(公告)日：2006-03-23
申请号：PCT/US2005/032944
申请日：2005-09-15
申请人： NOKIA CORPORATION , NOKIA INC. , FACCIN, Stefano , EDNEY, Jonathan P.
发明人： FACCIN, Stefano , EDNEY, Jonathan P.
IPC分类号： H04L12/28
CPC分类号： H04W36/18 , H04W36/08 , H04W72/0406 , H04W84/12
摘要： Apparatus, and an associated method, for requesting, and allocating communication resources at a new fixed-site transceiver of a radio communication system, such as a new access point of a wireless local area network. A resource information container is formed that is structured to include information elements that identify, amongst other things, resource requirements of a mobile unit. The information elements of a resource information container (232) include a root node (233), one or more leaf nodes (236a - 236d), and, selectably, one or more group nodes (234). The resource information container is communicated (114a), (118a) prior to commencement of transition procedures (132), (134a) to early-reserve or determine availability of resources at a new access point.
摘要翻译：一种用于在诸如无线局域网的新接入点的无线电通信系统的新的固定站点收发器处请求和分配通信资源的装置和相关联的方法。形成资源信息容器，该资源信息容器被构造成包括特别是识别移动单元的资源需求的信息元素。资源信息容器（232）的信息元素包括根节点（233），一个或多个叶节点（236a-236d），以及可选地，一个或多个组节点（234）。在开始转换过程（132），（134a）之前传送资源信息容器（114a），（118a）以早期预留或确定在新接入点处的资源的可用性。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式