专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

51. 发明申请

US20130156182A1 Cryptographic Key Generation 有权
公开(公告)号：US20130156182A1
公开(公告)日：2013-06-20
申请号：US13674226
申请日：2012-11-12
申请人： Karl Norrman , Mats Naslund
发明人： Karl Norrman , Mats Naslund
IPC分类号： H04L9/08
CPC分类号： H04W12/06 , H04L9/065 , H04L9/0819 , H04L9/0838 , H04L9/0866 , H04L9/0869 , H04L9/0891 , H04L9/14 , H04L9/3271 , H04L2209/24 , H04L2209/80 , H04L2463/061 , H04W12/04
摘要： A technique for generating a cryptographic key is provided. The technique is particularly useful for protecting the communication between two entities cooperatively running a distributed security operation. The technique comprises providing at least two parameters, the first parameter comprising or deriving from some cryptographic keys which have been computed by the first entity by running the security operation; and the second parameter comprising or deriving from a token, where the token comprises an exclusive OR of a sequence number (SQN) and an Anonymity Key (AK). A key derivation function is applied to the provided parameters to generate the desired cryptographic key.

52. 发明授权

US08452957B2 Method and nodes for providing secure access to cloud computing for mobile users 有权
标题翻译：为移动用户提供安全访问云计算的方法和节点
公开(公告)号：US08452957B2
公开(公告)日：2013-05-28
申请号：US12768034
申请日：2010-04-27
申请人： Makan Pourzandi , Mats Naslund
发明人： Makan Pourzandi , Mats Naslund
IPC分类号： G06F21/00
CPC分类号： H04W12/02 , G06F21/6218 , H04L9/083 , H04L9/0869 , H04L63/0435 , H04L63/061 , H04L63/062 , H04L2209/60 , H04L2209/80 , H04L2463/061 , H04W12/04 , H04W12/06 , H04W88/08
摘要： A mobile node, a gateway node and methods are provided for securely storing a content into a remote node. The mobile node, or a gateway node of a network providing access to the mobile node, applies a content key to the content prior to sending the content for storage in the remote node. The content key is generated at the mobile node, based on a random value obtained from an authentication server, or directly at the authentication server if applied by the gateway node. The content key is not preserved in the mobile node or in the gateway node, for security purposes. When the mobile node or the gateway node fetches again the content from the remote node, the same content key is generated again for decrypting the content. The remote node does not have access to the content key and can therefore no read or modify the content.
摘要翻译：提供移动节点，网关节点和方法以将内容安全地存储到远程节点中。移动节点或提供对移动节点的访问的网络的网关节点在发送用于存储在远程节点内的内容之前向内容应用内容密钥。基于从认证服务器获得的随机值，或者如果由网关节点应用，则直接在认证服务器处，在移动节点生成内容密钥。出于安全考虑，内容密钥不会保留在移动节点或网关节点中。当移动节点或网关节点从远程节点再次获取内容时，再次产生相同的内容密钥以解密该内容。远程节点无法访问内容密钥，因此无法读取或修改内容。

53. 发明申请

US20110004758A1 Application Specific Master Key Selection in Evolved Networks 有权
标题翻译：演进网络中的应用特定主密钥选择
公开(公告)号：US20110004758A1
公开(公告)日：2011-01-06
申请号：US12867687
申请日：2008-02-15
申请人： John Michael Walker , Susana Fernandez Alonso , Mats Naslund
发明人： John Michael Walker , Susana Fernandez Alonso , Mats Naslund
IPC分类号： H04L9/32
CPC分类号： H04L63/062 , H04L12/06 , H04L63/083 , H04W12/06
摘要： An authentication method comprises providing a set of N plural number of master keys both to a user terminal (13) and to home network entity (11) and, when performing an authentication key agreement (AKA) transaction for an application, selecting one of the N number of master keys to serve as a master key for use both at the user terminal and the home network entity for deriving further keys for the application. For example, when performing an authentication key agreement (AKA) transaction for a first application, the method involves randomly selecting one of the N number of master keys to serve as a first master key for use both at the user terminal and the home network entity for deriving further keys for the first application; but when 10 performing an authentication key agreement (AKA) transaction for another application, the method involves randomly selecting another one of the N number of master keys to serve as master key for use both at the user terminal and the home network entity for deriving further keys for the another application.
摘要翻译：认证方法包括向用户终端（13）和家庭网络实体（11）提供N个多个主密钥的集合，并且当为应用执行认证密钥协商（AKA）事务时，选择一个 N个主密钥用作用于用户终端和家庭网络实体的主密钥，用于导出用于应用的另外的密钥。例如，当对第一应用执行认证密钥协商（AKA）事务时，该方法包括随机选择N个主密钥中的一个作为第一主密钥，用于在用户终端和家庭网络实体用于导出用于第一应用的另外的键; 但是当10执行针对另一应用的认证密钥协议（AKA）事务时，该方法包括随机选择N个主密钥中的另一个作为主密钥，以在用户终端和归属网络实体处用于进一步导出另一个应用程序的键。

54. 发明申请

US20100150006A1 DETECTION OF PARTICULAR TRAFFIC IN COMMUNICATION NETWORKS 审中-公开
标题翻译：检测通信网络中的特殊业务
公开(公告)号：US20100150006A1
公开(公告)日：2010-06-17
申请号：US12337254
申请日：2008-12-17
申请人： Makan Pourzandi , Michael Liljenstam , Andras Mehes , Mats Naslund
发明人： Makan Pourzandi , Michael Liljenstam , Andras Mehes , Mats Naslund
IPC分类号： G06F11/30
CPC分类号： H04L63/1408 , H04L43/16 , H04L63/1441
摘要： A method for detecting a particular data traffic in a communication network having a plurality of nodes comprises: maintaining a list of detecting scans to be applied to an incoming data traffic; receiving the incoming data traffic; and applying a subset of the detecting scans in the list to the incoming data traffic. A network node for detecting a particular traffic in a communication network having a plurality of nodes comprises: a list of detecting scans to be applied to an incoming data traffic; an input for receiving the incoming data traffic; and an inspection chain, which applies a subset of detecting scans in the list to the incoming data traffic.
摘要翻译：一种用于检测具有多个节点的通信网络中的特定数据业务的方法，包括：维护要应用于输入数据业务的检测扫描的列表; 接收传入数据流量; 以及将列表中的检测扫描的子集应用于输入数据业务。用于检测具有多个节点的通信网络中的特定业务的网络节点包括：要应用于输入数据业务的检测扫描的列表; 用于接收输入数据流量的输入; 以及检查链，其将列表中的检测扫描的子集应用于输入数据流量。

55. 发明申请

US20090313466A1 Managing User Access in a Communications Network 有权
标题翻译：管理通信网络中的用户访问
公开(公告)号：US20090313466A1
公开(公告)日：2009-12-17
申请号：US12520476
申请日：2006-12-19
申请人： Mats Naslund , Jari Arkko
发明人： Mats Naslund , Jari Arkko
IPC分类号： H04L29/06
CPC分类号： H04W12/04 , H04L63/061 , H04L63/062 , H04L63/067 , H04L63/08 , H04L63/0884 , H04L63/0892 , H04L63/162 , H04W12/06 , H04W80/04
摘要： A method of operating a node for performing handover between access networks wherein a user has authenticated for network access in a first access network. The method comprises receiving from a home network a first session key and a temporary identifier allocated to the user for the duration of a communication session. The identifier is mapped to the first session key, and the mapped identifier and key are stored at the node. A second session key is derived from the first session key and the second session key is sent to an access network, and the identifier sent to a user terminal. When the user subsequently moves to a second access network, the node receives the identifier from the user terminal. The node then retrieves the first session key mapped to the received identifier, derives a third session key and sends the third session key to the second access network.
摘要翻译：一种操作节点的方法，用于在接入网络之间执行切换，其中用户已经在第一接入网络中对网络接入进行了认证。该方法包括：在通信会话期间，从家庭网络接收分配给用户的第一会话密钥和临时标识符。标识符被映射到第一个会话密钥，映射的标识符和密钥存储在节点处。从第一会话密钥导出第二会话密钥，将第二会话密钥发送到接入网络，并将该标识符发送给用户终端。当用户随后移动到第二接入网络时，节点从用户终端接收标识符。然后，节点检索映射到接收到的标识符的第一会话密钥，导出第三会话密钥，并将第三会话密钥发送到第二接入网络。

56. 发明申请

US20090190758A1 Method and Apparatus for Authentication Service Application Processes During Service Reallocation in High Availability Clusters 有权
标题翻译：在高可用性集群中的业务重新分配期间认证服务应用过程的方法和装置
公开(公告)号：US20090190758A1
公开(公告)日：2009-07-30
申请号：US12020185
申请日：2008-01-25
申请人： Makan Pourzandi , Frederic Rossi , Mats Naslund
发明人： Makan Pourzandi , Frederic Rossi , Mats Naslund
IPC分类号： H04L9/00
CPC分类号： G06F11/1482 , G06F9/468 , G06F11/2025 , G06F11/203
摘要： A method and communication node for providing secure communications and services in a High Availability (HA) cluster. The communication node comprises an Operating System (OS) that detects an unavailability of a first service application process and switches a second service application process from the first state to the second state, the second service application being selected for taking over service currently provided from the first service application process, the first state and the second state each being associated to a set of rights in the cluster. The OS generates a private key for the second service application process based on its second state. The set of rights associated to the second state allows the OS to replace the first service application process with the second service application process for providing secure communications between the second service application and other service application processes in the HA cluster.
摘要翻译：一种用于在高可用性（HA）集群中提供安全通信和服务的方法和通信节点。通信节点包括检测第一服务应用进程的不可用性的操作系统（OS），并且将第二服务应用进程从第一状态切换到第二状态，第二服务应用被选择用于接管目前从第一服务应用进程，第一状态和第二状态各自与集群中的一组权限相关联。操作系统基于其第二状态为第二服务应用进程生成私钥。与第二状态相关联的一组权限允许OS用第二服务应用进程替换第一服务应用进程，以在第二服务应用和HA群集中的其他服务应用进程之间提供安全通信。

57. 发明授权

US08665874B2 Method and apparatus for forwarding data packets using aggregating router keys 有权
标题翻译：使用聚合路由器密钥转发数据包的方法和装置
公开(公告)号：US08665874B2
公开(公告)日：2014-03-04
申请号：US13128012
申请日：2008-11-07
申请人： Andras Czaszar , Lars G. Magnusson , Mats Naslund , Lars Westberg
发明人： Andras Czaszar , Lars G. Magnusson , Mats Naslund , Lars Westberg
IPC分类号： H04L12/28 , H04L12/56
CPC分类号： H04L45/00 , H04L63/0227
摘要： Method and apparatus for supporting the forwarding of received data packets in a router (402,702) of a packet-switched network. A forwarding table (706a) is configured in the router based on aggregating router keys and associated aggregation related instructions received from a key manager (400,700). Each aggregating router key represents a set of destinations. When a data packet (P) is received comprising an ingress tag derived from a sender key or router key, the ingress tag is matched with entries in the forwarding table. An outgoing port is selected for the packet according to a found matching table entry that further comprises an associated aggregation related instruction. An egress tag is then created according to the aggregation related instruction, and the packet with the created egress tag attached is sent from the selected outgoing port to a next hop router.
摘要翻译：用于支持在分组交换网络的路由器（402,702）中转发所接收的数据分组的方法和装置。基于从密钥管理器（400,700）接收的聚合路由器密钥和相关联的聚合相关指令，在路由器中配置转发表（706a）。每个聚合路由器密钥代表一组目的地。当接收到包含从发送方密钥或路由器密钥导出的入口标签的数据分组（P）时，入口标签与转发表中的条目匹配。根据发现的匹配表条目，为分组选择输出端口，进一步包括相关联的聚合相关指令。然后根据聚合相关指令创建出口标签，并将附加了创建的出口标签的数据包从所选出口端口发送到下一跳路由器。

58. 发明授权

US08649378B2 Method and apparatus for controlling the routing of data packets 有权
标题翻译：控制数据包路由的方法和装置
公开(公告)号：US08649378B2
公开(公告)日：2014-02-11
申请号：US12993674
申请日：2008-05-22
申请人： Lars Westberg , Andras Csaszar , Mats Naslund
发明人： Lars Westberg , Andras Csaszar , Mats Naslund
IPC分类号： H04L12/28 , H04L12/56
CPC分类号： H04L45/00 , H04L47/20 , H04L61/1511 , H04L63/0227 , H04L63/0428 , H04L63/104
摘要： Method and apparatus for controlling the routing of data packets in an IP network (200). A DNS system (202) stores a packet admission policy configured for a first end-host (B) that dictates conditions for allowing other end-hosts to get across data packets to the first end-host or not. A routing voucher is defined which is required for routing data packets to the first end-host. The routing voucher is distributed to routers (R) in the IP network. When an address query is received at the DNS system (202) from a second end-host, the voucher is supplied to the second end-host if the configured policy allows the second end-host to convey data packets. Otherwise, the voucher is not supplied. If allowed, the second end-host will add the routing voucher to any data packets directed to the first end-host. When a valid routing voucher is present in a packet at a router (204) in the network, the packet will be forwarded to the next router in the IP network. The router will otherwise discard the packet.
摘要翻译：控制IP网络中数据分组路由的方法和装置（200）。 DNS系统（202）存储为第一终端主机（B）配置的分组准入策略，其指示允许其他终端主机跨数据分组到达第一终端主机的条件。定义了路由凭证，用于将数据包路由到第一个终端主机。路由凭证分配给IP网络中的路由器（R）。当从第二终端主机在DNS系统（202）处接收到地址查询时，如果所配置的策略允许第二终端主机传送数据分组，则将凭证提供给第二终端主机。否则，不提供凭证。如果允许，则第二个终端主机会将路由凭证添加到指向第一个终端主机的任何数据包。当在网络中的路由器（204）的分组中存在有效的路由凭证时，分组将被转发到IP网络中的下一个路由器。否则路由器将丢弃该数据包。

59. 发明申请

US20130003967A1 Enhanced Key Management For SRNS Relocation 有权
标题翻译：增强SRNS重定位密钥管理
公开(公告)号：US20130003967A1
公开(公告)日：2013-01-03
申请号：US13634920
申请日：2011-03-16
申请人： Karl Norrman , Tomas Hedberg , Mats Naslund
发明人： Karl Norrman , Tomas Hedberg , Mats Naslund
IPC分类号： H04L9/00
CPC分类号： H04L9/08 , H04L63/06 , H04W12/04 , H04W12/08 , H04W36/0038 , H04W36/12
摘要： A method comprises maintaining, in a first node serving a mobile terminal over a connection protected by at least one first key, said first key and information about the key management capabilities of the mobile terminal. Upon relocation of the mobile terminal to a second node the method includes: if, and only if, said key management capabilities indicate an enhanced key management capability supported by the mobile terminal, modifying, by said first node, the first key, thereby creating a second key, sending, from the first node to the second node, the second key, and transmitting to the second node the information about the key management capabilities of the mobile terminal.
摘要翻译：一种方法包括在通过由至少一个第一密钥保护的连接上为移动终端服务的第一节点中保留所述第一密钥和关于移动终端的密钥管理能力的信息。在将移动终端重新定位到第二节点时，该方法包括：如果并且仅当所述密钥管理能力指示由移动终端支持的增强密钥管理能力时，由所述第一节点修改第一密钥，从而创建第二密钥，从第一节点向第二节点发送第二密钥，并向第二节点发送关于移动终端的密钥管理能力的信息。

60. 发明授权

US08295487B2 Method and apparatus for establishing a cryptographic relationship in a mobile communications network 有权
标题翻译：用于在移动通信网络中建立密码关系的方法和装置
公开(公告)号：US08295487B2
公开(公告)日：2012-10-23
申请号：US12744198
申请日：2008-11-21
申请人： Wassim Haddad , Mats Naslund
发明人： Wassim Haddad , Mats Naslund
IPC分类号： G06F21/22
CPC分类号： H04W12/04 , H04L9/3239 , H04L63/0823 , H04L2209/80 , H04L2463/081 , H04W8/082 , H04W12/06 , H04W80/04 , H04W88/02 , H04W88/182
摘要： A method and apparatus for establishing a cryptographic relationship between a first node and a second node in a communications network. The first node receives at least part of a cryptographic attribute of the second node, uses the received at least part of the cryptographic attribute to generate an identifier for the first node. The cryptographic attribute may a public key belonging to the second node, and the identifier may be a Cryptographically Generated IP address. The cryptographic relationship allows the second node to establish with a third node that it is entitled to act on behalf of the first node.
摘要翻译：一种在通信网络中建立第一节点和第二节点之间的密码关系的方法和装置。第一节点接收第二节点的加密属性的至少一部分，使用所接收的至少部分密码属性来生成第一节点的标识符。加密属性可以是属于第二节点的公共密钥，并且该标识符可以是加密生成的IP地址。加密关系允许第二节点与第三节点建立它有权代表第一节点行动。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式