专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

41. 发明申请

WO2014067543A1 METHOD AND APPARATUS FOR SECURING A CONNECTION IN A COMMUNICATIONS NETWORK 审中-公开
标题翻译：用于保护通信网络中的连接的方法和装置
公开(公告)号：WO2014067543A1
公开(公告)日：2014-05-08
申请号：PCT/EP2012/071354
申请日：2012-10-29
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)
发明人： SIMPLICIO JUNIOR, Marcos Antonio , CARVALHO, Tereza Cristina , DOMINICINI, Cristina , HÅKANSSON, Peter , IWAYA, Leonardo Horn , NÄSLUND, Mats
IPC分类号： H04L29/06 , H04W12/04
CPC分类号： H04W12/06 , H04B1/3816 , H04L9/0894 , H04L9/3236 , H04W12/04
摘要： A method of securing a session between a Network Application Function, NAF, and a User Equipment, UE, connected to a network. The NAF is assigned a NAF identifier, NAF_id, using the Generic Bootstrapping Architecture, GBA, or a similar architecture and a shared secret is established between the UE and the NAF (S7.1). An application request containing a bootstrapping transaction identifier is sent to the NAF from the UE (S7.2) and an authentication request comprising the bootstrapping transaction identifier, the NAF_id, and information derived from the shared secret is sent to a Bootstrapping Server Function, BSF, from the NAF (S7.4).The BSF and the UE determine a NAF key, Ks_NAF, by using a modified parameter in place of or in addition to an original parameter in a key derivation function, the modified parameter being derived from the shared secret and the original parameter of the key derivation function (S7.5). This NAF key is transmitted from the BSF to the NAF (S7.6) and used to secure communications between the NAF and the UE (S7.7). Also provided are apparatus to act as a NAF, UE, and BSF in the method above.
摘要翻译：一种确保连接到网络的网络应用功能，NAF和用户设备UE之间的会话的方法。使用通用引导架构，GBA或类似的架构为NAF分配NAF标识符NAF_id，并且在UE和NAF之间建立共享密钥（S7.1）。将包含引导事务标识符的应用请求从UE发送到NAF（S7.2），并且将包括引导事务标识符，NAF_id和从共享秘密导出的信息的认证请求发送到引导服务器功能BSF （S7.4）.BSF和UE通过在密钥导出函数中使用修改参数代替原始参数或除原始参数之外，通过使用修改的参数来确定NAF密钥Ks_NAF，修改的参数从共享密钥和密钥导出函数的原始参数（S7.5）。该NAF密钥从BSF发送到NAF（S7.6），用于保护NAF与UE之间的通信（S7.7）。还提供了在上述方法中用作NAF，UE和BSF的装置。

42. 发明申请

WO2015119540A1 REMOTE TEST MANAGEMENT OF DIGITAL LOGIC CIRCUITS 审中-公开
标题翻译：数字逻辑电路远程测试管理
公开(公告)号：WO2015119540A1
公开(公告)日：2015-08-13
申请号：PCT/SE2014/050145
申请日：2014-02-05
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)
发明人： DUBROVA, Elena , NÄSLUND, Mats , CARLSSON, Gunnar , FORNEHED, John , SMEETS, Bernard
IPC分类号： G01R31/3181 , G01R31/3183
CPC分类号： G01R31/2884 , G01R31/31813 , G01R31/318335 , G01R31/318385
摘要： Electronic devices (320) are provided which comprise a digital logic circuit (101 ) and a test module (322) adapted to receive test parameters from a remote test management device (310), generate test patterns based on the test parameters, apply the test patterns to the digital logic circuit, receive test responses from the digital logic circuit, compact the test responses into a test signature, and either transmit the test signature to the remote test management device or determine a test result based on a comparison of an expected signature received from the remote test management device with the test signature. Further provided are remote test management devices comprising means adapted to acquire test parameters suitable for generating test patterns for a digital logic circuit, acquire an expected signature corresponding to the test patterns, transmit the test parameters to at least one electronic device comprising the digital logic circuit, and either receive a test signature from the at least one electronic device and determine a test result based on a comparison of the expected signature with the test signature, or transmit the expected signature to the at least one electronic device.
摘要翻译：提供电子设备（320），其包括适于从远程测试管理设备（310）接收测试参数的数字逻辑电路（101）和测试模块（322），基于测试参数生成测试模式，应用测试数字逻辑电路的模式，接收来自数字逻辑电路的测试响应，将测试响应压缩成测试签名，并将测试签名传送到远程测试管理设备，或者基于预期签名的比较来确定测试结果从具有测试签名的远程测试管理设备接收。还提供了远程测试管理设备，其包括适于获取适于产生数字逻辑电路的测试模式的测试参数的装置，获取与测试模式对应的预期签名，将测试参数发送到包括数字逻辑电路的至少一个电子设备并且从所述至少一个电子设备接收测试签名，并且基于所述预期签名与所述测试签名的比较来确定测试结果，或者将所述预期签名发送到所述至少一个电子设备。

43. 发明申请

WO2015080661A1 METHOD AND ARRANGEMENTS FOR INTERMEDIARY NODE DISCOVERY DURING HANDSHAKE 审中-公开
标题翻译：在汉斯顿期间发现的中间节点的方法和安排
公开(公告)号：WO2015080661A1
公开(公告)日：2015-06-04
申请号：PCT/SE2014/051425
申请日：2014-11-28
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)
发明人： MATTSSON, John , SKOG, Robert , LORETO, Salvatore , SPAAK, Hans , NÄSLUND, Mats
IPC分类号： H04L29/06 , H04W12/02 , H04W76/02
CPC分类号： H04L63/083 , H04L63/0227 , H04L63/0428 , H04L63/061 , H04L63/145 , H04L63/164 , H04L63/166 , H04L63/20 , H04W8/005 , H04W12/02 , H04W12/06 , H04W48/02 , H04W76/18
摘要： A method executed by an Intermediary Node arranged between a Client and a Server for participating in the setting up of a connection between the Client and a Server is described, where, in response to intercepting a first message, transmitted from the Client and destined for the Server, and requesting for a connection to be set-up between the Client and the Server; and the recognizing, based on content of the received first message, that it is desirable for the Intermediary Node to perform at least one function on the requested connection, the Intermediary Node is transmitting a second message to the Client, comprising an identity of the Intermediary Node, thereby enabling the Client to accept or reject the Intermediary Node as a node participating in the requested connection set-up.
摘要翻译：描述了布置在客户机和服务器之间的中间节点执行的方法，用于参与建立客户机和服务器之间的连接，其中响应于拦截第一消息，从客户端发送并发往服务器，并请求在客户端和服务器之间建立连接; 以及基于所接收的第一消息的内容，基于所述中间节点对所请求的连接执行至少一个功能的期望，所述中间节点正在向所述客户端发送第二消息，所述第二消息包括所述中间人的身份节点，从而使得客户端可以接受或拒绝作为参与所请求的连接建立的节点的中间节点。

44. 发明申请

WO2010099823A1 IP MULTIMEDIA SECURITY 审中-公开
标题翻译： IP多媒体安全
公开(公告)号：WO2010099823A1
公开(公告)日：2010-09-10
申请号：PCT/EP2009/052560
申请日：2009-03-04
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , NÄSLUND, Mats , BLOM, Rolf , CHENG, Yi , LINDHOLM, Fredrik , NORRMAN, Karl
发明人： NÄSLUND, Mats , BLOM, Rolf , CHENG, Yi , LINDHOLM, Fredrik , NORRMAN, Karl
IPC分类号： H04L29/06 , H04W12/04
CPC分类号： H04L63/06 , H04L9/0844 , H04L2209/80 , H04W12/04
摘要： A method of establishing keys for at least partially securing media plane data exchanged between first and second end users via respective first and second media plane network nodes. The method comprises sending session set-up signalling from said first end point towards said second end point, said session set-up signalling including a session key generated by said first end point. The set-up signalling is intercepted at a first signalling plane network node and a determination made as to whether or not a signalling plane key has already been established for securing the signalling plane between said first end point and said first signalling plane network node. If a signalling plane key has already been established, then a media plane key is derived from that signalling plane key, and the media plane key sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node. If a signalling plane key has not already been established, then an alternative media plane key is derived from said session key and sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node.
摘要翻译：一种建立用于经由相应的第一和第二媒体平面网络节点至少部分地保护在第一和第二终端用户之间交换的媒体平面数据的密钥的方法。该方法包括从所述第一端点向所述第二端点发送会话建立信令，所述会话建立信令包括由所述第一端点产生的会话密钥。建立信令在第一信令平面网络节点被拦截，并且确定信令平面密钥是否已被建立用于在所述第一终端和所述第一信令平面网络节点之间保护信令平面。如果已经建立了信令平面密钥，则从该信令平面密钥导出媒体平面密钥，并且将媒体平面密钥发送到所述第一媒体平面网络节点，以将介质平面固定在所述第一终端用户和所述第一媒体之间平面网络节点。如果还没有建立信令平面密钥，则从所述会话密钥导出替代媒体平面密钥，并将其发送到所述第一媒体平面网络节点，以便在所述第一终端用户和所述第一媒体平面网络节点之间保护媒体平面。

45. 发明申请

WO2010053416A1 METHOD AND APPARATUS FOR FORWARDING DATA PACKETS USING AGGREGATING ROUTER KEYS 审中-公开
标题翻译：使用聚集路由器进行数据包的方法和装置
公开(公告)号：WO2010053416A1
公开(公告)日：2010-05-14
申请号：PCT/SE2008/051281
申请日：2008-11-07
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (publ) , CSÁSZÁR, András , MAGNUSSON, Lars G , NÄSLUND, Mats , WESTBERG, Lars
发明人： CSÁSZÁR, András , MAGNUSSON, Lars G , NÄSLUND, Mats , WESTBERG, Lars
IPC分类号： H04L12/56
CPC分类号： H04L45/00 , H04L63/0227
摘要： Method and apparatus for supporting the forwarding of received data packets in a router (402,702) of a packet- switched network. A forwarding table (706a) is configured in the router based on aggregating router keys and associated aggregation related instructions received from a key manager (400,700). Each aggregating router key represents a set of destinations. When a data packet (P) is received comprising an ingress tag derived from a sender key or router key, the ingress tag is matched with entries in the forwarding table. An outgoing port is selected for the packet according to a found matching table entry that further comprises an associated aggregation related instruction. An egress tag is then created according to the aggregation related instruction, and the packet with the created egress tag attached is sent from the selected outgoing port to a next hop router.
摘要翻译：用于支持在分组交换网络的路由器（402,702）中转发所接收的数据分组的方法和装置。基于从密钥管理器（400,700）接收的聚合路由器密钥和相关联的聚合相关指令，在路由器中配置转发表（706a）。每个聚合路由器密钥代表一组目的地。当接收到包含从发送方密钥或路由器密钥导出的入口标签的数据分组（P）时，入口标签与转发表中的条目匹配。根据发现的匹配表条目，为分组选择输出端口，进一步包括相关联的聚合相关指令。然后根据聚合相关指令创建出口标签，并将附加了创建的出口标签的数据包从所选出口端口发送到下一跳路由器。

46. 发明申请

WO2009065923A2 METHOD AND APPARATUS FOR USE IN A COMMUNICATIONS NETWORK 审中-公开
标题翻译：在通信网络中使用的方法和装置
公开(公告)号：WO2009065923A2
公开(公告)日：2009-05-28
申请号：PCT/EP2008/065967
申请日：2008-11-21
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , HADDAD, Wassim , NÄSLUND, Mats
发明人： HADDAD, Wassim , NÄSLUND, Mats
IPC分类号： H04W12/04 , H04W80/04
CPC分类号： H04W12/04 , H04L9/3239 , H04L63/0823 , H04L2209/80 , H04L2463/081 , H04W8/082 , H04W12/06 , H04W80/04 , H04W88/02 , H04W88/182
摘要： A method and apparatus for establishing a cryptographic relationship between a first node and a second node in a communications network. The first node receives at least part of a cryptographic attribute of the second node, uses the received at least part of the cryptographic attribute to generate an identifier for the first node. The cryptographic attribute may a public key belonging to the second node, and the identifier may be a Cryptographically Generated IP address. The cryptographic relationship allows the second node to establish with a third node that it is entitled to act on behalf of the first node.
摘要翻译：一种在通信网络中建立第一节点和第二节点之间的密码关系的方法和装置。第一节点接收第二节点的加密属性的至少一部分，使用所接收的至少部分密码属性来生成第一节点的标识符。加密属性可以是属于第二节点的公共密钥，并且该标识符可以是加密生成的IP地址。加密关系允许第二节点与第三节点建立它有权代表第一节点行动。

47. 发明申请

WO2008115126A2 PREFIX REACHABILITY DETECTION IN A COMMUNICATION 审中-公开
标题翻译：通信中的前缀可访问性检测
公开(公告)号：WO2008115126A2
公开(公告)日：2008-09-25
申请号：PCT/SE2008/050209
申请日：2008-02-26
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , HADDAD, Wassim , NÄSLUND, Mats
发明人： HADDAD, Wassim , NÄSLUND, Mats
IPC分类号： H04L29/06 , G06F21/00
CPC分类号： H04L63/1416 , H04L9/30 , H04L63/061 , H04L63/123 , H04L63/1466 , H04L2209/24
摘要： There is disclosed a method, and a communication system, and a communication node for implementing the claimed method, for attempting to enhance legitimacy assessment and thwart a man-in-the middle or similar false-location attack by evaluating the topology of a communication-session requesting node relative to the proposed communication path through a network between the requesting node and the requested node. Upon receiving the request,a PRD (Prefix Reachability Detection) protocol is initiated, either after or during a secure key exchange, if any, which if performed preferably includes an ART (address reachability text). The PRD is executed by sending a message to the communication node challenging the location-authenticity of the requesting device. The communication node, which may be for example an access router through which the requesting node accesses the network, determines if the requesting node is positioned behind the communication node topologically, and reports the result to the requested node. The requested node may then make a decision on whether to permit the communication. If so, the PRD may be repeated one or more times while the communication session is in progress.
摘要翻译：公开了一种用于实现所要求保护的方法的方法，通信系统和通信节点，用于通过评估通信的拓扑来尝试增强合法性评估并阻止中间或类似的假位置攻击中的人员，会话请求节点相对于所提出的通信路径通过请求节点和请求节点之间的网络。在接收到请求后，在安全密钥交换之后或期间，如果执行了PRD（前缀可达性检测）协议，如果执行的话，优先包括ART（地址可达性文本）。通过向通信节点发送消息来执行请求设备的位置真实性来执行PRD。通信节点，其可以是例如请求节点访问网络的接入路由器，确定请求节点是否在拓扑结构中位于通信节点后面，并将结果报告给所请求的节点。所请求的节点然后可以决定是否允许通信。如果是，则通信会话正在进行时，PRD可以重复一次或多次。

48. 发明申请

WO2009102247A1 APPLICATION SPECIFIC MASTER KEY SELECTION IN EVOLVED NETWORKS 审中-公开
标题翻译：应用特定的主要选择在演进的网络
公开(公告)号：WO2009102247A1
公开(公告)日：2009-08-20
申请号：PCT/SE2008/050178
申请日：2008-02-15
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , WALKER, John Michael , NÄSLUND, Mats , FERNANDEZ ALONSO, Susana
发明人： WALKER, John Michael , NÄSLUND, Mats , FERNANDEZ ALONSO, Susana
IPC分类号： H04W12/04 , H04L9/32 , H04W12/06
CPC分类号： H04L63/062 , H04L12/06 , H04L63/083 , H04W12/06
摘要： An authentication method comprises providing a set of N plural number of master keys both to a user terminal (13) and to home network entity (11) and, when performing an authentication key agreement (AKA) transaction for an application, selecting one of the N number of master keys to serve as a master key for use both at the user terminal and the home network entity for deriving further keys for the application. For example, when performing an authentication key agreement (AKA) transaction for a first application, the method involves randomly selecting one of the N number of master keys to serve as a first master key for use both at the user terminal and the home network entity for deriving further keys for the first application; but when 10 performing an authentication key agreement (AKA) transaction for another application, the method involves randomly selecting another one of the N number of master keys to serve as master key for use both at the user terminal and the home network entity for deriving further keys for the another application.
摘要翻译：认证方法包括向用户终端（13）和家庭网络实体（11）提供N个多个主密钥的集合，并且当为应用执行认证密钥协商（AKA）事务时，选择一个 N个主密钥用作用于用户终端和家庭网络实体的主密钥，用于导出用于应用的另外的密钥。例如，当对第一应用执行认证密钥协商（AKA）事务时，该方法包括随机选择N个主密钥中的一个作为第一主密钥，用于在用户终端和家庭网络实体用于导出用于第一应用的另外的键; 但是当10执行针对另一应用的认证密钥协议（AKA）事务时，该方法包括随机选择N个主密钥中的另一个作为主密钥，以在用户终端和归属网络实体处用于进一步导出另一个应用程序的键。

49. 发明申请

WO2009070075A1 KEY MANAGEMENT FOR SECURE COMMUNICATION 审中-公开
标题翻译：安全通信的关键管理
公开(公告)号：WO2009070075A1
公开(公告)日：2009-06-04
申请号：PCT/SE2007/050927
申请日：2007-11-30
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , BLOM, Rolf , CHENG, Yi , LINDHOLM, Fredrik , MATTSSON, John , NÄSLUND, Mats , NORRMAN, Karl
发明人： BLOM, Rolf , CHENG, Yi , LINDHOLM, Fredrik , MATTSSON, John , NÄSLUND, Mats , NORRMAN, Karl
IPC分类号： H04L9/08
CPC分类号： H04L9/0838 , H04L9/083 , H04L9/0861 , H04L63/061 , H04L63/062 , H04L63/0884 , H04L65/1016
摘要： A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary.
摘要翻译：公开了一种用于管理用于通信网络中的第一和第二用户设备之间的安全通信的会话密钥的方法和装置。该方法的特征在于独立于每个用户设备为安全操作实现什么类型的凭证。第一用户从第一密钥管理服务器接收密钥信息和凭证并生成第一会话密钥。该凭证被转发到至少一个响应用户设备，在来自与第一密钥管理服务器通信的第二密钥管理服务器的支持下，解决凭证并确定第二会话密钥。此后，第一和第二会话密钥用于安全通信。在一个实施例中，通信遍及中间体，由此第一和第二会话密钥保护与相应的腿到中间的通信。

50. 发明申请

WO2008074366A1 MANAGING USER ACCESS IN A COMMUNICATIONS NETWORK 审中-公开
标题翻译：管理通信网络中的用户访问
公开(公告)号：WO2008074366A1
公开(公告)日：2008-06-26
申请号：PCT/EP2006/069906
申请日：2006-12-19
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (publ) , NÄSLUND, Mats , ARKKO, Jari
发明人： NÄSLUND, Mats , ARKKO, Jari
IPC分类号： H04L29/06
CPC分类号： H04W12/04 , H04L63/061 , H04L63/062 , H04L63/067 , H04L63/08 , H04L63/0884 , H04L63/0892 , H04L63/162 , H04W12/06 , H04W80/04
摘要： A method of operating a node (AAA proxy) for performing handover between access networks wherein a user has authenticated for network access in a first access network (ANl). The method comprises receiving from a home network a first session key and a temporary identifier allocated to the user for the duration of a communication session. The identifier is mapped to the first session key, and the mapped identifier and key are stored at the node. A second session key is derived from the first session key and the second session key is sent to an access network, and the identifier sent to a user terminal, when the user subsequently moves to a second access network (AN2), the node receives the identifier from the user terminal. The node then retrieves the first session key mapped to the received identifier, derives a third session key and sends the third session key to the second access network.
摘要翻译：一种操作节点（AAA代理）的方法，用于在用户已经在第一接入网络（AN1）中对网络接入进行认证的接入网络之间进行切换。该方法包括：在通信会话期间，从家庭网络接收分配给用户的第一会话密钥和临时标识符。标识符被映射到第一个会话密钥，映射的标识符和密钥存储在节点处。第二会话密钥从第一会话密钥导出，第二会话密钥被发送到接入网络，并且当用户随后移动到第二接入网络（AN2）时，将标识符发送到用户终端，节点接收来自用户终端的标识符。然后，节点检索映射到接收到的标识符的第一会话密钥，导出第三会话密钥，并将第三会话密钥发送到第二接入网络。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式