专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US09668139B2 Secure negotiation of authentication capabilities 有权
公开(公告)号：US09668139B2
公开(公告)日：2017-05-30
申请号：US12463461
申请日：2009-05-11
申请人： Kiran Thakare , Per Ernström , Mats Näslund
发明人： Kiran Thakare , Per Ernström , Mats Näslund
IPC分类号： H04L29/06 , H04W12/12 , H04W12/06 , H04W88/08
CPC分类号： H04W12/12 , H04L63/123 , H04L63/205 , H04W12/06 , H04W88/08
摘要： A network (20) comprises an authenticator node (22) and a server (24) such as an authentication, authorization, and accounting (AAA) server. A method comprises a terminal (30) sending authentication capabilities information (AC) across a network access interface (32) to the network (the authentication capabilities information provides an indication of authentication capabilities of the terminal). The network (20) then uses the authentication capabilities information to determine a first cryptographic value. The terminal (30) then uses the authentication capabilities information to determine a second cryptographic value. The network (20) compares the first cryptographic value and the second cryptographic value to authenticate the terminal.

2. 发明申请

US20100064135A1 Secure Negotiation of Authentication Capabilities 有权
标题翻译：认证能力的安全谈判
公开(公告)号：US20100064135A1
公开(公告)日：2010-03-11
申请号：US12463461
申请日：2009-05-11
申请人： Kiran Thakare , Per ERNSTRÖM , Mats Näslund
发明人： Kiran Thakare , Per ERNSTRÖM , Mats Näslund
IPC分类号： H04L9/32 , H04L29/06
CPC分类号： H04W12/12 , H04L63/123 , H04L63/205 , H04W12/06 , H04W88/08
摘要： A network (20) comprises an authenticator node (22) and a server (24) such as an authentication, authorization, and accounting (AAA) server. A method comprises a terminal (30) sending authentication capabilities information (AC) across a network access interface (32) to the network (the authentication capabilities information provides an indication of authentication capabilities of the terminal). The network (20) then uses the authentication capabilities information to determine a first cryptographic value. The terminal (30) then uses the authentication capabilities information to determine a second cryptographic value. The network (20) compares the first cryptographic value and the second cryptographic value to authenticate the terminal.
摘要翻译：网络（20）包括认证器节点（22）和诸如认证，授权和计费（AAA）服务器的服务器（24）。一种方法包括：终端（30）通过网络访问接口（32）向网络发送认证能力信息（AC）（认证能力信息提供终端的认证能力的指示）。网络（20）然后使用认证能力信息来确定第一密码值。终端（30）然后使用认证能力信息来确定第二密码值。网络（20）比较第一密码值和第二密码值以验证终端。

3. 发明授权

US09432349B2 Service access authentication method and system 有权
标题翻译：服务访问认证方法和系统
公开(公告)号：US09432349B2
公开(公告)日：2016-08-30
申请号：US14125859
申请日：2012-06-13
申请人： Bernard Smeets , Mats Näslund
发明人： Bernard Smeets , Mats Näslund
IPC分类号： H04L29/06
CPC分类号： H04L63/08 , H04L63/0815 , H04L63/0884
摘要： An access authentication system for authenticating a subscriber of a service, the access authentication system comprising an operator access authentication system and one or more private access authentication systems, each private access authentication system being communicatively connectable with the operator access authentication system, the operator access authentication system being adapted to provide one or more authentication functions for facilitating authentication of subscribers of the service based on respective subscriber authentication data items associated with credentials of the subscriber; wherein each private access authentication system is adapted to communicate one or more subscriber authentication data items to said operator access authentication system; and wherein each private access authentication system is further adapted to communicate one or more verification data items indicative of the private access authentication system operating in at least one predetermined state.
摘要翻译：一种用于认证服务订户的接入认证系统，所述接入认证系统包括操作者接入认证系统和一个或多个专用接入认证系统，每个专用接入认证系统与所述接入认证系统可通信地连接，所述接入认证系统系统适于提供一个或多个认证功能，用于基于与所述订户的凭证相关联的相应订户认证数据项促进所述服务的订户的认证; 其中每个专用接入认证系统适于将一个或多个用户认证数据项传送到所述操作员接入认证系统; 并且其中每个专用接入认证系统进一步适于通信指示在至少一个预定状态下操作的私有接入认证系统的一个或多个验证数据项。

4. 发明授权

US08837729B2 Method and apparatus for ensuring privacy in communications between parties 有权
标题翻译：确保双方之间沟通的隐私的方法和设备
公开(公告)号：US08837729B2
公开(公告)日：2014-09-16
申请号：US11883879
申请日：2006-02-10
申请人： Pekka Nikander , Jari Arrko , Mats Näslund
发明人： Pekka Nikander , Jari Arrko , Mats Näslund
IPC分类号： H04L9/00 , H04L9/08 , H04L29/06 , H04W12/04
CPC分类号： H04L63/0414 , H04L9/0844 , H04L63/0272 , H04L63/164 , H04L2209/38 , H04L2209/80 , H04W12/02 , H04W12/04
摘要： A method of improving privacy by hiding, in an ordered sequence of messages M[x(1), D(1)], M[x(2), D(2)], etc, communicated between a first and at least one second party sharing a key k, metadata x(i) descriptive of message processing, wherein D(i) denotes payload data. The method comprises the first and the second party agreeing on a pseudo random mapping depending on a shared key k, Fk, mapping at least x(i) to y(i), and the first party modifying the messages by replacing x(i) by y(i) in each message M(x(i), D(i)). The first party then transmits the modified messages maintaining their original order, and on reception of a message M(y(m), D), the second party uses a mapping Gk to retrieve position m of received value and the original value x(m).
摘要翻译：一种通过以有序的消息M [x（1），D（1）]，M [x（2），D（2）]等的顺序隐藏来提高隐私的方法，在第一和至少一个共享密钥k的第二方，元数据x（i）描述消息处理，其中D（i）表示有效载荷数据。该方法包括第一方和第二方根据共享密钥k，F k映射到至少x（i）至y（i）的伪随机映射，并且第一方通过替换x（i）来修改消息，在每个消息M（x（i），D（i））中由y（i）表示。第一方然后发送修改的消息保持其原始顺序，并且在接收到消息M（y（m），D）时，第二方使用映射G k来检索接收值的位置m，并且原始值x ）。

5. 发明申请

US20130291071A1 Method and Apparatus for Authenticating a Communication Device 有权
标题翻译：用于认证通信设备的方法和设备
公开(公告)号：US20130291071A1
公开(公告)日：2013-10-31
申请号：US13979476
申请日：2011-07-19
申请人： Rolf Blom , Mats Näslund , Karl Norrman
发明人： Rolf Blom , Mats Näslund , Karl Norrman
IPC分类号： H04L29/06
CPC分类号： H04L63/08 , H04L9/0833 , H04L9/321 , H04L9/3271 , H04L63/104 , H04L63/107 , H04L2209/80 , H04W4/70 , H04W12/06
摘要： According to an aspect of the present invention there is provided a method of operating a communication device, the communication device being part of a group comprising two or more communication devices that share a subscription to a communication network. The method comprises receiving a group authentication challenge from the network, at least part of the group authentication challenge having been generated using group authentication information that is associated with the shared subscription. The device then generates a device specific response to the group authentication challenge using the group authentication information and device specific authentication information and sends the device specific response to the network. The device is for example a member of a machine-type communication device group.
摘要翻译：根据本发明的一个方面，提供了一种操作通信设备的方法，所述通信设备是包括共享对通信网络的订阅的两个或更多个通信设备的组的一部分。该方法包括从网络接收组认证挑战，使用与共享订阅相关联的组认证信息已经生成了组认证挑战的至少一部分。然后，该设备使用组认证信息和设备特定认证信息生成对组认证挑战的设备特定响应，并将设备特定响应发送到网络。该设备例如是机器型通信设备组的成员。

6. 发明授权

US08539564B2 IP multimedia security 有权
标题翻译： IP多媒体安全
公开(公告)号：US08539564B2
公开(公告)日：2013-09-17
申请号：US13254013
申请日：2009-03-04
申请人： Mats Näslund , Rolf Blom , Yi Cheng , Fredrik Lindholm , Karl Norrman
发明人： Mats Näslund , Rolf Blom , Yi Cheng , Fredrik Lindholm , Karl Norrman
IPC分类号： G06F7/04
CPC分类号： H04L63/06 , H04L9/0844 , H04L2209/80 , H04W12/04
摘要： A method of establishing keys for at least partially securing media plane data exchanged between first and second end users via respective first and second media plane network nodes. The method comprises sending session set-up signalling from said first end point towards said second end point, said session set-up signalling including a session key generated by said first end point. The set-up signalling is intercepted at a first signalling plane network node and a determination made as to whether or not a signalling plane key has already been established for securing the signalling plane between said first end point and said first signalling plane network node. If a signalling plane key has already been established, then a media plane key is derived from that signalling plane key, and the media plane key sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node. If a signalling plane key has not already been established, then an alternative media plane key is derived from said session key and sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node.
摘要翻译：一种建立用于经由相应的第一和第二媒体平面网络节点至少部分地保护在第一和第二终端用户之间交换的媒体平面数据的密钥的方法。该方法包括从所述第一端点向所述第二端点发送会话建立信令，所述会话建立信令包括由所述第一端点产生的会话密钥。建立信令在第一信令平面网络节点被拦截，并且确定信令平面密钥是否已被建立用于在所述第一终端和所述第一信令平面网络节点之间保护信令平面。如果已经建立了信令平面密钥，则从该信令平面密钥导出媒体平面密钥，并且将媒体平面密钥发送到所述第一媒体平面网络节点，以将介质平面固定在所述第一终端用户和所述第一媒体之间平面网络节点。如果还没有建立信令平面密钥，则从所述会话密钥导出替代媒体平面密钥，并将其发送到所述第一媒体平面网络节点，以便在所述第一终端用户和所述第一媒体平面网络节点之间保护媒体平面。

7. 发明申请

US20130203454A1 METHOD AND ARRANGEMENT FOR RESOURCE ALLOCATION IN RADIO COMMUNICATION 有权
标题翻译：无线电通信资源分配的方法和安排
公开(公告)号：US20130203454A1
公开(公告)日：2013-08-08
申请号：US13700600
申请日：2010-06-07
申请人： Mats Näslund , Göran Selander , Per Skillermark , Riitta Almgren
发明人： Magnus Almgren , Mats Näslund , Göran Selander , Per Skillermark
IPC分类号： H04W72/04
CPC分类号： H04W72/04 , H04W12/12 , H04W72/048 , H04W76/14
摘要： A method and arrangement in a first mobile terminal (600) for determining allocation of radio resources for DMO communication amongst a group of mobile terminals. M the first mobile terminal, a first determining module 600a determines a communication (Sout, Sin) with a second mobile terminal (602) of the group. A second determining module (600b) determines a resource element (RE) for communication by applying a predefined cryptographic function P based on a terminal identification (K)). The cryptographic function has been configured in the mobile terminals of the group to provide terminal-specific resource elements for different mobile terminals within respective radio frames. A communication module (600c) then communicates with the second mobile terminal (602), either by transmission or reception of the data, on the determined resource element (RE).
摘要翻译：一种在一组移动终端中确定用于DMO通信的无线资源的分配的第一移动终端（600）中的方法和装置。 M是第一移动终端，第一确定模块600a用该组的第二移动终端（602）确定通信（Sout，Sin）。第二确定模块（600b）通过基于终端标识（K）应用预定的加密函数P来确定用于通信的资源元素（RE）。已经在该组的移动终端中配置了加密功能，以为各个无线电帧内的不同移动终端提供终端专用资源元素。通信模块（600c）然后通过在所确定的资源元素（RE）上发送或接收数据来与第二移动终端（602）进行通信。

8. 发明申请

US20120287934A1 Packet Routing in a Network by Modifying In-Packet Bloom Filter 审中-公开
标题翻译：通过修改分组内布隆过滤器在网络中的分组路由
公开(公告)号：US20120287934A1
公开(公告)日：2012-11-15
申请号：US13521629
申请日：2010-10-22
申请人： Mikko Särelä , Mats Näslund , Pekka Nikander
发明人： Mikko Särelä , Mats Näslund , Pekka Nikander
IPC分类号： H04L12/56
CPC分类号： H04L63/04 , H04L45/04 , H04L45/34 , H04L63/164
摘要： A network node (NB1) located within a domain is adapted to receive, from another node, a packet having an in-packet Bloom filter or Bloom filter equivalent encoding information about a route within the domain. The node reversibly modifies the in-packet Bloom filter or Bloom filter equivalent in a manner which is linear with respect to the operation used to add links to the Bloom filter or Bloom filter equivalent. The node then forward the packet with its header containing the modified Bloom filter or Bloom filter to another node (NA1). The invention allows secure Bloom filter-based routing in a domain (Domain B), while requiring that only routers (NB1) at the domain boundary are secure routers. Other routers (NB2, NB3, NB4) in the domain may operate conventionally, and may be secure routers or insecure routers. The modification may be a bit permutation.
摘要翻译：位于域内的网络节点（NB1）适于从另一个节点接收具有分组内Bloom过滤器或Bloom过滤器等效编码与域内的路由相关的信息的分组。节点以相对于用于添加到Bloom过滤器或Bloom过滤器等价物的链接的操作是线性的方式可逆地修改包内Bloom过滤器或Bloom过滤器等价物。然后，该节点将其包含修改的Bloom过滤器或Bloom过滤器的报头转发到另一个节点（NA1）。本发明允许在域（域B）中基于安全的基于Bloom过滤器的路由，同时要求仅在域边界的路由器（NB1）是安全路由器。域中的其他路由器（NB2，NB3，NB4）可以常规操作，并且可以是安全路由器或不安全路由器。该修改可以是位置换。

9. 发明授权

US08261078B2 Access to services in a telecommunications network 有权
标题翻译：访问电信网络中的服务
公开(公告)号：US08261078B2
公开(公告)日：2012-09-04
申请号：US12303342
申请日：2006-06-09
申请人： Luis Barriga , Rolf Blom , Mats Näslund
发明人： Luis Barriga , Rolf Blom , Mats Näslund
IPC分类号： H04L9/32
CPC分类号： H04L65/1016 , H04L9/32 , H04L9/321 , H04L63/0421 , H04L63/062 , H04L63/08 , H04L63/0815 , H04L63/0853 , H04L2209/80 , H04W4/00 , H04W12/02 , H04W12/04 , H04W12/06 , H04W60/00 , H04W74/00 , H04W88/16
摘要： A method and arrangement is disclosed for providing a user, not previously having an individual subscription with a network operator, with credentials for secure access to network services. The arrangement includes a gateway, associated with a subscription for network services, having means for generating and exporting to a user entity personalized user security data derived from security data related to the subscription. In particular, the derivation of credentials is based on a function that is shared between network and gateway and further conveniently makes use of bootstrapping on keying material from the subscription authentication. Pre-registered user identities are assigned trusted users who, thereafter, can download credentials and authenticate for service access. The invention may be implemented at a public place for providing temporary visitors network access whereby trust may exemplary be established by presenting a credit card.
摘要翻译：公开了一种方法和装置，用于提供先前不具有与网络运营商的单独订阅的用户，以及用于安全访问网络服务的凭证。该安排包括与网络服务的订阅相关联的网关，具有用于生成和导出到用户实体的个体化用户安全数据，该安全数据是从与订阅有关的安全数据导出的。特别地，证书的推导基于在网络和网关之间共享的功能，并且进一步方便地利用来自订阅认证的密钥材料的引导。预先注册的用户身份被分配给受信任的用户，其后可以下载凭证并进行身份验证以进行服务访问。本发明可以在公共场所实现，以提供临时访问者网络访问，从而通过呈现信用卡可以示范地建立信任。

10. 发明授权

US07813718B2 Authentication in a communication network 有权
标题翻译：通信网络中的认证
公开(公告)号：US07813718B2
公开(公告)日：2010-10-12
申请号：US12370781
申请日：2009-02-13
申请人： Jari Arkko , Pekka Nikander , Mats Näslund
发明人： Jari Arkko , Pekka Nikander , Mats Näslund
IPC分类号： H04M1/66
CPC分类号： H04L63/08 , H04L9/3236 , H04L63/061 , H04L2209/38 , H04L2209/80 , H04W12/04 , H04W12/06 , H04W36/0038 , H04W88/02
摘要： A mobile wireless terminal, the terminal comprising a generator configured to generate and store a first numerical chain comprising a series of n values using a one-way coding function such that a given value within the chain is easily obtainable from a subsequent value, but the subsequent value is not easily obtainable from that given value, and an authentication requester configured to disclose a value from the numerical chain to an access node, in order to allow the access node to authenticate the mobile wireless terminal, wherein the disclosed value succeeds any values in the chain already disclosed by the mobile wireless terminal.
摘要翻译：一种移动无线终端，所述终端包括发生器，其被配置为使用单向编码功能生成并存储包括一系列n个值的第一数字链，使得链中的给定值可以容易地从后续值获得，但是为了允许接入节点认证移动无线终端，认证请求器被配置为从数字链公开一个值到接入节点，其中所公开的值成功地接收任何值在移动无线终端已经公开的链中。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式