专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

31. 发明申请

US20140053241A1 Authenticating a Device in a Network 有权
标题翻译：验证网络中的设备
公开(公告)号：US20140053241A1
公开(公告)日：2014-02-20
申请号：US14113047
申请日：2011-04-27
申请人： Karl Norrman , Rolf Blom , Mats Näslund
发明人： Karl Norrman , Rolf Blom , Mats Näslund
IPC分类号： H04L29/06
CPC分类号： H04L63/08 , H04L63/062 , H04L63/0876 , H04L63/20 , H04W12/04 , H04W12/06
摘要： There is disclosed a system for authentication of a device in a network by establishing a second security context between the device and a serving network node when a first security context has previously been established, assisted by an authentication server, based on a random value and a secret shared between an identity module associated with the device and the authentication server. First re-use information from the establishment of the first security context is stored at the authentication server and at the device, the first re-use information enabling secure generation of the second security context from the random value and the secret. Second re-use information may be generated or stored at the device. A context regeneration request is generated at the device, the context regeneration request authenticated at least partly based on the secret. The context regeneration request is sent to the serving network node. The context regeneration request is sent from the serving network node to the authentication server. The context regeneration request is verified at the authentication server. The second security context is generated at the authentication server based on at least the secret, the random value, and the first and second re-use information. The second security context is communicated from the authentication server to the serving network node.
摘要翻译：公开了一种用于通过基于随机值和由认证服务器辅助的先前建立第一安全上下文而在设备和服务网络节点之间建立第二安全上下文的网络中的设备的认证系统。在与设备相关联的身份模块和认证服务器之间共享秘密。来自建立第一安全上下文的第一重新使用信息被存储在认证服务器和设备处，第一重用信息使得能够从随机值和秘密中安全地生成第二安全上下文。可以在设备处生成或存储第二重用信息。在设备上生成上下文再生请求，上下文再生请求至少部分地基于秘密进行认证。上下文再生请求被发送到服务网络节点。上下文再生请求从服务网络节点发送到认证服务器。认证服务器验证上下文再生请求。至少基于秘密，随机值以及第一和第二再利用信息，在认证服务器产生第二安全上下文。第二安全上下文从认证服务器传送到服务网络节点。

32. 发明授权

US08620267B2 Identification of a manipulated or defect base station during handover 有权
标题翻译：在切换期间识别被操纵或缺陷基站
公开(公告)号：US08620267B2
公开(公告)日：2013-12-31
申请号：US12922314
申请日：2008-08-25
申请人： Karl Norrman , Bernard Smeets , Rolf Blom
发明人： Karl Norrman , Bernard Smeets , Rolf Blom
IPC分类号： H04M1/66 , H04W24/00 , H04W36/00
CPC分类号： H04W36/0083 , H04W12/10 , H04W12/12 , H04W36/34 , H04W88/08
摘要： A method of and arrangement for detecting a manipulated or defect base station of a communication network is disclosed, wherein a target base station, having selected one or more algorithms on the basis of a prioritized algorithm list (PAL) and a UE security capabilities (SCAP), reports UE SCAP related information to a core network node. The core network node having knowledge of the UE SCAP compares this information or parts of this information with the retrieved UE SCAP related information in order to be able to identify a manipulated or defect base station when a comparison fails to match.
摘要翻译：公开了一种用于检测通信网络的被操纵或缺陷基站的方法和装置，其中基于优先级算法列表（PAL）和UE安全能力（SCAP）选择了一个或多个算法的目标基站）向核心网络节点报告UE SCAP相关信息。具有UE SCAP知识的核心网络节点将该信息或该部分信息与检索到的UE SCAP相关信息进行比较，以便能够在比较不匹配时识别被操纵或缺陷基站。

33. 发明授权

US08196194B2 Method and network for securely delivering streaming data 有权
标题翻译：用于安全地传送流数据的方法和网络
公开(公告)号：US08196194B2
公开(公告)日：2012-06-05
申请号：US12895242
申请日：2010-09-30
申请人： Fredrik Lindholm , Rolf Blom , Karl Norrman , Göran Selander , Mats Näslund
发明人： Fredrik Lindholm , Rolf Blom , Karl Norrman , Göran Selander , Mats Näslund
IPC分类号： G06F17/00 , G06F17/30 , G06F12/14 , G06F15/16 , G06F15/173 , H04N7/16 , H04N7/167 , H04L29/06 , H04L9/32 , H04L9/08 , H04L9/00 , H04K1/00
CPC分类号： H04L63/0442 , G06F21/10 , G06F2221/0737 , G06F2221/0797 , H04L29/06027 , H04L63/0807 , H04L65/4084 , H04L65/607 , H04L65/608 , H04L67/14
摘要： In a procedure for delivering streaming media, a Client first requests the media from an Order Server. The Order Server authenticates the Client and sends a ticket to the Client. Then, the Client sends the ticket to a Streaming Server. The Streaming Server checks the ticket for validity and if found valid encrypts the streaming data using a standardized real-time protocol such as the SRTP and transmits the encrypted data to the Client. The Client receives the data and decrypts them. Copyrighted material adapted to streaming can be securely delivered to the Client. The robust protocol used is very well suited for in particular wireless clients and similar devices having a low capacity such as cellular telephones and PDAs.
摘要翻译：在提供流媒体的过程中，客户端首先从订单服务器请求媒体。订单服务器对客户端进行身份验证，并向客户端发送故障单。然后，客户端将票证发送到流服务器。流服务器检查故障单的有效性，并且如果发现有效使用诸如SRTP的标准化实时协议对流数据进行加密，并将加密的数据发送到客户端。客户端接收数据并对其进行解密。适用于流媒体的版权材料可以安全地传递给客户端。所使用的鲁棒协议非常适合于具有低容量的特定无线客户端和类似设备，例如蜂窝电话和PDA。

34. 发明申请

US20110093609A1 Sending Secure Media Streams 有权
标题翻译：发送安全媒体流
公开(公告)号：US20110093609A1
公开(公告)日：2011-04-21
申请号：US12999178
申请日：2009-02-20
申请人： Rolf Blom , Yi Cheng , John Mattsson , Mats Näslund , Karl Norrman
发明人： Rolf Blom , Yi Cheng , John Mattsson , Mats Näslund , Karl Norrman
IPC分类号： G06F15/16
CPC分类号： H04L65/605 , H04L63/0428 , H04L65/608
摘要： A method and apparatus for sending a first secured media stream having a payload via an intermediate node. The intermediate node receives from a sender the first secured media stream. An end-to-end context identifier and a hop-by-hop context identifier are determined for the first secured media stream, where the hop-by-hop context identifier relates to the intermediate node and the end-to-end identifier relates to the sender. A second secured media stream is generated, which includes at least the payload of the first secured media stream and the context identifiers to identify the first secured media stream. The second secured media stream is sent to a receiving node, and the context identifiers are also sent to the receiving node. The context identifiers are usable by the receiving node to recover the first secured media stream.
摘要翻译：一种用于经由中间节点发送具有有效载荷的第一安全媒体流的方法和装置。中间节点从发送器接收第一安全媒体流。针对第一安全媒体流确定端到端上下文标识符和逐跳上下文标识符，其中逐跳上下文标识符与中间节点相关，并且端到端标识符与发件人。生成第二安全媒体流，其包括至少第一安全媒体流的有效载荷和上下文标识符以识别第一安全媒体流。第二安全媒体流被发送到接收节点，并且上下文标识符也被发送到接收节点。上下文标识符可由接收节点使用以恢复第一安全媒体流。

35. 发明申请

US20080273704A1 Method and Apparatus for Delivering Keying Information 有权
标题翻译：提供键控信息的方法和装置
公开(公告)号：US20080273704A1
公开(公告)日：2008-11-06
申请号：US12095813
申请日：2006-07-11
申请人： Karl Norrman , Rolf Blom , Fredrik Lindholm
发明人： Karl Norrman , Rolf Blom , Fredrik Lindholm
IPC分类号： H04L9/08
CPC分类号： H04W12/02 , H04L63/0272 , H04L63/062 , H04L63/08 , H04L63/164 , H04L65/1016 , H04W12/04
摘要： A method of delivering an application key or keys to an application server for use in securing data exchanged between the application server and a user equipment, the user equipment accessing a communications network via an access domain. The method comprises running an Authentication and Key Agreement procedure between the user equipment and a home domain in order to make keying material available to the user equipment and to an access enforcement point. At least a part of said keying material is used to secure a communication tunnel between the user equipment and the access enforcement point, and one or more application keys are derived within the home domain using at least part of said keying material. Said application key(s) is(are) provided to said application server, and the same application key(s) derived at the user equipment, wherein said access enforcement point is unable to derive or have access to said application key(s).
摘要翻译：将应用密钥或密钥递送到应用服务器以用于保护在应用服务器和用户设备之间交换的数据的方法，所述用户设备经由接入域访问通信网络。该方法包括在用户设备和归属域之间运行认证和密钥协商过程，以使密钥材料可用于用户设备和访问执行点。所述密钥材料的至少一部分用于保护用户设备和访问执行点之间的通信隧道，并且使用至少部分所述密钥材料在归属域内导出一个或多个应用密钥。所述应用密钥被提供给所述应用服务器，以及在用户设备导出的相同的应用密钥，其中所述访问执行点不能导出或访问所述应用密钥。

36. 发明授权

US09178696B2 Key management for secure communication 有权
标题翻译：安全通信的密钥管理
公开(公告)号：US09178696B2
公开(公告)日：2015-11-03
申请号：US12744986
申请日：2007-11-30
申请人： Rolf Blom , Yi Cheng , Fredrik Lindholm , John Mattsson , Mats Naslund , Karl Norrman
发明人： Rolf Blom , Yi Cheng , Fredrik Lindholm , John Mattsson , Mats Naslund , Karl Norrman
IPC分类号： H04L9/08 , H04L29/06
CPC分类号： H04L9/0838 , H04L9/083 , H04L9/0861 , H04L63/061 , H04L63/062 , H04L63/0884 , H04L65/1016
摘要： A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary.
摘要翻译：公开了一种用于管理用于通信网络中的第一和第二用户设备之间的安全通信的会话密钥的方法和装置。该方法的特征在于独立于每个用户设备为安全操作实现什么类型的凭证。第一用户从第一密钥管理服务器接收密钥信息和凭证并生成第一会话密钥。该凭证被转发到至少一个响应用户设备，在来自与第一密钥管理服务器通信的第二密钥管理服务器的支持下，解决凭证并确定第二会话密钥。此后，第一和第二会话密钥用于安全通信。在一个实施例中，通信遍及中间体，由此第一和第二会话密钥保护与相应的腿到中间的通信。

37. 发明授权

US09106409B2 Method and apparatus for handling keys used for encryption and integrity 有权
标题翻译：用于处理用于加密和完整性的密钥的方法和装置
公开(公告)号：US09106409B2
公开(公告)日：2015-08-11
申请号：US11726527
申请日：2007-03-22
申请人： Rolf Blom , Karl Norrman , Mats Näslund
发明人： Rolf Blom , Karl Norrman , Mats Näslund
IPC分类号： H04L9/08 , H04L29/06 , H04W12/04
CPC分类号： H04L63/062 , H04L9/0844 , H04L9/0891 , H04L2209/80 , H04W12/04
摘要： A method and an arrangement for providing keys for protecting communication between a terminal (300) and service points in a communication network. A basic key (Ik) is first established with a service control node (304) when the terminal has entered the network. An initial modified key (Ik1) is then created in both the service control node and the terminal, by applying a predetermined first function (f) to at least the basic key and an initial value of a key version parameter (v). The initial modified key is sent to a first service point (302), such that it can be used to protect communication between the terminal and the first service point. When the terminal switches to a second service point (306), the first service point and the terminal both create a second modified key (Ik2) by applying a predetermined second function (g) to the initial modified key, and the first service point sends the second modified key to the second service point.
摘要翻译：一种用于提供用于保护终端（300）与通信网络中的服务点之间的通信的密钥的方法和装置。当终端进入网络时，首先与服务控制节点（304）建立基本密钥（Ik）。然后，通过将预定的第一函数（f）应用于至少基本密钥和密钥版本参数（v）的初始值，在服务控制节点和终端两者中创建初始修改密钥（Ik1）。初始修改的密钥被发送到第一服务点（302），使得其可以用于保护终端和第一服务点之间的通信。当终端切换到第二服务点（306）时，第一服务点和终端都通过对初始修改密钥应用预定的第二功能（g）来创建第二修改密钥（Ik2），并且第一服务点发送第二个修改密钥到第二个服务点。

38. 发明授权

US08837737B2 Key management in a communication network 有权
标题翻译：通信网络中的密钥管理
公开(公告)号：US08837737B2
公开(公告)日：2014-09-16
申请号：US13063997
申请日：2009-03-13
申请人： Rolf Blom , Fredrik Lindholm , Mats Naslund , Karl Norrman
发明人： Rolf Blom , Fredrik Lindholm , Mats Naslund , Karl Norrman
IPC分类号： H04L9/08 , H04L29/06 , H04L9/32
CPC分类号： H04L63/0869 , H04L9/0819 , H04L9/083 , H04L9/3213 , H04L63/0428 , H04L63/06 , H04L63/08
摘要： A method and apparatus for key management in a communication network. A Key Management Terminal KMS Terminal Server (KMS) receives from a first device a request for a token associated with a user identity, the user identity being associated with a second device. The KMS then sends the requested token and a user key associated with the user to the first device. The KMS subsequently receives the token from the second device. A second device key is generated using the user key and a modifying parameter associated with the second device. The modifying parameter is available to the first device for generating the second device key. The second device key is then sent from the KMS to the second device. The second device key can be used by the second device to authenticate itself to the first device, or for the first device to secure communications to the second device.
摘要翻译：一种用于通信网络中密钥管理的方法和装置。密钥管理服务器（KMS）从第一设备接收与用户身份相关联的令牌的请求，所述用户身份与第二设备相关联。然后，KMS将所请求的令牌和与用户相关联的用户密钥发送到第一设备。 KMS随后从第二个设备接收令牌。使用用户密钥和与第二设备相关联的修改参数来生成第二设备密钥。修改参数可用于第一设备用于生成第二设备密钥。然后，第二个设备密钥从KMS发送到第二个设备。第二设备密钥可以由第二设备用于向第一设备或第一设备认证自身以确保与第二设备的通信。

39. 发明授权

US08661243B2 Storing and forwarding media data 有权
标题翻译：存储和转发媒体数据
公开(公告)号：US08661243B2
公开(公告)日：2014-02-25
申请号：US12997924
申请日：2008-06-16
申请人： Rolf Blom , Karl Norrman
发明人： Rolf Blom , Karl Norrman
IPC分类号： H04L29/06
CPC分类号： H04L63/168 , H04L65/605 , H04L65/608 , H04L69/22
摘要： A method apparatus for storing and forwarding media data in a communication network. An intermediate node disposed between a media data source node and a client node receives encrypted media data packets from the media data source node. The intermediate node stores the received media data packets in a memory for later sending to the client node, and adjusts fields in the original header of each stored media data packet to create modified media data packets having a modified header, and sends adjustment information to the client node. The adjustment information allows the client node to recreate the original headers from the modified headers, before decrypting the encrypted media packets with keying materials already sent between the media data source node and the client node. The modified media data packets are then sent to the client node for decryption. This allows the intermediate node to “store and forward” SRTP data without being able to access the encrypted data content.
摘要翻译：一种在通信网络中存储和转发媒体数据的方法装置。设置在媒体数据源节点和客户端节点之间的中间节点从媒体数据源节点接收加密的媒体数据分组。中间节点将接收到的媒体数据分组存储在存储器中用于随后发送到客户端节点，并且调整每个存储的媒体数据分组的原始报头中的字段以创建具有修改的报头的修改的媒体数据分组，并将调整信息发送到客户端节点。调整信息允许客户端节点在已经在媒体数据源节点和客户机节点之间发送的密钥材料解密加密的媒体分组之前，从修改的报头重新创建原始报头。然后将经修改的媒体数据分组发送到客户端节点进行解密。这允许中间节点“存储和转发”SRTP数据，而不能访问加密的数据内容。

40. 发明授权

US08621570B2 Access through non-3GPP access networks 有权
标题翻译：通过非3GPP接入网络进行接入
公开(公告)号：US08621570B2
公开(公告)日：2013-12-31
申请号：US12937008
申请日：2008-11-05
申请人： Mats Naslund , Jari Arkko , Rolf Blom , Vesa Lehtovirta , Karl Norrman , Stefan Rommer , Bengt Sahlin
发明人： Mats Naslund , Jari Arkko , Rolf Blom , Vesa Lehtovirta , Karl Norrman , Stefan Rommer , Bengt Sahlin
IPC分类号： G06F15/177 , G06F7/04 , G06F15/16 , G06F17/30 , G06F9/00 , G06F12/00 , H04L29/06 , G11C7/00
CPC分类号： H04W12/06 , G06F21/30 , H04L63/0272 , H04L63/08 , H04L63/0892 , H04L63/1433 , H04L63/162 , H04L63/164 , H04L63/20 , H04W60/00 , H04W72/0493
摘要： When setting up communication from a user equipment UE (1), such as for providing IP access for the UE in order to allow it to use some service, information or an indication or at least one network properly relating to a first network, e.g. the current access network (3, 3′), is sent to the UE from a node (13) in a sue and network such as the home network (5) of the subscriber ask UE. The information or indication can be sent in a first stage of an authentication procedure being part of the setting up of a connection from the UE. In particular, the network property can indicate whether the access network (3, 3′) is trusted or not.
摘要翻译：当从用户设备UE（1）建立通信时，例如用于为UE提供IP接入，以便允许其使用与第一网络正确相关的至少一个网络的一些服务，信息或指示，例如，当前接入网络（3,3'）从诸如用户询问UE的归属网络（5）的第二网络中的节点（13）发送到UE。可以在认证过程的第一阶段中发送信息或指示，这是作为来自UE的连接的建立的一部分。特别地，网络属性可以指示接入网络（3,3'）是否被信任。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式