专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

WO2013004465A1 AUTHENTICATION OF WARNING MESSAGES IN A NETWORK 审中-公开
标题翻译：网络中警告信息的验证
公开(公告)号：WO2013004465A1
公开(公告)日：2013-01-10
申请号：PCT/EP2012/061318
申请日：2012-06-14
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (publ) , WIFVESSON, Monica , LILJENSTAM, Michael , MATTSSON, John , NORRMAN, Karl
发明人： WIFVESSON, Monica , LILJENSTAM, Michael , MATTSSON, John , NORRMAN, Karl
IPC分类号： H04L29/06 , H04W8/24
CPC分类号： H04L63/08 , H04L63/123 , H04W4/90 , H04W12/10
摘要： There is described herein a device (101) for communicating with a network. The device (101) comprises a communications unit for receiving data, a notification device for providing a notification to a user, and a control unit for controlling the operation of the communications unit and notification unit. The communications unit is configured to receive an information message (110, 112, 115), and to receive security authentication data (110, 112, 115) associated with the information message if such security authentication data is available. The control unit is configured to operate in a first or second configuration. In the first configuration it ignores the security authentication data, (111, 113), and instructs the notification unit to convey the notification to the user. In the second configuration, it verifies the information message (116) on the basis of the security authentication data and instructs the notification unit to convey the notification to the user if the verification is successful. The communications unit is configured to receive a configuration message (114) indicating the configuration in which the control unit should operate, and the control unit is configured to change configuration if the indicated configuration is different to the current configuration.
摘要翻译：这里描述了用于与网络通信的设备（101）。设备（101）包括用于接收数据的通信单元，用于向用户提供通知的通知装置，以及用于控制通信单元和通知单元的操作的控制单元。通信单元被配置为接收信息消息（110,112,115），并且如果这种安全认证数据可用，则接收与该信息消息相关联的安全认证数据（110,112,115）。控制单元被配置为以第一或第二配置操作。在第一配置中，它忽略安全认证数据（111,113），并指示通知单元向用户传达通知。在第二配置中，它根据安全认证数据来验证信息消息（116），并且如果验证成功则指示通知单元向用户传达该通知。通信单元被配置为接收指示控制单元应该运行的配置的配置消息（114），并且如果所指示的配置与当前配置不同，则配置控制单元来改变配置。

2. 发明申请

WO2011128183A2 METHOD AND APPARATUS FOR INTERWORKING WITH SINGLE SIGN-ON AUTHENTICATION ARCHITECTURE 审中-公开
标题翻译：用于与单一标识认证架构交互的方法和装置
公开(公告)号：WO2011128183A2
公开(公告)日：2011-10-20
申请号：PCT/EP2011/054303
申请日：2011-03-22
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL) , NIKANDER, Pekka , EKDAHL, Patrik , LEHTOVIRTA, Vesa , NORRMAN, Karl , WIFVESSON, Monica
发明人： NIKANDER, Pekka , EKDAHL, Patrik , LEHTOVIRTA, Vesa , NORRMAN, Karl , WIFVESSON, Monica
IPC分类号： H04L29/06
CPC分类号： H04L63/0815 , H04L63/0853 , H04L63/18 , H04W12/06
摘要： A method is provided for use in interworking a single sign-on authentication architecture and a further authentication architecture in a split terminal scenario. The split terminal scenario is one in which authentication under the single sign-on authentication architecture is required of a browsing agent (8) being used to access a relying party and in response, due to the interworking in the split terminal scenario, an associated authentication under the further authentication architecture is performed in relation to a separate authentication agent (7). A controlling agent (4) sends (C3) a token to the authentication agent (7). The controlling agent (4) sends (C4) a request to the browsing agent (8) to return a token for comparing with the token sent to the authentication agent (7). The controlling agent (4) waits (C6) for the authentication agent (7) or a user of the authentication agent (7) to communicate (A2) the received token to the browsing agent (8) via a secure and/or trusted channel and for the browsing agent (8), in response to the earlier received request, to forward (B4) the token to the controlling agent (4). The controlling agent (4) receives (C7) the token from the browsing agent (8). The controlling agent (4) compares (C10) the received token with the token sent to the authentication agent (7) to determine whether the authentication agent (7) is authorised to perform authentication on behalf of the browsing agent (8) and/or whether the browsing agent (8) is authorised to act as a representative for the authentication agent (7). The controlling agent (4) authenticates (C11) the browsing agent (8) to the relying party based on the associated authentication performed in relation to the authentication agent (7) if it is determined in the comparing step (C10) that the authentication agent (7) and/or browsing agent (8) is so authorised.
摘要翻译：提供了一种用于在分离终端场景中互通单一登录认证架构和另外的认证架构的方法。分裂终端场景是其中需要用于访问依赖方的浏览代理（8）的单点登录认证体系结构下的认证，并且由于分裂终端场景中的互通，相关联的认证在另外的认证体系结构下相对于单独的认证代理（7）执行。控制代理（4）向认证代理（7）发送（C3）令牌。控制代理（4）向浏览代理（8）发送（C4）请求以返回与发送给认证代理（7）的令牌进行比较的令牌。控制代理（4）等待认证代理（7）的认证代理（7）或认证代理（7）的用户通过安全和/或受信任的信道将接收的令牌（A2）通信（A2）到浏览代理（8）并且对于浏览代理（8），响应于较早接收到的请求，将令牌转发（B4）到控制代理（4）。控制代理（4）从浏览代理（8）接收（C7）令牌。控制代理（4）将接收的令牌（C10）与发送给认证代理（7）的令牌进行比较（C10），以确定认证代理（7）是否被授权代表浏览代理（8）执行认证和/或浏览代理（8）是否被授权充当认证代理（7）的代表。如果在比较步骤（C10）中确定认证代理（7）确定了相对于认证代理（7）执行的关联认证，则控制代理（4）将浏览代理（8）认证给依赖方（C11）（7）和/或浏览代理（8）被授权。

3. 发明公开

EP2912868A1 PROTECTING A PAYLOAD SENT IN A COMMUNICATIONS NETWORK 有权
标题翻译： EINEM KOMMUNIKATIONSNETZ的SCHUTZ EINER GESENDETEN NUTZLAST
公开(公告)号：EP2912868A1
公开(公告)日：2015-09-02
申请号：EP13795310.5
申请日：2013-10-29
申请人： Telefonaktiebolaget L M Ericsson (PUBL)
发明人： NORRMAN, Karl , LEHTOVIRTA, Vesa , WIFVESSON, Monica
IPC分类号： H04W12/04
CPC分类号： H04W12/04 , H04L9/32 , H04L9/3273 , H04L63/0428 , H04L63/061 , H04L63/08 , H04L63/0869 , H04W4/70 , H04W12/06
摘要： A method and apparatus for protecting a payload sent between a client device and a Network Application Function node (NAF) in a communications network. At either of the client device and the NAF a determination is made that no existing Security Association (SA) identifier between the client device and the NAF is locally available. An identifier embryo is obtained and an SA identifier is constructed using the identifier embryo. Payload sent between the client device and the NAF is protected using an SA associated with the constructed SA identifier.
摘要翻译：一种用于保护在通信网络中在客户端设备和网络应用功能节点（NAF）之间发送的有效载荷的方法和装置。在客户端设备和NAF中的任一个处，确定在客户端设备和NAF之间没有现有的安全关联（SA）标识符在本地可用。获得标识符胚胎，并使用标识符胚胎构建SA标识符。使用与构建的SA标识符相关联的SA来保护在客户端设备和NAF之间发送的有效载荷。

4. 发明申请

WO2013064509A1 SECURING DATA COMMUNICATIONS IN A COMMUNICATIONS NETWORK 审中-公开
标题翻译：保护通信网络中的数据通信
公开(公告)号：WO2013064509A1
公开(公告)日：2013-05-10
申请号：PCT/EP2012/071508
申请日：2012-10-30
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)
发明人： LEHTOVIRTA, Vesa , HEDMAN, Peter , WIFVESSON, Monica
IPC分类号： H04W12/08
CPC分类号： H04L63/168 , H04L63/164 , H04L63/20 , H04W4/70 , H04W12/08
摘要： A method is described of securing data communications between a first node (10) attached to a first network (40-1 ) and a second node (20/30) attached to a second network (40-2). The method comprises at the second node (20/30): receiving (S1 ) first information (I1 ) on whether the first network (40-1 ) has a secure network layer path to the first node (10) or is known to use a secure network layer path to attached nodes; receiving (S2) second information (I2) on whether the second node (20/30) has a secure network layer path to the second network (40-2) or is known to use a secure network layer path to the second network (40-2); and receiving (S3) third information (I3) on whether the first network (40-1 ) has a secure internal network layer path and, where the first and second networks (40-1, 40-2) are different, on whether the first network (40-1 ) has a secure network layer path to the second network (40-2) or is known to use a secure network layer path to the second network (40-2). It is determined (S5) from the first, second and third information (I1, I2, I3) whether the entire path between the first node (10) and the second node (20/30) is secured at the network layer level, and based on that determination it is decided whether to establish (S6t, S7r) application layer security for data communications between the first node (10) and the second node (20/30), or whether to proceed without application layer security (S8t, S8r).
摘要翻译：描述了一种保护附接到第一网络（40-1）的第一节点（10）与附接到第二网络（40-2）的第二节点（20/30）之间的数据通信的方法。该方法包括在第二节点（20/30）处：接收（S1）关于第一网络（40-1）是否具有到第一节点（10）的安全网络层路径或已知使用的第一信息（I1）连接节点的安全网络层路径; 接收（S2）关于所述第二节点（20/30）是否具有到所述第二网络（40-2）的安全网络层路径的第二信息（I2），或者已知使用到所述第二网络（40）的安全网络层路径 -2）; 以及接收（S3）关于所述第一网络（40-1）是否具有安全的内部网络层路径的第三信息（I3），并且在所述第一和第二网络（40-1,40-2）不同的情况下，第一网络（40-1）具有到第二网络（40-2）的安全网络层路径，或者已知使用到第二网络（40-2）的安全网络层路径。从第一，第二和第三信息（I1，I2，I3）确定第一节点（10）和第二节点（20/30）之间的整个路径是否被保证在网络层级，（S5），以及基于该确定，决定是否建立用于第一节点（10）和第二节点（20/30）之间的数据通信的（S6t，S7r）应用层安全性，或者是否在没有应用层安全性的情况下进行（S8t，S8r ）。

5. 发明申请

WO2015142247A1 AUTHENTICATION IN DEVICE TO DEVICE DISCOVERY 审中-公开
标题翻译：设备发现认证
公开(公告)号：WO2015142247A1
公开(公告)日：2015-09-24
申请号：PCT/SE2015/050250
申请日：2015-03-05
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)
发明人： LEHTOVIRTA, Vesa , NORRMAN, Karl , WIFVESSON, Monica
IPC分类号： H04W12/06 , H04W12/04 , H04W76/02
CPC分类号： H04W12/06 , H04W4/06 , H04W4/80 , H04W8/005 , H04W12/04 , H04W76/10
摘要： There is provided a method for authentication in device to device discovery. A method performed by a Discoverer device, comprises broadcasting a direct discovery request, receiving a direct discovery response from a Discoveree device, the direct discovery response comprising a first token, and obtaining a determination of whether the first token was generated for the Discoveree device or not.
摘要翻译：提供了一种在设备到设备发现中进行认证的方法。由Discoverer设备执行的方法包括广播直接发现请求，从Discoveree设备接收直接发现响应，包括第一令牌的直接发现响应，以及获得是否为Discoveree设备生成了第一令牌的确定，不。

6. 发明申请

WO2014070085A1 PROTECTING A PAYLOAD SENT IN A COMMUNICATIONS NETWORK 审中-公开
标题翻译：保护通信网络中的挂载
公开(公告)号：WO2014070085A1
公开(公告)日：2014-05-08
申请号：PCT/SE2013/051263
申请日：2013-10-29
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)
发明人： NORRMAN, Karl , LEHTOVIRTA, Vesa , WIFVESSON, Monica
IPC分类号： H04W12/04
CPC分类号： H04W12/04 , H04L9/32 , H04L9/3273 , H04L63/0428 , H04L63/061 , H04L63/08 , H04L63/0869 , H04W4/70 , H04W12/06
摘要： A method and apparatus for protecting a payload sent between a client device and a Network Application Function node (NAF) in a communications network. At either of the client device and the NAF a determination is made that no existing Security Association (SA) identifier between the client device and the NAF is locally available. An identifier embryo is obtained and an SA identifier is constructed using the identifier embryo. Payload sent between the client device and the NAF is protected using an SA associated with the constructed SA identifier.
摘要翻译：一种用于保护在通信网络中在客户端设备和网络应用功能节点（NAF）之间发送的有效载荷的方法和装置。在客户端设备和NAF中的任一个处，确定客户端设备和NAF之间没有现有的安全关联（SA）标识符在本地可用。获得标识符胚胎，并使用标识符胚胎构建SA标识符。使用与所构建的SA标识符相关联的SA来保护在客户端设备和NAF之间发送的有效载荷。

7. 发明授权

EP3248404B1 METHOD AND APPARATUS FOR DIRECT COMMUNICATION KEY ESTABLISHMENT 有权
公开(公告)号：EP3248404B1
公开(公告)日：2020-07-22
申请号：EP15700591.9
申请日：2015-01-19
申请人： Telefonaktiebolaget L M Ericsson (publ)
发明人： WIFVESSON, Monica , LEHTOVIRTA, Vesa
IPC分类号： H04W12/04 , H04W12/10 , H04W76/14 , H04W84/04 , H04L29/06

8. 发明公开

EP3248404A1 METHOD AND APPARATUS FOR DIRECT COMMUNICATION KEY ESTABLISHMENT 有权
标题翻译：用于直接通信密钥建立的方法和设备
公开(公告)号：EP3248404A1
公开(公告)日：2017-11-29
申请号：EP15700591.9
申请日：2015-01-19
申请人： Telefonaktiebolaget L M Ericsson (publ)
发明人： WIFVESSON, Monica , LEHTOVIRTA, Vesa
IPC分类号： H04W12/04 , H04W76/02 , H04W84/04 , H04L29/06
摘要： Also disclosed are a computer product operable to carry out methods according to the present invention and a computer program product comprising a computer readable medium having such a computer product stored thereon.

9. 发明申请

WO2011021091A1 METHOD FOR HANDLING CIPHERING KEYS IN A MOBILE STATION 审中-公开
标题翻译：在移动站处理活塞的方法
公开(公告)号：WO2011021091A1
公开(公告)日：2011-02-24
申请号：PCT/IB2010/002038
申请日：2010-08-17
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , VERON, Christian, Herrero , WIFVESSON, Monica
发明人： VERON, Christian, Herrero , WIFVESSON, Monica
IPC分类号： H04W12/04
CPC分类号： H04W12/04 , H04L2463/061 , H04W12/02
摘要： Techniques for handling ciphering keys in a mobile station comprising a mobile equipment (ME) and a Universal Subscriber Identity Module (USIM) are disclosed. An example method includes obtaining a UMTS cipher key (CK), integrity key (IK), and ciphering key sequence number (CKSN) from the USIM, deriving a 128-bit ciphering key (Kc-128) from the CK and the IK, and storing the Kc-128 and the CKSN on the mobile equipment, separate from the USIM. The stored CKSN is associated with the stored Kc-128, so that the Kc-128's correspondence to the most current UMTS security context can be tracked. This example method applies to the generation and storage of a 128-bit ciphering key for either the packet-switched or circuit- switched domains. A corresponding user equipment apparatus is also disclosed.
摘要翻译：公开了一种用于处理包括移动设备（ME）和通用用户识别模块（USIM）的移动台中的加密密钥的技术。示例性方法包括从USIM获得UMTS密码密钥（CK），完整性密钥（IK）和加密密钥序列号（CKSN），从CK和IK导出128位加密密钥（Kc-128）并将Kc-128和CKSN存储在与USIM分离的移动设备上。所存储的CKSN与所存储的Kc-128相关联，从而可跟踪Kc-128与最新UMTS安全环境的对应关系。该示例方法适用于分组交换或电路交换域的128位加密密钥的生成和存储。还公开了相应的用户设备装置。

10. 发明申请

WO2006079419A1 USER AUTHENTICATION AND AUTHORISATION IN A COMMUNICATIONS SYSTEM 审中-公开
标题翻译：用户在通信系统中的认证和授权
公开(公告)号：WO2006079419A1
公开(公告)日：2006-08-03
申请号：PCT/EP2005/050372
申请日：2005-01-28
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (publ) , TORVINEN, Vesa, Matti , LEHTOVIRTA, Vesa, Petteri , WIFVESSON, Monica
发明人： TORVINEN, Vesa, Matti , LEHTOVIRTA, Vesa, Petteri , WIFVESSON, Monica
IPC分类号： H04L9/32 , H04L29/06 , H04Q7/38
CPC分类号： H04L9/321 , H04L9/0838 , H04L9/3273 , H04L63/08 , H04L2209/80 , H04W12/04 , H04W12/06
摘要： A method of authenticating a client to two or more servers coupled together via a communications network, wherein the client and a first server possess a shared secret. The method comprises authenticating the client to a first server using said shared secret, signalling associated with this authentication process being sent between the client and said first server via a second server, generating a session key at the client and at the first server, and providing the session key to said second server, and using the session key to authenticate the client to the second server.
摘要翻译：一种将客户端认证到通过通信网络耦合在一起的两个或多个服务器的方法，其中客户机和第一服务器拥有共享密钥。该方法包括使用所述共享秘密将客户端认证给第一服务器，与通过第二服务器在客户端和所述第一服务器之间发送的该认证过程相关联的信令，在客户端和第一服务器处生成会话密钥，并提供所述会话密钥到所述第二服务器，并且使用所述会话密钥将所述客户端认证到所述第二服务器。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式