专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

51. 发明授权

US09407616B2 Authenticating a device in a network 有权
标题翻译：验证网络中的设备
公开(公告)号：US09407616B2
公开(公告)日：2016-08-02
申请号：US14113047
申请日：2011-04-27
申请人： Karl Norrman , Rolf Blom , Mats Näslund
发明人： Karl Norrman , Rolf Blom , Mats Näslund
IPC分类号： G06F7/04 , G06F15/16 , G06F17/30 , H04L29/06 , H04W12/06
CPC分类号： H04L63/08 , H04L63/062 , H04L63/0876 , H04L63/20 , H04W12/04 , H04W12/06
摘要： There is disclosed a system for authentication of a device in a network by establishing a second security context between the device and a serving network node when a first security context has previously been established, assisted by an authentication server, based on a random value and a secret shared between an identity module associated with the device and the authentication server. First re-use information from the establishment of the first security context is stored at the authentication server and at the device, the first re-use information enabling secure generation of the second security context from the random value and the secret. Second re-use information may be generated or stored at the device. A context regeneration request is generated at the device, the context regeneration request authenticated at least partly based on the secret. The context regeneration request is sent to the serving network node. The context regeneration request is sent from the serving network node to the authentication server. The context regeneration request is verified at the authentication server. The second security context is generated at the authentication server based on at least the secret, the random value, and the first and second re-use information. The second security context is communicated from the authentication server to the serving network node.
摘要翻译：公开了一种用于通过基于随机值和由认证服务器辅助的先前建立第一安全上下文而在设备和服务网络节点之间建立第二安全上下文的网络中的设备的认证系统。在与设备相关联的身份模块和认证服务器之间共享秘密。来自建立第一安全上下文的第一重新使用信息被存储在认证服务器和设备处，第一重用信息使得能够从随机值和秘密安全地生成第二安全上下文。可以在设备处生成或存储第二重用信息。在设备上生成上下文再生请求，上下文再生请求至少部分地基于秘密进行认证。上下文再生请求被发送到服务网络节点。上下文再生请求从服务网络节点发送到认证服务器。认证服务器验证上下文再生请求。至少基于秘密，随机值以及第一和第二再利用信息，在认证服务器产生第二安全上下文。第二安全上下文从认证服务器传送到服务网络节点。

52. 发明授权

US08863236B2 Prefix reachability detection in a communication 有权
标题翻译：通信中的前缀可达性检测
公开(公告)号：US08863236B2
公开(公告)日：2014-10-14
申请号：US12531659
申请日：2008-02-26
申请人： Wassim Haddad , Mats Näslund
发明人： Wassim Haddad , Mats Näslund
IPC分类号： H04L29/06
CPC分类号： H04L63/1416 , H04L9/30 , H04L63/061 , H04L63/123 , H04L63/1466 , H04L2209/24
摘要： There is disclosed a method, and a communication system, and a communication node for implementing the claimed method, for attempting to enhance legitimacy assessment and thwart a man-in-the middle or similar false-location attack by evaluating the topology of a communication-session requesting node relative to the proposed communication path through a network between the requesting node and the requested node. Upon receiving the request, a PRD (Prefix Reachability Detection) protocol is initiated, either after or during a secure key exchange, if any, which if performed preferably includes an ART (address reachability text). The PRD is executed by sending a message to the communication node challenging the location-authenticity of the requesting device. The communication node, which may be for example an access router through which the requesting node accesses the network, determines if the requesting node is positioned behind the communication node topologically, and reports the result to the requested node. The requested node may then make a decision on whether to permit the communication. If so, the PRD may be repeated one or more times while the communication session is in progress.
摘要翻译：公开了一种用于实现所要求保护的方法的方法，通信系统和通信节点，用于通过评估通信的拓扑来尝试增强合法性评估并阻止中间或类似的假位置攻击中的人员，会话请求节点相对于所提出的通信路径通过请求节点和请求节点之间的网络。在接收到请求后，在安全密钥交换之后或期间，如果执行了PRD（前缀可达性检测）协议，如果执行的话，优先包括ART（地址可达性文本）。通过向通信节点发送消息来执行请求设备的位置真实性来执行PRD。通信节点，其可以是例如请求节点访问网络的接入路由器，确定请求节点是否在拓扑结构中位于通信节点后面，并将结果报告给所请求的节点。所请求的节点然后可以决定是否允许通信。如果是，则通信会话正在进行时，PRD可以重复一次或多次。

53. 发明授权

US08811987B2 Method and arrangement for creation of association between user equipment and an access point 有权
标题翻译：用于创建用户设备和接入点之间的关联的方法和装置
公开(公告)号：US08811987B2
公开(公告)日：2014-08-19
申请号：US13140818
申请日：2008-12-19
申请人： Göran Selander , Jari Vikberg , Karl Norrman , Rolf Blom , Mats Näslund
发明人： Göran Selander , Jari Vikberg , Karl Norrman , Rolf Blom , Mats Näslund
IPC分类号： H04M1/66 , H04M3/00 , H04W4/00
CPC分类号： H04W12/08 , H04L63/101 , H04W84/045
摘要： Methods, apparatus, and computer program products for creating an association between a first user equipment and at least one access point assisted by a registration server in a telecommunication network are disclosed. The registration server responds to a first contact request carried out using a first association number for the access point, provided by the first user equipment, receives a first association request for the association with the access point, provided by the first user equipment, authorizes the first association request based on a first authorization information provided by the first user equipment; registers the association between the first user equipment and the access point responsive to authorization of the first association request. The first user equipment is associated with the access point and the association is administered by the registration server.
摘要翻译：公开了用于在第一用户设备和由电信网络中的注册服务器辅助的至少一个接入点之间建立关联的方法，设备和计算机程序产品。注册服务器响应由第一用户设备提供的接入点的第一关联号码执行的第一联系请求，接收由第一用户设备提供的与接入点的关联的第一关联请求，授权基于由第一用户设备提供的第一授权信息的第一关联请求; 响应于第一关联请求的授权，注册第一用户设备和接入点之间的关联。第一用户设备与接入点相关联，该关联由注册服务器管理。

54. 发明申请

US20140215217A1 Secure Communication 有权
标题翻译：安全通信
公开(公告)号：US20140215217A1
公开(公告)日：2014-07-31
申请号：US14342414
申请日：2011-09-08
申请人： Kristoffer Gronowski , Shingo Murakami , Mats Näslund
发明人： Kristoffer Gronowski , Shingo Murakami , Mats Näslund
IPC分类号： H04L29/06
CPC分类号： H04L63/062 , H04L9/0816 , H04L9/0819 , H04L9/083 , H04L9/0838 , H04L63/061 , H04L63/083 , H04L63/0853 , H04L2209/56 , H04L2209/80
摘要： A method comprising the use of a bootstrapping protocol to define a security relationship between a first server and a second server, the first and second servers co-operating to provide a service to a user terminal. A bootstrapping protocol is used to generate a shared key for securing communication between the first server and the second server. The shared key is based on a context of the bootstrapping protocol, and the context is associated with a Subscriber Identity Module (SIM) associated with the user terminal and provides a base for the shared key. A method of the invention may, for example, be employed within a computing/service network such as a “cloud”, and in particular for communications between two servers in the cloud that are co-operating to provide a service to a user.
摘要翻译：一种方法，包括使用自举协议来定义第一服务器和第二服务器之间的安全关系，所述第一和第二服务器合作以向用户终端提供服务。引导协议用于生成用于保护第一服务器和第二服务器之间的通信的共享密钥。共享密钥基于引导协议的上下文，并且上下文与与用户终端相关联的订户身份模块（SIM）相关联，并为共享密钥提供基础。例如，本发明的方法可以在诸如“云”的计算/服务网络内使用，并且特别地用于云中的两个服务器之间的通信，这些服务器正在协作以向用户提供服务。

55. 发明授权

US08788705B2 Methods and apparatus for secure routing of data packets 失效
标题翻译：数据包安全路由的方法和装置
公开(公告)号：US08788705B2
公开(公告)日：2014-07-22
申请号：US13520301
申请日：2010-01-04
申请人： Karl Norrman , Jukka Ylitalo , Mats Näslund , Pekka Nikander
发明人： Karl Norrman , Jukka Ylitalo , Mats Näslund , Pekka Nikander
IPC分类号： G06F15/173
CPC分类号： H04L45/00 , H04L63/04 , H04L63/06
摘要： Methods and arrangements for supporting a forwarding process in routers when routing data packets through a packet-switched network, by employing hierarchical parameters in which the hops of a predetermined transmission path between a sender and a receiver are encoded. A name server generates and distributes router-associated keys to routers in the network which keys are used for computing the hierarchical parameters.
摘要翻译：通过采用编码发送器和接收器之间的预定传输路径的跳的层次参数来支持通过分组交换网络路由数据分组时在路由器中的转发过程的方法和装置。名称服务器生成并将与路由器相关的密钥分发给网络中用于计算分层参数的密钥的路由器。

56. 发明授权

US08738910B2 Method and arrangement for enabling play-out of media 有权
标题翻译：实现媒体播放的方法和布置
公开(公告)号：US08738910B2
公开(公告)日：2014-05-27
申请号：US13514100
申请日：2009-12-07
申请人： Göran Selander , Yi Cheng , Mattias Eld , Frank Hartung , Michael Liljenstam , Mats Näslund
发明人： Göran Selander , Yi Cheng , Mattias Eld , Frank Hartung , Michael Liljenstam , Mats Näslund
IPC分类号： H04L9/32
CPC分类号： H04N7/17318 , H04L9/0844 , H04L12/282 , H04L63/18 , H04L65/4076 , H04L65/4084 , H04L67/10 , H04L2012/2849 , H04L2209/60 , H04N7/162 , H04N21/25816 , H04N21/42204 , H04N21/4227 , H04N21/43637 , H04N21/4405 , H04N21/63345
摘要： Methods and arrangements for enabling the use of a first device (300) for controlling transfer of media content from a content provider (306) to a second device (302). The first device has a pre-established security association with the communications network. When the network detects a request made by the first device for delivery of media content to the second device, key information is established which enables determination of one or more media keys for encryption of the media content. The network sends key information to the content provider and to the first device. The content provider then delivers media content encrypted by the media key(s) to the second device. Further, the first device forward the media key(s) over a local communication link to the second device for decryption of media content encrypted by the media key(s) when delivered by the content provider.
摘要翻译：允许使用第一设备（300）来控制媒体内容从内容提供商（306）传送到第二设备（302）的方法和装置。第一个设备与通信网络有预先建立的安全关联。当网络检测到由第一设备发送用于向第二设备传送媒体内容的请求时，建立了能够确定用于加密媒体内容的一个或多个媒体密钥的密钥信息。网络向内容提供商和第一个设备发送密钥信息。然后，内容提供商将由媒体密钥加密的媒体内容传送到第二设备。此外，当由内容提供商递送时，第一设备通过本地通信链路将媒体密钥转发到第二设备以解密由媒体密钥加密的媒体内容。

57. 发明授权

US08646085B2 Apparatus for reconfiguration of a technical system based on security analysis and a corresponding technical decision support system and computer program product 有权
标题翻译：基于安全分析技术系统重新配置的设备和相应的技术决策支持系统和计算机程序产品
公开(公告)号：US08646085B2
公开(公告)日：2014-02-04
申请号：US12682542
申请日：2008-09-23
申请人： Karl Norrman , Jonathan Cederberg , Mats Näslund
发明人： Karl Norrman , Jonathan Cederberg , Mats Näslund
IPC分类号： G06F21/00
CPC分类号： G06Q10/06 , G06F21/577
摘要： The invention relates to an apparatus for analyzing and reconfiguring a technical system (2) with respect to security, as well as a corresponding decision support system and computer program product. A graph constructor (20) provides, based on technical information about the system (2) received via an input interface (10), a representation of potential attacks in a directed graph of attack nodes. A system/countermeasure analysis unit (30) ranks different sets of countermeasures to enable a selected set of countermeasures to be taken to improve security. The analysis unit (30) performs the following procedure for each set of countermeasures: i) logically apply the set of countermeasures to attacks in the directed graph, and ii) determine a rank of the applied set of countermeasures based on the effectiveness of the countermeasures with respect to the reduction of the risk of attacks. An output and/or control unit (40) may then provide appropriate control signaling and/or effectuate appropriate control actions for reconfiguration of the technical system (2).
摘要翻译：本发明涉及一种用于分析和重新配置关于安全性的技术系统（2）的装置，以及相应的决策支持系统和计算机程序产品。图形构造器（20）基于通过输入接口（10）接收的关于系统（2）的技术信息，提供攻击节点的有向图中的潜在攻击的表示。系统/对策分析单元（30）排列不同的对策组以使得能够采取所选择的一组对策来提高安全性。分析单元（30）针对每一套对策执行以下过程：i）在有向图中逻辑应用攻击对策，ii）根据对策的有效性确定所应用的一套对策的等级关于减少攻击的风险。然后，输出和/或控制单元（40）可以为技术系统（2）的重新配置提供适当的控制信令和/或实现适当的控制动作。

58. 发明授权

US08462947B2 Managing user access in a communications network 有权
标题翻译：管理通信网络中的用户访问
公开(公告)号：US08462947B2
公开(公告)日：2013-06-11
申请号：US12520476
申请日：2006-12-19
申请人： Mats Näslund , Jari Arkko
发明人： Mats Näslund , Jari Arkko
IPC分类号： H04K1/00 , G06F21/00
CPC分类号： H04W12/04 , H04L63/061 , H04L63/062 , H04L63/067 , H04L63/08 , H04L63/0884 , H04L63/0892 , H04L63/162 , H04W12/06 , H04W80/04
摘要： A method of operating a node for performing handover between access networks wherein a user has authenticated for network access in a first access network. The method comprises receiving from a home network a first session key and a temporary identifier allocated to the user for the duration of a communication session. The identifier is mapped to the first session key, and the mapped identifier and key are stored at the node. A second session key is derived from the first session key and the second session key is sent to an access network, and the identifier sent to a user terminal. When the user subsequently moves to a second access network, the node receives the identifier from the user terminal. The node then retrieves the first session key mapped to the received identifier, derives a third session key and sends the third session key to the second access network.
摘要翻译：一种操作节点的方法，用于在接入网络之间执行切换，其中用户已经在第一接入网络中对网络接入进行了认证。该方法包括：在通信会话期间，从家庭网络接收分配给用户的第一会话密钥和临时标识符。标识符被映射到第一个会话密钥，映射的标识符和密钥存储在节点处。从第一会话密钥导出第二会话密钥，将第二会话密钥发送到接入网络，并将该标识符发送给用户终端。当用户随后移动到第二接入网络时，节点从用户终端接收标识符。然后，节点检索映射到接收到的标识符的第一会话密钥，导出第三会话密钥，并将第三会话密钥发送到第二接入网络。

59. 发明申请

US20130084854A1 Methods and Arrangements for Direct Mode Communication 有权
标题翻译：直接模式通信的方法和布置
公开(公告)号：US20130084854A1
公开(公告)日：2013-04-04
申请号：US13703677
申请日：2010-06-22
申请人： Göran Selander , Konstantinos Dimou , Johan Lundsjö , Micael Martell , Gunnar Mildh , Mats Näslund
发明人： Göran Selander , Konstantinos Dimou , Johan Lundsjö , Micael Martell , Gunnar Mildh , Mats Näslund
IPC分类号： H04W4/00
CPC分类号： H04W4/008 , H04W4/80 , H04W76/14
摘要： A method in a first user equipment (UE 1) connectable to a second user equipment (UE 2) via a communication network or via a direct radio communication link, of using a direct radio communication link for communication between the UEs is initiated when one of the UEs receives probe signaling information comprising a first probe token via the communication network. The UEs exchange probe signaling messages including a second and/or the first probe token at least partly according to the probe signaling information, such that one of the UEs can compare the probe tokens, generate a probing report and provide the probing report to the communication network, or to the opposite UE for evaluation in case of a successful comparison and such that a direct radio communication link can be used for communication with UE 2 in response to receiving instructions to use the second direct radio communication link from the entity by which the probing report was evaluated.
摘要翻译：当通过通信网络或经由直接无线电通信链路连接到第二用户设备（UE 2）的第一用户设备（UE 1）中使用直接无线电通信链路用于UE之间的通信的方法被启动， UE经由通信网络接收包括第一探测令牌的探测信令信息。 UE至少部分地根据探测信令信息来交换包括第二和/或第一探测令牌的探测信令消息，使得UE中的一个可以比较探测令牌，生成探测报告并向通信提供探测报告网络或相对的UE进行评估，以便在成功比较的情况下进行评估，并且使得直接无线电通信链路可以用于响应于接收到使用来自所述实体的第二直接无线电通信链路的指令与UE 2通信，探测报告进行了评估。

60. 发明申请

US20120246480A1 Method and Arrangement for Enabling Play-Out of Media 有权
标题翻译：实现媒体播放的方法和安排
公开(公告)号：US20120246480A1
公开(公告)日：2012-09-27
申请号：US13514100
申请日：2009-12-07
申请人： Göran Selander , Yi Cheng , Mattias Eld , Frank Hartung , Michael Liljenstam , Mats Näslund
发明人： Göran Selander , Yi Cheng , Mattias Eld , Frank Hartung , Michael Liljenstam , Mats Näslund
IPC分类号： H04L9/32
CPC分类号： H04N7/17318 , H04L9/0844 , H04L12/282 , H04L63/18 , H04L65/4076 , H04L65/4084 , H04L67/10 , H04L2012/2849 , H04L2209/60 , H04N7/162 , H04N21/25816 , H04N21/42204 , H04N21/4227 , H04N21/43637 , H04N21/4405 , H04N21/63345
摘要： Methods and arrangements for enabling the use of a first device (300) for controlling transfer of media content from a content provider (306) to a second device (302). The first device has a pre-established security association with the communications network. When the network detects a request made by the first device for delivery of media content to the second device, key information is established which enables determination of one or more media keys for encryption of the media content. The network sends key information to the content provider and to the first device. The content provider then delivers media content encrypted by the media key(s) to the second device. Further, the first device forward the media key(s) over a local communication link to the second device for decryption of media content encrypted by the media key(s) when delivered by the content provider.
摘要翻译：允许使用第一设备（300）来控制媒体内容从内容提供商（306）传送到第二设备（302）的方法和装置。第一个设备与通信网络有预先建立的安全关联。当网络检测到由第一设备发送用于向第二设备传送媒体内容的请求时，建立了能够确定用于加密媒体内容的一个或多个媒体密钥的密钥信息。网络向内容提供商和第一个设备发送密钥信息。然后，内容提供商将由媒体密钥加密的媒体内容传送到第二设备。此外，当由内容提供商递送时，第一设备通过本地通信链路将媒体密钥转发到第二设备以解密由媒体密钥加密的媒体内容。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式