专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

WO2010099823A1 IP MULTIMEDIA SECURITY 审中-公开
标题翻译： IP多媒体安全
公开(公告)号：WO2010099823A1
公开(公告)日：2010-09-10
申请号：PCT/EP2009/052560
申请日：2009-03-04
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , NÄSLUND, Mats , BLOM, Rolf , CHENG, Yi , LINDHOLM, Fredrik , NORRMAN, Karl
发明人： NÄSLUND, Mats , BLOM, Rolf , CHENG, Yi , LINDHOLM, Fredrik , NORRMAN, Karl
IPC分类号： H04L29/06 , H04W12/04
CPC分类号： H04L63/06 , H04L9/0844 , H04L2209/80 , H04W12/04
摘要： A method of establishing keys for at least partially securing media plane data exchanged between first and second end users via respective first and second media plane network nodes. The method comprises sending session set-up signalling from said first end point towards said second end point, said session set-up signalling including a session key generated by said first end point. The set-up signalling is intercepted at a first signalling plane network node and a determination made as to whether or not a signalling plane key has already been established for securing the signalling plane between said first end point and said first signalling plane network node. If a signalling plane key has already been established, then a media plane key is derived from that signalling plane key, and the media plane key sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node. If a signalling plane key has not already been established, then an alternative media plane key is derived from said session key and sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node.
摘要翻译：一种建立用于经由相应的第一和第二媒体平面网络节点至少部分地保护在第一和第二终端用户之间交换的媒体平面数据的密钥的方法。该方法包括从所述第一端点向所述第二端点发送会话建立信令，所述会话建立信令包括由所述第一端点产生的会话密钥。建立信令在第一信令平面网络节点被拦截，并且确定信令平面密钥是否已被建立用于在所述第一终端和所述第一信令平面网络节点之间保护信令平面。如果已经建立了信令平面密钥，则从该信令平面密钥导出媒体平面密钥，并且将媒体平面密钥发送到所述第一媒体平面网络节点，以将介质平面固定在所述第一终端用户和所述第一媒体之间平面网络节点。如果还没有建立信令平面密钥，则从所述会话密钥导出替代媒体平面密钥，并将其发送到所述第一媒体平面网络节点，以便在所述第一终端用户和所述第一媒体平面网络节点之间保护媒体平面。

2. 发明申请

WO2010053416A1 METHOD AND APPARATUS FOR FORWARDING DATA PACKETS USING AGGREGATING ROUTER KEYS 审中-公开
标题翻译：使用聚集路由器进行数据包的方法和装置
公开(公告)号：WO2010053416A1
公开(公告)日：2010-05-14
申请号：PCT/SE2008/051281
申请日：2008-11-07
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (publ) , CSÁSZÁR, András , MAGNUSSON, Lars G , NÄSLUND, Mats , WESTBERG, Lars
发明人： CSÁSZÁR, András , MAGNUSSON, Lars G , NÄSLUND, Mats , WESTBERG, Lars
IPC分类号： H04L12/56
CPC分类号： H04L45/00 , H04L63/0227
摘要： Method and apparatus for supporting the forwarding of received data packets in a router (402,702) of a packet- switched network. A forwarding table (706a) is configured in the router based on aggregating router keys and associated aggregation related instructions received from a key manager (400,700). Each aggregating router key represents a set of destinations. When a data packet (P) is received comprising an ingress tag derived from a sender key or router key, the ingress tag is matched with entries in the forwarding table. An outgoing port is selected for the packet according to a found matching table entry that further comprises an associated aggregation related instruction. An egress tag is then created according to the aggregation related instruction, and the packet with the created egress tag attached is sent from the selected outgoing port to a next hop router.
摘要翻译：用于支持在分组交换网络的路由器（402,702）中转发所接收的数据分组的方法和装置。基于从密钥管理器（400,700）接收的聚合路由器密钥和相关联的聚合相关指令，在路由器中配置转发表（706a）。每个聚合路由器密钥代表一组目的地。当接收到包含从发送方密钥或路由器密钥导出的入口标签的数据分组（P）时，入口标签与转发表中的条目匹配。根据发现的匹配表条目，为分组选择输出端口，进一步包括相关联的聚合相关指令。然后根据聚合相关指令创建出口标签，并将附加了创建的出口标签的数据包从所选出口端口发送到下一跳路由器。

3. 发明申请

WO2009065923A2 METHOD AND APPARATUS FOR USE IN A COMMUNICATIONS NETWORK 审中-公开
标题翻译：在通信网络中使用的方法和装置
公开(公告)号：WO2009065923A2
公开(公告)日：2009-05-28
申请号：PCT/EP2008/065967
申请日：2008-11-21
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , HADDAD, Wassim , NÄSLUND, Mats
发明人： HADDAD, Wassim , NÄSLUND, Mats
IPC分类号： H04W12/04 , H04W80/04
CPC分类号： H04W12/04 , H04L9/3239 , H04L63/0823 , H04L2209/80 , H04L2463/081 , H04W8/082 , H04W12/06 , H04W80/04 , H04W88/02 , H04W88/182
摘要： A method and apparatus for establishing a cryptographic relationship between a first node and a second node in a communications network. The first node receives at least part of a cryptographic attribute of the second node, uses the received at least part of the cryptographic attribute to generate an identifier for the first node. The cryptographic attribute may a public key belonging to the second node, and the identifier may be a Cryptographically Generated IP address. The cryptographic relationship allows the second node to establish with a third node that it is entitled to act on behalf of the first node.
摘要翻译：一种在通信网络中建立第一节点和第二节点之间的密码关系的方法和装置。第一节点接收第二节点的加密属性的至少一部分，使用所接收的至少部分密码属性来生成第一节点的标识符。加密属性可以是属于第二节点的公共密钥，并且该标识符可以是加密生成的IP地址。加密关系允许第二节点与第三节点建立它有权代表第一节点行动。

4. 发明申请

WO2008115126A2 PREFIX REACHABILITY DETECTION IN A COMMUNICATION 审中-公开
标题翻译：通信中的前缀可访问性检测
公开(公告)号：WO2008115126A2
公开(公告)日：2008-09-25
申请号：PCT/SE2008/050209
申请日：2008-02-26
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , HADDAD, Wassim , NÄSLUND, Mats
发明人： HADDAD, Wassim , NÄSLUND, Mats
IPC分类号： H04L29/06 , G06F21/00
CPC分类号： H04L63/1416 , H04L9/30 , H04L63/061 , H04L63/123 , H04L63/1466 , H04L2209/24
摘要： There is disclosed a method, and a communication system, and a communication node for implementing the claimed method, for attempting to enhance legitimacy assessment and thwart a man-in-the middle or similar false-location attack by evaluating the topology of a communication-session requesting node relative to the proposed communication path through a network between the requesting node and the requested node. Upon receiving the request,a PRD (Prefix Reachability Detection) protocol is initiated, either after or during a secure key exchange, if any, which if performed preferably includes an ART (address reachability text). The PRD is executed by sending a message to the communication node challenging the location-authenticity of the requesting device. The communication node, which may be for example an access router through which the requesting node accesses the network, determines if the requesting node is positioned behind the communication node topologically, and reports the result to the requested node. The requested node may then make a decision on whether to permit the communication. If so, the PRD may be repeated one or more times while the communication session is in progress.
摘要翻译：公开了一种用于实现所要求保护的方法的方法，通信系统和通信节点，用于通过评估通信的拓扑来尝试增强合法性评估并阻止中间或类似的假位置攻击中的人员，会话请求节点相对于所提出的通信路径通过请求节点和请求节点之间的网络。在接收到请求后，在安全密钥交换之后或期间，如果执行了PRD（前缀可达性检测）协议，如果执行的话，优先包括ART（地址可达性文本）。通过向通信节点发送消息来执行请求设备的位置真实性来执行PRD。通信节点，其可以是例如请求节点访问网络的接入路由器，确定请求节点是否在拓扑结构中位于通信节点后面，并将结果报告给所请求的节点。所请求的节点然后可以决定是否允许通信。如果是，则通信会话正在进行时，PRD可以重复一次或多次。

5. 发明申请

WO2009102247A1 APPLICATION SPECIFIC MASTER KEY SELECTION IN EVOLVED NETWORKS 审中-公开
标题翻译：应用特定的主要选择在演进的网络
公开(公告)号：WO2009102247A1
公开(公告)日：2009-08-20
申请号：PCT/SE2008/050178
申请日：2008-02-15
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , WALKER, John Michael , NÄSLUND, Mats , FERNANDEZ ALONSO, Susana
发明人： WALKER, John Michael , NÄSLUND, Mats , FERNANDEZ ALONSO, Susana
IPC分类号： H04W12/04 , H04L9/32 , H04W12/06
CPC分类号： H04L63/062 , H04L12/06 , H04L63/083 , H04W12/06
摘要： An authentication method comprises providing a set of N plural number of master keys both to a user terminal (13) and to home network entity (11) and, when performing an authentication key agreement (AKA) transaction for an application, selecting one of the N number of master keys to serve as a master key for use both at the user terminal and the home network entity for deriving further keys for the application. For example, when performing an authentication key agreement (AKA) transaction for a first application, the method involves randomly selecting one of the N number of master keys to serve as a first master key for use both at the user terminal and the home network entity for deriving further keys for the first application; but when 10 performing an authentication key agreement (AKA) transaction for another application, the method involves randomly selecting another one of the N number of master keys to serve as master key for use both at the user terminal and the home network entity for deriving further keys for the another application.
摘要翻译：认证方法包括向用户终端（13）和家庭网络实体（11）提供N个多个主密钥的集合，并且当为应用执行认证密钥协商（AKA）事务时，选择一个 N个主密钥用作用于用户终端和家庭网络实体的主密钥，用于导出用于应用的另外的密钥。例如，当对第一应用执行认证密钥协商（AKA）事务时，该方法包括随机选择N个主密钥中的一个作为第一主密钥，用于在用户终端和家庭网络实体用于导出用于第一应用的另外的键; 但是当10执行针对另一应用的认证密钥协议（AKA）事务时，该方法包括随机选择N个主密钥中的另一个作为主密钥，以在用户终端和归属网络实体处用于进一步导出另一个应用程序的键。

6. 发明申请

WO2009070075A1 KEY MANAGEMENT FOR SECURE COMMUNICATION 审中-公开
标题翻译：安全通信的关键管理
公开(公告)号：WO2009070075A1
公开(公告)日：2009-06-04
申请号：PCT/SE2007/050927
申请日：2007-11-30
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , BLOM, Rolf , CHENG, Yi , LINDHOLM, Fredrik , MATTSSON, John , NÄSLUND, Mats , NORRMAN, Karl
发明人： BLOM, Rolf , CHENG, Yi , LINDHOLM, Fredrik , MATTSSON, John , NÄSLUND, Mats , NORRMAN, Karl
IPC分类号： H04L9/08
CPC分类号： H04L9/0838 , H04L9/083 , H04L9/0861 , H04L63/061 , H04L63/062 , H04L63/0884 , H04L65/1016
摘要： A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary.
摘要翻译：公开了一种用于管理用于通信网络中的第一和第二用户设备之间的安全通信的会话密钥的方法和装置。该方法的特征在于独立于每个用户设备为安全操作实现什么类型的凭证。第一用户从第一密钥管理服务器接收密钥信息和凭证并生成第一会话密钥。该凭证被转发到至少一个响应用户设备，在来自与第一密钥管理服务器通信的第二密钥管理服务器的支持下，解决凭证并确定第二会话密钥。此后，第一和第二会话密钥用于安全通信。在一个实施例中，通信遍及中间体，由此第一和第二会话密钥保护与相应的腿到中间的通信。

7. 发明申请

WO2008074366A1 MANAGING USER ACCESS IN A COMMUNICATIONS NETWORK 审中-公开
标题翻译：管理通信网络中的用户访问
公开(公告)号：WO2008074366A1
公开(公告)日：2008-06-26
申请号：PCT/EP2006/069906
申请日：2006-12-19
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (publ) , NÄSLUND, Mats , ARKKO, Jari
发明人： NÄSLUND, Mats , ARKKO, Jari
IPC分类号： H04L29/06
CPC分类号： H04W12/04 , H04L63/061 , H04L63/062 , H04L63/067 , H04L63/08 , H04L63/0884 , H04L63/0892 , H04L63/162 , H04W12/06 , H04W80/04
摘要： A method of operating a node (AAA proxy) for performing handover between access networks wherein a user has authenticated for network access in a first access network (ANl). The method comprises receiving from a home network a first session key and a temporary identifier allocated to the user for the duration of a communication session. The identifier is mapped to the first session key, and the mapped identifier and key are stored at the node. A second session key is derived from the first session key and the second session key is sent to an access network, and the identifier sent to a user terminal, when the user subsequently moves to a second access network (AN2), the node receives the identifier from the user terminal. The node then retrieves the first session key mapped to the received identifier, derives a third session key and sends the third session key to the second access network.
摘要翻译：一种操作节点（AAA代理）的方法，用于在用户已经在第一接入网络（AN1）中对网络接入进行认证的接入网络之间进行切换。该方法包括：在通信会话期间，从家庭网络接收分配给用户的第一会话密钥和临时标识符。标识符被映射到第一个会话密钥，映射的标识符和密钥存储在节点处。第二会话密钥从第一会话密钥导出，第二会话密钥被发送到接入网络，并且当用户随后移动到第二接入网络（AN2）时，将标识符发送到用户终端，节点接收来自用户终端的标识符。然后，节点检索映射到接收到的标识符的第一会话密钥，导出第三会话密钥，并将第三会话密钥发送到第二接入网络。

8. 发明申请

WO2007030074A1 METHODS FOR SECURE AND BANDWIDTH EFFICIENT CRYPTOGRAPHIC SYNCHRONIZATION 审中-公开
标题翻译：安全和带宽有效的同步同步方法
公开(公告)号：WO2007030074A1
公开(公告)日：2007-03-15
申请号：PCT/SE2006/001040
申请日：2006-09-08
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (publ) , NÄSLUND, Mats , RAITH, Krister , LEHTOVIRTA, Vesa , NORRMAN, Karl
发明人： NÄSLUND, Mats , RAITH, Krister , LEHTOVIRTA, Vesa , NORRMAN, Karl
IPC分类号： H04L9/12
CPC分类号： H04L9/12 , H04L9/0861 , H04L9/16
摘要： Methods for cryptographic synchronization of data packets. A roll-over counter (ROC) value is periodically appended to and transmitted with a data packet when a function of the packet sequence number equals a predetermined value. The ROC effectively synchronizes the cryptographic transformation of the data packets. Although the disclosed methods are generally applicable to many transmission protocols, they are particularly adaptable for use in systems wherein the data packets are transmitted to a receiver using the Secure Real-Time Transport Protocol (SRTP) as defined in Internet Engineering Task Force (IETF) Request for Comments (RFC) 3711.
摘要翻译：数据包的密码同步方法。当分组序列号的功能等于预定值时，翻转计数器（ROC）值周期性地附加到数据分组并与数据分组一起发送。 ROC有效地同步数据包的加密转换。虽然所公开的方法通常适用于许多传输协议，但是它们特别适用于使用如因特网工程任务组（IETF）中定义的安全实时传输协议（SRTP）将数据分组发送到接收机的系统，请求评论（RFC）3711。

9. 发明申请

WO2005125261A1 SECURITY IN A MOBILE COMMUNICATIONS SYSTEM 审中-公开
标题翻译：移动通信系统中的安全
公开(公告)号：WO2005125261A1
公开(公告)日：2005-12-29
申请号：PCT/SE2005/000716
申请日：2005-05-17
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , BLOM, Rolf , NÄSLUND, Mats
发明人： BLOM, Rolf , NÄSLUND, Mats
IPC分类号： H04Q7/38
CPC分类号： H04L9/0838 , H04L9/3273 , H04L63/0428 , H04L63/0853 , H04L2209/80 , H04W12/04 , H04W12/06 , H04W88/06
摘要： When a mobile terminal (10), having a basic identity module (12) operative according to a first security standard, initiates a service access, the home network (30) determines whether the mobile terminal has an executable program (14) configured to interact with the basic identity module for emulating an identity module according to the second security standard. If it is concluded that the mobile terminal has such an executable program, a security algorithm is executed at the home network (30) to provide security data according to the second security standard. At least part of these security data are then transferred, transparently to a visited network (20), to the mobile terminal (10). On the mobile terminal side, the executable program (14) is executed for emulating an identity module according to the second security standard using at least part of the transferred security data as input. Preferably, the first security standard corresponds to a 2G standard, basically the GSM standard and the second security standard at least in part corresponds to a 3G standard such as the UMTS standard, and/or the IP Multimedia Sub-system (IMS) standard.
摘要翻译：当具有根据第一安全标准操作的基本身份模块（12）的移动终端（10）启动服务访问时，家庭网络（30）确定移动终端是否具有被配置为相互作用的可执行程序（14）具有用于根据第二安全标准模拟身份模块的基本身份模块。如果确定移动终端具有这样的可执行程序，则在归属网络（30）处执行安全算法以根据第二安全标准提供安全数据。这些安全数据的至少一部分然后被透明地传送到被访问网络（20）到移动终端（10）。在移动终端侧，执行可执行程序（14），用于使用至少部分传送的安全数据作为输入来根据第二安全标准来模拟身份模块。优选地，第一安全标准对应于2G标准，基本上GSM标准和第二安全标准至少部分地对应于诸如UMTS标准和/或IP多媒体子系统（IMS）标准的3G标准。

10. 发明申请

WO2005078988A1 KEY MANAGEMENT FOR NETWORK ELEMENTS 审中-公开
标题翻译：网络元素的关键管理
公开(公告)号：WO2005078988A1
公开(公告)日：2005-08-25
申请号：PCT/SE2004/000179
申请日：2004-02-11
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , BLOM, Rolf , NÄSLUND, Mats , CARRARA, Elisabetta , LINDHOLM, Fredrik , NORRMAN, Karl
发明人： BLOM, Rolf , NÄSLUND, Mats , CARRARA, Elisabetta , LINDHOLM, Fredrik , NORRMAN, Karl
IPC分类号： H04L9/00
CPC分类号： H04L9/0844 , H04L9/0891 , H04L2209/80
摘要： The invention provides an establishment of a secret session key shared Between two network elements (NEa, NEb) belonging to different network domains (NDa, NDb). A first network element (NEa) of a first network domain (NDa) requests security parameters from an associated key management center (KMC) (AAAa). Upon reception of the request, the KMC (AAAa) generates a freshness token (FRESH) and calculates the session key (K) based on this token (FRESH) and a master key (KAB) shared with a second network domain (NDb). The security parameters are (securely) provided to the network element (NEa), which extracts the session key (K) and forwards the freshness token (FRESH) to the KMC (AAAb) of the second domain (NDb) through a second network element (NEb). Based on the token (FRESH) and the shared master key (KAB), the KMC (AAAb) generates a copy of the session key (K), which is (securely) provided to the second network element (NEb). The two network elements (NEa, NEb) now have shares the session key (K), enabling them to securely communicate with each other.
摘要翻译：本发明提供了属于不同网络域（NDa，NDb）的两个网元（NEa，NEb）之间共享的秘密会话密钥的建立。第一网络域（NDa）的第一网元（NEa）从相关联的密钥管理中心（AAAa）请求安全参数。在接收到请求时，KMC（AAAa）生成新鲜令牌（FRESH），并且基于该令牌（FRESH）和与第二网络域（NDb）共享的主密钥（KAB）来计算会话密钥（K）。安全参数（安全地）被提供给提取会话密钥（K）的网元（NEa），并通过第二网络元件将新鲜度令牌（FRESH）转发到第二域（NDb）的KMC（AAAb）（鼻）。基于令牌（FRESH）和共享主密钥（KAB），KMC（AAAb）生成（安全地）提供给第二网元（NEb）的会话密钥（K）的副本。两个网元（NEa，NEb）现在已经共享了会话密钥（K），使得它们能够彼此安全地通信。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式