专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20130291071A1 Method and Apparatus for Authenticating a Communication Device 有权
标题翻译：用于认证通信设备的方法和设备
公开(公告)号：US20130291071A1
公开(公告)日：2013-10-31
申请号：US13979476
申请日：2011-07-19
申请人： Rolf Blom , Mats Näslund , Karl Norrman
发明人： Rolf Blom , Mats Näslund , Karl Norrman
IPC分类号： H04L29/06
CPC分类号： H04L63/08 , H04L9/0833 , H04L9/321 , H04L9/3271 , H04L63/104 , H04L63/107 , H04L2209/80 , H04W4/70 , H04W12/06
摘要： According to an aspect of the present invention there is provided a method of operating a communication device, the communication device being part of a group comprising two or more communication devices that share a subscription to a communication network. The method comprises receiving a group authentication challenge from the network, at least part of the group authentication challenge having been generated using group authentication information that is associated with the shared subscription. The device then generates a device specific response to the group authentication challenge using the group authentication information and device specific authentication information and sends the device specific response to the network. The device is for example a member of a machine-type communication device group.
摘要翻译：根据本发明的一个方面，提供了一种操作通信设备的方法，所述通信设备是包括共享对通信网络的订阅的两个或更多个通信设备的组的一部分。该方法包括从网络接收组认证挑战，使用与共享订阅相关联的组认证信息已经生成了组认证挑战的至少一部分。然后，该设备使用组认证信息和设备特定认证信息生成对组认证挑战的设备特定响应，并将设备特定响应发送到网络。该设备例如是机器型通信设备组的成员。

2. 发明授权

US08539564B2 IP multimedia security 有权
标题翻译： IP多媒体安全
公开(公告)号：US08539564B2
公开(公告)日：2013-09-17
申请号：US13254013
申请日：2009-03-04
申请人： Mats Näslund , Rolf Blom , Yi Cheng , Fredrik Lindholm , Karl Norrman
发明人： Mats Näslund , Rolf Blom , Yi Cheng , Fredrik Lindholm , Karl Norrman
IPC分类号： G06F7/04
CPC分类号： H04L63/06 , H04L9/0844 , H04L2209/80 , H04W12/04
摘要： A method of establishing keys for at least partially securing media plane data exchanged between first and second end users via respective first and second media plane network nodes. The method comprises sending session set-up signalling from said first end point towards said second end point, said session set-up signalling including a session key generated by said first end point. The set-up signalling is intercepted at a first signalling plane network node and a determination made as to whether or not a signalling plane key has already been established for securing the signalling plane between said first end point and said first signalling plane network node. If a signalling plane key has already been established, then a media plane key is derived from that signalling plane key, and the media plane key sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node. If a signalling plane key has not already been established, then an alternative media plane key is derived from said session key and sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node.
摘要翻译：一种建立用于经由相应的第一和第二媒体平面网络节点至少部分地保护在第一和第二终端用户之间交换的媒体平面数据的密钥的方法。该方法包括从所述第一端点向所述第二端点发送会话建立信令，所述会话建立信令包括由所述第一端点产生的会话密钥。建立信令在第一信令平面网络节点被拦截，并且确定信令平面密钥是否已被建立用于在所述第一终端和所述第一信令平面网络节点之间保护信令平面。如果已经建立了信令平面密钥，则从该信令平面密钥导出媒体平面密钥，并且将媒体平面密钥发送到所述第一媒体平面网络节点，以将介质平面固定在所述第一终端用户和所述第一媒体之间平面网络节点。如果还没有建立信令平面密钥，则从所述会话密钥导出替代媒体平面密钥，并将其发送到所述第一媒体平面网络节点，以便在所述第一终端用户和所述第一媒体平面网络节点之间保护媒体平面。

3. 发明授权

US09407616B2 Authenticating a device in a network 有权
标题翻译：验证网络中的设备
公开(公告)号：US09407616B2
公开(公告)日：2016-08-02
申请号：US14113047
申请日：2011-04-27
申请人： Karl Norrman , Rolf Blom , Mats Näslund
发明人： Karl Norrman , Rolf Blom , Mats Näslund
IPC分类号： G06F7/04 , G06F15/16 , G06F17/30 , H04L29/06 , H04W12/06
CPC分类号： H04L63/08 , H04L63/062 , H04L63/0876 , H04L63/20 , H04W12/04 , H04W12/06
摘要： There is disclosed a system for authentication of a device in a network by establishing a second security context between the device and a serving network node when a first security context has previously been established, assisted by an authentication server, based on a random value and a secret shared between an identity module associated with the device and the authentication server. First re-use information from the establishment of the first security context is stored at the authentication server and at the device, the first re-use information enabling secure generation of the second security context from the random value and the secret. Second re-use information may be generated or stored at the device. A context regeneration request is generated at the device, the context regeneration request authenticated at least partly based on the secret. The context regeneration request is sent to the serving network node. The context regeneration request is sent from the serving network node to the authentication server. The context regeneration request is verified at the authentication server. The second security context is generated at the authentication server based on at least the secret, the random value, and the first and second re-use information. The second security context is communicated from the authentication server to the serving network node.
摘要翻译：公开了一种用于通过基于随机值和由认证服务器辅助的先前建立第一安全上下文而在设备和服务网络节点之间建立第二安全上下文的网络中的设备的认证系统。在与设备相关联的身份模块和认证服务器之间共享秘密。来自建立第一安全上下文的第一重新使用信息被存储在认证服务器和设备处，第一重用信息使得能够从随机值和秘密安全地生成第二安全上下文。可以在设备处生成或存储第二重用信息。在设备上生成上下文再生请求，上下文再生请求至少部分地基于秘密进行认证。上下文再生请求被发送到服务网络节点。上下文再生请求从服务网络节点发送到认证服务器。认证服务器验证上下文再生请求。至少基于秘密，随机值以及第一和第二再利用信息，在认证服务器产生第二安全上下文。第二安全上下文从认证服务器传送到服务网络节点。

4. 发明授权

US08811987B2 Method and arrangement for creation of association between user equipment and an access point 有权
标题翻译：用于创建用户设备和接入点之间的关联的方法和装置
公开(公告)号：US08811987B2
公开(公告)日：2014-08-19
申请号：US13140818
申请日：2008-12-19
申请人： Göran Selander , Jari Vikberg , Karl Norrman , Rolf Blom , Mats Näslund
发明人： Göran Selander , Jari Vikberg , Karl Norrman , Rolf Blom , Mats Näslund
IPC分类号： H04M1/66 , H04M3/00 , H04W4/00
CPC分类号： H04W12/08 , H04L63/101 , H04W84/045
摘要： Methods, apparatus, and computer program products for creating an association between a first user equipment and at least one access point assisted by a registration server in a telecommunication network are disclosed. The registration server responds to a first contact request carried out using a first association number for the access point, provided by the first user equipment, receives a first association request for the association with the access point, provided by the first user equipment, authorizes the first association request based on a first authorization information provided by the first user equipment; registers the association between the first user equipment and the access point responsive to authorization of the first association request. The first user equipment is associated with the access point and the association is administered by the registration server.
摘要翻译：公开了用于在第一用户设备和由电信网络中的注册服务器辅助的至少一个接入点之间建立关联的方法，设备和计算机程序产品。注册服务器响应由第一用户设备提供的接入点的第一关联号码执行的第一联系请求，接收由第一用户设备提供的与接入点的关联的第一关联请求，授权基于由第一用户设备提供的第一授权信息的第一关联请求; 响应于第一关联请求的授权，注册第一用户设备和接入点之间的关联。第一用户设备与接入点相关联，该关联由注册服务器管理。

5. 发明申请

US20120198527A1 IP Multimedia Security 有权
标题翻译： IP多媒体安全
公开(公告)号：US20120198527A1
公开(公告)日：2012-08-02
申请号：US13254013
申请日：2009-03-04
申请人： Mats Näslund , Rolf Blom , Yi Cheng , Fredrik Lindholm , Karl Norrman
发明人： Mats Näslund , Rolf Blom , Yi Cheng , Fredrik Lindholm , Karl Norrman
IPC分类号： G06F21/20
CPC分类号： H04L63/06 , H04L9/0844 , H04L2209/80 , H04W12/04
摘要： A method of establishing keys for at least partially securing media plane data exchanged between first and second end users via respective first and second media plane network nodes. The method comprises sending session set-up signalling from said first end point towards said second end point, said session set-up signalling including a session key generated by said first end point. The set-up signalling is intercepted at a first signalling plane network node and a determination made as to whether or not a signalling plane key has already been established for securing the signalling plane between said first end point and said first signalling plane network node. If a signalling plane key has already been established, then a media plane key is derived from that signalling plane key, and the media plane key sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node. If a signalling plane key has not already been established, then an alternative media plane key is derived from said session key and sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node.
摘要翻译：一种建立用于经由相应的第一和第二媒体平面网络节点至少部分地保护在第一和第二终端用户之间交换的媒体平面数据的密钥的方法。该方法包括从所述第一端点向所述第二端点发送会话建立信令，所述会话建立信令包括由所述第一端点产生的会话密钥。建立信令在第一信令平面网络节点被拦截，并且确定信令平面密钥是否已被建立用于在所述第一终端和所述第一信令平面网络节点之间保护信令平面。如果已经建立了信令平面密钥，则从该信令平面密钥导出媒体平面密钥，并且将媒体平面密钥发送到所述第一媒体平面网络节点，以将介质平面固定在所述第一终端用户和所述第一媒体之间平面网络节点。如果还没有建立信令平面密钥，则从所述会话密钥导出替代媒体平面密钥，并将其发送到所述第一媒体平面网络节点，以便在所述第一终端用户和所述第一媒体平面网络节点之间保护媒体平面。

6. 发明授权

US09106409B2 Method and apparatus for handling keys used for encryption and integrity 有权
标题翻译：用于处理用于加密和完整性的密钥的方法和装置
公开(公告)号：US09106409B2
公开(公告)日：2015-08-11
申请号：US11726527
申请日：2007-03-22
申请人： Rolf Blom , Karl Norrman , Mats Näslund
发明人： Rolf Blom , Karl Norrman , Mats Näslund
IPC分类号： H04L9/08 , H04L29/06 , H04W12/04
CPC分类号： H04L63/062 , H04L9/0844 , H04L9/0891 , H04L2209/80 , H04W12/04
摘要： A method and an arrangement for providing keys for protecting communication between a terminal (300) and service points in a communication network. A basic key (Ik) is first established with a service control node (304) when the terminal has entered the network. An initial modified key (Ik1) is then created in both the service control node and the terminal, by applying a predetermined first function (f) to at least the basic key and an initial value of a key version parameter (v). The initial modified key is sent to a first service point (302), such that it can be used to protect communication between the terminal and the first service point. When the terminal switches to a second service point (306), the first service point and the terminal both create a second modified key (Ik2) by applying a predetermined second function (g) to the initial modified key, and the first service point sends the second modified key to the second service point.
摘要翻译：一种用于提供用于保护终端（300）与通信网络中的服务点之间的通信的密钥的方法和装置。当终端进入网络时，首先与服务控制节点（304）建立基本密钥（Ik）。然后，通过将预定的第一函数（f）应用于至少基本密钥和密钥版本参数（v）的初始值，在服务控制节点和终端两者中创建初始修改密钥（Ik1）。初始修改的密钥被发送到第一服务点（302），使得其可以用于保护终端和第一服务点之间的通信。当终端切换到第二服务点（306）时，第一服务点和终端都通过对初始修改密钥应用预定的第二功能（g）来创建第二修改密钥（Ik2），并且第一服务点发送第二个修改密钥到第二个服务点。

7. 发明授权

US07917946B2 Method and network for securely delivering streaming data 有权
标题翻译：用于安全地传送流数据的方法和网络
公开(公告)号：US07917946B2
公开(公告)日：2011-03-29
申请号：US10472526
申请日：2002-04-10
申请人： Fredrik Lindholm , Rolf Blom , Karl Norrman , Göran Selander , Mats Näslund
发明人： Fredrik Lindholm , Rolf Blom , Karl Norrman , Göran Selander , Mats Näslund
IPC分类号： G06F17/00 , G06F17/30 , G06F12/14 , G06F15/16 , G06F15/173 , H04N7/16 , H04N7/167 , H04L29/06 , H04L9/32 , H04L9/08 , H04L9/00 , H04K1/00
CPC分类号： H04L63/0442 , G06F21/10 , G06F2221/0737 , G06F2221/0797 , H04L29/06027 , H04L63/0807 , H04L65/4084 , H04L65/607 , H04L65/608 , H04L67/14
摘要： In a procedure for delivering streaming media, a Client first requests the media from an Order Server. The Order Server authenticates the Client and sends a ticket to the Client. Then, the Client sends the ticket to a Streaming Server. The Streaming Server checks the ticket for validity and if found valid encrypts the streaming data using a standardized real-time protocol such as the SRTP and transmits the encrypted data to the Client. The Client receives the data and decrypts them. Copyrighted material adapted to streaming can be securely delivered to the Client. The robust protocol used is very well suited for in particular wireless clients and similar devices having a low capacity such as cellular telephones and PDAs.
摘要翻译：在提供流媒体的过程中，客户端首先从订单服务器请求媒体。订单服务器对客户端进行身份验证，并向客户端发送故障单。然后，客户端将票证发送到流服务器。流服务器检查故障单的有效性，如果发现有效，则使用标准化的实时协议（如SRTP）对流数据进行加密，并将加密的数据发送到客户端。客户端接收数据并对其进行解密。适用于流媒体的版权材料可以安全地传递给客户端。所使用的鲁棒协议非常适合于具有低容量的特定无线客户端和类似设备，例如蜂窝电话和PDA。

8. 发明申请

US20110047209A1 METHOD AND NETWORK FOR DELIVERING STREAMING DATA 有权
标题翻译：提供数据流的方法和网络
公开(公告)号：US20110047209A1
公开(公告)日：2011-02-24
申请号：US12895242
申请日：2010-09-30
申请人： Fredrik LINDHOLM , Rolf Blom , Karl Norrman , Göran Selander , Mats NÄSLUND
发明人： Fredrik LINDHOLM , Rolf Blom , Karl Norrman , Göran Selander , Mats NÄSLUND
IPC分类号： G06F15/16
CPC分类号： H04L63/0442 , G06F21/10 , G06F2221/0737 , G06F2221/0797 , H04L29/06027 , H04L63/0807 , H04L65/4084 , H04L65/607 , H04L65/608 , H04L67/14
摘要： In a procedure for delivering streaming media, a Client first requests the media from an Order Server. The Order Server authenticates the Client and sends a ticket to the Client. Then, the Client sends the ticket to a Streaming Server. The Streaming Server checks the ticket for validity and if found valid encrypts the streaming data using a standardized real-time protocol such as the SRTP and transmits the encrypted data to the Client. The Client receives the data and decrypts them. Copyrighted material adapted to streaming can be securely delivered to the Client. The robust protocol used is very well suited for in particular wireless clients and similar devices having a low capacity such as cellular telephones and PDAs.
摘要翻译：在提供流媒体的过程中，客户端首先从订单服务器请求媒体。订单服务器对客户端进行身份验证，并向客户端发送故障单。然后，客户端将票证发送到流服务器。流服务器检查故障单的有效性，并且如果发现有效使用诸如SRTP的标准化实时协议对流数据进行加密，并将加密的数据发送到客户端。客户端接收数据并对其进行解密。适用于流媒体的版权材料可以安全地传递给客户端。所使用的鲁棒协议非常适合于具有低容量的特定无线客户端和类似设备，例如蜂窝电话和PDA。

9. 发明授权

US09253178B2 Method and apparatus for authenticating a communication device 有权
标题翻译：用于认证通信设备的方法和设备
公开(公告)号：US09253178B2
公开(公告)日：2016-02-02
申请号：US13979476
申请日：2011-07-19
申请人： Rolf Blom , Mats Näslund , Karl Norrman
发明人： Rolf Blom , Mats Näslund , Karl Norrman
IPC分类号： H04L29/00 , H04L29/06 , H04L9/08 , H04L9/32 , H04W12/06 , H04W4/00
CPC分类号： H04L63/08 , H04L9/0833 , H04L9/321 , H04L9/3271 , H04L63/104 , H04L63/107 , H04L2209/80 , H04W4/70 , H04W12/06
摘要： According to an aspect of the present invention there is provided a method of operating a communication device, the communication device being part of a group comprising two or more communication devices that share a subscription to a communication network. The method comprises receiving a group authentication challenge from the network, at least part of the group authentication challenge having been generated using group authentication information that is associated with the shared subscription. The device then generates a device specific response to the group authentication challenge using the group authentication information and device specific authentication information and sends the device specific response to the network. The device is for example a member of a machine-type communication device group.
摘要翻译：根据本发明的一个方面，提供了一种操作通信设备的方法，所述通信设备是包括共享对通信网络的订阅的两个或更多个通信设备的组的一部分。该方法包括从网络接收组认证挑战，使用与共享订阅相关联的组认证信息已经生成了组认证挑战的至少一部分。然后，该设备使用组认证信息和设备特定认证信息生成对组认证挑战的设备特定响应，并将设备特定响应发送到网络。该设备例如是机器型通信设备组的成员。

10. 发明申请

US20140096193A1 ACCESS THROUGH NON-3GPP ACCESS NETWORKS 有权
标题翻译：通过非3GPP接入网络访问
公开(公告)号：US20140096193A1
公开(公告)日：2014-04-03
申请号：US14090828
申请日：2013-11-26
申请人： Mats Näslund , Jari Arkko , Rolf Blom , Vesa Petteri Lehtovirta , Karl Norrman , Stefan Rommer , Bengt Sahlin
发明人： Mats Näslund , Jari Arkko , Rolf Blom , Vesa Petteri Lehtovirta , Karl Norrman , Stefan Rommer , Bengt Sahlin
IPC分类号： H04L29/06
CPC分类号： H04W12/06 , G06F21/30 , H04L63/0272 , H04L63/08 , H04L63/0892 , H04L63/1433 , H04L63/162 , H04L63/164 , H04L63/20 , H04W60/00 , H04W72/0493
摘要： When setting up communication from a user equipment UE (1), such as for providing IP access for the UE in order to allow it to use some service, information or an indication of at least one network property relating to a first network, e.g. the current access network (3, 3′), is sent to the UE from a node (13) in a second network such as the home network (5) of the subscriber of the UE. The information or indication can be sent in a first stage of an authentication procedure being part of the setting up of a connection from the UE. In particular, the network property can indicate whether the access network (3, 3′) is trusted or not.
摘要翻译：当从用户设备UE（1）建立通信时，例如用于为UE提供IP接入，以便允许其使用与第一网络相关的一些服务，信息或至少一个网络属性的指示，例如，当前接入网络（3,3'）从诸如UE的用户的归属网络（5）的第二网络中的节点（13）发送到UE。可以在认证过程的第一阶段中发送信息或指示，这是作为来自UE的连接的建立的一部分。特别地，网络属性可以指示接入网络（3,3'）是否被信任。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式