专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

WO2005078988A1 KEY MANAGEMENT FOR NETWORK ELEMENTS 审中-公开
标题翻译：网络元素的关键管理
公开(公告)号：WO2005078988A1
公开(公告)日：2005-08-25
申请号：PCT/SE2004/000179
申请日：2004-02-11
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , BLOM, Rolf , NÄSLUND, Mats , CARRARA, Elisabetta , LINDHOLM, Fredrik , NORRMAN, Karl
发明人： BLOM, Rolf , NÄSLUND, Mats , CARRARA, Elisabetta , LINDHOLM, Fredrik , NORRMAN, Karl
IPC分类号： H04L9/00
CPC分类号： H04L9/0844 , H04L9/0891 , H04L2209/80
摘要： The invention provides an establishment of a secret session key shared Between two network elements (NEa, NEb) belonging to different network domains (NDa, NDb). A first network element (NEa) of a first network domain (NDa) requests security parameters from an associated key management center (KMC) (AAAa). Upon reception of the request, the KMC (AAAa) generates a freshness token (FRESH) and calculates the session key (K) based on this token (FRESH) and a master key (KAB) shared with a second network domain (NDb). The security parameters are (securely) provided to the network element (NEa), which extracts the session key (K) and forwards the freshness token (FRESH) to the KMC (AAAb) of the second domain (NDb) through a second network element (NEb). Based on the token (FRESH) and the shared master key (KAB), the KMC (AAAb) generates a copy of the session key (K), which is (securely) provided to the second network element (NEb). The two network elements (NEa, NEb) now have shares the session key (K), enabling them to securely communicate with each other.
摘要翻译：本发明提供了属于不同网络域（NDa，NDb）的两个网元（NEa，NEb）之间共享的秘密会话密钥的建立。第一网络域（NDa）的第一网元（NEa）从相关联的密钥管理中心（AAAa）请求安全参数。在接收到请求时，KMC（AAAa）生成新鲜令牌（FRESH），并且基于该令牌（FRESH）和与第二网络域（NDb）共享的主密钥（KAB）来计算会话密钥（K）。安全参数（安全地）被提供给提取会话密钥（K）的网元（NEa），并通过第二网络元件将新鲜度令牌（FRESH）转发到第二域（NDb）的KMC（AAAb）（鼻）。基于令牌（FRESH）和共享主密钥（KAB），KMC（AAAb）生成（安全地）提供给第二网元（NEb）的会话密钥（K）的副本。两个网元（NEa，NEb）现在已经共享了会话密钥（K），使得它们能够彼此安全地通信。

2. 发明申请

WO2010099823A1 IP MULTIMEDIA SECURITY 审中-公开
标题翻译： IP多媒体安全
公开(公告)号：WO2010099823A1
公开(公告)日：2010-09-10
申请号：PCT/EP2009/052560
申请日：2009-03-04
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , NÄSLUND, Mats , BLOM, Rolf , CHENG, Yi , LINDHOLM, Fredrik , NORRMAN, Karl
发明人： NÄSLUND, Mats , BLOM, Rolf , CHENG, Yi , LINDHOLM, Fredrik , NORRMAN, Karl
IPC分类号： H04L29/06 , H04W12/04
CPC分类号： H04L63/06 , H04L9/0844 , H04L2209/80 , H04W12/04
摘要： A method of establishing keys for at least partially securing media plane data exchanged between first and second end users via respective first and second media plane network nodes. The method comprises sending session set-up signalling from said first end point towards said second end point, said session set-up signalling including a session key generated by said first end point. The set-up signalling is intercepted at a first signalling plane network node and a determination made as to whether or not a signalling plane key has already been established for securing the signalling plane between said first end point and said first signalling plane network node. If a signalling plane key has already been established, then a media plane key is derived from that signalling plane key, and the media plane key sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node. If a signalling plane key has not already been established, then an alternative media plane key is derived from said session key and sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node.
摘要翻译：一种建立用于经由相应的第一和第二媒体平面网络节点至少部分地保护在第一和第二终端用户之间交换的媒体平面数据的密钥的方法。该方法包括从所述第一端点向所述第二端点发送会话建立信令，所述会话建立信令包括由所述第一端点产生的会话密钥。建立信令在第一信令平面网络节点被拦截，并且确定信令平面密钥是否已被建立用于在所述第一终端和所述第一信令平面网络节点之间保护信令平面。如果已经建立了信令平面密钥，则从该信令平面密钥导出媒体平面密钥，并且将媒体平面密钥发送到所述第一媒体平面网络节点，以将介质平面固定在所述第一终端用户和所述第一媒体之间平面网络节点。如果还没有建立信令平面密钥，则从所述会话密钥导出替代媒体平面密钥，并将其发送到所述第一媒体平面网络节点，以便在所述第一终端用户和所述第一媒体平面网络节点之间保护媒体平面。

3. 发明申请

WO2009070075A1 KEY MANAGEMENT FOR SECURE COMMUNICATION 审中-公开
标题翻译：安全通信的关键管理
公开(公告)号：WO2009070075A1
公开(公告)日：2009-06-04
申请号：PCT/SE2007/050927
申请日：2007-11-30
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , BLOM, Rolf , CHENG, Yi , LINDHOLM, Fredrik , MATTSSON, John , NÄSLUND, Mats , NORRMAN, Karl
发明人： BLOM, Rolf , CHENG, Yi , LINDHOLM, Fredrik , MATTSSON, John , NÄSLUND, Mats , NORRMAN, Karl
IPC分类号： H04L9/08
CPC分类号： H04L9/0838 , H04L9/083 , H04L9/0861 , H04L63/061 , H04L63/062 , H04L63/0884 , H04L65/1016
摘要： A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary.
摘要翻译：公开了一种用于管理用于通信网络中的第一和第二用户设备之间的安全通信的会话密钥的方法和装置。该方法的特征在于独立于每个用户设备为安全操作实现什么类型的凭证。第一用户从第一密钥管理服务器接收密钥信息和凭证并生成第一会话密钥。该凭证被转发到至少一个响应用户设备，在来自与第一密钥管理服务器通信的第二密钥管理服务器的支持下，解决凭证并确定第二会话密钥。此后，第一和第二会话密钥用于安全通信。在一个实施例中，通信遍及中间体，由此第一和第二会话密钥保护与相应的腿到中间的通信。

4. 发明申请

WO2010031600A1 KEY MANAGEMENT IN A COMMUNICATION NETWORK 审中-公开
标题翻译：通信网络中的主要管理
公开(公告)号：WO2010031600A1
公开(公告)日：2010-03-25
申请号：PCT/EP2009/052967
申请日：2009-03-13
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , BLOM, Rolf , NÄSLUND, Mats , NORRMAN, Karl , LINDHOLM, Fredrik
发明人： BLOM, Rolf , NÄSLUND, Mats , NORRMAN, Karl , LINDHOLM, Fredrik
IPC分类号： H04L29/06 , H04L9/08
CPC分类号： H04L63/0869 , H04L9/0819 , H04L9/083 , H04L9/3213 , H04L63/0428 , H04L63/06 , H04L63/08
摘要： A method and apparatus for key management in a communication network. A Key Management Server (KMS) receives from a first device a request for a token associated with a user identity, the user identity being associated with a second device. The KMS then sends the requested token and a user key associated with the user to the first device. The KMS subsequently receives the token from the second device. A second device key is generated using the user key and a modifying parameter associated with the second device. The modifying parameter is available to the first device for generating the second device key. The second device key is then sent from the KMS to the second device. The second device key can be used by the second device to authenticate itself to the first device, or for the first device to secure communications to the second device.
摘要翻译：一种用于通信网络中密钥管理的方法和装置。密钥管理服务器（KMS）从第一设备接收与用户身份相关联的令牌的请求，所述用户身份与第二设备相关联。然后，KMS将所请求的令牌和与用户相关联的用户密钥发送到第一设备。 KMS随后从第二个设备接收令牌。使用用户密钥和与第二设备相关联的修改参数来生成第二设备密钥。修改参数可用于第一设备用于生成第二设备密钥。然后，第二个设备密钥从KMS发送到第二个设备。第二设备密钥可以由第二设备用于向第一设备或第一设备认证自身以确保与第二设备的通信。

5. 发明申请

WO2002084980A1 METHOD AND NETWORK FOR DELIVERING STREAMING DATA 审中-公开
标题翻译：提供数据流的方法和网络
公开(公告)号：WO2002084980A1
公开(公告)日：2002-10-24
申请号：PCT/SE2002/000721
申请日：2002-04-10
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , LINDHOLM, Fredrik , BLOM, Rolf , NORRMAN, Karl , SELANDER, Göran , NÄSLUND, Mats
发明人： LINDHOLM, Fredrik , BLOM, Rolf , NORRMAN, Karl , SELANDER, Göran , NÄSLUND, Mats
IPC分类号： H04L29/06
CPC分类号： H04L63/0442 , G06F21/10 , G06F2221/0737 , G06F2221/0797 , H04L29/06027 , H04L63/0807 , H04L65/4084 , H04L65/607 , H04L65/608 , H04L67/14
摘要： In a procedure for delivering streaming media, a Client (1) first requests the media from an Order Server (3). The Order Server authenticates the Client and sends a ticket to the Client. Then, the Client sends the ticket to a Streaming Server (5). The Streaming Server checks theticket for validity and if found valid encrypts the streaming data using a standardized real-time protocol such as the SRTP and transmits the encrypted data to the Client. The Client receivesthe data and decrypts them. Copyrighted material adapted to streaming can be securely delivered to the Client. The robust protocol used is very well suited for in particular wireless clients and similar devices having a low capacity such as cellular telephones and PDAs.
摘要翻译：在递送流媒体的过程中，客户端（1）首先从订单服务器（3）请求媒体。订单服务器对客户端进行身份验证，并向客户端发送故障单。然后，客户端将该票发送到流服务器（5）。流媒体服务器检查电子邮件的有效性，如果发现有效使用标准化的实时协议（如SRTP）对流数据进行加密，并将加密的数据发送给客户端。客户接收数据并对其进行解密。适用于流媒体的版权材料可以安全地传递给客户端。所使用的鲁棒协议非常适合于特定的无线客户端和具有低容量的类似设备，例如蜂窝电话和PDA。

6. 发明申请

WO2007062882A2 METHOD AND APPARATUS FOR DELIVERING KEYING INFORMATION 审中-公开
标题翻译：交付关键信息的方法和装置
公开(公告)号：WO2007062882A2
公开(公告)日：2007-06-07
申请号：PCT/EP2006/064107
申请日：2006-07-11
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , NORRMAN, Karl , BLOM, Rolf , LINDHOLM, Fredrik
发明人： NORRMAN, Karl , BLOM, Rolf , LINDHOLM, Fredrik
IPC分类号： H04L9/08
CPC分类号： H04W12/02 , H04L63/0272 , H04L63/062 , H04L63/08 , H04L63/164 , H04L65/1016 , H04W12/04
摘要： A method of delivering an application key or keys to an application server for use in securing data exchanged between the application server and a user equipment, the user equipment accessing a communications network via an access domain. The method comprises running an Authentication and Key Agreement procedure between the user equipment and a home domain in order to make keying material available to the user equipment and to an access enforcement point. At least a part of said keying material is used to secure a communication tunnel between the user equipment and the access enforcement point, and one or more application keys are derived within the home domain using at least part of said keying material. Said application key(s) is(are) provided to said application server, and the same application key(s) derived at the user equipment, wherein said access enforcement point is unable to derive or have access to said application key(s).
摘要翻译：将应用密钥或密钥递送到应用服务器以用于保护在应用服务器和用户设备之间交换的数据的方法，所述用户设备经由接入域访问通信网络。该方法包括在用户设备和归属域之间运行认证和密钥协商过程，以使密钥材料可用于用户设备和访问执行点。所述密钥材料的至少一部分用于确保用户设备和访问执行点之间的通信隧道，并且使用至少部分所述密钥材料在归属域内导出一个或多个应用密钥。所述应用密钥被提供给所述应用服务器，以及在用户设备导出的相同应用密钥，其中所述访问执行点不能导出或访问所述应用密钥。

7. 发明申请

WO2009068985A2 END-TO-EDGE MEDIA PROTECTION 审中-公开
标题翻译：端到端媒体保护
公开(公告)号：WO2009068985A2
公开(公告)日：2009-06-04
申请号：PCT/IB2008/003288
申请日：2008-12-01
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL) , BARRIGA, Luis , BLOM, Rolf , CHENG, Yi , NÄSLUND, Mats , NORRMAN, Karl , LINDHOLM, Fredrik
发明人： BARRIGA, Luis , BLOM, Rolf , CHENG, Yi , NÄSLUND, Mats , NORRMAN, Karl , LINDHOLM, Fredrik
IPC分类号： H04W12/02
CPC分类号： H04W76/02 , H04L63/0428 , H04L65/1016 , H04L65/1069 , H04W12/02 , H04W12/04 , H04W76/10
摘要： An IMS system includes an IMS initiator user entity. The system includes an IMS responder user entity that is called by the initiator user entity. The system includes a calling side S-CSCF in communication with the caller entity which receives an INVITE having a first protection offer and parameters for key establishment from the caller entity, removes the first protection offer from the INVITE and forwards the INVITE without the first protection offer. The system includes a receiving end S-CSCF in communication with the responder user entity and the calling side S-CSCF which receives the INVITE without the first protection offer and checks that the responder user entity supports the protection, inserts a second protection offer into the INVITE and forwards the INVITE to the responder user entity, wherein the responder user entity accepts the INVITE including the second protection offer and answers with an acknowledgment having a first protection accept. A method for supporting a call by a telecommunications node.
摘要翻译： IMS系统包括IMS发起者用户实体。该系统包括由发起者用户实体调用的IMS应答器用户实体。该系统包括与主叫实体进行通信的主叫侧S-CSCF，其从呼叫方实体接收具有第一保护报价的INVITE和用于密钥建立的参数，从INVITE中移除第一保护报价并转发INVITE而没有第一保护提供。该系统包括与响应者用户实体通信的接收端S-CSCF，以及在没有第一保护提供的情况下接收INVITE的主叫侧S-CSCF，并检查响应者用户实体是否支持保护，将第二保护请求插入到 INVITE并将INVITE转发到响应者用户实体，其中响应者用户实体接受包括第二保护提议的INVITE和具有第一保护接受的确认的应答。一种用于支持电信节点的呼叫的方法。

8. 发明申请

WO2004093381A1 AUTHENTICATION METHOD 审中-公开
标题翻译：认证方法
公开(公告)号：WO2004093381A1
公开(公告)日：2004-10-28
申请号：PCT/SE2003/000631
申请日：2003-04-16
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (publ) , LINDHOLM, Fredrik , NÄSLUND, Mats
发明人： LINDHOLM, Fredrik , NÄSLUND, Mats
IPC分类号： H04L9/32
CPC分类号： H04L63/083 , H04L9/0833 , H04L9/3226 , H04L9/3234 , H04L9/3273 , H04L63/0435 , H04L63/0869 , H04L63/104 , H04L2209/80
摘要： The invention relates to password-based authentication in group networks. Each device (42) has an authentication token irreversibly based on the password. The authentication involves a first device (42-1) at which the password P is entered and a second device (42-2) towards which the authentication occurs. The first device determines a check token M j for the second based on the password and its own authentication token R I and this check token is sent to the second device, where it is compared with the athentication token of that device. The procedure may include update of a device to exclude a non-trusted device from the group or change the password. Advantageous features are that the information in one device does not allow retrieval of the password and that the password is only exposed at one device, and only temporarily, during the authentication.
摘要翻译：本发明涉及组网中的基于密码的认证。每个设备（42）基于密码不可逆地具有认证令牌。认证涉及输入密码P的第一设备（42-1）和发生认证的第二设备（42-2）。第一设备基于密码和其自己的认证令牌RI来确定第二个检查令牌Mj，并且将该检查令牌发送到第二设备，在该位置与该设备的认证令牌进行比较。该过程可以包括更新设备以从组中排除不可信设备或更改密码。有利的功能是，一个设备中的信息不允许检索密码，并且该密码仅在一个设备上公开，并且仅在临时认证期间暴露。

9. 发明申请

WO2007062689A1 METHOD AND APPARATUS FOR DISTRIBUTING KEYING INFORMATION 审中-公开
标题翻译：分配关键信息的方法和装置
公开(公告)号：WO2007062689A1
公开(公告)日：2007-06-07
申请号：PCT/EP2005/056387
申请日：2005-12-01
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (publ) , NORRMAN, Karl , LINDHOLM, Fredrik
发明人： NORRMAN, Karl , LINDHOLM, Fredrik
IPC分类号： H04L29/06 , H04L9/08 , H04L12/22
CPC分类号： H04W12/02 , H04L63/0272 , H04L63/062 , H04L63/08 , H04L63/164 , H04L65/1016 , H04W12/04
摘要： A method of securing communications between User Equipment and an application server via an IP Multimedia Subsystem network. The method comprises running an Authentication and Key Agreement procedure between the User Equipment and a Serving Call State Control Function of the IP Multimedia Subsystem network in order to make available to the User Equipment and to a Proxy Call State Control Function, keying material, and using at least a part of said keying material to secure a communication tunnel between the User Equipment and the Proxy Call State Control Function, and deriving at least one application service key at the Serving Call State Control Function using at least part of said keying material, providing said application service key(s) to said application server, and deriving the same application service key at the User Equipment, wherein the Proxy Call State Control Function is unable to derive said application service key.
摘要翻译：一种通过IP多媒体子系统网络保护用户设备与应用服务器之间的通信的方法。该方法包括在用户设备和IP多媒体子系统网络的服务呼叫状态控制功能之间运行认证和密钥协商过程，以使得可以向用户设备和代理呼叫状态控制功能，密钥材料和使用所述密钥材料的至少一部分用于确保用户设备和代理呼叫状态控制功能之间的通信隧道，并且使用至少部分所述密钥材料在服务呼叫状态控制功能上导出至少一个应用服务密钥，提供所述应用服务密钥到所述应用服务器，并且在所述用户设备处导出相同的应用服务密钥，其中所述代理呼叫状态控制功能不能导出所述应用服务密钥。

10. 发明申请

WO2010074621A1 A KEY MANAGEMENT METHOD 审中-公开
标题翻译：关键管理方法
公开(公告)号：WO2010074621A1
公开(公告)日：2010-07-01
申请号：PCT/SE2008/051558
申请日：2008-12-23
申请人： TELEFONAKTIEBOLAGET LM Ericsson (publ) , LINDHOLM, Fredrik , JOHANSSON, Mattias , NORRMAN, Karl
发明人： LINDHOLM, Fredrik , JOHANSSON, Mattias , NORRMAN, Karl
IPC分类号： H04L9/08
CPC分类号： H04L9/0833
摘要： The present invention relates to a key management method to establish selective secret information in multiple disjoint groups, more specifically to a method of reducing the broadcast size in access hierarchies and localize and facilitate management in said access hierarchies. The key management method selects a number of subgroups. Each subgroup supports an instance of a key distribution method for receiving distributed key material, and is capable of computing a usage security key based on the distributed key material and predefined user group key material.
摘要翻译：本发明涉及一种用于在多个不相交组中建立选择性秘密信息的密钥管理方法，更具体地涉及一种减少接入层次中广播大小的方法，并且对所述接入层次中的管理进行本地化和便利化。密钥管理方法选择多个子组。每个子组支持用于接收分布式密钥材料的密钥分发方法的实例，并且能够基于分布式密钥材料和预定义的用户组密钥材料来计算使用安全密钥。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式