专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

WO2006104438A1 PROTECTION OF DATA DELIVERED OUT-OF-ORDER 审中-公开
标题翻译：保护数据提供的无序
公开(公告)号：WO2006104438A1
公开(公告)日：2006-10-05
申请号：PCT/SE2006/000312
申请日：2006-03-09
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , CHEN, Ta-Wei , NORRMAN, Karl
发明人： CHEN, Ta-Wei , NORRMAN, Karl
IPC分类号： H04L29/06 , H04L12/56
CPC分类号： H04L47/10 , H04L63/0428 , H04L63/166 , H04L69/14 , H04L69/16 , H04L69/163 , H04L69/165
摘要： A basic idea of the invention is to separate ordered delivery data and unordered delivery data in a security protocol running on top of a reliable transport protocol, and perform a first type of security processing for ordered delivery data and a second different type of security processing for unordered delivery data in the security protocol. Preferably, data messages using ordered delivery and data messages using unordered delivery within a secure data stream are separated into two message sequence spaces on the security protocol layer, and data security processing is then performed differently in these two spaces. The invention is particularly suitable for a reliable transport protocol such as SCTP (Stream Control Transmission Protocol). The security protocol running on top of the transport protocol is preferably based on the TLS (Transport Layer Security) or a TLS-like protocol with a security processing extension for unordered delivery.
摘要翻译：本发明的基本思想是在可靠传输协议之上运行的安全协议中分离有序传送数据和无序传送数据，并对有序传送数据执行第一类型的安全处理，以及对第二种不同类型的安全处理进行安全处理安全协议中的无序传送数据。优选地，使用有序传送的数据消息和使用安全数据流内的无序传送的数据消息在安全协议层上分成两个消息序列空间，然后在这两个空间中进行不同的数据安全处理。本发明特别适用于诸如SCTP（流控制传输协议）的可靠传输协议。运行在传输协议之上的安全协议优选地基于TLS（传输层安全性）或具有用于无序传送的安全处理扩展的类TLS协议。

2. 发明申请

WO2010099823A1 IP MULTIMEDIA SECURITY 审中-公开
标题翻译： IP多媒体安全
公开(公告)号：WO2010099823A1
公开(公告)日：2010-09-10
申请号：PCT/EP2009/052560
申请日：2009-03-04
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , NÄSLUND, Mats , BLOM, Rolf , CHENG, Yi , LINDHOLM, Fredrik , NORRMAN, Karl
发明人： NÄSLUND, Mats , BLOM, Rolf , CHENG, Yi , LINDHOLM, Fredrik , NORRMAN, Karl
IPC分类号： H04L29/06 , H04W12/04
CPC分类号： H04L63/06 , H04L9/0844 , H04L2209/80 , H04W12/04
摘要： A method of establishing keys for at least partially securing media plane data exchanged between first and second end users via respective first and second media plane network nodes. The method comprises sending session set-up signalling from said first end point towards said second end point, said session set-up signalling including a session key generated by said first end point. The set-up signalling is intercepted at a first signalling plane network node and a determination made as to whether or not a signalling plane key has already been established for securing the signalling plane between said first end point and said first signalling plane network node. If a signalling plane key has already been established, then a media plane key is derived from that signalling plane key, and the media plane key sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node. If a signalling plane key has not already been established, then an alternative media plane key is derived from said session key and sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node.
摘要翻译：一种建立用于经由相应的第一和第二媒体平面网络节点至少部分地保护在第一和第二终端用户之间交换的媒体平面数据的密钥的方法。该方法包括从所述第一端点向所述第二端点发送会话建立信令，所述会话建立信令包括由所述第一端点产生的会话密钥。建立信令在第一信令平面网络节点被拦截，并且确定信令平面密钥是否已被建立用于在所述第一终端和所述第一信令平面网络节点之间保护信令平面。如果已经建立了信令平面密钥，则从该信令平面密钥导出媒体平面密钥，并且将媒体平面密钥发送到所述第一媒体平面网络节点，以将介质平面固定在所述第一终端用户和所述第一媒体之间平面网络节点。如果还没有建立信令平面密钥，则从所述会话密钥导出替代媒体平面密钥，并将其发送到所述第一媒体平面网络节点，以便在所述第一终端用户和所述第一媒体平面网络节点之间保护媒体平面。

3. 发明申请

WO2007014630A1 AUTOMATIC MOBILE DEVICE CAPABILITY MANAGEMENT 审中-公开
标题翻译：自动移动设备能力管理
公开(公告)号：WO2007014630A1
公开(公告)日：2007-02-08
申请号：PCT/EP2006/006776
申请日：2006-07-11
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (publ) , NORRMAN, Karl , BARRIGA, Luis , HALEN, Joacim
发明人： NORRMAN, Karl , BARRIGA, Luis , HALEN, Joacim
IPC分类号： H04Q7/38 , H04L29/08 , H04M3/42
CPC分类号： H04W8/22 , H04L67/04 , H04L67/303 , H04M3/42136 , H04M3/42178 , H04W8/18
摘要： The present invention relates to an improved approach to mobile device capability management. Heretofore, a capability management device (14) is provided at a mobile communication network. Upon change of a mobile device capability, a related notification is sent to the capability management device (14) which applies a policy decision whether to track the capability change at the network side or not. Should the decision be ’yes’, the capability management device (14) starts a device management session to collect further information on a mobile device capability change beyond the information made available with the mobile device capability change notification. After retrieval of the mobile device capability change information, the capability management device (14) will update its mobile device capability state accordingly. Optionally, the capability management device (14) may share the generated information with third party (16) cooperating with the mobile device (10) for, e.g., service delivery.
摘要翻译：本发明涉及一种改进的移动设备能力管理方法。迄今为止，在移动通信网络中提供了能力管理装置（14）。在更改移动设备能力时，向能力管理设备（14）发送相关通知，该能力管理设备（14）应用策略决定是否跟踪网络侧的能力变化。如果决定为“是”，则能力管理装置（14）启动设备管理会话以收集有关移动设备能力改变的进一步信息，超出了可用于移动设备能力改变通知的信息。在检索到移动设备能力改变信息之后，能力管理设备（14）将相应地更新其移动设备能力状态。可选地，能力管理设备（14）可以与与移动设备（10）协作的第三方（16）共享生成的信息，以用于例如服务递送。

4. 发明申请

WO2009070075A1 KEY MANAGEMENT FOR SECURE COMMUNICATION 审中-公开
标题翻译：安全通信的关键管理
公开(公告)号：WO2009070075A1
公开(公告)日：2009-06-04
申请号：PCT/SE2007/050927
申请日：2007-11-30
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , BLOM, Rolf , CHENG, Yi , LINDHOLM, Fredrik , MATTSSON, John , NÄSLUND, Mats , NORRMAN, Karl
发明人： BLOM, Rolf , CHENG, Yi , LINDHOLM, Fredrik , MATTSSON, John , NÄSLUND, Mats , NORRMAN, Karl
IPC分类号： H04L9/08
CPC分类号： H04L9/0838 , H04L9/083 , H04L9/0861 , H04L63/061 , H04L63/062 , H04L63/0884 , H04L65/1016
摘要： A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary.
摘要翻译：公开了一种用于管理用于通信网络中的第一和第二用户设备之间的安全通信的会话密钥的方法和装置。该方法的特征在于独立于每个用户设备为安全操作实现什么类型的凭证。第一用户从第一密钥管理服务器接收密钥信息和凭证并生成第一会话密钥。该凭证被转发到至少一个响应用户设备，在来自与第一密钥管理服务器通信的第二密钥管理服务器的支持下，解决凭证并确定第二会话密钥。此后，第一和第二会话密钥用于安全通信。在一个实施例中，通信遍及中间体，由此第一和第二会话密钥保护与相应的腿到中间的通信。

5. 发明申请

WO2007042345A1 METHOD AND APPARATUS FOR ESTABLISHING A SECURITY ASSOCIATION 审中-公开
标题翻译：建立安全协会的方法和装置
公开(公告)号：WO2007042345A1
公开(公告)日：2007-04-19
申请号：PCT/EP2006/065676
申请日：2006-08-25
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , BLOM, Rolf , NORRMAN, Karl
发明人： BLOM, Rolf , NORRMAN, Karl
IPC分类号： H04L29/08 , H04L12/56 , H04L29/06
CPC分类号： H04W12/04 , H04L9/0841 , H04L9/3271 , H04L63/0435 , H04L63/062 , H04L67/26 , H04L2209/56 , H04L2209/80 , H04W84/042
摘要： A method for establishing a security association between a client (UE) and a service node (NAF) for the purpose of pushing information from the service node to the client, where the client and a key server (BSF) share a base secret. The method comprises sending a request for generation and provision of a service key from the service node to a key server, the request identifying the client and the service node, generating a service key at the key server using the identities of the client and the service node, the base secret, and additional information, and sending the service key to the service node together with said additional information, forwarding said additional information from the service node to the client, and at the client, generating said service key using the received additional information and the base key. A similar approach may be used to provide p2p key management.
摘要翻译：用于在客户端和密钥服务器（BSF）共享基本秘密之间建立客户端（UE）和服务节点（NAF）之间的安全关联的方法，用于将信息从服务节点推送到客户端。该方法包括从服务节点向密钥服务器发送生成和提供服务密钥的请求，所述请求标识客户端和服务节点，使用客户端和服务的身份在密钥服务器生成服务密钥节点，基本秘密和附加信息，以及将服务密钥与所述附加信息一起发送到服务节点，将所述附加信息从服务节点转发到客户端，并且在客户端处，使用接收到的附加信息生成所述服务密钥信息和基本键。可以使用类似的方法来提供p2p密钥管理。

6. 发明申请

WO2007030074A1 METHODS FOR SECURE AND BANDWIDTH EFFICIENT CRYPTOGRAPHIC SYNCHRONIZATION 审中-公开
标题翻译：安全和带宽有效的同步同步方法
公开(公告)号：WO2007030074A1
公开(公告)日：2007-03-15
申请号：PCT/SE2006/001040
申请日：2006-09-08
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (publ) , NÄSLUND, Mats , RAITH, Krister , LEHTOVIRTA, Vesa , NORRMAN, Karl
发明人： NÄSLUND, Mats , RAITH, Krister , LEHTOVIRTA, Vesa , NORRMAN, Karl
IPC分类号： H04L9/12
CPC分类号： H04L9/12 , H04L9/0861 , H04L9/16
摘要： Methods for cryptographic synchronization of data packets. A roll-over counter (ROC) value is periodically appended to and transmitted with a data packet when a function of the packet sequence number equals a predetermined value. The ROC effectively synchronizes the cryptographic transformation of the data packets. Although the disclosed methods are generally applicable to many transmission protocols, they are particularly adaptable for use in systems wherein the data packets are transmitted to a receiver using the Secure Real-Time Transport Protocol (SRTP) as defined in Internet Engineering Task Force (IETF) Request for Comments (RFC) 3711.
摘要翻译：数据包的密码同步方法。当分组序列号的功能等于预定值时，翻转计数器（ROC）值周期性地附加到数据分组并与数据分组一起发送。 ROC有效地同步数据包的加密转换。虽然所公开的方法通常适用于许多传输协议，但是它们特别适用于使用如因特网工程任务组（IETF）中定义的安全实时传输协议（SRTP）将数据分组发送到接收机的系统，请求评论（RFC）3711。

7. 发明申请

WO2005078988A1 KEY MANAGEMENT FOR NETWORK ELEMENTS 审中-公开
标题翻译：网络元素的关键管理
公开(公告)号：WO2005078988A1
公开(公告)日：2005-08-25
申请号：PCT/SE2004/000179
申请日：2004-02-11
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , BLOM, Rolf , NÄSLUND, Mats , CARRARA, Elisabetta , LINDHOLM, Fredrik , NORRMAN, Karl
发明人： BLOM, Rolf , NÄSLUND, Mats , CARRARA, Elisabetta , LINDHOLM, Fredrik , NORRMAN, Karl
IPC分类号： H04L9/00
CPC分类号： H04L9/0844 , H04L9/0891 , H04L2209/80
摘要： The invention provides an establishment of a secret session key shared Between two network elements (NEa, NEb) belonging to different network domains (NDa, NDb). A first network element (NEa) of a first network domain (NDa) requests security parameters from an associated key management center (KMC) (AAAa). Upon reception of the request, the KMC (AAAa) generates a freshness token (FRESH) and calculates the session key (K) based on this token (FRESH) and a master key (KAB) shared with a second network domain (NDb). The security parameters are (securely) provided to the network element (NEa), which extracts the session key (K) and forwards the freshness token (FRESH) to the KMC (AAAb) of the second domain (NDb) through a second network element (NEb). Based on the token (FRESH) and the shared master key (KAB), the KMC (AAAb) generates a copy of the session key (K), which is (securely) provided to the second network element (NEb). The two network elements (NEa, NEb) now have shares the session key (K), enabling them to securely communicate with each other.
摘要翻译：本发明提供了属于不同网络域（NDa，NDb）的两个网元（NEa，NEb）之间共享的秘密会话密钥的建立。第一网络域（NDa）的第一网元（NEa）从相关联的密钥管理中心（AAAa）请求安全参数。在接收到请求时，KMC（AAAa）生成新鲜令牌（FRESH），并且基于该令牌（FRESH）和与第二网络域（NDb）共享的主密钥（KAB）来计算会话密钥（K）。安全参数（安全地）被提供给提取会话密钥（K）的网元（NEa），并通过第二网络元件将新鲜度令牌（FRESH）转发到第二域（NDb）的KMC（AAAb）（鼻）。基于令牌（FRESH）和共享主密钥（KAB），KMC（AAAb）生成（安全地）提供给第二网元（NEb）的会话密钥（K）的副本。两个网元（NEa，NEb）现在已经共享了会话密钥（K），使得它们能够彼此安全地通信。

8. 发明申请

WO2009139673A1 VERIFYING A MESSAGE IN A COMMUNICATION NETWORK 审中-公开
标题翻译：在通信网络中验证消息
公开(公告)号：WO2009139673A1
公开(公告)日：2009-11-19
申请号：PCT/SE2008/050550
申请日：2008-05-13
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , NORRMAN, Karl , SLAVOV, Kristian , SALMELA, Patrik
发明人： NORRMAN, Karl , SLAVOV, Kristian , SALMELA, Patrik
IPC分类号： H04L29/06
CPC分类号： H04L63/068 , H04L9/3213 , H04L9/3297 , H04L63/08 , H04L63/0807 , H04L63/1458 , H04W12/04 , H04W12/06
摘要： A method and apparatus for verifying a request for service in a communication network. An authentication node generates a secret and transmits the secret to a node providing a service. The authentication node then receives a request for authentication from a requesting node, and once the requesting node is authenticated, the authorisation node sends an identifier for the requesting node and a first token, which is derived using the secret and the identifier. A service providing node subsequently receives a request for service from the requesting node, the request including the identifier for the requesting node and the first token. The service providing node derives a second token using the identifier and the secret. If the first token and the second token match, then the service providing node allows the request, and if the first token and the second token do not match, then the request is refused.
摘要翻译：一种用于在通信网络中验证服务请求的方法和装置。认证节点生成秘密，并将秘密发送给提供服务的节点。认证节点然后从请求节点接收认证请求，并且一旦请求节点被认证，授权节点就发送用于请求节点的标识符和使用秘密和标识符导出的第一令牌。服务提供节点随后从请求节点接收服务请求，该请求包括请求节点和第一令牌的标识符。服务提供节点使用标识符和秘密导出第二个令牌。如果第一令牌和第二令牌匹配，则服务提供节点允许请求，并且如果第一令牌和第二令牌不匹配，则该请求被拒绝。

9. 发明申请

WO2008048179A2 CRYPTOGRAPHIC KEY MANAGEMENT IN COMMUNICATION NETWORKS 审中-公开
标题翻译：通信网络中的密码密钥管理
公开(公告)号：WO2008048179A2
公开(公告)日：2008-04-24
申请号：PCT/SE2007/050734
申请日：2007-10-11
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , BLOM, Rolf , NÄSLUND, Mats , NORRMAN, Karl
发明人： BLOM, Rolf , NÄSLUND, Mats , NORRMAN, Karl
IPC分类号： H04L9/08
CPC分类号： H04L9/321 , H04L63/062 , H04L63/08 , H04L2209/80 , H04L2463/061 , H04W12/04 , H04W12/06 , H04W36/0038
摘要： An authentication server and a system and method for managing cryptographic keys across different combinations of user terminals, access networks, and core networks. A Transformation Coder Entity, TCE, (25) creates a master key, Mk, which is used to derive keys during the authentication procedure. During handover between the different access types, the Mk or a transformed Mk is passed between two authenticator nodes (42, 43, 44) that hold the key in the respective access networks when a User Equipment, UE, terminal (41, 51, 52, 53) changes access. The transformation of the Mk is performed via a one-way function, and has the effect that if the Mk is somehow compromised, it is not possible to automatically obtain access to previously used master keys. The transformation is performed based on the type of authenticator node and type of UE/identity module with which the transformed key is to be utilized. The Mk is never used directly, but is only used to derive the keys that are directly used to protect the access link.
摘要翻译：
一种认证服务器以及一种用于管理用户终端，接入网络和核心网络的不同组合上的密钥的系统和方法。转换编码器实体TCE（25）创建主密钥Mk，该密钥用于在认证过程中导出密钥。在不同接入类型之间的切换期间，当用户设备UE终端（41,51,52）在两个认证者节点（42,43,44）之间传递Mk或变换后的Mk时，，53）改变访问权限。 Mk的变换通过单向函数执行，并且具有如果Mk以某种方式被破坏的效果，则不可能自动获得对以前使用的主密钥的访问。该转换基于认证器节点的类型以及将要使用变换的密钥的UE /身份模块的类型来执行。 Mk从不直接使用，但仅用于派生直接用于保护访问链接的密钥。

10. 发明申请

WO2006084522A1 KEY DELIVERY METHOD AND APPARATUS IN A COMMUNICATIONS SYSTEM 审中-公开
标题翻译：通信系统中的关键传送方法和装置
公开(公告)号：WO2006084522A1
公开(公告)日：2006-08-17
申请号：PCT/EP2005/056859
申请日：2005-12-16
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , LEHTOVIRTA, Vesa, Petteri , NORRMAN, Karl
发明人： LEHTOVIRTA, Vesa, Petteri , NORRMAN, Karl
IPC分类号： H04Q7/38
CPC分类号： H04W12/04 , H04H60/23 , H04L63/061 , H04L2463/062 , H04N21/26613 , H04N21/6405 , H04W4/06 , H04W4/60
摘要： A method of facilitating access by a user terminal to broadcast and/or multicast data which is encrypted and sent to the user terminal from a communication network, the method comprising: sending an encrypted service key from an access server of the communication network to the user terminal, and passing the encrypted service key to a secure module of the user terminal, the secure module having access to a decryption key for decrypting the encrypted service key but this decryption key being inaccessible to other functions of the user terminal; generating an acknowledgement of receipt of the service key at said secure module, and sending the acknowledgement from the user equipment to the access server; authenticating the receipt at the access server and sending a return acknowledgement from the access server to the user terminal, and passing the return acknowledgement to the secure module; and authenticating the return acknowledgement at the secure module, and subsequently making the decrypted service key available to the user terminal, the service key making possible directly or indirectly the decryption of broadcast and/or multicast data.
摘要翻译：一种便利用户终端访问广播和/或组播数据的方法，所述数据被加密并从通信网络发送到所述用户终端，所述方法包括：从所述通信网络的接入服务器向所述用户发送加密的服务密钥终端，并且将加密的服务密钥传递到用户终端的安全模块，该安全模块具有访问用于解密加密服务密钥的解密密钥，但是该解密密钥对用户终端的其他功能是不可访问的; 在所述安全模块生成接收到所述服务密钥的确认，并将所述确认从所述用户设备发送到所述访问服务器; 在所述接入服务器处认证所述接收，并且从所述接入服务器向所述用户终端发送返回确认，以及将所述返回确认传递给所述安全模块; 以及在所述安全模块处认证所述返回确认，以及随后使所述解密的服务密钥可用于所述用户终端，所述服务密钥可以直接或间接地使广播和/或多播数据的解密成为可能。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式