专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

WO2012134369A1 METHODS AND APPARATUSES FOR AVOIDING DAMAGE IN NETWORK ATTACKS 审中-公开
标题翻译：避免网络攻击造成的损害的方法和设备
公开(公告)号：WO2012134369A1
公开(公告)日：2012-10-04
申请号：PCT/SE2011/050916
申请日：2011-07-06
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL) , OHLSSON, Oscar , LEHTOVIRTA, Vesa , MATTSSON, John , NORRMAN, Karl
发明人： OHLSSON, Oscar , LEHTOVIRTA, Vesa , MATTSSON, John , NORRMAN, Karl
IPC分类号： H04W12/06 , H04L9/32 , H04L29/06
CPC分类号： H04L63/14 , H04L63/1466 , H04L63/168 , H04L67/02 , H04L67/14 , H04L2463/061 , H04W12/04
摘要： Methods and apparatuses in a client terminal (400) and a web server (402) for enabling safe communication between said terminal and server. When the terminal obtains a web page from the server in a session, the terminal creates a context specific key, Ks_NAF', based on one or more context parameters, P1,...Pn, pertaining to said session and/or web page. The terminal then indicates the context specific key in a login request to the server, and the server determines a context specific key, Ks_NAF', in the same manner to verify the client if the context specific key determined in the web server matches the context specific key received from the client terminal. The context specific key is thus bound to and valid for the present context or session only and cannot be used in other contexts or sessions.
摘要翻译：客户终端（400）和网络服务器（402）中的方法和装置，用于使所述终端和服务器之间能够进行安全通信。当终端在会话中从服务器获得网页时，终端基于与所述会话和/或网页有关的一个或多个上下文参数P1，... Pn来创建上下文特定密钥Ks_NAF'。终端然后在向服务器的登录请求中指示上下文特定密钥，并且服务器以相同的方式确定上下文特定密钥Ks_NAF'，以验证客户端，如果在web服务器中确定的上下文特定密钥与上下文具体从客户终端收到的密钥。因此，上下文特定密钥被绑定到并且仅对于当前上下文或会话有效，并且不能在其他上下文或会话中使用。

2. 发明申请

WO2012034720A1 SENDING PROTECTED DATA IN A COMMUNICATION NETWORK VIA AN INTERMEDIATE UNIT 审中-公开
标题翻译：通过中间单元在通信网络中发送保护的数据
公开(公告)号：WO2012034720A1
公开(公告)日：2012-03-22
申请号：PCT/EP2011/059447
申请日：2011-06-08
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (publ) , BLOM, Rolf , MATTSSON, John , OHLSSON, Oscar
发明人： BLOM, Rolf , MATTSSON, John , OHLSSON, Oscar
IPC分类号： H04W12/04 , H04L29/06 , H04L9/08
CPC分类号： H04L63/062 , H04L9/0827 , H04L9/083 , H04L9/3213 , H04L63/0807 , H04W12/04 , H04W12/06
摘要： A method and apparatus for sending protected data from a sender unit (8) to a receiver unit (10) via an intermediate unit (9). A Transfer Init message that contains a ticket associated with the receiver unit (10) is sent from the intermediate unit (9) to the sender unit (8). The intermediate unit (9) then receives a transfer response message from the sender unit (8), and also data which has been protected using at least one security key associated with the ticket and obtained from a Key Management Server (11). A message is sent to th receiver unit, the message including information required for security processing of the protected data. The protected data is then sent to the receiver unit (10), allowing the receiver unit to access the protected data.
摘要翻译：一种用于经由中间单元（9）将受保护数据从发送器单元（8）发送到接收器单元（10）的方法和装置。包含与接收器单元（10）相关联的票据的传送初始化消息从中间单元（9）发送到发送器单元（8）。然后，中间单元（9）从发送器单元（8）接收传输响应消息，以及使用至少一个与密钥管理服务器（11）相关联的安全密钥保护的数据。向接收机单元发送消息，该消息包括对受保护数据进行安全处理所需的信息。然后将受保护的数据发送到接收器单元（10），允许接收器单元访问受保护的数据。

3. 发明申请

WO2013159818A1 NETWORK APPLICATION FUNCTION AUTHORISATION IN A GENERIC BOOTSTRAPPING ARCHITECTURE 审中-公开
标题翻译：网络应用功能授权在通用引导架构中
公开(公告)号：WO2013159818A1
公开(公告)日：2013-10-31
申请号：PCT/EP2012/057693
申请日：2012-04-26
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL) , NAKARMI, Prajwol Kumar , OHLSSON, Oscar
发明人： NAKARMI, Prajwol Kumar , OHLSSON, Oscar
IPC分类号： H04W12/08
CPC分类号： H04W12/08 , G06F21/575 , G06F21/604 , G06F2221/2117 , G06F2221/2141 , G06F2221/2145 , H04L9/083 , H04L9/321 , H04L63/062 , H04L63/0815 , H04L2209/80 , H04L2463/061 , H04W12/04
摘要： There is provided a method of authorising a subscriber user equipment to access a Network Application Function, NAF, in a Generic Bootstrapping Architecture, GBA. The method comprises, at a Bootstrapping Server Function, BSF, receiving a request for key material for the subscriber user equipment from the NAF, wherein the NAF is associated with one or more NAF identifiers, NAF_IDs, obtaining subscriber information from a Home Subscriber System, HSS, the information including one or more NAF_IDs that are valid for the subscriber, authorising the subscriber user equipment on the basis of the identity of said NAF and the NAF_ID(s) included within the subscriber information. In the event that the subscriber user equipment is authorised, key material is derived using a NAF_ID that is contained within said subscriber information; and the key material is sent to said NAF.
摘要翻译：提供了一种授权用户用户设备以通用引导架构（GBA）访问网络应用功能NAF的方法。该方法包括：在自举服务器功能下，BSF从NAF接收对用户用户设备的密钥材料的请求，其中NAF与一个或多个NAF标识符NAF_ID相关联，从归属订户系统获取用户信息， HSS，包括对订户有效的一个或多个NAF_ID的信息，根据所述NAF的身份和所述订户信息中包含的NAF_ID授权订户用户设备。在用户用户设备被授权的情况下，使用包含在所述用户信息内的NAF_ID导出密钥资料; 并将关键材料发送给NAF。

4. 发明申请

WO2014017959A1 SECURE SESSION FOR A GROUP OF NETWORK NODES 审中-公开
标题翻译：一组网络节点的安全会议
公开(公告)号：WO2014017959A1
公开(公告)日：2014-01-30
申请号：PCT/SE2012/050850
申请日：2012-07-27
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (publ) , GEHRMANN, Christian , OHLSSON, Oscar , SEITZ, Ludwig
发明人： GEHRMANN, Christian , OHLSSON, Oscar , SEITZ, Ludwig
IPC分类号： H04L29/06 , H04L9/08 , H04L12/18
CPC分类号： H04L63/062 , H04L9/0833 , H04L9/3263 , H04L12/1822 , H04L63/065 , H04L63/0823 , H04L67/141 , H04L2463/062
摘要： Methods(500)of a network node (111) for creating and joining secure sessions for members (111–114) of a group of network nodes are provided. The methods comprise receiving an identity certificate and an assertion for the network node as well as a secret group key for the group. The method for creating a session further comprises creating (501) a session identifier and a secret session key for the session, and sending (502) an encrypted and authenticated broadcast message comprising the session identifier. The method for joining a session further comprises sending an encrypted and authenticated discovery message comprising the identity certificate and the assertion, and receiving an encrypted and authenticated discovery response message from another network node which is a member of the group. The disclosed combined symmetric key and public key scheme is based on the availability of three credentials at each node, i.e., the identity certificate, the assertion, and the secret group key, which are received from a trusted entity. Further, a computer program, a computer program product, and a network node are provided.
摘要翻译：提供了用于创建和加入一组网络节点的成员（111-114）的安全会话的网络节点（111）的方法（500）。这些方法包括接收身份证书和网络节点的断言以及该组的秘密组密钥。用于创建会话的方法还包括：创建（501）该会话的会话标识符和秘密会话密钥，以及发送（502）包括会话标识符的加密和认证的广播消息。用于加入会话的方法还包括发送包括身份证书和断言的加密和认证的发现消息，以及从作为该组的成员的另一个网络节点接收加密和认证的发现响应消息。所公开的组合对称密钥和公钥方案基于从可信实体接收的每个节点上的三个凭证的可用性，即身份证书，断言和秘密组密钥。此外，提供了计算机程序，计算机程序产品和网络节点。

5. 发明授权

EP2878112B1 SECURE SESSION FOR A GROUP OF NETWORK NODES 有权
标题翻译：一组网络节点的安全会话
公开(公告)号：EP2878112B1
公开(公告)日：2015-10-21
申请号：EP12748581.1
申请日：2012-07-27
申请人： Telefonaktiebolaget L M Ericsson (PUBL)
发明人： GEHRMANN, Christian , OHLSSON, Oscar , SEITZ, Ludwig
IPC分类号： H04L29/06 , H04L9/08 , H04L12/18
CPC分类号： H04L63/062 , H04L9/0833 , H04L9/3263 , H04L12/1822 , H04L63/065 , H04L63/0823 , H04L67/141 , H04L2463/062
摘要： Methods (500) of a network node (111) for creating and joining secure sessions for members (111-114) of a group of network nodes are provided. The methods comprise receiving an identity certificate and an assertion for the network node as well as a secret group key for the group. The method for creating a session further comprises creating (501) a session identifier and a secret session key for the session, and sending (502) an encrypted and authenticated broadcast message comprising the session identifier. The method for joining a session further comprises sending an encrypted and authenticated discovery message comprising the identity certificate and the assertion, and receiving an encrypted and authenticated discovery response message from another network node which is a member of the group. The disclosed combined symmetric key and public key scheme is based on the availability of three credentials at each node, i.e., the identity certificate, the assertion, and the secret group key, which are received from a trusted entity. Further, a computer program, a computer program product, and a network node are provided.

6. 发明公开

EP2628329A1 SENDING PROTECTED DATA IN A COMMUNICATION NETWORK VIA AN INTERMEDIATE UNIT 有权
标题翻译：方法和设备，用于发送受保护的数据通信网络中的OVER中间单元
公开(公告)号：EP2628329A1
公开(公告)日：2013-08-21
申请号：EP11724623.1
申请日：2011-06-08
申请人： Telefonaktiebolaget L M Ericsson (PUBL)
发明人： BLOM, Rolf , MATTSSON, John , OHLSSON, Oscar
IPC分类号： H04W12/04 , H04L29/06 , H04L9/08
CPC分类号： H04L63/062 , H04L9/0827 , H04L9/083 , H04L9/3213 , H04L63/0807 , H04W12/04 , H04W12/06
摘要： A method and apparatus for sending protected data from a sender unit to a receiver unit via an intermediate unit. A Transfer Init message that contains a ticket associated with the receiver unit is sent from the intermediate unit to the sender unit. The intermediate unit then receives a transfer response message from the sender unit, and also data which has been protected using at least one security key associated with the ticket and obtained from a Key Management Server. A message is sent to the receiver unit, the message including information required for security processing of the protected data. The protected data is then sent to the receiver unit, allowing the receiver unit to access the protected data.

7. 发明公开

EP2612486A1 DOWNLOADABLE ISIM 有权
标题翻译： HERUNTERLADBARES ISIM
公开(公告)号：EP2612486A1
公开(公告)日：2013-07-10
申请号：EP10751640.3
申请日：2010-08-31
申请人： Telefonaktiebolaget L M Ericsson (publ)
发明人： OHLSSON, Oscar , BARRIGA, Luis , LINDHOLM, Fredrik
IPC分类号： H04L29/08 , H04L29/12 , H04L29/06
CPC分类号： H04W48/16 , H04L61/3095 , H04L65/1016 , H04L65/1073 , H04L67/12 , H04W4/00 , H04W4/70
摘要： An IMS (IP Multimedia Subsystem) network contains at least one of (A) a discovery function (2) for providing ISIM (IP Multimedia Subscriber Identity Module) discovery information to the mobile device (1) and (B) a provisioning function (2, 5, 6) for providing, in response to a request from a mobile device, an ISIM to the mobile device (1). Where the IMS network contains the discovery function, the discovery function is adapted to provide ISIM discovery information to the mobile device, and where the IMS network contains the provisioning function, the provisioning function is adapted to provide an ISIM to the mobile device (1).
摘要翻译： IMS（IP多媒体子系统）网络包括以下至少一个：（A）用于向移动设备（1）提供ISIM（IP多媒体用户识别模块）发现信息的发现功能（2）和（B）供应功能（2），5,6），用于响应于来自移动设备的请求向所述移动设备（1）提供ISIM。在IMS网络包含发现功能的情况下，发现功能适于向移动设备提供ISIM发现信息，并且在IMS网络包含供应功能的情况下，供应功能适于向移动设备（1）提供ISIM，。

8. 发明公开

EP2695410A1 METHODS AND APPARATUSES FOR AVOIDING DAMAGE IN NETWORK ATTACKS 有权
标题翻译：方法以及防止损坏网络攻击DEVICES
公开(公告)号：EP2695410A1
公开(公告)日：2014-02-12
申请号：EP11862337.0
申请日：2011-07-06
申请人： Telefonaktiebolaget L M Ericsson (PUBL)
发明人： OHLSSON, Oscar , LEHTOVIRTA, Vesa , MATTSSON, John , NORRMAN, Karl
IPC分类号： H04W12/06 , H04L9/32 , H04L29/06
CPC分类号： H04L63/14 , H04L63/1466 , H04L63/168 , H04L67/02 , H04L67/14 , H04L2463/061 , H04W12/04
摘要： Methods and apparatuses in a client terminal (400) and a web server (402) for enabling safe communication between said terminal and server. When the terminal obtains a web page from the server in a session, the terminal creates a context specific key, Ks_NAF', based on one or more context parameters, P1,...Pn, pertaining to said session and/or web page. The terminal then indicates the context specific key in a login request to the server, and the server determines a context specific key, Ks_NAF', in the same manner to verify the client if the context specific key determined in the web server matches the context specific key received from the client terminal. The context specific key is thus bound to and valid for the present context or session only and cannot be used in other contexts or sessions.

9. 发明公开

EP2878112A1 SECURE SESSION FOR A GROUP OF NETWORK NODES 有权
标题翻译： SICHERE SITZUNGFÜREINE GRUPPE VON NETZWERKKNOTEN
公开(公告)号：EP2878112A1
公开(公告)日：2015-06-03
申请号：EP12748581.1
申请日：2012-07-27
申请人： Telefonaktiebolaget L M Ericsson (PUBL)
发明人： GEHRMANN, Christian , OHLSSON, Oscar , SEITZ, Ludwig
IPC分类号： H04L29/06 , H04L9/08 , H04L12/18
CPC分类号： H04L63/062 , H04L9/0833 , H04L9/3263 , H04L12/1822 , H04L63/065 , H04L63/0823 , H04L67/141 , H04L2463/062
摘要： Methods (500) of a network node (111) for creating and joining secure sessions for members (111-114) of a group of network nodes are provided. The methods comprise receiving an identity certificate and an assertion for the network node as well as a secret group key for the group. The method for creating a session further comprises creating (501) a session identifier and a secret session key for the session, and sending (502) an encrypted and authenticated broadcast message comprising the session identifier. The method for joining a session further comprises sending an encrypted and authenticated discovery message comprising the identity certificate and the assertion, and receiving an encrypted and authenticated discovery response message from another network node which is a member of the group. The disclosed combined symmetric key and public key scheme is based on the availability of three credentials at each node, i.e., the identity certificate, the assertion, and the secret group key, which are received from a trusted entity. Further, a computer program, a computer program product, and a network node are provided.
摘要翻译：提供了用于创建和加入一组网络节点的成员（111-114）的安全会话的网络节点（111）的方法（500）。这些方法包括接收身份证书和网络节点的断言以及该组的秘密组密钥。用于创建会话的方法还包括为会话创建（501）会话标识符和秘密会话密钥，以及发送（502）包括会话标识符的加密和认证的广播消息。用于加入会话的方法还包括发送包括身份证书和断言的加密和认证的发现消息，以及从作为该组的成员的另一个网络节点接收加密和认证的发现响应消息。所公开的组合对称密钥和公钥方案是基于从可信实体接收的每个节点上的三个凭证的可用性，即身份证书，断言和秘密组密钥。此外，提供了计算机程序，计算机程序产品和网络节点。

10. 发明申请

WO2015199586A1 METHODS AND APPARATUSES FOR ENABLING AN ESTABLISHMENT OF A SECOND SECURE SESSION OVER A COMMUNICATION NETWORK 审中-公开
标题翻译：在通信网络上启用第二次安全会议的方法和设备
公开(公告)号：WO2015199586A1
公开(公告)日：2015-12-30
申请号：PCT/SE2014/050773
申请日：2014-06-23
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)
发明人： OHLSSON, Oscar
IPC分类号： H04L29/06 , H04L9/32 , H04L9/00 , H04L29/08
CPC分类号： H04L63/08 , H04L63/166 , H04L65/1006 , H04L67/141 , H04L67/146
摘要： This disclosure provides a method, performed in a client terminal (50), for enabling an establishment of a second secure session over a communication network. The second secure session is additional to a first secure session. The first secure session is established using a session establishment protocol and a transport security protocol. The method performed in the client terminal (50) comprises obtaining a session identifier of the first secure session; and obtaining a credential identifier, the credential identifier identifying a server terminal (60) of the first secure session. The method performed in the client terminal (50) comprises associating the credential identifier to the session identifier of the first secure session; and storing the session identifier and the credential identifier associated with the session identifier of the first secure session.
摘要翻译：本公开提供了一种在客户终端（50）中执行的用于使得能够在通信网络上建立第二安全会话的方法。第二个安全会话是第一个安全会话的补充。使用会话建立协议和传输安全协议来建立第一安全会话。在客户终端（50）中执行的方法包括获得第一安全会话的会话标识符; 以及获得凭证标识符，所述证书标识符标识所述第一安全会话的服务器终端（60）。在客户终端（50）中执行的方法包括将凭证标识符与第一安全会话的会话标识符相关联; 以及存储与第一安全会话的会话标识符相关联的会话标识符和凭证标识符。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式