专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08630415B2 Method and apparatus for authentication service application processes during service reallocation in high availability clusters 有权
标题翻译：高可用性集群服务重新分配过程中认证服务应用程序的方法和装置
公开(公告)号：US08630415B2
公开(公告)日：2014-01-14
申请号：US12020185
申请日：2008-01-25
申请人： Makan Pourzandi , Frederic Rossi , Mats Näslund
发明人： Makan Pourzandi , Frederic Rossi , Mats Näslund
IPC分类号： H04K1/00
CPC分类号： G06F11/1482 , G06F9/468 , G06F11/2025 , G06F11/203
摘要： A method and communication node for providing secure communications and services in a High Availability (HA) cluster. The communication node comprises an Operating System (OS) that detects an unavailability of a first service application process and switches a second service application process from the first state to the second state, the second service application being selected for taking over service currently provided from the first service application process, the first state and the second state each being associated to a set of rights in the cluster. The OS generates a private key for the second service application process based on its second state. The set of rights associated to the second state allows the OS to replace the first service application process with the second service application process for providing secure communications between the second service application and other service application processes in the HA cluster.
摘要翻译：一种用于在高可用性（HA）集群中提供安全通信和服务的方法和通信节点。通信节点包括检测第一服务应用进程的不可用性的操作系统（OS），并且将第二服务应用进程从第一状态切换到第二状态，第二服务应用被选择用于接管目前从第一服务应用进程，第一状态和第二状态各自与集群中的一组权限相关联。操作系统基于其第二状态为第二服务应用进程生成私钥。与第二状态相关联的一组权限允许OS用第二服务应用进程替换第一服务应用进程，以在第二服务应用和HA群集中的其他服务应用进程之间提供安全通信。

2. 发明授权

US08515064B2 Method and an apparatus for key management in a communication network 有权
标题翻译：一种通信网络密钥管理方法及装置
公开(公告)号：US08515064B2
公开(公告)日：2013-08-20
申请号：US13127079
申请日：2008-10-30
申请人： Tereza Cristina Melo de Brito Carvalho , Vlad Constantin Coroama , Mats Näslund , Makan Pourzandi , Marcos Antonio Simplicio, Jr. , Yeda Regina Venturini
发明人： Tereza Cristina Melo de Brito Carvalho , Vlad Constantin Coroama , Mats Näslund , Makan Pourzandi , Marcos Antonio Simplicio, Jr. , Yeda Regina Venturini
IPC分类号： H04L9/00 , H04N7/167
CPC分类号： H04L63/065 , H04L9/0833 , H04L63/10 , H04L65/4076 , H04L2209/60 , H04L2209/80 , H04N7/162 , H04N21/26613 , H04N21/4383 , H04N21/63345 , H04N21/6405
摘要： A method of key management in a communication network that includes a plurality of groups with each group including one or several members authorized to have access to key-protected services is provided by an apparatus. The method includes determining when a member starts a switching action from one service to another. A time dependent quantity starting from the switching action is determined. The method includes determining that the member is a member of a switching group when the quantity is less than a threshold value is made, and when the quantity is larger than the threshold, determining that the member has decided to join a new group, and changing the appropriate access key(s).
摘要翻译：一种通信网络中的密钥管理方法，包括多个组，每个组包括被授权访问密钥保护业务的一个或多个成员。该方法包括确定成员何时从一个服务开始切换动作到另一个服务。确定从切换动作开始的时间相关量。该方法包括当数量小于阈值时确定该成员是交换组的成员，并且当该数量大于该阈值时，确定该成员已经决定加入一个新组，并且改变适当的访问密钥。

3. 发明申请

US20130097296A1 SECURE CLOUD-BASED VIRTUAL MACHINE MIGRATION 审中-公开
标题翻译：安全基于云的虚拟机移动
公开(公告)号：US20130097296A1
公开(公告)日：2013-04-18
申请号：US13275722
申请日：2011-10-18
申请人： Christian Gehrmann , Mats Näslund , Makan Pourzandi
发明人： Christian Gehrmann , Mats Näslund , Makan Pourzandi
IPC分类号： G06F15/173
CPC分类号： G06F9/4856
摘要： A virtual machine (VM) system is provided. The system includes a target physical server (PS) that has a resource configuration. The system includes a source PS that runs a virtual machine (VM). The source PS is in communication with the target PS. The source PS includes a memory that stores a migration policy file. The migration policy file includes at least one trust criteria in which the at least one trust criteria indicates a minimum resource configuration. The source PS includes a receiver that receives target PS resource configuration and a processor in communication with the memory and receiver. The processor determines whether the target PS resource configuration meets the at least one trust criteria. The processor initiates VM migration to the target PS based at least in part on whether the target PS resource configuration meets the at least one trust criteria.
摘要翻译：提供虚拟机（VM）系统。该系统包括具有资源配置的目标物理服务器（PS）。该系统包括运行虚拟机（VM）的源PS。源PS与目标PS通信。源PS包括存储迁移策略文件的存储器。所述迁移策略文件包括至少一个信任标准，其中所述至少一个信任标准指示最小资源配置。源PS包括接收目标PS资源配置的接收器和与存储器和接收器通信的处理器。处理器确定目标PS资源配置是否满足至少一个信任标准。所述处理器至少部分地基于所述目标PS资源配置是否满足所述至少一个信任标准来启动到所述目标PS的迁移。

4. 发明申请

US20110211693A1 METHOD AND AN APPARATUS FOR KEY MANAGEMENT IN A COMMUNICATION NETWORK 有权
标题翻译：方法和通信网络中关键管理的设备
公开(公告)号：US20110211693A1
公开(公告)日：2011-09-01
申请号：US13127079
申请日：2008-10-30
申请人： Tereza Cristina Melo de Brito Carvalho , Vlad Constantin Coroama , Mats Näslund , Makan Pourzandi , Marcos Antonio Simplicio Junior , Yeda Regina Venturini
发明人： Tereza Cristina Melo de Brito Carvalho , Vlad Constantin Coroama , Mats Näslund , Makan Pourzandi , Marcos Antonio Simplicio Junior , Yeda Regina Venturini
IPC分类号： H04L9/00 , H04N7/167
CPC分类号： H04L63/065 , H04L9/0833 , H04L63/10 , H04L65/4076 , H04L2209/60 , H04L2209/80 , H04N7/162 , H04N21/26613 , H04N21/4383 , H04N21/63345 , H04N21/6405
摘要： The present invention relates to a method of key management and to an apparatus (200) of communication network (100) comprising a plurality of groups (141, 142, 143), each group (141) including one or several members (132A, 132B, 132C) authorized to have access to key-protected services provided by the apparatus. According to the method, it is determined when a member (132A) starts a switching action from one service to another and it is determined a time dependent quantity starting from the switching action. The method further comprises, determining that the member (132A) is a member of a switching group (150) when the quantity is less than a threshold value, and when the quantity is larger than the threshold, determining that the member (132A) has decided to join a new group (142), and changing the appropriate access key(s).
摘要翻译：本发明涉及密钥管理方法和通信网络（100）的装置（200），包括多个组（141,142,143），每个组（141）包括一个或多个成员（132A，132B），132C）被授权访问由该设备提供的密钥保护服务。根据该方法，确定成员（132A）何时开始从一个服务到另一个服务的切换动作，并且从切换动作开始确定时间相关量。该方法还包括：当所述数量小于阈值时，确定所述构件（132A）是切换组（150）的成员，并且当所述数量大于所述阈值时，确定所述构件（132A）具有决定加入一个新的组（142），并更改适当的访问密钥。

5. 发明授权

US09432349B2 Service access authentication method and system 有权
标题翻译：服务访问认证方法和系统
公开(公告)号：US09432349B2
公开(公告)日：2016-08-30
申请号：US14125859
申请日：2012-06-13
申请人： Bernard Smeets , Mats Näslund
发明人： Bernard Smeets , Mats Näslund
IPC分类号： H04L29/06
CPC分类号： H04L63/08 , H04L63/0815 , H04L63/0884
摘要： An access authentication system for authenticating a subscriber of a service, the access authentication system comprising an operator access authentication system and one or more private access authentication systems, each private access authentication system being communicatively connectable with the operator access authentication system, the operator access authentication system being adapted to provide one or more authentication functions for facilitating authentication of subscribers of the service based on respective subscriber authentication data items associated with credentials of the subscriber; wherein each private access authentication system is adapted to communicate one or more subscriber authentication data items to said operator access authentication system; and wherein each private access authentication system is further adapted to communicate one or more verification data items indicative of the private access authentication system operating in at least one predetermined state.
摘要翻译：一种用于认证服务订户的接入认证系统，所述接入认证系统包括操作者接入认证系统和一个或多个专用接入认证系统，每个专用接入认证系统与所述接入认证系统可通信地连接，所述接入认证系统系统适于提供一个或多个认证功能，用于基于与所述订户的凭证相关联的相应订户认证数据项促进所述服务的订户的认证; 其中每个专用接入认证系统适于将一个或多个用户认证数据项传送到所述操作员接入认证系统; 并且其中每个专用接入认证系统进一步适于通信指示在至少一个预定状态下操作的私有接入认证系统的一个或多个验证数据项。

6. 发明授权

US08837729B2 Method and apparatus for ensuring privacy in communications between parties 有权
标题翻译：确保双方之间沟通的隐私的方法和设备
公开(公告)号：US08837729B2
公开(公告)日：2014-09-16
申请号：US11883879
申请日：2006-02-10
申请人： Pekka Nikander , Jari Arrko , Mats Näslund
发明人： Pekka Nikander , Jari Arrko , Mats Näslund
IPC分类号： H04L9/00 , H04L9/08 , H04L29/06 , H04W12/04
CPC分类号： H04L63/0414 , H04L9/0844 , H04L63/0272 , H04L63/164 , H04L2209/38 , H04L2209/80 , H04W12/02 , H04W12/04
摘要： A method of improving privacy by hiding, in an ordered sequence of messages M[x(1), D(1)], M[x(2), D(2)], etc, communicated between a first and at least one second party sharing a key k, metadata x(i) descriptive of message processing, wherein D(i) denotes payload data. The method comprises the first and the second party agreeing on a pseudo random mapping depending on a shared key k, Fk, mapping at least x(i) to y(i), and the first party modifying the messages by replacing x(i) by y(i) in each message M(x(i), D(i)). The first party then transmits the modified messages maintaining their original order, and on reception of a message M(y(m), D), the second party uses a mapping Gk to retrieve position m of received value and the original value x(m).
摘要翻译：一种通过以有序的消息M [x（1），D（1）]，M [x（2），D（2）]等的顺序隐藏来提高隐私的方法，在第一和至少一个共享密钥k的第二方，元数据x（i）描述消息处理，其中D（i）表示有效载荷数据。该方法包括第一方和第二方根据共享密钥k，F k映射到至少x（i）至y（i）的伪随机映射，并且第一方通过替换x（i）来修改消息，在每个消息M（x（i），D（i））中由y（i）表示。第一方然后发送修改的消息保持其原始顺序，并且在接收到消息M（y（m），D）时，第二方使用映射G k来检索接收值的位置m，并且原始值x ）。

7. 发明申请

US20130291071A1 Method and Apparatus for Authenticating a Communication Device 有权
标题翻译：用于认证通信设备的方法和设备
公开(公告)号：US20130291071A1
公开(公告)日：2013-10-31
申请号：US13979476
申请日：2011-07-19
申请人： Rolf Blom , Mats Näslund , Karl Norrman
发明人： Rolf Blom , Mats Näslund , Karl Norrman
IPC分类号： H04L29/06
CPC分类号： H04L63/08 , H04L9/0833 , H04L9/321 , H04L9/3271 , H04L63/104 , H04L63/107 , H04L2209/80 , H04W4/70 , H04W12/06
摘要： According to an aspect of the present invention there is provided a method of operating a communication device, the communication device being part of a group comprising two or more communication devices that share a subscription to a communication network. The method comprises receiving a group authentication challenge from the network, at least part of the group authentication challenge having been generated using group authentication information that is associated with the shared subscription. The device then generates a device specific response to the group authentication challenge using the group authentication information and device specific authentication information and sends the device specific response to the network. The device is for example a member of a machine-type communication device group.
摘要翻译：根据本发明的一个方面，提供了一种操作通信设备的方法，所述通信设备是包括共享对通信网络的订阅的两个或更多个通信设备的组的一部分。该方法包括从网络接收组认证挑战，使用与共享订阅相关联的组认证信息已经生成了组认证挑战的至少一部分。然后，该设备使用组认证信息和设备特定认证信息生成对组认证挑战的设备特定响应，并将设备特定响应发送到网络。该设备例如是机器型通信设备组的成员。

8. 发明授权

US08539564B2 IP multimedia security 有权
标题翻译： IP多媒体安全
公开(公告)号：US08539564B2
公开(公告)日：2013-09-17
申请号：US13254013
申请日：2009-03-04
申请人： Mats Näslund , Rolf Blom , Yi Cheng , Fredrik Lindholm , Karl Norrman
发明人： Mats Näslund , Rolf Blom , Yi Cheng , Fredrik Lindholm , Karl Norrman
IPC分类号： G06F7/04
CPC分类号： H04L63/06 , H04L9/0844 , H04L2209/80 , H04W12/04
摘要： A method of establishing keys for at least partially securing media plane data exchanged between first and second end users via respective first and second media plane network nodes. The method comprises sending session set-up signalling from said first end point towards said second end point, said session set-up signalling including a session key generated by said first end point. The set-up signalling is intercepted at a first signalling plane network node and a determination made as to whether or not a signalling plane key has already been established for securing the signalling plane between said first end point and said first signalling plane network node. If a signalling plane key has already been established, then a media plane key is derived from that signalling plane key, and the media plane key sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node. If a signalling plane key has not already been established, then an alternative media plane key is derived from said session key and sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node.
摘要翻译：一种建立用于经由相应的第一和第二媒体平面网络节点至少部分地保护在第一和第二终端用户之间交换的媒体平面数据的密钥的方法。该方法包括从所述第一端点向所述第二端点发送会话建立信令，所述会话建立信令包括由所述第一端点产生的会话密钥。建立信令在第一信令平面网络节点被拦截，并且确定信令平面密钥是否已被建立用于在所述第一终端和所述第一信令平面网络节点之间保护信令平面。如果已经建立了信令平面密钥，则从该信令平面密钥导出媒体平面密钥，并且将媒体平面密钥发送到所述第一媒体平面网络节点，以将介质平面固定在所述第一终端用户和所述第一媒体之间平面网络节点。如果还没有建立信令平面密钥，则从所述会话密钥导出替代媒体平面密钥，并将其发送到所述第一媒体平面网络节点，以便在所述第一终端用户和所述第一媒体平面网络节点之间保护媒体平面。

9. 发明申请

US20130203454A1 METHOD AND ARRANGEMENT FOR RESOURCE ALLOCATION IN RADIO COMMUNICATION 有权
标题翻译：无线电通信资源分配的方法和安排
公开(公告)号：US20130203454A1
公开(公告)日：2013-08-08
申请号：US13700600
申请日：2010-06-07
申请人： Mats Näslund , Göran Selander , Per Skillermark , Riitta Almgren
发明人： Magnus Almgren , Mats Näslund , Göran Selander , Per Skillermark
IPC分类号： H04W72/04
CPC分类号： H04W72/04 , H04W12/12 , H04W72/048 , H04W76/14
摘要： A method and arrangement in a first mobile terminal (600) for determining allocation of radio resources for DMO communication amongst a group of mobile terminals. M the first mobile terminal, a first determining module 600a determines a communication (Sout, Sin) with a second mobile terminal (602) of the group. A second determining module (600b) determines a resource element (RE) for communication by applying a predefined cryptographic function P based on a terminal identification (K)). The cryptographic function has been configured in the mobile terminals of the group to provide terminal-specific resource elements for different mobile terminals within respective radio frames. A communication module (600c) then communicates with the second mobile terminal (602), either by transmission or reception of the data, on the determined resource element (RE).
摘要翻译：一种在一组移动终端中确定用于DMO通信的无线资源的分配的第一移动终端（600）中的方法和装置。 M是第一移动终端，第一确定模块600a用该组的第二移动终端（602）确定通信（Sout，Sin）。第二确定模块（600b）通过基于终端标识（K）应用预定的加密函数P来确定用于通信的资源元素（RE）。已经在该组的移动终端中配置了加密功能，以为各个无线电帧内的不同移动终端提供终端专用资源元素。通信模块（600c）然后通过在所确定的资源元素（RE）上发送或接收数据来与第二移动终端（602）进行通信。

10. 发明申请

US20120287934A1 Packet Routing in a Network by Modifying In-Packet Bloom Filter 审中-公开
标题翻译：通过修改分组内布隆过滤器在网络中的分组路由
公开(公告)号：US20120287934A1
公开(公告)日：2012-11-15
申请号：US13521629
申请日：2010-10-22
申请人： Mikko Särelä , Mats Näslund , Pekka Nikander
发明人： Mikko Särelä , Mats Näslund , Pekka Nikander
IPC分类号： H04L12/56
CPC分类号： H04L63/04 , H04L45/04 , H04L45/34 , H04L63/164
摘要： A network node (NB1) located within a domain is adapted to receive, from another node, a packet having an in-packet Bloom filter or Bloom filter equivalent encoding information about a route within the domain. The node reversibly modifies the in-packet Bloom filter or Bloom filter equivalent in a manner which is linear with respect to the operation used to add links to the Bloom filter or Bloom filter equivalent. The node then forward the packet with its header containing the modified Bloom filter or Bloom filter to another node (NA1). The invention allows secure Bloom filter-based routing in a domain (Domain B), while requiring that only routers (NB1) at the domain boundary are secure routers. Other routers (NB2, NB3, NB4) in the domain may operate conventionally, and may be secure routers or insecure routers. The modification may be a bit permutation.
摘要翻译：位于域内的网络节点（NB1）适于从另一个节点接收具有分组内Bloom过滤器或Bloom过滤器等效编码与域内的路由相关的信息的分组。节点以相对于用于添加到Bloom过滤器或Bloom过滤器等价物的链接的操作是线性的方式可逆地修改包内Bloom过滤器或Bloom过滤器等价物。然后，该节点将其包含修改的Bloom过滤器或Bloom过滤器的报头转发到另一个节点（NA1）。本发明允许在域（域B）中基于安全的基于Bloom过滤器的路由，同时要求仅在域边界的路由器（NB1）是安全路由器。域中的其他路由器（NB2，NB3，NB4）可以常规操作，并且可以是安全路由器或不安全路由器。该修改可以是位置换。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式