会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明授权
    • Lawful interception of end-to-end encrypted data traffic
    • 合法截取端到端加密数据流量
    • US07382881B2
    • 2008-06-03
    • US10497568
    • 2002-12-06
    • Ilkka UusitaloPasi AhonenRolf BlomBoman KristerMats Näslund
    • Ilkka UusitaloPasi AhonenRolf BlomBoman KristerMats Näslund
    • H04L9/00
    • H04L63/06H04L9/0841H04L9/0869H04L63/0428H04L63/08H04L63/306
    • A method of facilitating the lawful interception of an IP session between two or more terminals 12,13, wherein session uses encryption to secure traffic. The method includes storing a key allocated to at least one of terminals 12,13 or to at least one of the subscribers using one of the terminals 12,13, at the terminal 12,13 and at a node 5,8 within a network 1,6 through which session is conducted, or a node coupled to that network. Prior to the creation of session, a seed value is exchanged between the terminal 12,13 at which the key is stored and node 5,8. The key and the seed value are used at both the terminal 12,13 and the node 5,8 to generate a pre-master key. The pre-master key becomes known to each of the terminals 12,13 involved in the IP session and to the network node 5,8. The pre-master key is used, directly or indirectly, to encrypt and decrypt traffic associated with IP session.
    • 一种促进在两个或多个终端12,13之间合法拦截IP会话的方法,其中会话使用加密来保证业务。 该方法包括:在终端12,13和网络1内的节点5,8处,存储分配给终端12,13中的至少一个或至少一个用户的密钥 ,6通过其进行会话,或者耦合到该网络的节点。 在创建会话之前,在存储密钥的终端12,13和节点5,8之间交换种子值。 密钥和种子值都在终端12,13和节点5,8两端使用以产生预先主密钥。 对于IP会话中涉及的每个终端12,13和网络节点5,8,预先主密钥变得已知。 直接或间接地使用预先主密钥来加密和解密与IP会话相关联的流量。
    • 3. 发明授权
    • IP multimedia security
    • IP多媒体安全
    • US08539564B2
    • 2013-09-17
    • US13254013
    • 2009-03-04
    • Mats NäslundRolf BlomYi ChengFredrik LindholmKarl Norrman
    • Mats NäslundRolf BlomYi ChengFredrik LindholmKarl Norrman
    • G06F7/04
    • H04L63/06H04L9/0844H04L2209/80H04W12/04
    • A method of establishing keys for at least partially securing media plane data exchanged between first and second end users via respective first and second media plane network nodes. The method comprises sending session set-up signalling from said first end point towards said second end point, said session set-up signalling including a session key generated by said first end point. The set-up signalling is intercepted at a first signalling plane network node and a determination made as to whether or not a signalling plane key has already been established for securing the signalling plane between said first end point and said first signalling plane network node. If a signalling plane key has already been established, then a media plane key is derived from that signalling plane key, and the media plane key sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node. If a signalling plane key has not already been established, then an alternative media plane key is derived from said session key and sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node.
    • 一种建立用于经由相应的第一和第二媒体平面网络节点至少部分地保护在第一和第二终端用户之间交换的媒体平面数据的密钥的方法。 该方法包括从所述第一端点向所述第二端点发送会话建立信令,所述会话建立信令包括由所述第一端点产生的会话密钥。 建立信令在第一信令平面网络节点被拦截,并且确定信令平面密钥是否已被建立用于在所述第一终端和所述第一信令平面网络节点之间保护信令平面。 如果已经建立了信令平面密钥,则从该信令平面密钥导出媒体平面密钥,并且将媒体平面密钥发送到所述第一媒体平面网络节点,以将介质平面固定在所述第一终端用户和所述第一媒体之间 平面网络节点。 如果还没有建立信令平面密钥,则从所述会话密钥导出替代媒体平面密钥,并将其发送到所述第一媒体平面网络节点,以便在所述第一终端用户和所述第一媒体平面网络节点之间保护媒体平面。
    • 4. 发明授权
    • Access to services in a telecommunications network
    • 访问电信网络中的服务
    • US08261078B2
    • 2012-09-04
    • US12303342
    • 2006-06-09
    • Luis BarrigaRolf BlomMats Näslund
    • Luis BarrigaRolf BlomMats Näslund
    • H04L9/32
    • H04L65/1016H04L9/32H04L9/321H04L63/0421H04L63/062H04L63/08H04L63/0815H04L63/0853H04L2209/80H04W4/00H04W12/02H04W12/04H04W12/06H04W60/00H04W74/00H04W88/16
    • A method and arrangement is disclosed for providing a user, not previously having an individual subscription with a network operator, with credentials for secure access to network services. The arrangement includes a gateway, associated with a subscription for network services, having means for generating and exporting to a user entity personalized user security data derived from security data related to the subscription. In particular, the derivation of credentials is based on a function that is shared between network and gateway and further conveniently makes use of bootstrapping on keying material from the subscription authentication. Pre-registered user identities are assigned trusted users who, thereafter, can download credentials and authenticate for service access. The invention may be implemented at a public place for providing temporary visitors network access whereby trust may exemplary be established by presenting a credit card.
    • 公开了一种方法和装置,用于提供先前不具有与网络运营商的单独订阅的用户,以及用于安全访问网络服务的凭证。 该安排包括与网络服务的订阅相关联的网关,具有用于生成和导出到用户实体的个体化用户安全数据,该安全数据是从与订阅有关的安全数据导出的。 特别地,证书的推导基于在网络和网关之间共享的功能,并且进一步方便地利用来自订阅认证的密钥材料的引导。 预先注册的用户身份被分配给受信任的用户,其后可以下载凭证并进行身份验证以进行服务访问。 本发明可以在公共场所实现,以提供临时访问者网络访问,从而通过呈现信用卡可以示范地建立信任。
    • 5. 发明授权
    • Method and apparatus for handling keys used for encryption and integrity
    • 用于处理用于加密和完整性的密钥的方法和装置
    • US09106409B2
    • 2015-08-11
    • US11726527
    • 2007-03-22
    • Rolf BlomKarl NorrmanMats Näslund
    • Rolf BlomKarl NorrmanMats Näslund
    • H04L9/08H04L29/06H04W12/04
    • H04L63/062H04L9/0844H04L9/0891H04L2209/80H04W12/04
    • A method and an arrangement for providing keys for protecting communication between a terminal (300) and service points in a communication network. A basic key (Ik) is first established with a service control node (304) when the terminal has entered the network. An initial modified key (Ik1) is then created in both the service control node and the terminal, by applying a predetermined first function (f) to at least the basic key and an initial value of a key version parameter (v). The initial modified key is sent to a first service point (302), such that it can be used to protect communication between the terminal and the first service point. When the terminal switches to a second service point (306), the first service point and the terminal both create a second modified key (Ik2) by applying a predetermined second function (g) to the initial modified key, and the first service point sends the second modified key to the second service point.
    • 一种用于提供用于保护终端(300)与通信网络中的服务点之间的通信的密钥的方法和装置。 当终端进入网络时,首先与服务控制节点(304)建立基本密钥(Ik)。 然后,通过将预定的第一函数(f)应用于至少基本密钥和密钥版本参数(v)的初始值,在服务控制节点和终端两者中创建初始修改密钥(Ik1)。 初始修改的密钥被发送到第一服务点(302),使得其可以用于保护终端和第一服务点之间的通信。 当终端切换到第二服务点(306)时,第一服务点和终端都通过对初始修改密钥应用预定的第二功能(g)来创建第二修改密钥(Ik2),并且第一服务点发送 第二个修改密钥到第二个服务点。
    • 8. 发明授权
    • Cryptography using finite fields of odd characteristic on binary hardware
    • 使用二进制硬件奇数特征的有限域进行加密
    • US07724898B2
    • 2010-05-25
    • US10271947
    • 2002-10-17
    • Mats NäslundRolf Blom
    • Mats NäslundRolf Blom
    • H04K1/00
    • G06F7/724G06Q20/3829H04L9/0841H04L9/3066
    • A cryptographic method is described. The method comprises storing binary data representing at least a portion of a field element of an odd-characteristic finite field GF(pk) in a register, p being an odd prime number, the field element comprising k coefficients in accordance with a polynomial-basis representation, the binary data comprising plural groups of data bits, wherein each group of data bits represents an associated one of the k coefficients and processing the binary data in accordance with a cryptographic algorithm such that the plural groups of data bits are processed in parallel. An apparatus comprising a memory and a processing unit coupled to the memory to carry out the method is also described.
    • 描述密码方法。 该方法包括将表示奇数特性有限域GF(pk)的场元素的至少一部分的二进制数据存储在寄存器中,p是奇数素数,该场元素包括根据多项式基础的k个系数 表示,包括多组数据位的二进制数据,其中每组数据位表示k个系数中的相关联的一个,并且根据密码算法处理二进制数据,使得并行处理多组数据位。 还描述了包括存储器和耦合到存储器以执行该方法的处理单元的装置。
    • 10. 发明授权
    • Error correction using finite fields of odd characteristics on binary hardware
    • 使用二进制硬件奇数特征的有限域进行纠错
    • US07243292B1
    • 2007-07-10
    • US10271945
    • 2002-10-17
    • Mats NäslundRolf Blom
    • Mats NäslundRolf Blom
    • H03M13/00
    • H03M13/158G06F7/724G06F7/725H03M13/6561
    • Binary data representing a code word of an error-correcting code is used for calculating a syndrome, wherein a given portion of the binary data comprises k groups of data bits and represents a field element of the finite field GF(pk), p being an odd prime number, the field element comprising k coefficients in accordance with a polynomial basis representation, each group of data bits of the given portion representing a corresponding one of the k coefficients. The given portion, is stored in a first general purpose register and is processed such that the k groups of data bits of the given portion are processed in parallel; determining whether the syndrome is equal to zero; and detecting and correcting errors in the binary data if the syndrome is not equal to zero.
    • 表示纠错码的代码字的二进制数据用于计算校正子,其中二进制数据的给定部分包括k组数据位,并且表示有限域GF(p < / SUP>),p是奇素数,场元素包括根据多项式基表示的k个系数,给定部分的每组数据位表示k个系数中的相应一个。 给定部分存储在第一通用寄存器中,并被处理使得给定部分的k组数据位被并行处理; 确定综合征是否等于零; 以及如果所述综合征不等于零,则检测和校正二进制数据中的错误。