专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07343014B2 Method for sharing the authorization to use specific resources 失效
标题翻译：共享授权使用特定资源的方法
公开(公告)号：US07343014B2
公开(公告)日：2008-03-11
申请号：US10621258
申请日：2003-07-15
申请人： Sampo Sovio , Nadarajah Asokan , Kaisa Nyberg , Valtteri Niemi
发明人： Sampo Sovio , Nadarajah Asokan , Kaisa Nyberg , Valtteri Niemi
IPC分类号： H04K9/00 , H04L9/00
CPC分类号： H04L9/0827 , H04L9/0863 , H04L9/3226 , H04L9/3247 , H04L2209/76
摘要： The invention relates to a method for sharing the authorization to use specific resources among multiple devices, which resources are accessible via messages on which a secret key operation was applied with a predetermined secret master key d available at a master device 11. In order to provide an optimized sharing of authorization, it is proposed that the master device 11 splits the secret master key d into two parts d1, d2. A piece of information relating to the first part d1 of the secret master key d is forwarded to the slave device 13 for enabling this slave device to perform a partial secret key operation on a message m. The second part d2 of the secret master key d is forwarded to a server 12 for enabling the server 12 to perform partial secret key operations on a message m received from the slave device 13.
摘要翻译：本发明涉及一种用于共享在多个设备之间使用特定资源的授权的方法，所述资源可以通过使用在主设备11上可用的预定秘密主密钥d应用秘密密钥操作的消息来访问。为了提供优化的授权共享，建议主设备11将秘密主密钥d分割成两部分d 2，d 2 2。与秘密主密钥d的第一部分d 1相关的信息被转发到从设备13，以使该从设备能够对消息m执行部分秘密密钥操作。秘密主密钥d的第二部分d 2 2被转发到服务器12，以使得服务器12能够对从设备13接收到的消息m执行部分秘密密钥操作。

2. 发明授权

US07707412B2 Linked authentication protocols 有权
标题翻译：链接的认证协议
公开(公告)号：US07707412B2
公开(公告)日：2010-04-27
申请号：US10528161
申请日：2002-11-25
申请人： Kaisa Nyberg , Valtteri Niemi , Nadarajah Asokan
发明人： Kaisa Nyberg , Valtteri Niemi , Nadarajah Asokan
IPC分类号： H04L9/32
CPC分类号： H04L63/0869 , H04L63/162 , H04W12/06
摘要： A system and method for authenticating a terminal in a communication system is described. The method includes executing a terminal authentication protocol, whereby the executing the terminal authentication protocol includes authenticating an identity of a network entity by a terminal in a communication system. The method further includes executing a challenge authentication protocol, wherein the executing the challenge authentication protocol includes sharing challenge data between the terminal and the network entity, and forming at the terminal, test data by at least applying one authentication function to the challenge data using the identifier. The executing the challenge authentication protocol further includes transmitting a message including terminal authentication data from the terminal to the network entity, and determining, based on the terminal authentication data, whether to provide the terminal with access to a service.
摘要翻译：描述用于认证通信系统中的终端的系统和方法。该方法包括执行终端认证协议，由此执行终端认证协议包括通信系统中的终端认证网络实体的身份。该方法还包括执行挑战认证协议，其中执行挑战认证协议包括在终端和网络实体之间共享挑战数据，以及在终端上形成测试数据，至少使用一个认证功能将其应用于质询数据标识符执行挑战认证协议还包括从终端向网络实体发送包括终端认证数据的消息，并且基于终端认证数据确定是否向终端提供对服务的访问。

3. 发明申请

US20050210251A1 Linked authentication protocols 有权
标题翻译：链接的认证协议
公开(公告)号：US20050210251A1
公开(公告)日：2005-09-22
申请号：US10528161
申请日：2002-11-25
申请人： Kaisa Nyberg , Valtteri Niemi , Nadarajah Asokan
发明人： Kaisa Nyberg , Valtteri Niemi , Nadarajah Asokan
IPC分类号： H04L12/56 , H04L29/06 , H04W12/06 , H04L9/00
CPC分类号： H04L63/0869 , H04L63/162 , H04W12/06
摘要： A method for authenticating a terminal in a communication system, the terminal comprising identification means for applying authentication functions to input data to form response data, and the communication system being arranged to utilise a first authentication protocol for authentication of the terminal, wherein an authentication functionality and the terminal share challenge data, the terminal forms response data and a first key by applying the authentication functions to the challenge data by means of the identification means, and returns the response data to the authentication functionality, and the authentication functionality authenticates the terminal by means of the response data and can apply an authentication function to the challenge data to duplicate the first key; the method comprising; executing a second authentication protocol wherein the terminal authenticates the identity of a network entity and the terminal and the network entity share a second key for use in securing subsequent communications between the terminal and the network entity; and subsequently executing a third authentication protocol by the steps of: sharing challenge data between the network entity and the terminal; forming at the terminal test data by at least applying one of the authentication functions to the challenge data by means of the identification means; transmitting a message comprising authentication data, from the terminal to the network entity; and determining based on the authentication data whether to provide the terminal with access to a service; wherein in the determining step the terminal is provided with access to the service only if the authentication data equals a predetermined function of at least the test data and the second key.
摘要翻译：一种用于在通信系统中认证终端的方法，所述终端包括识别装置，用于将认证功能应用于输入数据以形成响应数据，并且所述通信系统被布置为利用第一认证协议进行认证，其中认证功能终端共享挑战数据，终端通过识别装置将认证功能应用于质询数据，形成响应数据和第一密钥，并将响应数据返回给认证功能，并且认证功能通过响应数据的装置，并且可以将认证功能应用于质询数据以复制第一密钥; 该方法包括：执行第二认证协议，其中终端认证网络实体的身份，并且终端和网络实体共享用于保护终端和网络实体之间的后续通信的第二密钥; 并且随后通过以下步骤执行第三认证协议：在所述网络实体和所述终端之间共享挑战数据; 通过所述识别装置至少将所述认证功能中的一个应用于所述质询数据，在终端测试数据形成; 从终端向网络实体发送包括认证数据的消息; 以及基于所述认证数据确定是否向所述终端提供对服务的访问; 其中在所述确定步骤中，仅当所述认证数据等于至少所述测试数据和所述第二密钥的预定功能时，才向所述终端提供对所述服务的访问。

4. 发明授权

US08769284B2 Securing communication 有权
标题翻译：保障沟通
公开(公告)号：US08769284B2
公开(公告)日：2014-07-01
申请号：US11618537
申请日：2006-12-29
申请人： Philip Ginzboorg , Sampo Sovio , Nadarajah Asokan
发明人： Philip Ginzboorg , Sampo Sovio , Nadarajah Asokan
IPC分类号： H04L9/32
CPC分类号： H04L9/0822 , H04L9/0847 , H04L2209/80
摘要： An apparatus comprising a processor, the processor configured to select a first cryptographic key, encrypt a message with the first cryptographic key to produce a first encrypted message, and further encrypt the first cryptographic key and an identifier of a second apparatus with a first encryption key to form a second encrypted message.
摘要翻译：一种包括处理器的设备，所述处理器被配置为选择第一加密密钥，用第一加密密钥加密消息以产生第一加密消息，并且进一步用第一加密密钥加密第一加密密钥和第二装置的标识符以形成第二加密消息。

5. 发明授权

US08532304B2 Administration of wireless local area networks 有权
标题翻译：无线局域网管理
公开(公告)号：US08532304B2
公开(公告)日：2013-09-10
申请号：US11169328
申请日：2005-06-29
申请人： Nadarajah Asokan , Philip Ginzboorg , Seamus Moloney , Kari Ti. Kostiainen , Sampo Sovio , Jan-Erik Ekberg , Jari Takala
发明人： Nadarajah Asokan , Philip Ginzboorg , Seamus Moloney , Kari Ti. Kostiainen , Sampo Sovio , Jan-Erik Ekberg , Jari Takala
IPC分类号： H04L29/06
CPC分类号： H04W12/04 , H04L9/0838 , H04L9/3215 , H04L63/065 , H04L63/18 , H04L2209/80 , H04W12/06 , H04W48/20 , H04W84/12 , H04W88/08
摘要： Methods and systems for managing access to a wireless local area network are provided. A wireless access point (AP) may use a unified approach that utilizes an out-of-band channel to communicate authentication key and network address information to a guest device, and utilizes an in-band channel to establish communications with the guest device, and also provides support for in-band setup on all devices. The ability to use out-of-band where possible provides for an increase to security and usability, and the possibility of delegating access from one device to another. The unified approach thereby also provides easy management of guest access to the WLAN.
摘要翻译：提供了用于管理对无线局域网的访问的方法和系统。无线接入点（AP）可以使用利用带外信道将认证密钥和网络地址信息传送到来宾设备的统一方法，并且利用带内信道来建立与来宾设备的通信，以及还支持所有设备上的带内设置。在可能的情况下使用带外的能力提高了安全性和可用性，以及将访问权限从一个设备委派给另一个设备的可能性。因此，统一的方法也可以方便地管理访客访问WLAN。

6. 发明申请

US20060251256A1 Administration of wireless local area networks 有权
公开(公告)号：US20060251256A1
公开(公告)日：2006-11-09
申请号：US11169328
申请日：2005-06-29
申请人： Nadarajah Asokan , Philip Ginzboorg , Seamus Moloney , Kari Kostiainen , Sampo Sovio , Jan-Erik Ekberg , Jari Takala
发明人： Nadarajah Asokan , Philip Ginzboorg , Seamus Moloney , Kari Kostiainen , Sampo Sovio , Jan-Erik Ekberg , Jari Takala
IPC分类号： H04K1/00
CPC分类号： H04W12/04 , H04L9/0838 , H04L9/3215 , H04L63/065 , H04L63/18 , H04L2209/80 , H04W12/06 , H04W48/20 , H04W84/12 , H04W88/08
摘要： Methods and systems for managing access to a wireless local area network are provided. A wireless access point (AP) may use a unified approach that utilizes an out-of-band channel to communicate authentication key and network address information to a guest device, and utilizes an in-band channel to establish communications with the guest device, and also provides support for in-band setup on all devices. The ability to use out-of-band where possible provides for an increase to security and usability, and the possibility of delegating access from one device to another. The unified approach thereby also provides easy management of guest access to the WLAN.

7. 发明授权

US07194438B2 Electronic payment schemes in a mobile environment for short-range transactions 有权
标题翻译：在短期交易的移动环境中的电子支付方案
公开(公告)号：US07194438B2
公开(公告)日：2007-03-20
申请号：US10785025
申请日：2004-02-25
申请人： Sampo Sovio , Jan-Erik Ekberg , Nadarajah Asokan , Pekka Lahtinen
发明人： Sampo Sovio , Jan-Erik Ekberg , Nadarajah Asokan , Pekka Lahtinen
IPC分类号： G06Q99/00 , H04K1/00 , H04L9/00
CPC分类号： G07F7/1008 , G06Q20/20 , G06Q20/327 , G06Q20/3278 , G06Q20/341 , G06Q20/382 , G06Q20/3827 , G06Q20/388 , G07F7/0886 , H04M15/68 , H04M2215/0196
摘要： A short-range transaction system enables a user to conduct transactions with a self-service terminal in a user-friendly environment without using currency. The user carries a portable smart card, which interacts with a mobile phone. After authentication via an RFID connection, the device MAC address and a security key (K) are imprinted in the card. In operation, the user waves the smart card past the self-service terminal and activates an RFID connection. The terminal sends the card a random number. The card returns the MAC address and a result (RES) computed using the hash value and the security key. The terminal using the MAC address and security key establishes a secure connection with the device. The terminal downloads the user's transaction interface from the device and displays the user interface at the self-service terminal. The user completes a transaction at the terminal via the user interface.
摘要翻译：短距离交易系统使用户能够在不使用货币的情况下在用户友好的环境中与自助终端进行交易。用户携带便携式智能卡，其与移动电话交互。通过RFID连接认证后，设备的MAC地址和安全密钥（K）被印在卡中。在操作中，用户通过自助终端来移动智能卡并激活RFID连接。终端发送卡片随机数。卡返回MAC地址和使用哈希值和安全密钥计算的结果（RES）。使用MAC地址和安全密钥的终端建立与设备的安全连接。终端从设备下载用户的交易界面，并在自助终端显示用户界面。用户通过用户界面在终端完成事务。

8. 发明申请

US20050187882A1 Electronic payment schemes in a mobile environment for short-range transactions 有权
标题翻译：在短期交易的移动环境中的电子支付方案
公开(公告)号：US20050187882A1
公开(公告)日：2005-08-25
申请号：US10785025
申请日：2004-02-25
申请人： Sampo Sovio , Jan-Erik Ekberg , Nadarajah Asokan , Pekka Lahtinen
发明人： Sampo Sovio , Jan-Erik Ekberg , Nadarajah Asokan , Pekka Lahtinen
IPC分类号： G06F1/00 , G06Q20/00 , G07F7/10 , H04L9/00 , H04L29/06
CPC分类号： G07F7/1008 , G06Q20/20 , G06Q20/327 , G06Q20/3278 , G06Q20/341 , G06Q20/382 , G06Q20/3827 , G06Q20/388 , G07F7/0886 , H04M15/68 , H04M2215/0196
摘要： A short-range transaction system enables a user to conduct transactions with a self-service terminal in a user-friendly environment without using currency. The user carries a portable smart card, which interacts with a mobile phone. After authentication via an RFID connection, the device MAC address and a security key (K) are imprinted in the card. In operation, the user waves the smart card past the self-service terminal and activates an RFID connection. The terminal sends the card a random number. The card returns the MAC address and a result (RES) computed using the hash value and the security key. The terminal using the MAC address and security key establishes a secure connection with the device. The terminal downloads the user's transaction interface from the device and displays the user interface at the self-service terminal. The user completes a transaction at the terminal via the user interface.
摘要翻译：短距离交易系统使用户能够在不使用货币的情况下在用户友好的环境中与自助终端进行交易。用户携带便携式智能卡，其与移动电话交互。通过RFID连接认证后，设备的MAC地址和安全密钥（K）被印在卡中。在操作中，用户通过自助终端来移动智能卡并激活RFID连接。终端发送卡片随机数。卡返回MAC地址和使用哈希值和安全密钥计算的结果（RES）。使用MAC地址和安全密钥的终端建立与设备的安全连接。终端从设备下载用户的交易界面，并在自助终端显示用户界面。用户通过用户界面在终端完成事务。

9. 发明授权

US07783041B2 System, method and computer program product for authenticating a data agreement between network entities 有权
标题翻译：系统，方法和计算机程序产品，用于认证网络实体之间的数据协议
公开(公告)号：US07783041B2
公开(公告)日：2010-08-24
申请号：US11242374
申请日：2005-10-03
申请人： Nadarajah Asokan , Kaisa Nyberg
发明人： Nadarajah Asokan , Kaisa Nyberg
IPC分类号： H04K1/00
CPC分类号： H04L9/0844 , H04L63/0428 , H04L63/08 , H04L63/18 , H04L2209/80
摘要： A method for authenticating a data agreement between first and second network entities can include the first network entity committing to the agreed data value, and transmitting the committed data value and a first random value to the second network entity. The first network entity can receive a second random value, and can then open the committed data value such that the second network entity can check the committed data value. If successful, the second network entity can calculate a third check string, and the first network entity can similarly calculate a fourth check string, based upon the data value and the first and second random values. The first network entity can calculate the fourth check string without the second network entity committing to the data value. The method can then include comparing the check strings such that the agreed data can be considered authenticated based upon the comparison.
摘要翻译：用于认证第一和第二网络实体之间的数据协议的方法可以包括提交到约定的数据值的第一网络实体，以及向第二网络实体发送所提交的数据值和第一随机值。第一网络实体可以接收第二随机值，然后可以打开提交的数据值，使得第二网络实体可以检查提交的数据值。如果成功，则第二网络实体可以计算第三检查字符串，并且第一网络实体可以基于数据值和第一和第二随机值类似地计算第四检查字符串。第一个网络实体可以计算第四个检查字符串，而第二个网络实体不提交数据值。该方法然后可以包括比较检查字符串，使得可以基于比较认可约定的数据。

10. 发明授权

US07630495B2 Method for protecting electronic device, and electronic device 失效
标题翻译：电子设备保护方法及电子设备
公开(公告)号：US07630495B2
公开(公告)日：2009-12-08
申请号：US10186222
申请日：2002-06-28
申请人： Antti Kiiveri , Nadarajah Asokan , Valtteri Niemi
发明人： Antti Kiiveri , Nadarajah Asokan , Valtteri Niemi
IPC分类号： H04K1/00
CPC分类号： H04W88/02 , H04W12/08
摘要： Identity data of an operational unit and a verification key of the cryptographic method employed by the service provider are protected with a key of the cryptographic method employed by the manufacturer of the operational unit. The verification key of the cryptographic method employed by the manufacturer of the operational unit is stored in the operational unit of the electronic device. The identity data of the operational unit and the identity data of the service provider are protected with a key of the cryptographic method employed by the service provider. The identity data of the operational unit and the verification key of the service provider are verified with the verification key of the manufacturer of the operational unit. The identity data of the operational unit and the identity data of the service provider are verified with the verified verification key of the service provider. The identity data stored in the user-specific module are compared with the verified identity data. The device starts if the identity data verified by the cryptographic method correspond with the identity data stored in the user-specific module.
摘要翻译：操作单元的身份数据和由服务提供商使用的密码方法的验证密钥由操作单元的制造商采用的密码方法的密钥进行保护。操作单元的制造商使用的密码方法的验证密钥存储在电子设备的操作单元中。操作单元的身份数据和服务提供商的身份数据由服务提供商使用的密码方法的密钥保护。操作单元的身份数据和服务提供商的验证密钥由操作单元的制造商的验证密钥进行验证。操作单元的身份数据和服务提供商的身份数据用服务提供商的已验证验证密钥进行验证。将存储在用户特定模块中的身份数据与验证的身份数据进行比较。如果通过加密方法验证的身份数据与存储在用户特定模块中的身份数据相对应，则设备启动。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式