专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US09668139B2 Secure negotiation of authentication capabilities 有权
公开(公告)号：US09668139B2
公开(公告)日：2017-05-30
申请号：US12463461
申请日：2009-05-11
申请人： Kiran Thakare , Per Ernström , Mats Näslund
发明人： Kiran Thakare , Per Ernström , Mats Näslund
IPC分类号： H04L29/06 , H04W12/12 , H04W12/06 , H04W88/08
CPC分类号： H04W12/12 , H04L63/123 , H04L63/205 , H04W12/06 , H04W88/08
摘要： A network (20) comprises an authenticator node (22) and a server (24) such as an authentication, authorization, and accounting (AAA) server. A method comprises a terminal (30) sending authentication capabilities information (AC) across a network access interface (32) to the network (the authentication capabilities information provides an indication of authentication capabilities of the terminal). The network (20) then uses the authentication capabilities information to determine a first cryptographic value. The terminal (30) then uses the authentication capabilities information to determine a second cryptographic value. The network (20) compares the first cryptographic value and the second cryptographic value to authenticate the terminal.

2. 发明授权

US09226140B2 Security feature negotiation between network and user terminal 有权
标题翻译：网络和用户终端之间的安全功能协商
公开(公告)号：US09226140B2
公开(公告)日：2015-12-29
申请号：US13498154
申请日：2009-09-28
申请人： Thomas Johansson , Håkan Englund , Mats Näslund
发明人： Thomas Johansson , Håkan Englund , Mats Näslund
IPC分类号： H04M1/66 , H04W12/02 , H04W12/04 , H04W12/12
CPC分类号： H04W48/16 , H04J11/00 , H04L9/3242 , H04W12/02 , H04W12/04 , H04W12/08 , H04W12/12 , H04W76/10 , H04W88/02
摘要： A Mobile Station (MS), a Base Station System (BSS) and a Mobile Switching Center (MSC) of a cellular network, such as GSM, are disclosed. According to one embodiment, the MS is arranged to carry out one or more security features in its communication with the network. For example, the MS may be arranged to: • by means of information received in a signalling message (0) from the network, discover if the network supports one or more of said security features, • exchange information with the network in order to enable the use of one or more of the above-mentioned supported security features in the communication, • carry out at least one of the one or more of the supported security features in the communication with the network.
摘要翻译：公开了诸如GSM的蜂窝网络的移动站（MS），基站系统（BSS）和移动交换中心（MSC）。根据一个实施例，MS被布置为在与网络的通信中执行一个或多个安全特征。例如，MS可以被布置为：通过从网络在信令消息（0）中接收到的信息，发现网络是否支持一个或多个所述安全特征，•与网络交换信息，以便能够在通信中使用一个或多个上述支持的安全特征，•在与网络的通信中执行所支持的一个或多个安全特征中的至少一个。

3. 发明授权

US08934892B2 Methods and arrangements for direct mode communication 有权
标题翻译：直接模式通信的方法和安排
公开(公告)号：US08934892B2
公开(公告)日：2015-01-13
申请号：US13703677
申请日：2010-06-22
申请人： Göran Selander , Konstantinos Dimou , Johan Lundsjö , Micael Martell , Gunnar Mildh , Mats Näslund
发明人： Göran Selander , Konstantinos Dimou , Johan Lundsjö , Micael Martell , Gunnar Mildh , Mats Näslund
IPC分类号： H04W4/00 , H04W76/02
CPC分类号： H04W4/008 , H04W4/80 , H04W76/14
摘要： A method in a first user equipment (UE 1) connectable to a second user equipment (UE 2) via a communication network or via a direct radio communication link, of using a direct radio communication link for communication between the UEs is initiated when one of the UEs receives probe signaling information comprising a first probe token via the communication network. The UEs exchange probe signaling messages including a second and/or the first probe token at least partly according to the probe signaling information, such that one of the UEs can compare the probe tokens, generate a probing report and provide the probing report to the communication network, or to the opposite UE for evaluation in case of a successful comparison and such that a direct radio communication link can be used for communication with UE 2 in response to receiving instructions to use the second direct radio communication link from the entity by which the probing report was evaluated.
摘要翻译：当通过通信网络或经由直接无线电通信链路连接到第二用户设备（UE 2）的第一用户设备（UE 1）中使用直接无线电通信链路用于UE之间的通信的方法被启动， UE经由通信网络接收包括第一探测令牌的探测信令信息。 UE至少部分地根据探测信令信息来交换包括第二和/或第一探测令牌的探测信令消息，使得UE中的一个可以比较探测令牌，生成探测报告并向通信提供探测报告网络或相对的UE进行评估，以便在成功比较的情况下进行评估，并且使得直接无线电通信链路可以用于响应于接收到使用来自所述实体的第二直接无线电通信链路的指令与UE 2通信，探测报告进行了评估。

4. 发明申请

US20140196127A1 Service Access Authentication Method and System 有权
标题翻译：服务访问认证方法和系统
公开(公告)号：US20140196127A1
公开(公告)日：2014-07-10
申请号：US14125859
申请日：2012-06-13
申请人： Bernard Smeets , Mats Näslund
发明人： Bernard Smeets , Mats Näslund
IPC分类号： H04L29/06
CPC分类号： H04L63/08 , H04L63/0815 , H04L63/0884
摘要： An access authentication system for authenticating a subscriber of a service, the access authentication system comprising an operator access authentication system and one or more private access authentication systems, each private access authentication system being communicatively connectable with the operator access authentication system, the operator access authentication system being adapted to provide one or more authentication functions for facilitating authentication of subscribers of the service based on respective subscriber authentication data items associated with credentials of the subscriber; wherein each private access authentication system is adapted to communicate one or more subscriber authentication data items to said operator access authentication system; and wherein each private access authentication system is further adapted to communicate one or more verification data items indicative of the private access authentication system operating in at least one predetermined state.
摘要翻译：一种用于认证服务订户的接入认证系统，所述接入认证系统包括操作者接入认证系统和一个或多个专用接入认证系统，每个专用接入认证系统与所述接入认证系统可通信地连接，所述接入认证系统系统适于提供一个或多个认证功能，用于基于与所述订户的凭证相关联的相应订户认证数据项促进所述服务的订户的认证; 其中每个专用接入认证系统适于将一个或多个用户认证数据项传送到所述操作员接入认证系统; 并且其中每个专用接入认证系统进一步适于通信指示在至少一个预定状态下操作的私有接入认证系统的一个或多个验证数据项。

5. 发明授权

US08630415B2 Method and apparatus for authentication service application processes during service reallocation in high availability clusters 有权
标题翻译：高可用性集群服务重新分配过程中认证服务应用程序的方法和装置
公开(公告)号：US08630415B2
公开(公告)日：2014-01-14
申请号：US12020185
申请日：2008-01-25
申请人： Makan Pourzandi , Frederic Rossi , Mats Näslund
发明人： Makan Pourzandi , Frederic Rossi , Mats Näslund
IPC分类号： H04K1/00
CPC分类号： G06F11/1482 , G06F9/468 , G06F11/2025 , G06F11/203
摘要： A method and communication node for providing secure communications and services in a High Availability (HA) cluster. The communication node comprises an Operating System (OS) that detects an unavailability of a first service application process and switches a second service application process from the first state to the second state, the second service application being selected for taking over service currently provided from the first service application process, the first state and the second state each being associated to a set of rights in the cluster. The OS generates a private key for the second service application process based on its second state. The set of rights associated to the second state allows the OS to replace the first service application process with the second service application process for providing secure communications between the second service application and other service application processes in the HA cluster.
摘要翻译：一种用于在高可用性（HA）集群中提供安全通信和服务的方法和通信节点。通信节点包括检测第一服务应用进程的不可用性的操作系统（OS），并且将第二服务应用进程从第一状态切换到第二状态，第二服务应用被选择用于接管目前从第一服务应用进程，第一状态和第二状态各自与集群中的一组权限相关联。操作系统基于其第二状态为第二服务应用进程生成私钥。与第二状态相关联的一组权限允许OS用第二服务应用进程替换第一服务应用进程，以在第二服务应用和HA群集中的其他服务应用进程之间提供安全通信。

6. 发明授权

US08576845B2 Method and apparatus for avoiding unwanted data packets 有权
标题翻译：用于避免不需要的数据分组的方法和装置
公开(公告)号：US08576845B2
公开(公告)日：2013-11-05
申请号：US13059515
申请日：2008-08-22
申请人： András Császár , Lars Westberg , Mats Näslund , Lars G. Magnusson
发明人： András Császár , Lars Westberg , Mats Näslund , Lars G. Magnusson
IPC分类号： H04L12/26
CPC分类号： H04L45/00 , H04L9/083 , H04L29/12066 , H04L29/12207 , H04L45/50 , H04L61/1511 , H04L61/20 , H04L63/08 , H04L63/14
摘要： Method and apparatus for controlling transmission of data packets in a packet-switched network. When a first end-host (A) sends an address query to a DNS system (300) for a second end-host, the DNS system responds by providing a sender key created from a destination key registered for the second end-host, if the first end-host is authorized to send packets to the second end-host. Thereby, the first end-host, if authorized, is able to get across data packets to the second end-host by attaching a sender tag (TAG) generated from the sender key, as ingress tag to each transmitted data packet. A router (302) in the network matches an ingress tag in a received packet with entries in a forwarding table and sends out the packet on an output port (X) according to a matching entry. Otherwise, the router discards the packet if no matching entry is found in the table.
摘要翻译：用于控制分组交换网络中数据分组传输的方法和装置。当第一终端主机（A）向第二终端主机的DNS系统（300）发送地址查询时，DNS系统通过提供从为第二终端主机注册的目的地密钥创建的发送者密钥进行响应，如果第一个终端主机被授权将数据包发送到第二个终端主机。因此，如果授权，第一终端主机能够通过将从发送方密钥生成的发送者标签（TAG）作为入口标签附加到每个发送的数据分组，来跨越数据分组到达第二终端主机。网络中的路由器（302）将接收到的分组中的入口标签与转发表中的条目匹配，并根据匹配条目在输出端口（X）上发送分组。否则，如果表中没有匹配的条目，路由器将丢弃该数据包。

7. 发明申请

US20110296489A1 SELECTION OF SUCCESSIVE AUTHENTICATION METHODS 有权
标题翻译：选择成功认证方法
公开(公告)号：US20110296489A1
公开(公告)日：2011-12-01
申请号：US12809471
申请日：2007-12-20
申请人： Susana Fernandez Alonso , Mats Näslund , John Michael Walker
发明人： Susana Fernandez Alonso , Mats Näslund , John Michael Walker
IPC分类号： H04L9/32 , G06F21/00
CPC分类号： H04L63/08 , H04L63/205 , H04L65/1006 , H04L65/1016 , H04L65/1069 , H04W12/06 , H04W80/10
摘要： A method of authenticating a user who is a subscriber of a home network, authenticated in a first network, for accessing a service in a second network. This method includes: authenticating the user in the first network with a first authentication method selected in an authentication server; reserving resources for the service towards a rules enforcement device; requesting control rules for the resources towards a control rules server; submitting towards the control rules server information about the first authentication method; determining at the control rules server whether a further authentication of the user with a further authentication method is required; and instructing from the control rules server towards the authentication server to force the further authentication of the user with the further authentication method.
摘要翻译：一种验证作为家庭网络的用户的用户的方法，在第一网络中被认证用于访问第二网络中的服务。该方法包括：使用在认证服务器中选择的第一认证方法认证第一网络中的用户; 为服务规定执行设备预留资源; 向控制规则服务器请求资源的控制规则; 向控制规则服务器提交关于第一认证方法的信息; 在控制规则服务器处确定是否需要使用另外的认证方法的用户的进一步认证; 并且从控制规则服务器向认证服务器指示，以强制用户进一步认证另外的认证方法。

8. 发明申请

US20110093919A1 Method and Apparatus for Determining an Authentication Procedure 有权
标题翻译：用于确定认证过程的方法和装置
公开(公告)号：US20110093919A1
公开(公告)日：2011-04-21
申请号：US12521717
申请日：2007-01-04
申请人： Mats Näslund , John Michael Walker
发明人： Mats Näslund , John Michael Walker
IPC分类号： G06F21/20 , G06F15/16 , H04W12/06
CPC分类号： H04L63/20 , H04L63/0892 , H04W12/04 , H04W12/06 , H04W84/00
摘要： A server for managing the authentication of clients that are subscribers of a home domain within which the server is located, the server comprising means for determining whether a client that is attached to a visited domain is to be authenticated by the home domain or by said visited domain, and for signalling the result to said visited domain.
摘要翻译：一种用于管理作为服务器所在的归属域的订户的客户端的认证的服务器，所述服务器包括用于确定附接到被访问域的客户端是否将被所述归属域或所述被访问者认证的装置域，并将结果用信号通知所述访问域。

9. 发明授权

US07382881B2 Lawful interception of end-to-end encrypted data traffic 有权
标题翻译：合法截取端到端加密数据流量
公开(公告)号：US07382881B2
公开(公告)日：2008-06-03
申请号：US10497568
申请日：2002-12-06
申请人： Ilkka Uusitalo , Pasi Ahonen , Rolf Blom , Boman Krister , Mats Näslund
发明人： Ilkka Uusitalo , Pasi Ahonen , Rolf Blom , Boman Krister , Mats Näslund
IPC分类号： H04L9/00
CPC分类号： H04L63/06 , H04L9/0841 , H04L9/0869 , H04L63/0428 , H04L63/08 , H04L63/306
摘要： A method of facilitating the lawful interception of an IP session between two or more terminals 12,13, wherein session uses encryption to secure traffic. The method includes storing a key allocated to at least one of terminals 12,13 or to at least one of the subscribers using one of the terminals 12,13, at the terminal 12,13 and at a node 5,8 within a network 1,6 through which session is conducted, or a node coupled to that network. Prior to the creation of session, a seed value is exchanged between the terminal 12,13 at which the key is stored and node 5,8. The key and the seed value are used at both the terminal 12,13 and the node 5,8 to generate a pre-master key. The pre-master key becomes known to each of the terminals 12,13 involved in the IP session and to the network node 5,8. The pre-master key is used, directly or indirectly, to encrypt and decrypt traffic associated with IP session.
摘要翻译：一种促进在两个或多个终端12,13之间合法拦截IP会话的方法，其中会话使用加密来保证业务。该方法包括：在终端12,13和网络1内的节点5,8处，存储分配给终端12,13中的至少一个或至少一个用户的密钥，6通过其进行会话，或者耦合到该网络的节点。在创建会话之前，在存储密钥的终端12,13和节点5,8之间交换种子值。密钥和种子值都在终端12,13和节点5,8两端使用以产生预先主密钥。对于IP会话中涉及的每个终端12,13和网络节点5,8，预先主密钥变得已知。直接或间接地使用预先主密钥来加密和解密与IP会话相关联的流量。

10. 发明授权

US09432349B2 Service access authentication method and system 有权
标题翻译：服务访问认证方法和系统
公开(公告)号：US09432349B2
公开(公告)日：2016-08-30
申请号：US14125859
申请日：2012-06-13
申请人： Bernard Smeets , Mats Näslund
发明人： Bernard Smeets , Mats Näslund
IPC分类号： H04L29/06
CPC分类号： H04L63/08 , H04L63/0815 , H04L63/0884
摘要： An access authentication system for authenticating a subscriber of a service, the access authentication system comprising an operator access authentication system and one or more private access authentication systems, each private access authentication system being communicatively connectable with the operator access authentication system, the operator access authentication system being adapted to provide one or more authentication functions for facilitating authentication of subscribers of the service based on respective subscriber authentication data items associated with credentials of the subscriber; wherein each private access authentication system is adapted to communicate one or more subscriber authentication data items to said operator access authentication system; and wherein each private access authentication system is further adapted to communicate one or more verification data items indicative of the private access authentication system operating in at least one predetermined state.
摘要翻译：一种用于认证服务订户的接入认证系统，所述接入认证系统包括操作者接入认证系统和一个或多个专用接入认证系统，每个专用接入认证系统与所述接入认证系统可通信地连接，所述接入认证系统系统适于提供一个或多个认证功能，用于基于与所述订户的凭证相关联的相应订户认证数据项促进所述服务的订户的认证; 其中每个专用接入认证系统适于将一个或多个用户认证数据项传送到所述操作员接入认证系统; 并且其中每个专用接入认证系统进一步适于通信指示在至少一个预定状态下操作的私有接入认证系统的一个或多个验证数据项。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式