专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07382881B2 Lawful interception of end-to-end encrypted data traffic 有权
标题翻译：合法截取端到端加密数据流量
公开(公告)号：US07382881B2
公开(公告)日：2008-06-03
申请号：US10497568
申请日：2002-12-06
申请人： Ilkka Uusitalo , Pasi Ahonen , Rolf Blom , Boman Krister , Mats Näslund
发明人： Ilkka Uusitalo , Pasi Ahonen , Rolf Blom , Boman Krister , Mats Näslund
IPC分类号： H04L9/00
CPC分类号： H04L63/06 , H04L9/0841 , H04L9/0869 , H04L63/0428 , H04L63/08 , H04L63/306
摘要： A method of facilitating the lawful interception of an IP session between two or more terminals 12,13, wherein session uses encryption to secure traffic. The method includes storing a key allocated to at least one of terminals 12,13 or to at least one of the subscribers using one of the terminals 12,13, at the terminal 12,13 and at a node 5,8 within a network 1,6 through which session is conducted, or a node coupled to that network. Prior to the creation of session, a seed value is exchanged between the terminal 12,13 at which the key is stored and node 5,8. The key and the seed value are used at both the terminal 12,13 and the node 5,8 to generate a pre-master key. The pre-master key becomes known to each of the terminals 12,13 involved in the IP session and to the network node 5,8. The pre-master key is used, directly or indirectly, to encrypt and decrypt traffic associated with IP session.
摘要翻译：一种促进在两个或多个终端12,13之间合法拦截IP会话的方法，其中会话使用加密来保证业务。该方法包括：在终端12,13和网络1内的节点5,8处，存储分配给终端12,13中的至少一个或至少一个用户的密钥，6通过其进行会话，或者耦合到该网络的节点。在创建会话之前，在存储密钥的终端12,13和节点5,8之间交换种子值。密钥和种子值都在终端12,13和节点5,8两端使用以产生预先主密钥。对于IP会话中涉及的每个终端12,13和网络节点5,8，预先主密钥变得已知。直接或间接地使用预先主密钥来加密和解密与IP会话相关联的流量。

2. 发明申请

US20130291071A1 Method and Apparatus for Authenticating a Communication Device 有权
标题翻译：用于认证通信设备的方法和设备
公开(公告)号：US20130291071A1
公开(公告)日：2013-10-31
申请号：US13979476
申请日：2011-07-19
申请人： Rolf Blom , Mats Näslund , Karl Norrman
发明人： Rolf Blom , Mats Näslund , Karl Norrman
IPC分类号： H04L29/06
CPC分类号： H04L63/08 , H04L9/0833 , H04L9/321 , H04L9/3271 , H04L63/104 , H04L63/107 , H04L2209/80 , H04W4/70 , H04W12/06
摘要： According to an aspect of the present invention there is provided a method of operating a communication device, the communication device being part of a group comprising two or more communication devices that share a subscription to a communication network. The method comprises receiving a group authentication challenge from the network, at least part of the group authentication challenge having been generated using group authentication information that is associated with the shared subscription. The device then generates a device specific response to the group authentication challenge using the group authentication information and device specific authentication information and sends the device specific response to the network. The device is for example a member of a machine-type communication device group.
摘要翻译：根据本发明的一个方面，提供了一种操作通信设备的方法，所述通信设备是包括共享对通信网络的订阅的两个或更多个通信设备的组的一部分。该方法包括从网络接收组认证挑战，使用与共享订阅相关联的组认证信息已经生成了组认证挑战的至少一部分。然后，该设备使用组认证信息和设备特定认证信息生成对组认证挑战的设备特定响应，并将设备特定响应发送到网络。该设备例如是机器型通信设备组的成员。

3. 发明授权

US08539564B2 IP multimedia security 有权
标题翻译： IP多媒体安全
公开(公告)号：US08539564B2
公开(公告)日：2013-09-17
申请号：US13254013
申请日：2009-03-04
申请人： Mats Näslund , Rolf Blom , Yi Cheng , Fredrik Lindholm , Karl Norrman
发明人： Mats Näslund , Rolf Blom , Yi Cheng , Fredrik Lindholm , Karl Norrman
IPC分类号： G06F7/04
CPC分类号： H04L63/06 , H04L9/0844 , H04L2209/80 , H04W12/04
摘要： A method of establishing keys for at least partially securing media plane data exchanged between first and second end users via respective first and second media plane network nodes. The method comprises sending session set-up signalling from said first end point towards said second end point, said session set-up signalling including a session key generated by said first end point. The set-up signalling is intercepted at a first signalling plane network node and a determination made as to whether or not a signalling plane key has already been established for securing the signalling plane between said first end point and said first signalling plane network node. If a signalling plane key has already been established, then a media plane key is derived from that signalling plane key, and the media plane key sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node. If a signalling plane key has not already been established, then an alternative media plane key is derived from said session key and sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node.
摘要翻译：一种建立用于经由相应的第一和第二媒体平面网络节点至少部分地保护在第一和第二终端用户之间交换的媒体平面数据的密钥的方法。该方法包括从所述第一端点向所述第二端点发送会话建立信令，所述会话建立信令包括由所述第一端点产生的会话密钥。建立信令在第一信令平面网络节点被拦截，并且确定信令平面密钥是否已被建立用于在所述第一终端和所述第一信令平面网络节点之间保护信令平面。如果已经建立了信令平面密钥，则从该信令平面密钥导出媒体平面密钥，并且将媒体平面密钥发送到所述第一媒体平面网络节点，以将介质平面固定在所述第一终端用户和所述第一媒体之间平面网络节点。如果还没有建立信令平面密钥，则从所述会话密钥导出替代媒体平面密钥，并将其发送到所述第一媒体平面网络节点，以便在所述第一终端用户和所述第一媒体平面网络节点之间保护媒体平面。

4. 发明授权

US08261078B2 Access to services in a telecommunications network 有权
标题翻译：访问电信网络中的服务
公开(公告)号：US08261078B2
公开(公告)日：2012-09-04
申请号：US12303342
申请日：2006-06-09
申请人： Luis Barriga , Rolf Blom , Mats Näslund
发明人： Luis Barriga , Rolf Blom , Mats Näslund
IPC分类号： H04L9/32
CPC分类号： H04L65/1016 , H04L9/32 , H04L9/321 , H04L63/0421 , H04L63/062 , H04L63/08 , H04L63/0815 , H04L63/0853 , H04L2209/80 , H04W4/00 , H04W12/02 , H04W12/04 , H04W12/06 , H04W60/00 , H04W74/00 , H04W88/16
摘要： A method and arrangement is disclosed for providing a user, not previously having an individual subscription with a network operator, with credentials for secure access to network services. The arrangement includes a gateway, associated with a subscription for network services, having means for generating and exporting to a user entity personalized user security data derived from security data related to the subscription. In particular, the derivation of credentials is based on a function that is shared between network and gateway and further conveniently makes use of bootstrapping on keying material from the subscription authentication. Pre-registered user identities are assigned trusted users who, thereafter, can download credentials and authenticate for service access. The invention may be implemented at a public place for providing temporary visitors network access whereby trust may exemplary be established by presenting a credit card.
摘要翻译：公开了一种方法和装置，用于提供先前不具有与网络运营商的单独订阅的用户，以及用于安全访问网络服务的凭证。该安排包括与网络服务的订阅相关联的网关，具有用于生成和导出到用户实体的个体化用户安全数据，该安全数据是从与订阅有关的安全数据导出的。特别地，证书的推导基于在网络和网关之间共享的功能，并且进一步方便地利用来自订阅认证的密钥材料的引导。预先注册的用户身份被分配给受信任的用户，其后可以下载凭证并进行身份验证以进行服务访问。本发明可以在公共场所实现，以提供临时访问者网络访问，从而通过呈现信用卡可以示范地建立信任。

5. 发明授权

US09106409B2 Method and apparatus for handling keys used for encryption and integrity 有权
标题翻译：用于处理用于加密和完整性的密钥的方法和装置
公开(公告)号：US09106409B2
公开(公告)日：2015-08-11
申请号：US11726527
申请日：2007-03-22
申请人： Rolf Blom , Karl Norrman , Mats Näslund
发明人： Rolf Blom , Karl Norrman , Mats Näslund
IPC分类号： H04L9/08 , H04L29/06 , H04W12/04
CPC分类号： H04L63/062 , H04L9/0844 , H04L9/0891 , H04L2209/80 , H04W12/04
摘要： A method and an arrangement for providing keys for protecting communication between a terminal (300) and service points in a communication network. A basic key (Ik) is first established with a service control node (304) when the terminal has entered the network. An initial modified key (Ik1) is then created in both the service control node and the terminal, by applying a predetermined first function (f) to at least the basic key and an initial value of a key version parameter (v). The initial modified key is sent to a first service point (302), such that it can be used to protect communication between the terminal and the first service point. When the terminal switches to a second service point (306), the first service point and the terminal both create a second modified key (Ik2) by applying a predetermined second function (g) to the initial modified key, and the first service point sends the second modified key to the second service point.
摘要翻译：一种用于提供用于保护终端（300）与通信网络中的服务点之间的通信的密钥的方法和装置。当终端进入网络时，首先与服务控制节点（304）建立基本密钥（Ik）。然后，通过将预定的第一函数（f）应用于至少基本密钥和密钥版本参数（v）的初始值，在服务控制节点和终端两者中创建初始修改密钥（Ik1）。初始修改的密钥被发送到第一服务点（302），使得其可以用于保护终端和第一服务点之间的通信。当终端切换到第二服务点（306）时，第一服务点和终端都通过对初始修改密钥应用预定的第二功能（g）来创建第二修改密钥（Ik2），并且第一服务点发送第二个修改密钥到第二个服务点。

6. 发明授权

US08555337B2 Method and arrangement for user friendly device authentication 有权
标题翻译：用户友好的设备认证的方法和布置
公开(公告)号：US08555337B2
公开(公告)日：2013-10-08
申请号：US12066344
申请日：2005-09-08
申请人： Rolf Blom , Per-Olof Nerbrant , Mats Näslund
发明人： Rolf Blom , Per-Olof Nerbrant , Mats Näslund
IPC分类号： G06F21/00
CPC分类号： G06F21/31 , G06F2221/2129 , H04L9/3236 , H04L2209/80
摘要： The present invention relates to fraud prevention and authentication of a device to a user. The method of authenticating a personal device according to the invention comprises a set up sequence, wherein at least a first preferred output format is selected by the user, and a device configuration verification sequence. In the device configuration verification sequence a checksum is calculated and converted to a user friendly output format based on the user selected preferred output format. In addition the checksum may be calculated based on variable, and user selectable, keying material. The personal device, after being authenticated according to the above, may be used to authenticate a second device.
摘要翻译：本发明涉及对用户的设备的防欺诈和认证。根据本发明的认证个人设备的方法包括建立顺序，其中由用户选择至少第一优选输出格式和设备配置验证序列。在设备配置验证序列中，基于用户选择的优选输出格式，计算校验和并将其转换为用户友好的输出格式。此外，可以基于可变和用户可选择的键控材料来计算校验和。在根据上述认证之后，个人设备可用于认证第二设备。

7. 发明授权

US07917946B2 Method and network for securely delivering streaming data 有权
标题翻译：用于安全地传送流数据的方法和网络
公开(公告)号：US07917946B2
公开(公告)日：2011-03-29
申请号：US10472526
申请日：2002-04-10
申请人： Fredrik Lindholm , Rolf Blom , Karl Norrman , Göran Selander , Mats Näslund
发明人： Fredrik Lindholm , Rolf Blom , Karl Norrman , Göran Selander , Mats Näslund
IPC分类号： G06F17/00 , G06F17/30 , G06F12/14 , G06F15/16 , G06F15/173 , H04N7/16 , H04N7/167 , H04L29/06 , H04L9/32 , H04L9/08 , H04L9/00 , H04K1/00
CPC分类号： H04L63/0442 , G06F21/10 , G06F2221/0737 , G06F2221/0797 , H04L29/06027 , H04L63/0807 , H04L65/4084 , H04L65/607 , H04L65/608 , H04L67/14
摘要： In a procedure for delivering streaming media, a Client first requests the media from an Order Server. The Order Server authenticates the Client and sends a ticket to the Client. Then, the Client sends the ticket to a Streaming Server. The Streaming Server checks the ticket for validity and if found valid encrypts the streaming data using a standardized real-time protocol such as the SRTP and transmits the encrypted data to the Client. The Client receives the data and decrypts them. Copyrighted material adapted to streaming can be securely delivered to the Client. The robust protocol used is very well suited for in particular wireless clients and similar devices having a low capacity such as cellular telephones and PDAs.
摘要翻译：在提供流媒体的过程中，客户端首先从订单服务器请求媒体。订单服务器对客户端进行身份验证，并向客户端发送故障单。然后，客户端将票证发送到流服务器。流服务器检查故障单的有效性，如果发现有效，则使用标准化的实时协议（如SRTP）对流数据进行加密，并将加密的数据发送到客户端。客户端接收数据并对其进行解密。适用于流媒体的版权材料可以安全地传递给客户端。所使用的鲁棒协议非常适合于具有低容量的特定无线客户端和类似设备，例如蜂窝电话和PDA。

8. 发明授权

US07724898B2 Cryptography using finite fields of odd characteristic on binary hardware 有权
标题翻译：使用二进制硬件奇数特征的有限域进行加密
公开(公告)号：US07724898B2
公开(公告)日：2010-05-25
申请号：US10271947
申请日：2002-10-17
申请人： Mats Näslund , Rolf Blom
发明人： Mats Näslund , Rolf Blom
IPC分类号： H04K1/00
CPC分类号： G06F7/724 , G06Q20/3829 , H04L9/0841 , H04L9/3066
摘要： A cryptographic method is described. The method comprises storing binary data representing at least a portion of a field element of an odd-characteristic finite field GF(pk) in a register, p being an odd prime number, the field element comprising k coefficients in accordance with a polynomial-basis representation, the binary data comprising plural groups of data bits, wherein each group of data bits represents an associated one of the k coefficients and processing the binary data in accordance with a cryptographic algorithm such that the plural groups of data bits are processed in parallel. An apparatus comprising a memory and a processing unit coupled to the memory to carry out the method is also described.
摘要翻译：描述密码方法。该方法包括将表示奇数特性有限域GF（pk）的场元素的至少一部分的二进制数据存储在寄存器中，p是奇数素数，该场元素包括根据多项式基础的k个系数表示，包括多组数据位的二进制数据，其中每组数据位表示k个系数中的相关联的一个，并且根据密码算法处理二进制数据，使得并行处理多组数据位。还描述了包括存储器和耦合到存储器以执行该方法的处理单元的装置。

9. 发明申请

US20090307748A1 METHOD AND ARRANGEMENT FOR USER FRIENDLY DEVICE AUTHENTICATION 有权
标题翻译：用户友好设备认证的方法和安排
公开(公告)号：US20090307748A1
公开(公告)日：2009-12-10
申请号：US12066344
申请日：2005-09-08
申请人： Rolf Blom , Per-Olof Nerbrant , Mats Näslund
发明人： Rolf Blom , Per-Olof Nerbrant , Mats Näslund
IPC分类号： G06F21/00 , H04L9/32
CPC分类号： G06F21/31 , G06F2221/2129 , H04L9/3236 , H04L2209/80
摘要： The present invention relates to fraud prevention and authentication of a device to a user. The method of authenticating a personal device according to the invention comprises a set up sequence, wherein at least a first preferred output format is selected by the user, and a device configuration verification sequence. In the device configuration verification sequence a checksum is calculated and converted to a user friendly output format based on the user selected preferred output format. In addition the checksum may be calculated based on variable, and user selectable, keying material. The personal device, after being authenticated according to the above, may be used to authenticate a second device.
摘要翻译：本发明涉及对用户的设备的防欺诈和认证。根据本发明的认证个人设备的方法包括建立顺序，其中由用户选择至少第一优选输出格式和设备配置验证序列。在设备配置验证序列中，基于用户选择的优选输出格式，计算校验和并将其转换为用户友好的输出格式。此外，可以基于可变和用户可选择的键控材料来计算校验和。在根据上述认证之后，个人设备可用于认证第二设备。

10. 发明授权

US07243292B1 Error correction using finite fields of odd characteristics on binary hardware 失效
标题翻译：使用二进制硬件奇数特征的有限域进行纠错
公开(公告)号：US07243292B1
公开(公告)日：2007-07-10
申请号：US10271945
申请日：2002-10-17
申请人： Mats Näslund , Rolf Blom
发明人： Mats Näslund , Rolf Blom
IPC分类号： H03M13/00
CPC分类号： H03M13/158 , G06F7/724 , G06F7/725 , H03M13/6561
摘要： Binary data representing a code word of an error-correcting code is used for calculating a syndrome, wherein a given portion of the binary data comprises k groups of data bits and represents a field element of the finite field GF(pk), p being an odd prime number, the field element comprising k coefficients in accordance with a polynomial basis representation, each group of data bits of the given portion representing a corresponding one of the k coefficients. The given portion, is stored in a first general purpose register and is processed such that the k groups of data bits of the given portion are processed in parallel; determining whether the syndrome is equal to zero; and detecting and correcting errors in the binary data if the syndrome is not equal to zero.
摘要翻译：表示纠错码的代码字的二进制数据用于计算校正子，其中二进制数据的给定部分包括k组数据位，并且表示有限域GF（p < / SUP>），p是奇素数，场元素包括根据多项式基表示的k个系数，给定部分的每组数据位表示k个系数中的相应一个。给定部分存储在第一通用寄存器中，并被处理使得给定部分的k组数据位被并行处理; 确定综合征是否等于零; 以及如果所述综合征不等于零，则检测和校正二进制数据中的错误。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式