专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

11. 发明申请

US20110010768A1 Method and Apparatuses for End-to-Edge Media Protection in ANIMS System 有权
标题翻译： ANIMS系统中端到端媒体保护的方法与设备
公开(公告)号：US20110010768A1
公开(公告)日：2011-01-13
申请号：US12744720
申请日：2008-12-01
申请人： Luis Barriga , Rolf Blom , Yi Cheng , Fredrik Lindholm , Mats Naslund , Karl Norrman
发明人： Luis Barriga , Rolf Blom , Yi Cheng , Fredrik Lindholm , Mats Naslund , Karl Norrman
IPC分类号： G06F21/00
CPC分类号： H04W76/02 , H04L63/0428 , H04L65/1016 , H04L65/1069 , H04W12/02 , H04W12/04 , H04W76/10
摘要： An IMS system includes an IMS initiator user entity. The system includes an IMS responder user entity that is called by the initiator user entity. The system includes a calling side S-CSCF in communication with the caller entity which receives an INVITE having a first protection offer and parameters for key establishment from the caller entity, removes the first protection offer from the INVITE and forwards the INVITE without the first protection offer. The system includes a receiving end S-CSCF in communication with the responder user entity and the calling side S-CSCF which receives the INVITE without the first protection offer and checks that the responder user entity supports the protection, inserts a second protection offer into the INVITE and forwards the INVITE to the responder user entity, wherein the responder user entity accepts the INVITE including the second protection offer and answers with an acknowledgment having a first protection accept. A method for supporting a call by a telecommunications node.
摘要翻译： IMS系统包括IMS发起者用户实体。该系统包括由发起者用户实体调用的IMS应答器用户实体。该系统包括与主叫实体进行通信的主叫侧S-CSCF，其从呼叫方实体接收具有第一保护报价的INVITE和用于密钥建立的参数，从INVITE中移除第一保护报价并转发INVITE而没有第一保护提供。该系统包括与响应者用户实体通信的接收端S-CSCF，以及在没有第一保护提供的情况下接收INVITE的主叫侧S-CSCF，并检查响应者用户实体是否支持保护，将第二保护请求插入到 INVITE并将INVITE转发到响应者用户实体，其中响应者用户实体接受包括第二保护请求的INVITE和具有第一保护接受的确认的应答。一种用于支持电信节点的呼叫的方法。

12. 发明授权

US08094817B2 Cryptographic key management in communication networks 有权
标题翻译：通信网络密码管理
公开(公告)号：US08094817B2
公开(公告)日：2012-01-10
申请号：US11857621
申请日：2007-09-19
申请人： Rolf Blom , Karl Norrman , Mats Naslund
发明人： Rolf Blom , Karl Norrman , Mats Naslund
IPC分类号： H04L9/00
CPC分类号： H04L9/321 , H04L63/062 , H04L63/08 , H04L2209/80 , H04L2463/061 , H04W12/04 , H04W12/06 , H04W36/0038
摘要： An authentication server and a system and method for managing cryptographic keys across different combinations of user terminals, access networks, and core networks. A Transformation Coder Entity (TCE) creates a master key (Mk), which is used to derive keys during the authentication procedure. During handover between the different access types, the Mk or a transformed Mk is passed between two nodes that hold the key in the respective access networks when a User Equipment (UE) terminal changes access. The transformation of the Mk is performed via a one-way function, and has the effect that if the Mk is somehow compromised, it is not possible to automatically obtain access to previously used master keys. The transformation is performed based on the type of authenticator node and type of UE/identity module with which the transformed key is to be utilized. The Mk is never used directly, but is only used to derive the keys that are directly used to protect the access link.
摘要翻译：一种认证服务器，以及用于管理跨越用户终端，接入网络和核心网络的不同组合的加密密钥的系统和方法。转换编码器实体（TCE）创建主密钥（Mk），用于在认证过程期间导出密钥。在不同访问类型之间的切换期间，当用户设备（UE）终端改变访问时，Mk或经变换的Mk在保持密钥的两个节点之间传递。通过单向函数执行Mk的转换，并且具有以下效果：如果Mk以某种方式受损，则不可能自动获得对先前使用的主密钥的访问。基于认证者节点的类型和使用变换密钥的UE /身份模块的类型进行转换。 Mk从不直接使用，但仅用于派生直接用于保护访问链接的密钥。

13. 发明申请

US20110256850A1 METHOD AND ARRANGEMENT FOR CREATION OF ASSOCIATION BETWEEN USER EQUIPMENT AND AN ACCESS POINT 有权
标题翻译：创建用户设备与访问点之间的关联的方法和布置
公开(公告)号：US20110256850A1
公开(公告)日：2011-10-20
申请号：US13140818
申请日：2008-12-19
申请人： Göran Selander , Jari Vikberg , Karl Norrman , Rolf Blom , Mats Naslund
发明人： Göran Selander , Jari Vikberg , Karl Norrman , Rolf Blom , Mats Naslund
IPC分类号： H04W12/06
CPC分类号： H04W12/08 , H04L63/101 , H04W84/045
摘要： Methods, apparatus, and computer program products for creating an association between a first user equipment and at least one access point assisted by a registration server in a telecommunication network are disclosed. The registration server responds to a first contact request carried out using a first association number for the access point, provided by the first user equipment, receives a first association request for the association with the access point, provided by the first user equipment, authorizes the first association request based on a first authorization information provided by the first user equipment; registers the association between the first user equipment and the access point responsive to authorization of the first association request. The first user equipment is associated with the access point and the association is administered by the registration server.
摘要翻译：公开了用于在第一用户设备和由电信网络中的注册服务器辅助的至少一个接入点之间建立关联的方法，设备和计算机程序产品。注册服务器响应由第一用户设备提供的接入点的第一关联号码执行的第一联系请求，接收由第一用户设备提供的与接入点的关联的第一关联请求，授权基于由第一用户设备提供的第一授权信息的第一关联请求; 响应于第一关联请求的授权，注册第一用户设备和接入点之间的关联。第一用户设备与接入点相关联，该关联由注册服务器管理。

14. 发明申请

US20110035787A1 Access Through Non-3GPP Access Networks 有权
标题翻译：通过非3GPP接入网络进行接入
公开(公告)号：US20110035787A1
公开(公告)日：2011-02-10
申请号：US12937008
申请日：2008-11-05
申请人： Mats Naslund , Jari Arkko , Rolf Blom , Vesa Lehtovirta , Karl Norrman , Stefan Rommer , Bengt Sahlin
发明人： Mats Naslund , Jari Arkko , Rolf Blom , Vesa Lehtovirta , Karl Norrman , Stefan Rommer , Bengt Sahlin
IPC分类号： G06F21/00 , G06F15/177
CPC分类号： H04W12/06 , G06F21/30 , H04L63/0272 , H04L63/08 , H04L63/0892 , H04L63/1433 , H04L63/162 , H04L63/164 , H04L63/20 , H04W60/00 , H04W72/0493
摘要： When setting up communication from a user equipment UE (1), such as for providing IP access for the UE in order to allow it to use some service, information or an indication or at least one network properly relating to a first network, e.g. the current access network (3, 3′), is sent to the UE from a node (13) in a sue and network such as the home network (5) of the subscriber ask UE. The information or indication can be sent in a first stage of an authentication procedure being part of the setting up of a connection from the UE. In particular, the network property can indicate whether the access network (3, 3′) is trusted or not.
摘要翻译：当从用户设备UE（1）建立通信时，例如用于为UE提供IP接入，以便允许其使用与第一网络正确相关的至少一个网络的一些服务，信息或指示，例如，当前接入网络（3,3'）从诸如用户询问UE的归属网络（5）的第二网络中的节点（13）发送到UE。可以在认证过程的第一阶段中发送信息或指示，这是作为来自UE的连接的建立的一部分。特别地，网络属性可以指示接入网络（3,3'）是否被信任。

15. 发明申请

US20070230707A1 Method and apparatus for handling keys used for encryption and integrity 有权
标题翻译：用于处理用于加密和完整性的密钥的方法和装置
公开(公告)号：US20070230707A1
公开(公告)日：2007-10-04
申请号：US11726527
申请日：2007-03-22
申请人： Rolf Blom , Karl Norrman , Mats Naslund
发明人： Rolf Blom , Karl Norrman , Mats Naslund
IPC分类号： H04L9/00
CPC分类号： H04L63/062 , H04L9/0844 , H04L9/0891 , H04L2209/80 , H04W12/04
摘要： A method and an arrangement for providing keys for protecting communication between a terminal (300) and service points in a communication network. A basic key (Ik) is first established with a service control node (304) when the terminal has entered the network. An initial modified key (Ik1) is then created in both the service control node and the terminal, by applying a predetermined first function (f) to at least the basic key and an initial value of a key version parameter (v). The initial modified key is sent to a first service point (302), such that it can be used to protect communication between the terminal and the first service point. When the terminal switches to a second service point (306), the first service point and the terminal both create a second modified key (Ik2) by applying a predetermined second function (g) to the initial modified key, and the first service point sends the second modified key to the second service point.
摘要翻译：一种用于提供用于保护终端（300）与通信网络中的服务点之间的通信的密钥的方法和装置。当终端进入网络时，首先与服务控制节点（304）建立基本密钥（Ik）。然后，通过将预定的第一功能（f）应用于至少基本密钥和密钥的初始值，在服务控制节点和终端两者中创建初始修改密钥（Ik1＆lt; 1＆gt;）版本参数（v）。初始修改的密钥被发送到第一服务点（302），使得其可以用于保护终端和第一服务点之间的通信。当终端切换到第二服务点（306）时，第一服务点和终端都通过将预定的第二功能（g）应用于初始修改的密钥来创建第二修改密钥（Ik> 2＆lt; 密钥，第一服务点将第二修改密钥发送到第二服务点。

16. 发明授权

US08621570B2 Access through non-3GPP access networks 有权
标题翻译：通过非3GPP接入网络进行接入
公开(公告)号：US08621570B2
公开(公告)日：2013-12-31
申请号：US12937008
申请日：2008-11-05
申请人： Mats Naslund , Jari Arkko , Rolf Blom , Vesa Lehtovirta , Karl Norrman , Stefan Rommer , Bengt Sahlin
发明人： Mats Naslund , Jari Arkko , Rolf Blom , Vesa Lehtovirta , Karl Norrman , Stefan Rommer , Bengt Sahlin
IPC分类号： G06F15/177 , G06F7/04 , G06F15/16 , G06F17/30 , G06F9/00 , G06F12/00 , H04L29/06 , G11C7/00
CPC分类号： H04W12/06 , G06F21/30 , H04L63/0272 , H04L63/08 , H04L63/0892 , H04L63/1433 , H04L63/162 , H04L63/164 , H04L63/20 , H04W60/00 , H04W72/0493
摘要： When setting up communication from a user equipment UE (1), such as for providing IP access for the UE in order to allow it to use some service, information or an indication or at least one network properly relating to a first network, e.g. the current access network (3, 3′), is sent to the UE from a node (13) in a sue and network such as the home network (5) of the subscriber ask UE. The information or indication can be sent in a first stage of an authentication procedure being part of the setting up of a connection from the UE. In particular, the network property can indicate whether the access network (3, 3′) is trusted or not.
摘要翻译：当从用户设备UE（1）建立通信时，例如用于为UE提供IP接入，以便允许其使用与第一网络正确相关的至少一个网络的一些服务，信息或指示，例如，当前接入网络（3,3'）从诸如用户询问UE的归属网络（5）的第二网络中的节点（13）发送到UE。可以在认证过程的第一阶段中发送信息或指示，这是作为来自UE的连接的建立的一部分。特别地，网络属性可以指示接入网络（3,3'）是否被信任。

17. 发明授权

US08645680B2 Sending media data via an intermediate node 有权
标题翻译：通过中间节点发送媒体数据
公开(公告)号：US08645680B2
公开(公告)日：2014-02-04
申请号：US12997913
申请日：2009-05-06
申请人： Rolf Blom , Yi Cheng , John Mattsson , Mats Naslund , Karl Norrman
发明人： Rolf Blom , Yi Cheng , John Mattsson , Mats Naslund , Karl Norrman
IPC分类号： H04L29/06
CPC分类号： H04L65/601 , H04L63/0464 , H04L63/0478 , H04L63/06 , H04L63/123
摘要： A method and apparatus for sending protected media data from a data source node to a client node via an intermediate node. The data source node establishes a first hop-by-hop key to be shared with the intermediate node and an end-to-end key to be shared with the client node. A single security protocol instance is configured and used to trans-protocol form data from a media stream into transformed data using the keys. The transformed data is then sent to the intermediate node. The intermediate node uses the first hop-by-hop key to apply a security processing to the transformed data, and establishes a second hop-by-hop key with the client node. A second transformation is performed on the transformed data using the second hop-by-hop key to produce further transformed media data, which is then sent to the client node. At the client node a single security protocol instance is configured with the second hop-by-hop key and the end-to-end key, which are used to apply further security processing to the transformed media data.
摘要翻译：一种用于经由中间节点将受保护媒体数据从数据源节点发送到客户端节点的方法和装置。数据源节点建立与中间节点共享的第一个逐跳密钥和要与客户机节点共享的端对端密钥。单个安全协议实例被配置并用于使用密钥将媒体流中的数据转换为变换数据。然后将变换的数据发送到中间节点。中间节点使用第一个逐跳密钥对转换的数据应用安全处理，并与客户端节点建立第二个逐跳密钥。使用第二逐跳密钥对经变换的数据执行第二变换以产生进一步转换的媒体数据，然后将其转发到客户端节点。在客户端节点，单个安全协议实例配置有第二个逐跳密钥和端对端密钥，用于对转换的媒体数据应用进一步的安全处理。

18. 发明申请

US20110093698A1 SENDING MEDIA DATA VIA AN INTERMEDIATE NODE 有权
标题翻译：发送媒体数据通过中间节点
公开(公告)号：US20110093698A1
公开(公告)日：2011-04-21
申请号：US12997913
申请日：2009-05-06
申请人： Rolf Blom , Yi Cheng , John Mattsson , Mats Naslund , Karl Norrman
发明人： Rolf Blom , Yi Cheng , John Mattsson , Mats Naslund , Karl Norrman
IPC分类号： H04L9/12
CPC分类号： H04L65/601 , H04L63/0464 , H04L63/0478 , H04L63/06 , H04L63/123
摘要： A method and apparatus for sending protected media data from a data source node to a client node via an intermediate node. The data source node establishes a first hop-by-hop key to be shared with the intermediate node and an end-to-end key to be shared with the client node. A single security protocol instance is configured and used to trans-protocol form data from a media stream into transformed data using the keys. The transformed data is then sent to the intermediate node. The intermediate node uses the first hop-by-hop key to apply a security processing to the transformed data, and establishes a second hop-by-hop key with the client node. A second transformation is performed on the transformed data using the second hop-by-hop key to produce further transformed media data, which is then sent to the client node. At the client node a single security protocol instance is configured with the second hop-by-hop key and the end-to-end key, which are used to apply further security processing to the transformed media data.
摘要翻译：一种用于经由中间节点将受保护媒体数据从数据源节点发送到客户端节点的方法和装置。数据源节点建立与中间节点共享的第一个逐跳密钥和要与客户机节点共享的端对端密钥。单个安全协议实例被配置并用于使用密钥将媒体流中的数据转换为变换数据。然后将变换的数据发送到中间节点。中间节点使用第一个逐跳密钥对转换的数据应用安全处理，并与客户端节点建立第二个逐跳密钥。使用第二逐跳密钥对经变换的数据执行第二变换以产生进一步转换的媒体数据，然后将其转发到客户端节点。在客户端节点，单个安全协议实例配置有第二个逐跳密钥和端对端密钥，用于对转换的媒体数据应用进一步的安全处理。

19. 发明申请

US20080095362A1 CRYPTOGRAPHIC KEY MANAGEMENT IN COMMUNICATION NETWORKS 有权
标题翻译：通信网络中的CRYPTOGRAPHIC KEY MANAGEMENT
公开(公告)号：US20080095362A1
公开(公告)日：2008-04-24
申请号：US11857621
申请日：2007-09-19
申请人： Rolf Blom , Karl Norrman , Mats Naslund
发明人： Rolf Blom , Karl Norrman , Mats Naslund
IPC分类号： H04L9/14
CPC分类号： H04L9/321 , H04L63/062 , H04L63/08 , H04L2209/80 , H04L2463/061 , H04W12/04 , H04W12/06 , H04W36/0038
摘要： An authentication server and a system and method for managing cryptographic keys across different combinations of user terminals, access networks, and core networks. A Transformation Coder Entity (TCE) creates a master key (Mk), which is used to derive keys during the authentication procedure. During handover between the different access types, the Mk or a transformed Mk is passed between two nodes that hold the key in the respective access networks when a User Equipment (UE) terminal changes access. The transformation of the Mk is performed via a one-way function, and has the effect that if the Mk is somehow compromised, it is not possible to automatically obtain access to previously used master keys. The transformation is performed based on the type of authenticator node and type of UE/identity module with which the transformed key is to be utilized. The Mk is never used directly, but is only used to derive the keys that are directly used to protect the access link.
摘要翻译：一种认证服务器，以及用于管理跨越用户终端，接入网络和核心网络的不同组合的加密密钥的系统和方法。转换编码器实体（TCE）创建主密钥（Mk），用于在认证过程期间导出密钥。在不同访问类型之间的切换期间，当用户设备（UE）终端改变访问时，Mk或经变换的Mk在保持密钥的两个节点之间传递。通过单向函数执行Mk的转换，并且具有以下效果：如果Mk以某种方式受损，则不可能自动获得对先前使用的主密钥的访问。基于认证者节点的类型和使用变换密钥的UE /身份模块的类型进行转换。 Mk从不直接使用，但仅用于派生直接用于保护访问链接的密钥。

20. 发明申请

US20120198527A1 IP Multimedia Security 有权
标题翻译： IP多媒体安全
公开(公告)号：US20120198527A1
公开(公告)日：2012-08-02
申请号：US13254013
申请日：2009-03-04
申请人： Mats Näslund , Rolf Blom , Yi Cheng , Fredrik Lindholm , Karl Norrman
发明人： Mats Näslund , Rolf Blom , Yi Cheng , Fredrik Lindholm , Karl Norrman
IPC分类号： G06F21/20
CPC分类号： H04L63/06 , H04L9/0844 , H04L2209/80 , H04W12/04
摘要： A method of establishing keys for at least partially securing media plane data exchanged between first and second end users via respective first and second media plane network nodes. The method comprises sending session set-up signalling from said first end point towards said second end point, said session set-up signalling including a session key generated by said first end point. The set-up signalling is intercepted at a first signalling plane network node and a determination made as to whether or not a signalling plane key has already been established for securing the signalling plane between said first end point and said first signalling plane network node. If a signalling plane key has already been established, then a media plane key is derived from that signalling plane key, and the media plane key sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node. If a signalling plane key has not already been established, then an alternative media plane key is derived from said session key and sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node.
摘要翻译：一种建立用于经由相应的第一和第二媒体平面网络节点至少部分地保护在第一和第二终端用户之间交换的媒体平面数据的密钥的方法。该方法包括从所述第一端点向所述第二端点发送会话建立信令，所述会话建立信令包括由所述第一端点产生的会话密钥。建立信令在第一信令平面网络节点被拦截，并且确定信令平面密钥是否已被建立用于在所述第一终端和所述第一信令平面网络节点之间保护信令平面。如果已经建立了信令平面密钥，则从该信令平面密钥导出媒体平面密钥，并且将媒体平面密钥发送到所述第一媒体平面网络节点，以将介质平面固定在所述第一终端用户和所述第一媒体之间平面网络节点。如果还没有建立信令平面密钥，则从所述会话密钥导出替代媒体平面密钥，并将其发送到所述第一媒体平面网络节点，以便在所述第一终端用户和所述第一媒体平面网络节点之间保护媒体平面。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式