专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

WO2006036093A1 A METHOD AND A DEVICE FOR PROVIDING ACCESS IN A SHORT RANGE COMMUNICATION NETWORK 审中-公开
标题翻译：一种用于在短距离通信网络中提供接入的方法和设备
公开(公告)号：WO2006036093A1
公开(公告)日：2006-04-06
申请号：PCT/SE2004/001393
申请日：2004-09-30
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (publ) , JONSSON, Annika , RUNE, Johan , PETTERSSON, Mattias , LARSSON, Tony , MÉHES, András
发明人： JONSSON, Annika , RUNE, Johan , PETTERSSON, Mattias , LARSSON, Tony , MÉHES, András
IPC分类号： H04L12/28
CPC分类号： H04W40/02 , H04L12/18 , H04L12/2856 , H04L45/00 , H04L61/2015 , H04W84/18 , H04W88/16
摘要： The present invention relates to a method and a PAN managing device for providing access to external networks for communication devices in a Personal Area Network (PAN). The method comprises the steps of: discovering external access means (315, 325) of PAN access nodes (112, 114) available in the PAN; selecting a first external access means (315) of a first PAN access node (114) to be used by a PAN device (111) for providing external access; and, instructing the PAN access nodes (112, 114) that the first external access means (315) of the first PAN access node (114) has been selected as the access to be used by the PAN device. The PAN access nodes will then act based on the instructions such that data packets from the PAN device (111) will be routed via the first PAN access node. The steps of discovering, selecting and instructing the PAN access nodes is performed by a PAN managing device (113) which is a PAN device used by the user to control his PAN. By using the invention, all types PAN devices, including legacy devices, can be provided with external access in a controlled manner.
摘要翻译：本发明涉及一种用于提供对个人局域网（PAN）中的通信设备的外部网络的接入的方法和PAN管理设备。该方法包括以下步骤：发现PAN中可用的PAN接入节点（112,114）的外部接入装置（315,325）选择要由PAN设备（111）用于提供外部接入的第一PAN接入节点（114）的第一外部接入装置（315）; 并且指示PAN接入节点（112,114）已经选择了第一PAN接入节点（114）的第一外部接入装置（315）作为由PAN设备使用的接入。 PAN接入节点然后将基于指令进行操作，使得来自PAN设备（111）的数据分组将经由第一PAN接入节点路由。发现，选择和指示PAN接入节点的步骤由PAN管理设备（113）执行，PAN管理设备（113）是用户用来控制PAN的PAN设备。通过使用本发明，可以以受控的方式向所有类型的PAN设备（包括传统设备）提供外部访问。

2. 发明申请

WO2006001736A1 METHOD AND PROTOCOL FOR MANAGING DEVICES IN A PERSONAL AREA NETWORK 审中-公开
标题翻译：用于管理个人区域网络中的设备的方法和协议
公开(公告)号：WO2006001736A1
公开(公告)日：2006-01-05
申请号：PCT/SE2004/001027
申请日：2004-06-24
申请人： Telefonaktiebolaget LM Ericsson (publ) , JONSSON, Annika , PETTERSSON, Mattias , RUNE, Johan , LARSSON, Tony , MÉHES, András
发明人： JONSSON, Annika , PETTERSSON, Mattias , RUNE, Johan , LARSSON, Tony , MÉHES, András
IPC分类号： H04L12/28
CPC分类号： H04L41/00 , H04L12/18 , H04L41/0893 , H04W4/00 , H04W8/22 , H04W8/245 , H04W48/18 , H04W80/00 , H04W84/10 , H04W84/12 , H04W88/02
摘要： The present invention relates to a method, a protocol and a control unit for managing devices in a Personal Area Network (PAN) (100) such that a user of the PAN can use one of his devices and take advantage of services residing in any of the other devices in the PAN (100). The devices in the PAN are defined as either PAN controller devices (200, 210) or PAN auxiliary devices (250) depending on if the devices have user interfaces suitable for controlling a PAN. When the PAN is managed according to the invention, the PAN controller devices (200, 210) and the PAN auxiliary devices (250) communicate with each other via short-range communication means (201, 211, 251) to exchange each other's PAN related information such that PAN related information is synchronized in the network. At least the PAN controller devices (200, 210) store received updated PAN related information from the other PAN participants such that the user can see an updated picture of the PAN on the PAN user interfaces (202, 212). Any of the PAN controller devices (200, 210) can then be used to control the other PAN participants via commands and messages of the invention. Figure for publication.
摘要翻译：本发明涉及用于管理个人局域网（PAN）（100）中的设备的方法，协议和控制单元，使得PAN的用户可以使用他的一个设备并利用驻留在 PAN（100）中的其他设备。根据装置是否具有适合于控制PAN的用户接口，PAN中的设备被定义为PAN控制器设备（200,210）或PAN辅助设备（250）。当根据本发明管理PAN时，PAN控制器设备（200,210）和PAN辅助设备（250）经由短距离通信装置（201,211,251）彼此通信以交换彼此的PAN相关使PAN相关信息在网络中同步的信息。至少PAN控制器设备（200,210）存储来自其他PAN参与者的接收到的更新的PAN相关信息，使得用户可以在PAN用户界面（202,212）上看到PAN的更新图像。任何PAN控制器设备（200,210）然后可以用于通过本发明的命令和消息来控制其他PAN参与者。出版图。

3. 发明申请

WO2012148324A1 SECURE VIRTUAL MACHINE PROVISIONING 审中-公开
标题翻译：安全虚拟机提供
公开(公告)号：WO2012148324A1
公开(公告)日：2012-11-01
申请号：PCT/SE2011/050502
申请日：2011-04-26
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (publ) , GEHRMANN, Christian , MÉHES, András
发明人： GEHRMANN, Christian , MÉHES, András
IPC分类号： H04L9/32 , G06F9/455
CPC分类号： H04L9/006 , G06F21/53 , G06F21/57 , G06F2009/45587 , G06F2221/2149 , G06F2221/2153 , H04L9/08 , H04L9/0822 , H04L9/0825 , H04L9/3247 , H04L63/0442 , H04L63/0876 , H04L2209/127
摘要： A device and method in a provisioning unit of secure provisioning of a virtual machine on a target platform having a specific configuration is provided. The method comprising: receiving (404) a public binding key from the target platform (107), the public binding key being bound to the specific configuration, encrypting (410) a virtual machine provisioning command using the public binding key, and sending (412) the encrypted virtual machine provisioning command, to the target platform (107). By the provided device and method secure provisioning of a virtual machine on a target platform is enabled.
摘要翻译：提供了具有特定配置的目标平台上的虚拟机的安全供应的供应单元中的设备和方法。所述方法包括：从所述目标平台（107）接收（404）公钥绑定密钥，所述公共绑定密钥被绑定到所述特定配置，使用所述公共绑定密钥加密（410）虚拟机配置命令，以及发送（412 ）加密的虚拟机配置命令到目标平台（107）。通过提供的设备和方法，能够在目标平台上安全地提供虚拟机。

4. 发明申请

WO2013174437A1 ENHANCED SECURE VIRTUAL MACHINE PROVISIONING 审中-公开
标题翻译：增强安全虚拟机提供
公开(公告)号：WO2013174437A1
公开(公告)日：2013-11-28
申请号：PCT/EP2012/059768
申请日：2012-05-24
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL) , MORENIUS, Fredric , MÉHES, András , GEHRMANN, Christian
发明人： MORENIUS, Fredric , MÉHES, András , GEHRMANN, Christian
IPC分类号： G06F21/57
CPC分类号： H04L63/0435 , G06F9/45533 , G06F9/45558 , G06F21/57 , G06F2009/45587 , G06F2221/034 , H04L63/08 , H04L63/0807
摘要： In a method of provisioning a virtual machine (VM) to a computing network (401), a VM manager or provisioner (403, 408) encrypts a virtual machine using a key bound to at least one security profile indicative of one or more security requirements that a computing resource (402) of the computing network (401) must satisfy in order to be able to decrypt the VM. A key for use in decrypting the VM has previously been sealed into multiple (and preferably into all) computing resources (402) in the network into which the VM is to be provisioned, and has been sealed such that a computing resource can obtain the key only if it is in a state that satisfies the security profile, or at least one security profile, to which the key is bound The VM manager or provisioner (403, 408) creates a VM launch package that includes the encrypted VM and that also includes a key that may be used in decrypting the encrypted VM. When the VM launch package is received at a computing resource (402), the computing resource will not be able to recover the key for use in decrypting the VM - and hence will be unable to decrypt the VM - unless the computing resource satisfies the security requirements indicated by the security profile. The VM manager or provisioner can thus be sure that the VM will not be launched on a computing resource that does not meet the desired security profile. Alternatively the VM manager or provisioner (403, 408) may send a token corresponding to a desired security profile with an encrypted VM. A computing resource uses the token to obtain a key to decrypt the VM but the computing resource will not be able to recover the key unless the computing resource satisfies the security requirements indicated by the token.
摘要翻译：在向计算网络（401）提供虚拟机（VM）的方法中，VM管理器或供应器（403,408）使用绑定到指示一个或多个安全要求的至少一个安全简档的密钥来加密虚拟机计算网络（401）的计算资源（402）必须满足以便能够解密VM。用于解密VM的密钥先前已经被密封成要被提供虚拟机的网络中的多个（并且优选地到所有的）计算资源（402），并且已经被密封，使得计算资源可以获得密钥只有当它处于满足密钥被绑定的安全简档或至少一个安全简档的状态时，VM管理器或供应器（403,408）创建包括加密的VM的VM启动包，并且还包括可用于解密加密的VM的密钥。当在计算资源（402）处接收到VM启动包时，计算资源将无法恢复用于解密VM的密钥，因此将无法解密VM，除非计算资源满足安全性要求由安全性配置文件表示。因此，VM管理器或配置器可以确保不会在不满足期望的安全配置文件的计算资源上启动VM。或者，VM管理器或供应器（403,408）可以向加密的VM发送与期望的安全简档对应的令牌。计算资源使用令牌来获取解密VM的密钥，但计算资源将无法恢复密钥，除非计算资源满足令牌所指示的安全性要求。

5. 发明申请

WO2013097901A1 VIRTUAL MACHINE MANAGEMENT USING A DOWNLOADABLE SUBSCRIBER IDENTITY MODULE 审中-公开
标题翻译：使用可下载的订阅者身份模块进行虚拟机管理
公开(公告)号：WO2013097901A1
公开(公告)日：2013-07-04
申请号：PCT/EP2011/074262
申请日：2011-12-29
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL) , SLAVOV, Kristian , SALMELA, Patrik , YLITALO, Jukka , MÉHES, András
发明人： SLAVOV, Kristian , SALMELA, Patrik , YLITALO, Jukka , MÉHES, András
IPC分类号： H04W4/00 , G06F9/455
CPC分类号： G06F9/45533 , G06F9/45558 , G06F2009/45595 , H04W4/60 , H04W4/70 , H04W12/04
摘要： A method is presented of establishing communications with a Virtual Machine, VM, in a virtualised computing environment using a 3GPPcommunications network. The method includes establishing a Machine-to-Machine Equipment Platform, M2MEP, which comprises a Communications Module, CM, providing an end-point of a communication channel between the 3GPP network and the VM. A virtual Machine-to-Machine Equipment is established that comprises a VM running on the M2MEP and a downloadable Subscriber Identity Module, associated with the CM. The Subscriber Identity Module includes security data and functions for enabling access via the 3GPP network. The CM utilises data in the Subscriber Identity Module for controlling communication over the communication channel between the VM and the 3GPP network.
摘要翻译：提出了一种使用3GPP通信网络在虚拟化计算环境中与虚拟机VM建立通信的方法。该方法包括建立一个机器到机器设备平台M2MEP，其包括通信模块CM，其提供3GPP网络和VM之间的通信信道的端点。建立了虚拟机对机器设备，其包括在M2MEP上运行的VM和与CM相关联的可下载的订户身份模块。订户身份模块包括用于通过3GPP网络访问的安全数据和功能。 CM利用订户身份模块中的数据来控制在VM与3GPP网络之间的通信信道上的通信。

6. 发明申请

WO2009082306A1 DETECTION OF MALICIOUS SOFTWARE IN COMMUNICATION SYSTEM 审中-公开
标题翻译：检测通信系统中的恶意软件
公开(公告)号：WO2009082306A1
公开(公告)日：2009-07-02
申请号：PCT/SE2007/051068
申请日：2007-12-21
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL) , LILJENSTAM, Michael , BARRIGA, Luis , MÉHES, András
发明人： LILJENSTAM, Michael , BARRIGA, Luis , MÉHES, András
IPC分类号： H04Q7/34 , G06F21/00
CPC分类号： H04L63/1416 , G06F21/56 , H04L63/12 , H04L63/1491
摘要： A method and arrangement in a communications network is disclosed for detection and action on messages originating from execution ofmalicious software surreptitiouslyimplemented at a user device. The system is initially configured with special addresses generated at the network. A configuration phase includes update of user device address list and registration at network database of special addresses applicable for the user. A message is analyzed with respect to special address indicated as message receiver whereby network functionality determines actions ranging from deletion of message, update of charging data, to further statistical analysis for preventive actions at network level.
摘要翻译：公开了一种通信网络中的方法和装置，用于对在用户设备上暗中实现的恶意软件执行的消息进行检测和动作。该系统最初配置有在网络生成的特殊地址。配置阶段包括更新用户设备地址列表，并在网络数据库中注册适用于用户的特殊地址。针对指定为消息接收者的特殊地址分析消息，由此网络功能确定从消息的删除，计费数据的更新到网络级的预防性动作的进一步统计分析的动作。

7. 发明申请

WO2008078307A3 HIGHLY AVAILABLE CRYPTOGRAPHIC KEY STORAGE (HACKS) 审中-公开
公开(公告)号：WO2008078307A3
公开(公告)日：2008-07-03
申请号：PCT/IB2007/055293
申请日：2007-12-21
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL) , POURZANDI, Makan , MÉHES, András
发明人： POURZANDI, Makan , MÉHES, András
IPC分类号： G06F21/00 , G06F11/20
摘要： A system and method for managing trusted platform module (TPM) keysutilizedin a cluster of computing nodes. A cluster-level management unit communicates with a local TPM agent in each node in the cluster. The cluster-level management unit has access to a database of protection groups, wherein each protection group comprises one active node which creates a TPM key and at least one standby node which stores a backup copy of the TPM key for the active node. The local TPM agent in the active node automatically initiates a migration process for automatically migrating the backup copy of the TPM key to the at least one standby node. The system maintains coherency of the TPM keys by also deleting the backup copy of the TPM key in the standby node when the key is deleted by the active node.

8. 发明申请

WO2014074041A1 METHODS AND NODES FOR VERIFICATION OF DATA 审中-公开
标题翻译：数据验证的方法和编号
公开(公告)号：WO2014074041A1
公开(公告)日：2014-05-15
申请号：PCT/SE2012/051233
申请日：2012-11-12
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (publ)
发明人： HUANG, Vincent , CHENG, Yi , NÄSLUND, Mats , MÉHES, András
IPC分类号： H04L29/06 , G06F21/64 , H04L9/32
CPC分类号： H04L63/126 , G06F21/64 , H04L9/3236 , H04L63/08 , H04L63/123 , H04L2209/38
摘要： A first data handling node (304) is configured to verify data received in a data distribution network with multiple data handling nodes forming a distribution path of a network topology, by obtaining tag information from a hash server (306). The first data handling node (304) receives data (D3) and a hash tag (H3) from a second data handling node (302). The received data (D3) and hash tag (H3) have been generated by the second node based on a previous hash tag (H1, H2) generated by a preceding third data handling node (300a, 300b). The third node has delivered data (D1, D2) to the second node, and the received data (D3) has been generated by the second node based on the data (D1, D2) delivered by the third data handling node. The first data handling node (304) verifies the received data (D3) based on the tag information from the hash server, which indicates whether the received hash tag (H3) corresponds to a "valid hash tag" (Hx) which is calculated by applying a predefined hash algorithm on the previous hash tag (H1, H2). When the received tag corresponds to the valid tag, the data is verified as trustworthy and not faked or manipulated.
摘要翻译：第一数据处理节点（304）被配置为通过从散列服务器（306）获取标签信息来验证在形成网络拓扑的分布路径的多个数据处理节点在数据分配网络中接收到的数据。第一数据处理节点（304）从第二数据处理节点（302）接收数据（D3）和散列标签（H3）。基于先前的第三数据处理节点（300a，300b）产生的先前哈希标签（H1，H2），由第二节点生成接收数据（D3）和散列标签（H3）。第三节点已经向第二节点传送数据（D1，D2），并且基于由第三数据处理节点传送的数据（D1，D2），已经由第二节点生成接收数据（D3）。第一数据处理节点（304）基于来自散列服务器的标签信息来验证接收到的数据（D3），该标签信息指示接收的散列标签（H3）是否对应于“有效散列标签”（Hx），其由对先前的散列标签（H1，H2）应用预定义的散列算法。当接收到的标签对应于有效标签时，数据被验证为可信赖的并且不被伪造或操纵。

9. 发明申请

WO2013089607A9 METHOD FOR DETECTION OF PERSISTENT MALWARE ON A NETWORK NODE 审中-公开
公开(公告)号：WO2013089607A9
公开(公告)日：2013-06-20
申请号：PCT/SE2012/000048
申请日：2012-04-02
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL) , LILJENSTAM, Michael , MÉHES, András , SALMELA, Patrick
发明人： LILJENSTAM, Michael , MÉHES, András , SALMELA, Patrick
IPC分类号： H04W12/12 , G06F21/56
摘要： The present invention relates to methods and devices for detecting persistency of a first network node (12). In a first aspect of the invention, a method is provided comprising the steps of monitoring (S101), during a specified observation period, whether the first network node has established a connection to a second network node (13), and determining (S102) a total number of sessions of connectivity occurring during said specified observation period in which the first network node connects to the second network node. Further, the method comprises the steps of determining (S103), from the total number of sessions, a number of sessions comprising at least one communication flow between the first network node and the second network node, and determining (S104) inter-session persistence of the first network node on the basis of the total number of sessions and the number of sessions comprising at least one communication flow.

10. 发明申请

WO2013089607A1 METHOD FOR DETECTION OF PERSISTENT MALWARE ON A NETWORK NODE 审中-公开
标题翻译：在网络节点上检测持续性恶意软件的方法
公开(公告)号：WO2013089607A1
公开(公告)日：2013-06-20
申请号：PCT/SE2012/000048
申请日：2012-04-02
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL) , LILJENSTAM, Michael , MÉHES, András , SALMELA, Patrick
发明人： LILJENSTAM, Michael , MÉHES, András , SALMELA, Patrick
IPC分类号： H04W12/12 , G06F21/56
CPC分类号： H04L63/1441 , G06F21/56 , H04L43/16 , H04L63/1425 , H04L63/145 , H04W12/12
摘要： The present invention relates to methods and devices for detecting persistency of a first network node (12). In a first aspect of the invention, a method is provided comprising the steps of monitoring (S101), during a specified observation period, whether the first network node has established a connection to a second network node (13), and determining (S102) a total number of sessions of connectivity occurring during said specified observation period in which the first network node connects to the second network node. Further, the method comprises the steps of determining (S103), from the total number of sessions, a number of sessions comprising at least one communication flow between the first network node and the second network node, and determining (S104) inter-session persistence of the first network node on the basis of the total number of sessions and the number of sessions comprising at least one communication flow.
摘要翻译：本发明涉及用于检测第一网络节点（12）的持续性的方法和设备。在本发明的第一方面中，提供了一种方法，包括以下步骤：在指定的观察期间，监视（S101）第一网络节点是否建立了与第二网络节点（13）的连接，并且确定（S102）在第一网络节点连接到第二网络节点的所述指定观察期期间发生的连接会话的总数。此外，该方法包括以下步骤：从总会话数量确定（S103）包括第一网络节点和第二网络节点之间的至少一个通信流的会话数，并且确定（S104）会话间持续性基于会话的总数和包括至少一个通信流的会话的数量的第一网络节点。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式