专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

WO2013174437A1 ENHANCED SECURE VIRTUAL MACHINE PROVISIONING 审中-公开
标题翻译：增强安全虚拟机提供
公开(公告)号：WO2013174437A1
公开(公告)日：2013-11-28
申请号：PCT/EP2012/059768
申请日：2012-05-24
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL) , MORENIUS, Fredric , MÉHES, András , GEHRMANN, Christian
发明人： MORENIUS, Fredric , MÉHES, András , GEHRMANN, Christian
IPC分类号： G06F21/57
CPC分类号： H04L63/0435 , G06F9/45533 , G06F9/45558 , G06F21/57 , G06F2009/45587 , G06F2221/034 , H04L63/08 , H04L63/0807
摘要： In a method of provisioning a virtual machine (VM) to a computing network (401), a VM manager or provisioner (403, 408) encrypts a virtual machine using a key bound to at least one security profile indicative of one or more security requirements that a computing resource (402) of the computing network (401) must satisfy in order to be able to decrypt the VM. A key for use in decrypting the VM has previously been sealed into multiple (and preferably into all) computing resources (402) in the network into which the VM is to be provisioned, and has been sealed such that a computing resource can obtain the key only if it is in a state that satisfies the security profile, or at least one security profile, to which the key is bound The VM manager or provisioner (403, 408) creates a VM launch package that includes the encrypted VM and that also includes a key that may be used in decrypting the encrypted VM. When the VM launch package is received at a computing resource (402), the computing resource will not be able to recover the key for use in decrypting the VM - and hence will be unable to decrypt the VM - unless the computing resource satisfies the security requirements indicated by the security profile. The VM manager or provisioner can thus be sure that the VM will not be launched on a computing resource that does not meet the desired security profile. Alternatively the VM manager or provisioner (403, 408) may send a token corresponding to a desired security profile with an encrypted VM. A computing resource uses the token to obtain a key to decrypt the VM but the computing resource will not be able to recover the key unless the computing resource satisfies the security requirements indicated by the token.
摘要翻译：在向计算网络（401）提供虚拟机（VM）的方法中，VM管理器或供应器（403,408）使用绑定到指示一个或多个安全要求的至少一个安全简档的密钥来加密虚拟机计算网络（401）的计算资源（402）必须满足以便能够解密VM。用于解密VM的密钥先前已经被密封成要被提供虚拟机的网络中的多个（并且优选地到所有的）计算资源（402），并且已经被密封，使得计算资源可以获得密钥只有当它处于满足密钥被绑定的安全简档或至少一个安全简档的状态时，VM管理器或供应器（403,408）创建包括加密的VM的VM启动包，并且还包括可用于解密加密的VM的密钥。当在计算资源（402）处接收到VM启动包时，计算资源将无法恢复用于解密VM的密钥，因此将无法解密VM，除非计算资源满足安全性要求由安全性配置文件表示。因此，VM管理器或配置器可以确保不会在不满足期望的安全配置文件的计算资源上启动VM。或者，VM管理器或供应器（403,408）可以向加密的VM发送与期望的安全简档对应的令牌。计算资源使用令牌来获取解密VM的密钥，但计算资源将无法恢复密钥，除非计算资源满足令牌所指示的安全性要求。

2. 发明申请

WO2005050441A1 UPDATING DATA IN A MOBILE TERMINAL 审中-公开
标题翻译：更新移动终端中的数据
公开(公告)号：WO2005050441A1
公开(公告)日：2005-06-02
申请号：PCT/EP2004/011500
申请日：2004-10-14
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (publ) , EKER, Johan , GEHRMANN, Christian , SVENSSON, Per
发明人： EKER, Johan , GEHRMANN, Christian , SVENSSON, Per
IPC分类号： G06F9/445
CPC分类号： G06F21/57 , G06F8/658 , H04W8/245
摘要： A method of differentially updating stored data in a mobile terminal from a first data version to an updated data version. The method comprises detecting whether the stored data in the mobile terminal includes one or more corrupted portions of the stored data inconsistent with the first data version; loading differential update instructions into the mobile terminal; and generating the updated data version by the mobile terminal from the stored data and the loaded differential update instructions, including repairing any detected corrupted portions.
摘要翻译：一种将移动终端中的存储数据从第一数据版本到更新的数据版本进行差分更新的方法。该方法包括检测移动终端中存储的数据是否包含与第一数据版本不一致的存储数据的一个或多个损坏部分; 将差分更新指令加载到移动终端中; 以及由移动终端从存储的数据和所加载的差分更新指令生成更新的数据版本，包括修复任何检测到的损坏部分。

3. 发明申请

WO2006136280A1 SIM/UICC BASED BROADCAST PROTECTION 审中-公开
标题翻译：基于SIM / UICC的广播保护
公开(公告)号：WO2006136280A1
公开(公告)日：2006-12-28
申请号：PCT/EP2006/005365
申请日：2006-06-06
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL) , GEHRMANN, Christian , BLOM, Rolf
发明人： GEHRMANN, Christian , BLOM, Rolf
IPC分类号： H04L29/06 , H04L12/22
CPC分类号： H04H60/23 , H04H60/15 , H04L9/0833 , H04L9/3234 , H04L9/3271 , H04L12/189 , H04L63/062 , H04W4/06 , H04W12/04 , H04W12/08
摘要： A method is described herein for protecting multicast/broadcast traffic (e.g., mobile TV, multimedia) which is transmitted from a broadcast service provider via a mobile operator to one or more mobile devices. To protect the multicast/broadcast traffic, the method utilizes a broadcast key distribution and encryption architecture that is based in part on the existing GSM/UMTS authentication standards.
摘要翻译：本文描述了一种用于保护从广播服务提供商经由移动运营商发送到一个或多个移动设备的多播/广播业务（例如，移动电视，多媒体）的方法。为了保护多播/广播流量，该方法利用了部分基于现有GSM / UMTS认证标准的广播密钥分发和加密体系结构。

4. 发明申请

WO2013057682A1 SECURE CLOUD-BASED VIRTUAL MACHINE MIGRATION 审中-公开
标题翻译：安全基于云的虚拟机移动
公开(公告)号：WO2013057682A1
公开(公告)日：2013-04-25
申请号：PCT/IB2012/055677
申请日：2012-10-17
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL) , GEHRMANN, Christian , NASLUND, Mats , POURZANDI, Makan
发明人： GEHRMANN, Christian , NASLUND, Mats , POURZANDI, Makan
IPC分类号： G06F9/48 , G06F9/455
CPC分类号： G06F9/4856
摘要： A virtual machine (VM) system is provided. The system includes a target physical server (PS) that has a resource configuration. The system includes a source PS that runs a virtual machine (VM). The source PS is in communication with the target PS. The source PS includes a memory that stores a migration policy file. The migration policy file includes at least one trust criteria in which the at least one trust criteria indicates a minimum resource configuration. The source PS includes a receiver that receives target PS resource configuration and a processor in communication with the memory and receiver. The processor determines whether the target PS resource configuration meets the at least one trust criteria. The processor initiates VM migration to the target PS based at least in part on whether the target PS resource configuration meets the at least one trust criteria.
摘要翻译：提供虚拟机（VM）系统。该系统包括具有资源配置的目标物理服务器（PS）。该系统包括运行虚拟机（VM）的源PS。源PS与目标PS通信。源PS包括存储迁移策略文件的存储器。所述迁移策略文件包括至少一个信任标准，其中所述至少一个信任标准指示最小资源配置。源PS包括接收目标PS资源配置的接收器和与存储器和接收器通信的处理器。处理器确定目标PS资源配置是否满足至少一个信任标准。所述处理器至少部分地基于所述目标PS资源配置是否满足所述至少一个信任标准来启动到所述目标PS的迁移。

5. 发明申请

WO2007101533A2 PLATFORM BOOT WITH BRIDGE SUPPORT 审中-公开
标题翻译：带桥梁支撑的平台引导
公开(公告)号：WO2007101533A2
公开(公告)日：2007-09-13
申请号：PCT/EP2007/001394
申请日：2007-02-19
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (publ) , GEHRMANN, Christian
发明人： GEHRMANN, Christian
IPC分类号： G06F9/445
CPC分类号： G06F15/177 , G06F9/4405
摘要： A method for booting a processing device, the processing device comprising a first and a second processing unit, the method comprising: detecting by the first processing unit, whether at least one boot configuration parameter is accessible from a non-volatile storage medium of the processing device, the at least one configuration parameter being indicative of a boot interface; if said at least one configuration parameter is available, forwarding at least a part of the detected at least one configuration parameter by the first processing unit to the second processing unit; otherwise detecting by at least one of the first and second processing units whether a boot interface is available to the processing device; booting at least the second processing unit from the indicated or detected boot interface.
摘要翻译：一种用于引导处理设备的方法，所述处理设备包括第一处理单元和第二处理单元，所述方法包括：由所述第一处理单元检测是否至少一个引导配置参数可从所述处理设备的非易失性存储介质，所述至少一个配置参数指示引导接口; 如果所述至少一个配置参数可用，则将由所述第一处理单元检测到的至少一个配置参数的至少一部分转发给所述第二处理单元; 否则由第一和第二处理单元中的至少一个检测引导接口是否对处理设备可用; 至少从指示或检测到的引导界面引导第二处理单元。

6. 发明申请

WO2004025921A2 SECURE ACCESS TO A SUBSCRIPTION MODULE 审中-公开
标题翻译：安全访问认购模块
公开(公告)号：WO2004025921A2
公开(公告)日：2004-03-25
申请号：PCT/EP2003/009563
申请日：2003-08-26
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (publ) , GEHRMANN, Christian
发明人： GEHRMANN, Christian
IPC分类号： H04L29/06
CPC分类号： H04L63/12 , G06Q30/02 , H04W12/06 , H04W12/08 , H04W88/02
摘要： A method of providing to a client communications device access to a subscription module of a server communications device, the method comprising the steps of establishing a communications link between the client communications device and the server communications device; and communicating a number of messages comprising data related to the subscription module between the server communications device and the client communications device via the communications link. The method further comprises the step of providing integrity protection of the messages communicated between the server communications device and the client communications device via the communications link.
摘要翻译：一种向客户端通信设备提供对服务器通信设备的订阅模块的访问的方法，所述方法包括以下步骤：在所述客户端通信设备和所述服务器通信设备之间建立通信链路; 以及经由所述通信链路在所述服务器通信设备和所述客户端通信设备之间传送包括与所述订阅模块相关的数据的多个消息。该方法还包括通过通信链路提供在服务器通信设备和客户端通信设备之间传送的消息的完整性保护的步骤。

7. 发明申请

WO2009132908A1 METHOD AND APPARATUS FOR SECURE HARDWARE ANALYSIS 审中-公开
标题翻译：安全硬件分析的方法和装置
公开(公告)号：WO2009132908A1
公开(公告)日：2009-11-05
申请号：PCT/EP2009/053609
申请日：2009-03-26
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL) , GEHRMANN, Christian , SMEETS, Bernard , DAMBERG, Kent
发明人： GEHRMANN, Christian , SMEETS, Bernard , DAMBERG, Kent
IPC分类号： G06F21/00
CPC分类号： G06F21/31 , G06F21/445 , G06F21/74 , G06F2221/2103 , G06F2221/2129
摘要： A Hardware Analysis Module ("HAM") embedded in an integrated circuit (IC) implements a dedicated hardware-controlled access control procedure. The secure hardware analysis features are unlocked by a key unit subject to successful completion of an access control procedure. The access control procedure prevents unlocking of the secure hardware analysis features by an unauthorized or compromised key unit by including an embedded control command in an authentication challenge sent by the HAM to the key unit during the access control procedure.
摘要翻译：嵌入在集成电路（IC）中的硬件分析模块（“HAM”）实现了专用的硬件控制访问控制程序。安全硬件分析功能由成功完成访问控制程序的关键单元解锁。访问控制过程通过在访问控制过程期间通过将由HAM发送的认证挑战中的嵌入控制命令包括在密钥单元上来防止由未授权或受损的密钥单元解锁安全硬件分析特征。

8. 发明申请

WO2006072410A1 UPDATING MEMORY CONTENTS OF A PROCESSING DEVICE 审中-公开
标题翻译：更新处理设备的内存内容
公开(公告)号：WO2006072410A1
公开(公告)日：2006-07-13
申请号：PCT/EP2005/013929
申请日：2005-12-20
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL) , GEHRMANN, Christian
发明人： GEHRMANN, Christian
IPC分类号： G06F1/00 , G06F9/445
CPC分类号： G06F21/572
摘要： A method of updating memory content stored in a memory of a processing device, the memory comprising a plurality of addressable memory blocks, the memory content being protected by a current integrity protection data item stored in the processing device, the method comprising determining a first subset of memory blocks that require an update, and a second subset of memory blocks that remain unchanged by said updating; calculating, as parallel processes, a first and a second integrity protection data item over the memory blocks; wherein the first integrity protection data item is calculated over the current memory contents of the first and second subsets of memory blocks; and wherein the second integrity protection data item is calculated over the current memory contents of the second subset of memory blocks and the updated memory block contents of the first subset of memory blocks.
摘要翻译：一种更新存储在处理设备的存储器中的存储器内容的方法，所述存储器包括多个可寻址存储器块，所述存储器内容被存储在所述处理设备中的当前完整性保护数据项所保护，所述方法包括确定第一子集的需要更新的存储器块，以及通过所述更新保持不变的存储器块的第二子集; 作为并行处理，计算存储块上的第一和第二完整性保护数据项; 其中所述第一完整性保护数据项是根据所述第一和第二子集的存储器块的当前存储器内容来计算的; 并且其中根据存储器块的第二子集的当前存储器内容和存储器块的第一子集的更新的存储器块内容来计算第二完整性保护数据项。

9. 发明申请

WO2003060673A1 LOADING DATA INTO A MOBILE TERMINAL 审中-公开
标题翻译：将数据装入移动终端
公开(公告)号：WO2003060673A1
公开(公告)日：2003-07-24
申请号：PCT/EP2002/014609
申请日：2002-12-20
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (publ) , OSTHOFF, Harro , SMEETS, Bernhard , GEHRMANN, Christian
发明人： OSTHOFF, Harro , SMEETS, Bernhard , GEHRMANN, Christian
IPC分类号： G06F1/00
CPC分类号： H04W8/245 , G06F21/51
摘要： Disclosed is a method of loading data, such as software, into a mobile terminal, where the data is loaded from a loading station, and the data comprises payload data and header data. The mobile terminal accepts the data conditioned on a verification process based on the header data. The step of receiving the data further comprises the steps of receiving a header message including the header data from the loading station by the mobile terminal, verifying the received header data by the mobile terminal, and receiving at least a first payload message including the payload data, if the header data is verified successfully.
摘要翻译：公开了将诸如软件的数据加载到移动终端中的方法，其中从加载站加载数据，并且数据包括有效负载数据和报头数据。移动终端基于标题数据来接收基于验证过程的数据。接收数据的步骤还包括以下步骤：由移动终端从加载站接收包括报头数据的报头消息，由移动终端验证接收到的报头数据，以及接收至少包括净荷数据的第一有效载荷消息如果标题数据被成功验证。

10. 发明申请

WO2012148324A1 SECURE VIRTUAL MACHINE PROVISIONING 审中-公开
标题翻译：安全虚拟机提供
公开(公告)号：WO2012148324A1
公开(公告)日：2012-11-01
申请号：PCT/SE2011/050502
申请日：2011-04-26
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (publ) , GEHRMANN, Christian , MÉHES, András
发明人： GEHRMANN, Christian , MÉHES, András
IPC分类号： H04L9/32 , G06F9/455
CPC分类号： H04L9/006 , G06F21/53 , G06F21/57 , G06F2009/45587 , G06F2221/2149 , G06F2221/2153 , H04L9/08 , H04L9/0822 , H04L9/0825 , H04L9/3247 , H04L63/0442 , H04L63/0876 , H04L2209/127
摘要： A device and method in a provisioning unit of secure provisioning of a virtual machine on a target platform having a specific configuration is provided. The method comprising: receiving (404) a public binding key from the target platform (107), the public binding key being bound to the specific configuration, encrypting (410) a virtual machine provisioning command using the public binding key, and sending (412) the encrypted virtual machine provisioning command, to the target platform (107). By the provided device and method secure provisioning of a virtual machine on a target platform is enabled.
摘要翻译：提供了具有特定配置的目标平台上的虚拟机的安全供应的供应单元中的设备和方法。所述方法包括：从所述目标平台（107）接收（404）公钥绑定密钥，所述公共绑定密钥被绑定到所述特定配置，使用所述公共绑定密钥加密（410）虚拟机配置命令，以及发送（412 ）加密的虚拟机配置命令到目标平台（107）。通过提供的设备和方法，能够在目标平台上安全地提供虚拟机。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式