专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

21. 发明授权

US08340288B2 Cryptographic key generation 有权
标题翻译：加密密钥生成
公开(公告)号：US08340288B2
公开(公告)日：2012-12-25
申请号：US12996214
申请日：2008-07-21
申请人： Karl Norrman , Mats Naslund
发明人： Karl Norrman , Mats Naslund
IPC分类号： H04L29/06
CPC分类号： H04W12/06 , H04L9/065 , H04L9/0819 , H04L9/0838 , H04L9/0866 , H04L9/0869 , H04L9/0891 , H04L9/14 , H04L9/3271 , H04L2209/24 , H04L2209/80 , H04L2463/061 , H04W12/04
摘要： A technique for generating a cryptographic key (120) is provided. The technique is particularly useful for protecting the communication between two entities (202, 302; 204, 304) cooperatively running a distributed security operation. The technique comprises providing at least two parameters (106, 108), the first parameter (106) comprising or deriving from some cryptographic keys (110, 112) which have been computed by the first entity (202, 302) by running the security operation; and the second parameter (108) comprising or deriving from a token (116) having a different value each time the security (114) operation is initiated by the second entity (204, 304) for the first entity (202, 302). A key derivation function is applied to the provided parameters (106, 108) to generate the desired cryptographic key (120).
摘要翻译：提供了一种用于生成加密密钥（120）的技术。该技术对于保护协作地运行分布式安全操作的两个实体（202,302; 204,304）之间的通信特别有用。所述技术包括提供至少两个参数（106,108），所述第一参数（106）包括由所述第一实体（202,302）通过运行所述安全操作来计算的一些加密密钥（110,112） ; 并且所述第二参数（108）包括每个所述第一实体（202,302）由所述第二实体（204,304）发起所述安全性（114）操作）具有不同值的令牌（116）。密钥导出函数被应用于所提供的参数（106,108）以生成期望的密码密钥（120）。

22. 发明申请

US20110206206A1 Key Management in a Communication Network 有权
标题翻译：通信网络中的密钥管理
公开(公告)号：US20110206206A1
公开(公告)日：2011-08-25
申请号：US13063997
申请日：2009-03-13
申请人： Rolf Blom , Fredrik Lindholm , Mats Naslund , Karl Norrman
发明人： Rolf Blom , Fredrik Lindholm , Mats Naslund , Karl Norrman
IPC分类号： H04L9/08
CPC分类号： H04L63/0869 , H04L9/0819 , H04L9/083 , H04L9/3213 , H04L63/0428 , H04L63/06 , H04L63/08
摘要： A method and apparatus for key management in a communication network. A Key Management Terminal KMS Terminal Server (KMS) receives from a first device a request for a token associated with a user identity, the user identity being associated with a second device. The KMS then sends the requested token and a user key associated with the user to the first device. The KMS subsequently receives the token from the second device. A second device key is generated using the user key and a modifying parameter associated with the second device. The modifying parameter is available to the first device for generating the second device key. The second device key is then sent from the KMS to the second device. The second device key can be used by the second device to authenticate itself to the first device, or for the first device to secure communications to the second device.
摘要翻译：一种用于通信网络中密钥管理的方法和装置。密钥管理服务器（KMS）从第一设备接收与用户身份相关联的令牌的请求，所述用户身份与第二设备相关联。然后，KMS将所请求的令牌和与用户相关联的用户密钥发送到第一设备。 KMS随后从第二个设备接收令牌。使用用户密钥和与第二设备相关联的修改参数来生成第二设备密钥。修改参数可用于第一设备用于生成第二设备密钥。然后，第二个设备密钥从KMS发送到第二个设备。第二设备密钥可以由第二设备用于向第一设备或第一设备认证自身以确保与第二设备的通信。

23. 发明申请

US20110191859A1 Digital Rights Management in User-Controlled Environment 有权
标题翻译：用户控制环境中的数字权限管理
公开(公告)号：US20110191859A1
公开(公告)日：2011-08-04
申请号：US13122687
申请日：2008-10-06
申请人： Mats Naslund , Tereza Cristina Melo de Brito Carvalho , Diego Sanchez Gallo , Makan Pourzandi , Marcos Antonio Simplicio Junior , Yeda Regina Venturini
发明人： Mats Naslund , Tereza Cristina Melo de Brito Carvalho , Diego Sanchez Gallo , Makan Pourzandi , Marcos Antonio Simplicio Junior , Yeda Regina Venturini
IPC分类号： G06F21/24
CPC分类号： H04N21/63345 , G06F21/10 , G06F2221/0706 , G06F2221/2149 , H04N21/2541 , H04N21/43615 , H04N21/64322 , H04N21/8355
摘要： A method of controlling access to content comprises receiving, at a domain gateway (3) of a domain (4), a request from a device (5) in the domain for access to the content. It is determined at the domain gateway whether the number of devices in the domain currently accessing the content is equal to a specified maximum number of devices that may simultaneously access the content. The maximum number of devices that may simultaneously access the content is independent of the number of devices in the domain. If the determination is that the number of devices in the domain currently accessing the content is less than the specified maximum number the request is allowed, otherwise it is refused.
摘要翻译：控制对内容的访问的方法包括在域的域网关（3）处接收来自域中的用于访问内容的设备（5）的请求。在域网关确定当前正在访问内容的域中的设备的数量是否等于可以同时访问内容的指定的最大数量的设备。可以同时访问内容的最大设备数量与域中的设备数量无关。如果确定当前正在访问内容的域中的设备数量小于指定的最大数量，则允许该请求，否则将被拒绝。

24. 发明申请

US20100268937A1 KEY MANAGEMENT FOR SECURE COMMUNICATION 有权
标题翻译：安全通信的关键管理
公开(公告)号：US20100268937A1
公开(公告)日：2010-10-21
申请号：US12744986
申请日：2007-11-30
申请人： Rolf Blom , Yi Cheng , Fredrik Lindholm , John Mattsson , Mats Naslund , Karl Norrman
发明人： Rolf Blom , Yi Cheng , Fredrik Lindholm , John Mattsson , Mats Naslund , Karl Norrman
IPC分类号： H04L9/32 , H04L29/06 , H04L9/08
CPC分类号： H04L9/0838 , H04L9/083 , H04L9/0861 , H04L63/061 , H04L63/062 , H04L63/0884 , H04L65/1016
摘要： A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary.
摘要翻译：公开了一种用于管理用于通信网络中的第一和第二用户设备之间的安全通信的会话密钥的方法和装置。该方法的特征在于独立于每个用户设备为安全操作实现什么类型的凭证。第一用户从第一密钥管理服务器接收密钥信息和凭证并生成第一会话密钥。该凭证被转发到至少一个响应用户设备，在来自与第一密钥管理服务器通信的第二密钥管理服务器的支持下，解决凭证并确定第二会话密钥。此后，第一和第二会话密钥用于安全通信。在一个实施例中，通信遍及中间体，由此第一和第二会话密钥保护与相应的腿到中间的通信。

25. 发明申请

US20100260338A1 METHOD AND APPARATUS FOR ESTABLISHING A CRYPTOGRAPHIC RELATIONSHIP IN A MOBILE COMMUNICATIONS NETWORK 有权
标题翻译：在移动通信网络中建立交织关系的方法和装置
公开(公告)号：US20100260338A1
公开(公告)日：2010-10-14
申请号：US12744198
申请日：2008-11-21
申请人： Wassim Haddad , Mats Naslund
发明人： Wassim Haddad , Mats Naslund
IPC分类号： G06F21/22 , H04L9/00 , H04L9/08
CPC分类号： H04W12/04 , H04L9/3239 , H04L63/0823 , H04L2209/80 , H04L2463/081 , H04W8/082 , H04W12/06 , H04W80/04 , H04W88/02 , H04W88/182
摘要： A method and apparatus for establishing a cryptographic relationship between a first node and a second node in a communications network. The first node receives at least part of a cryptographic attribute of the second node, uses the received at least part of the cryptographic attribute to generate an identifier for the first node. The cryptographic attribute may a public key belonging to the second node, and the identifier may be a Cryptographically Generated IP address. The cryptographic relationship allows the second node to establish with a third node that it is entitled to act on behalf of the first node.
摘要翻译：一种在通信网络中建立第一节点和第二节点之间的密码关系的方法和装置。第一节点接收第二节点的加密属性的至少一部分，使用所接收的至少部分密码属性来生成第一节点的标识符。加密属性可以是属于第二节点的公共密钥，并且该标识符可以是加密生成的IP地址。加密关系允许第二节点与第三节点建立它有权代表第一节点行动。

26. 发明授权

US07725709B2 Methods for secure and bandwidth efficient cryptographic synchronization 有权
标题翻译：安全和带宽有效的加密同步方法
公开(公告)号：US07725709B2
公开(公告)日：2010-05-25
申请号：US11470554
申请日：2006-09-06
申请人： Mats Naslund , Karl Norrman , Vesa Petteri Lehtovirta , Alex Krister Raith
发明人： Mats Naslund , Karl Norrman , Vesa Petteri Lehtovirta , Alex Krister Raith
IPC分类号： H04L29/06
CPC分类号： H04L9/12 , H04L9/0861 , H04L9/16
摘要： Methods for cryptographic synchronization of data packets. A roll-over counter (ROC) value is periodically appended to and transmitted with a data packet when a function of the packet sequence number equals a predetermined value. The ROC effectively synchronizes the cryptographic transformation of the data packets. Although the disclosed methods are generally applicable to many transmission protocols, they are particularly adaptable for use in systems wherein the data packets are transmitted to a receiver using the Secure Real-Time Transport Protocol (SRTP) as defined in Internet Engineering Task Force (IETF) Request for Comments (RFC) 3711.
摘要翻译：数据包的密码同步方法。当分组序列号的功能等于预定值时，翻转计数器（ROC）值周期性地附加到数据分组并与数据分组一起发送。 ROC有效地同步数据包的加密转换。虽然所公开的方法通常适用于许多传输协议，但是它们特别适用于在使用因特网工程任务组（IETF）中定义的安全实时传输协议（SRTP）将数据分组发送到接收机的系统中，请求注释（RFC）3711。

27. 发明授权

US07568234B2 Robust and flexible digital rights management involving a tamper-resistant identity module 有权
标题翻译：强大而灵活的数字版权管理涉及防篡改身份模块
公开(公告)号：US07568234B2
公开(公告)日：2009-07-28
申请号：US10524583
申请日：2002-12-19
申请人： Mats Naslund , Karl Norrman
发明人： Mats Naslund , Karl Norrman
IPC分类号： H04L9/00
CPC分类号： H04L63/0428 , G06F21/10 , G06F2221/0711 , G06F2221/2115 , G06F2221/2129 , G06F2221/2135 , G06F2221/2137 , G06F2221/2153 , H04L63/08 , H04L63/0807 , H04L63/0823 , H04L63/0853 , H04L63/0869 , H04L2463/101 , H04W8/22 , H04W12/04 , H04W12/06
摘要： The invention relates to digital rights management, and proposes the implementation of a DRM agent (125) into a tamper-resistant identity module (120) adapted for engagement with a client system (100), such as a mobile phone or a computer system. The DRM agent (125) is generally implemented with functionality for enabling usage, such as rendering or execution of protected digital content provided to the client system from a content provider. In general, the DRM agent (125) includes functionality for cryptographic processing of DRM metadata associated with the digital content to be rendered. In a particularly advantageous realization, the DRM agent is implemented as an application in the application environment of the identity module. The DRM application can be preprogrammed into the application environment, or securely downloaded from a trusted party associated with the identity module. The invention also relates to a distributed DRM module, with communication between distributed DRM agents (125, 135) based on usage-device specific key information.
摘要翻译：本发明涉及数字版权管理，并且提出将DRM代理（125）实现到适用于与例如移动电话或计算机系统的客户端系统（100）接合的防篡改身份模块（120）中。 DRM代理（125）通常用功能来实现，用于实现使用，例如从内容提供商呈现或执行提供给客户端系统的受保护的数字内容。通常，DRM代理（125）包括用于与要呈现的数字内容相关联的DRM元数据的密码处理的功能。在特别有利的实现中，DRM代理被实现为身份模块的应用环境中的应用。 DRM应用可以被预编程到应用环境中，或者从与身份模块相关联的可信方安全地下载。本发明还涉及一种基于使用设备特定密钥信息的分布式DRM代理（125,135）之间的通信的分布式DRM模块。

28. 发明申请

US20080187137A1 Method and Apparatus for Ensuring Privacy in Communications Between Parties 有权
标题翻译：确保缔约方之间沟通隐私的方法和装置
公开(公告)号：US20080187137A1
公开(公告)日：2008-08-07
申请号：US11883879
申请日：2006-02-10
申请人： Pekka Nikander , Jari Arrko , Mats Naslund
发明人： Pekka Nikander , Jari Arrko , Mats Naslund
IPC分类号： H04L9/30 , H04L9/22 , H04L9/28
CPC分类号： H04L63/0414 , H04L9/0844 , H04L63/0272 , H04L63/164 , H04L2209/38 , H04L2209/80 , H04W12/02 , H04W12/04
摘要： A method of improving privacy by hiding, in an ordered sequence of messages M[x(1), D(1)], M[x(2), D(2)], etc, communicated between a first and at least one second party sharing a key k, metadata x(i) descriptive of message processing, wherein D(i) denotes payload data. The method comprises the first and the second party agreeing on a pseudo random mapping depending on a shared key k, Fk, mapping at least x(i) to y(i), and the first party modifying the messages by replacing x(i) by y(i) in each message M(x(i), D(i)). The first party then transmits the modified messages maintaining their original order, and on reception of a message M(y(m), D), the second party uses a mapping Gk to retrieve position m of received value and the original value x(m).
摘要翻译：一种通过以有序的消息M [x（1），D（1）]，M [x（2），D（2）]等的顺序隐藏来提高隐私的方法，在第一和至少一个共享密钥k的第二方，元数据x（i）描述消息处理，其中D（i）表示有效载荷数据。该方法包括第一方和第二方根据共享密钥k至少映射至少x（i）至y（i）的伪随机映射，并且第一方修改通过在每个消息M（x（i），D（i））中将x（i）替换y（i）的消息。第一方然后发送修改的消息维持其原始顺序，并且在接收消息M（y（m），D）时，第二方使用映射G 来检索所接收的位置m 值和原始值x（m）。

29. 发明申请

US20070150794A1 ERROR CORRECTION USING FINITE FIELDS OF ODD CHARACTERISTIC ON BINARY HARDWARE 失效
标题翻译：使用二进制硬件的特征的有限域的错误校正
公开(公告)号：US20070150794A1
公开(公告)日：2007-06-28
申请号：US10271945
申请日：2002-10-17
申请人： Mats Naslund , Rolf Blom
发明人： Mats Naslund , Rolf Blom
IPC分类号： H03M13/00
CPC分类号： H03M13/158 , G06F7/724 , G06F7/725 , H03M13/6561
摘要： Binary data representing a code word of an error-correcting code is used for calculating a syndrome, wherein a given portion of the binary data comprises k groups of data bits and represents a field element of the finite field GF(pk), p being an odd prime number, the field element comprising k coefficients in accordance with a polynomial basis representation, each group of data bits of the given portion representing a corresponding one of the k coefficients. The given portion is stored in a first general purpose register and is processed such that the k groups of data bits of the given portion are processed in parallel; determining whether the syndrome is equal to zero; and detecting and correcting errors in the binary data if the syndrome is not equal to zero.
摘要翻译：表示纠错码的代码字的二进制数据用于计算校正子，其中二进制数据的给定部分包括k组数据位，并且表示有限域GF（p < / SUP>），p是奇素数，场元素包括根据多项式基表示的k个系数，给定部分的每组数据位表示k个系数中的相应一个。给定部分存储在第一通用寄存器中，并被处理使得给定部分的k组数据位被并行处理; 确定综合征是否等于零; 以及如果所述综合征不等于零，则检测和校正二进制数据中的错误。

30. 发明申请

US20060288407A1 Security and privacy enhancements for security devices 审中-公开
标题翻译：安全设备的安全和隐私增强
公开(公告)号：US20060288407A1
公开(公告)日：2006-12-21
申请号：US10530293
申请日：2003-09-17
申请人： Mats Naslund , Karl Norman , Tomas Goldbeck-Lowe
发明人： Mats Naslund , Karl Norman , Tomas Goldbeck-Lowe
IPC分类号： H04L9/32
CPC分类号： H04L63/0853 , H04L9/0844 , H04L9/3234 , H04L9/3271 , H04L12/06 , H04L2209/80 , H04W12/06 , H04W12/0802 , H04W12/12 , H04W12/1208 , H04W74/00
摘要： The invention generally relates to a tamper-resistant security device, such as a subscriber identity module or equivalent, which has an AKA (Authentication and Key Agreement) module for performing an AKA process with a security key stored in the device, as well as means for external communication. The idea according to the invention is to provide the tamper-resistant security device with an application adapted for cooperating with the AKA module and means for interfacing the AKA module and the application. The application cooperating with the AKA module is preferably a security and/or privacy enhancing application. The application is advantageously a software application implemented in an application environment of the security device. For increased security, the security device may also be adapted to detect whether it is operated in its normal secure environment or a foreign less secure environment, and set access rights to resident files or commands that could expose the AKA process or corresponding parameters accordingly.
摘要翻译：本发明总体上涉及一种防篡改安全装置，例如订户身份模块或等同物，其具有用于使用存储在该装置中的安全密钥执行AKA过程的AKA（认证和密钥协商）模块，以及装置用于外部沟通。根据本发明的想法是为防篡改安全设备提供适于与AKA模块协作的应用和用于与AKA模块和应用程序进行接口的装置。与AKA模块协作的应用优选地是安全和/或隐私增强应用。该应用有利地是在安全设备的应用环境中实现的软件应用。为了增加安全性，安全设备还可以适应于检测其是否在其正常安全环境或外部较不安全的环境中操作，并且设置对可能暴露AKA过程的驻留文件或命令或相应参数的访问权限。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式