会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 2. 发明申请
    • IP MULTIMEDIA SECURITY
    • IP多媒体安全
    • WO2010099823A1
    • 2010-09-10
    • PCT/EP2009/052560
    • 2009-03-04
    • TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)NÄSLUND, MatsBLOM, RolfCHENG, YiLINDHOLM, FredrikNORRMAN, Karl
    • NÄSLUND, MatsBLOM, RolfCHENG, YiLINDHOLM, FredrikNORRMAN, Karl
    • H04L29/06H04W12/04
    • H04L63/06H04L9/0844H04L2209/80H04W12/04
    • A method of establishing keys for at least partially securing media plane data exchanged between first and second end users via respective first and second media plane network nodes. The method comprises sending session set-up signalling from said first end point towards said second end point, said session set-up signalling including a session key generated by said first end point. The set-up signalling is intercepted at a first signalling plane network node and a determination made as to whether or not a signalling plane key has already been established for securing the signalling plane between said first end point and said first signalling plane network node. If a signalling plane key has already been established, then a media plane key is derived from that signalling plane key, and the media plane key sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node. If a signalling plane key has not already been established, then an alternative media plane key is derived from said session key and sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node.
    • 一种建立用于经由相应的第一和第二媒体平面网络节点至少部分地保护在第一和第二终端用户之间交换的媒体平面数据的密钥的方法。 该方法包括从所述第一端点向所述第二端点发送会话建立信令,所述会话建立信令包括由所述第一端点产生的会话密钥。 建立信令在第一信令平面网络节点被拦截,并且确定信令平面密钥是否已被建立用于在所述第一终端和所述第一信令平面网络节点之间保护信令平面。 如果已经建立了信令平面密钥,则从该信令平面密钥导出媒体平面密钥,并且将媒体平面密钥发送到所述第一媒体平面网络节点,以将介质平面固定在所述第一终端用户和所述第一媒体之间 平面网络节点。 如果还没有建立信令平面密钥,则从所述会话密钥导出替代媒体平面密钥,并将其发送到所述第一媒体平面网络节点,以便在所述第一终端用户和所述第一媒体平面网络节点之间保护媒体平面。
    • 3. 发明申请
    • METHODS, NETWORK NODES, MOBILE ENTITY, COMPUTER PROGRAMS AND COMPUTER PROGRAM PRODUCTS FOR PROTECTING PRIVACY OF A MOBILE ENTITY
    • 方法,网络编号,移动实体,计算机程序和计算机程序产品,用于保护移动实体的隐私
    • WO2016209126A1
    • 2016-12-29
    • PCT/SE2015/050728
    • 2015-06-23
    • TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    • NORRMAN, KarlNÄSLUND, MatsMATTSSON, JohnCHENG, Yi
    • H04W12/02H04L9/32H04W8/26H04W12/06
    • H04L9/3271H04L63/0414H04L2209/42H04L2209/80H04W8/26H04W12/02H04W12/06
    • A method (20) for a first network node (5, 15) of protecting confidentiality of a first identifier associated by the first network node (5, 15) with a subscription used by a mobile entity (6, 16) in a communications network (1, 10) is provided. The communications network (1, 10) comprises a home network (3, 13) of the mobile entity (6, 16) and a serving network (2, 4, 12, 14) serving the mobile entity (6, 16). The method (20) comprises the following steps performed by the first network node (5, 5), which is part of the home network (3, 13): receiving (21), from a second network node (4, 14) which is part of the serving network (2, 12), a first request for authentication information for the mobile entity (6, 16), the first request comprising the first identifier, generating (22) a first pseudonym associated with the first identifier, creating (23) a link between the first pseudonym and the first identifier, and sending (24), to the second network node (4, 14), the first pseudonym in response to the first request for authentication information for use as an identifier for the mobile entity (6, 16) in the serving network (2, 12). A method (70) for a second network node is also provided, and corresponding network nodes, computer programs and computer program products.
    • 一种用于通过由通信网络中的移动实体(6,16)使用的订阅来保护由第一网络节点(5,15)相关联的第一标识符的机密性的第一网络节点(5,15)的方法(20) (1,10)。 通信网络(1,10)包括移动实体(6,16)的归属网络(3,13)和服务于移动实体(6,16)的服务网络(2,4,12,14)。 方法(20)包括作为家庭网络(3,13)的一部分的第一网络节点(5,5)执行的以下步骤:从第二网络节点(4,14)接收(21) 是服务网络(2,12)的一部分,对移动实体(6,16)的认证信息的第一请求,第一请求包括第一标识符,生成(22)与第一标识符相关联的第一假名,创建 (23)第一假名和第一标识符之间的链接,并且向第二网络节点(4,14)发送(24)第一假名,响应于用于认证信息的第一请求用作用于 移动实体(6,16)在服务网络(2,12)中。 还提供了用于第二网络节点的方法(70),以及相应的网络节点,计算机程序和计算机程序产品。
    • 4. 发明申请
    • METHODS AND NODES FOR HANDLING USAGE POLICY
    • 处理使用政策的方法和方法
    • WO2014065720A1
    • 2014-05-01
    • PCT/SE2012/051128
    • 2012-10-22
    • TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    • HUANG, VincentCHENG, Yi
    • G06F21/60H04L9/08H04L9/32H04L29/06H04L29/08H04W84/18
    • G06F21/10G06F21/60G06F21/85H04L9/3247H04L63/0245H04L63/0263H04L63/10H04L63/20H04L2209/603
    • Methods and nodes (300a, 300b, 302) for handling a usage policy (P1.P2) pertaining to source data (D1,D2) generated by a source node (300a, 300b). The usage policy dictates permission to access and use the source data. The source node calculates a signature (Sig) based on an identification (id_D) of the source data and the usage policy (P) of the source data, and provides the source data, its usage policy and the calculated signature to a data processing node (302). The data processing node then generates new data (D3) based on the source data, and calculates a new signature (Sig3) based on an identification (ldj_)3) of the new data and at least one of: a new usage policy (P3) pertaining to the generated new data, and the usage policy (P1, P2) of the source data. The data processing node finally provides the new data, the usage policies (P1, P2, P3) and the signatures (Sig1, Sig2, Sig3) to a data receiving node (304) which is thereby enabled to verify and comply with the provided usage policies based on the respective associated signatures.
    • 用于处理由源节点(300a,300b)生成的与源数据(D1,D2)有关的使用策略(P1.P2)的方法和节点(300a,300b,302)。 使用策略规定了访问和使用源数据的权限。 源节点基于源数据的标识(id_D)和源数据的使用策略(P)来计算签名(Sig),并将源数据,其使用策略和计算的签名提供给数据处理节点 (302)。 数据处理节点然后基于源数据生成新数据(D3),并且基于新数据的标识(1dj_)3)计算新签名(Sig3),并且至少一个:新的使用策略(P3 )和源数据的使用策略(P1,P2)相关联。 数据处理节点最终向数据接收节点(304)提供新数据,使用策略(P1,P2,P3)和签名(Sig1,Sig2,Sig3),从而能够验证并遵守所提供的使用 基于各自相关联的签名的策略。
    • 5. 发明申请
    • METHOD AND APPARATUS FOR MACHINE-TO-MACHINE COMMUNICATION
    • 机器到机器通信的方法和装置
    • WO2009149759A1
    • 2009-12-17
    • PCT/EP2008/057420
    • 2008-06-12
    • TELEFONAKTIEBOLAGET LM ERICSSON (publ)CHENG, YiHUANG, VincentJOHANSSON, Mattias
    • CHENG, YiHUANG, VincentJOHANSSON, Mattias
    • H04L29/06
    • H04L63/062H04L9/3263H04L67/12H04L2209/805H04W4/00H04W4/70
    • According to a first aspect of the present invention there is provided a method of at least partly delegating processing of data in a machine-to-machine system to reduce computational load on a broker entity 11 while maintaining security of the data to be processed, the broker entity 11 serving as a link between a node 13 of a sensor network providing the data and an application node 12 requesting the data. In the method, at the broker entity 11, following receipt of a request for processed data from the application node 12, determining the node to provide the data to be processed, generating a data key for the data-providing node 13, generating a data-processing algorithm for processing the data in dependence upon the request, sending the data key to the data-providing node 13, and sending the data key and data-processing algorithm to a remote data-processing entity 15. At the data-providing node 13, encrypting the data using the data key and sending the encrypted data to the data- processing entity 15. At the data-processing entity 15, decrypting the data using the data key, processing the data using the data-processing algorithm, and sending the processed data to the application node 12.
    • 根据本发明的第一方面,提供了一种至少部分地委托机器到机器系统中的数据的处理以减少代理实体11上的计算负荷同时保持要处理的数据的安全性的方法, 作为提供数据的传感器网络的节点13与请求数据的应用节点12之间的链接的代理实体11。 在该方法中,在代理实体11,在从应用节点12接收到对已处理数据的请求之后,确定节点以提供要处理的数据,生成数据提供节点13的数据密钥,生成数据 处理算法,用于根据请求处理数据,将数据密钥发送到数据提供节点13,以及将数据密钥和数据处理算法发送到远程数据处理实体15.在数据提供节点 13,使用数据密钥对数据进行加密,并将加密的数据发送到数据处理实体15.在数据处理实体15处,使用数据密钥解密数据,使用数据处理算法处理数据,并发送 处理的数据到应用节点12。
    • 7. 发明申请
    • METHODS AND NODES FOR VERIFICATION OF DATA
    • 数据验证的方法和编号
    • WO2014074041A1
    • 2014-05-15
    • PCT/SE2012/051233
    • 2012-11-12
    • TELEFONAKTIEBOLAGET LM ERICSSON (publ)
    • HUANG, VincentCHENG, YiNÄSLUND, MatsMÉHES, András
    • H04L29/06G06F21/64H04L9/32
    • H04L63/126G06F21/64H04L9/3236H04L63/08H04L63/123H04L2209/38
    • A first data handling node (304) is configured to verify data received in a data distribution network with multiple data handling nodes forming a distribution path of a network topology, by obtaining tag information from a hash server (306). The first data handling node (304) receives data (D3) and a hash tag (H3) from a second data handling node (302). The received data (D3) and hash tag (H3) have been generated by the second node based on a previous hash tag (H1, H2) generated by a preceding third data handling node (300a, 300b). The third node has delivered data (D1, D2) to the second node, and the received data (D3) has been generated by the second node based on the data (D1, D2) delivered by the third data handling node. The first data handling node (304) verifies the received data (D3) based on the tag information from the hash server, which indicates whether the received hash tag (H3) corresponds to a "valid hash tag" (Hx) which is calculated by applying a predefined hash algorithm on the previous hash tag (H1, H2). When the received tag corresponds to the valid tag, the data is verified as trustworthy and not faked or manipulated.
    • 第一数据处理节点(304)被配置为通过从散列服务器(306)获取标签信息来验证在形成网络拓扑的分布路径的多个数据处理节点在数据分配网络中接收到的数据。 第一数据处理节点(304)从第二数据处理节点(302)接收数据(D3)和散列标签(H3)。 基于先前的第三数据处理节点(300a,300b)产生的先前哈希标签(H1,H2),由第二节点生成接收数据(D3)和散列标签(H3)。 第三节点已经向第二节点传送数据(D1,D2),并且基于由第三数据处理节点传送的数据(D1,D2),已经由第二节点生成接收数据(D3)。 第一数据处理节点(304)基于来自散列服务器的标签信息来验证接收到的数据(D3),该标签信息指示接收的散列标签(H3)是否对应于“有效散列标签”(Hx),其由 对先前的散列标签(H1,H2)应用预定义的散列算法。 当接收到的标签对应于有效标签时,数据被验证为可信赖的并且不被伪造或操纵。
    • 9. 发明申请
    • SENDING SECURE MEDIA STREAMS
    • 发送安全媒体流
    • WO2009153072A1
    • 2009-12-23
    • PCT/EP2009/052078
    • 2009-02-20
    • TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)BLOM, RolfCHENG, YiMATTSSON, JohnNÄSLUND, MatsNORRMAN, Karl
    • BLOM, RolfCHENG, YiMATTSSON, JohnNÄSLUND, MatsNORRMAN, Karl
    • H04L29/06
    • H04L65/605H04L63/0428H04L65/608
    • A method and apparatus for sending a first secured media stream having a payload via an intermediate node. The intermediate node receives from a sender the first secured media stream. An end-to-end context identifier and a hop-by-hop context identifier are determined for the first secured media stream, where the hop-by-hop context identifier relates to the intermediate node and the end-to-end identifier relates to the sender. A second secured media stream is generated, which includes at least the payload of the first secured media stream and the context identifiers to identify the first secured media stream. The second secured media stream is sent to a receiving node, and the context identifiers are also sent to the receiving node. The context identifiers are usable by the receiving node to recover the first secured media stream.
    • 一种用于通过中间节点发送具有有效载荷的第一安全媒体流的方法和装置。 中间节点从发送器接收第一安全媒体流。 针对第一安全媒体流确定端到端上下文标识符和逐跳上下文标识符,其中逐跳上下文标识符与中间节点相关,并且端到端标识符与 发件人。 生成第二安全媒体流,其包括至少第一安全媒体流的有效载荷和上下文标识符以识别第一安全媒体流。 第二安全媒体流被发送到接收节点,并且上下文标识符也被发送到接收节点。 上下文标识符可由接收节点使用以恢复第一安全媒体流。
    • 10. 发明申请
    • IMS-ENABLED CONTROL CHANNEL FOR IPTV
    • IMS启用的IPTV控制通道
    • WO2007096001A1
    • 2007-08-30
    • PCT/EP2006/060279
    • 2006-02-24
    • TELEFONAKTIEBOLAGET LM ERICSSON (publ)ÅSTRÖM, BoIVARS, Ignacio MásCARLSSON, HansCHENG, YiNORRMAN, Karl
    • ÅSTRÖM, BoIVARS, Ignacio MásCARLSSON, HansCHENG, YiNORRMAN, Karl
    • H04L29/06
    • H04L29/06027H04L65/1006H04L65/1016H04L65/1063H04L65/1069H04L65/1073H04L65/80
    • An IMS-enabled control channel for an IPTV service is provided by receiving at a Serving Call/State Control Function (S-CSCF) a Session Initiation Protocol (SIP) REGISTER message, the SIP REGISTER message identifying the originating user, receiving at the originating user a response from the S-CSCF indicating that the originating user has been authorised, and sending a SIP INVITE message from the S-CSCF to establish an open channel connection with a selected IPTV Application Server (AS). This open channel connection can then be used for the transmission of control messages, such as for starting play, starting recording, stopping play, etc., between the STB and the IPTV applications server, as well as for the delivery of personalized content, such as advertisements, voting responses, personalized voting triggers and targeted interactive events. By maintaining an open control channel with the IPTV AS, this offers a substantial reduction in the setup delay times for different applications.
    • 通过在服务呼叫/状态控制功能(S-CSCF)处接收会话发起协议(SIP)REGISTER消息,识别始发用户的SIP REGISTER消息,以始发方式接收来提供用于IPTV服务的启用IMS的控制信道 用户从S-CSCF收到指示发起用户已被授权的响应,并从S-CSCF发送SIP INVITE消息,以建立与选定的IPTV应用服务器(AS)的开放信道连接。 然后,该开放通道连接可以用于控制消息的传输,例如在STB和IPTV应用服务器之间的开始播放,开始记录,停止播放等,以及用于传送个性化内容,诸如 作为广告,投票回复,个性化投票触发器和有针对性的交互式活动。 通过与IPTV AS保持开放的控制信道,这大大减少了不同应用的建立延迟时间。