专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

WO2007055828A2 METHOD AND APPARATUS FOR PROVIDING AUTHORIZATION MATERIAL 审中-公开
标题翻译：提供授权材料的方法和装置
公开(公告)号：WO2007055828A2
公开(公告)日：2007-05-18
申请号：PCT/US2006/038306
申请日：2006-09-30
申请人： MOTOROLA, INC. , NAKHJIRI, Madjid, F.
发明人： NAKHJIRI, Madjid, F.
IPC分类号： H04L9/32
CPC分类号： H04L9/3297 , H04L9/321 , H04L9/3271 , H04L63/08 , H04L63/0892 , H04L2209/80
摘要： Various embodiments are described to address the problem of duplicated authentication processing in authorizing servers. Generally expressed, an authorizing server (220), such as an AAA server, sends (305) authorization material to a first access service node (210), such as a foreign agent or SIP agent. The authorization material is for a second access service node (230) and corresponds to a mobile node (201). The first access service node then forwards (307) the authorization material to the second access service node. By distributing the authorization material in this way, the second access service node need not communicate with the authorizing server to obtain the authorization material and neither does the authorizing server need to send messaging to both access service nodes. Thus, benefits such as reduced authorizing server load and reduced registration delays may be realized depending on the embodiment employed.
摘要翻译：描述了各种实施例来解决授权服务器中的重复认证处理的问题。通常表示，诸如AAA服务器的授权服务器（220）向诸如外部代理或SIP代理的第一接入服务节点（210）发送（305）授权资料。所述授权材料用于第二接入服务节点（230），并对应于移动节点（201）。然后，第一接入服务节点将授权材料转发（307）到第二接入服务节点。通过以这种方式分发授权材料，第二访问服务节点不需要与授权服务器进行通信以获得授权资料，授权服务器也不需要向两个接入服务节点发送消息。因此，取决于所使用的实施例，可以实现减少授权服务器负载和减少注册延迟的益处。

2. 发明申请

WO2006115741B1 METHOD AND APPARATUS FOR GENERATING SESSION KEYS 审中-公开
标题翻译：用于生成会话密钥的方法和设备
公开(公告)号：WO2006115741B1
公开(公告)日：2007-02-22
申请号：PCT/US2006013126
申请日：2006-04-07
申请人： MOTOROLA INC , VENKITARAMAN NARAYANAN , NAKHJIRI MADJID F
发明人： VENKITARAMAN NARAYANAN , NAKHJIRI MADJID F
IPC分类号： H04W12/04
CPC分类号： H04L63/067 , H04W12/04 , H04W36/0038
摘要： Nonce exchange (figure 2) with a target BS is performed even when the MS connected to the source BS so when the mobile reaches the new BS. it will be able to create a fresh key quickly. Alternately, the MS can provide the nonce directly to the target BS immediately (or very soon) upon handing over. In a similar manner, the mobile will require the target BS nonce via one of several techniques. In a first embodiment of the present invention the target BS will share the BS nonce with the source BS which will provide the nonce to the MS. In a second embodiment of the present invention the target BS will transmit the nonce over-the-air to the MS as part to the initial exchange leading to the set up of the wireless link between the MS and the target BS.
摘要翻译：即使当连接到源BS的移动台到达新的BS时，也执行与目标BS的随机数交换（图2）。它将能够快速创建一个新的密钥。或者，MS可以在移交时立即（或很快）将该随机数直接提供给目标BS。以类似的方式，移动台将通过几种技术之一需要目标BS随机数。在本发明的第一实施例中，目标BS将与将向MS提供nonce的源BS共享BS nonce。在本发明的第二实施例中，目标BS将向MS发送随机数，作为导致建立MS与目标BS之间的无线链路的初始交换的一部分。

3. 发明申请

WO2012119015A1 PROVIDING SUBSCRIBER CONSENT IN AN OPERATOR EXCHANGE 审中-公开
标题翻译：在操作员交换中提供订阅者同意
公开(公告)号：WO2012119015A1
公开(公告)日：2012-09-07
申请号：PCT/US2012/027353
申请日：2012-03-01
申请人： GENERAL INSTRUMENT CORPORATION , NAKHJIRI, Madjid, F.
发明人： NAKHJIRI, Madjid, F.
IPC分类号： H04L29/06 , G06F21/00
CPC分类号： H04L63/08 , G06F21/42 , H04L63/10
摘要： A method and system for providing a record of consent in scenarios in which the user (102) and a device (104) may have to perform a function that involves two entities that don't trust each other or are not necessary interested in cooperating. In one such example, a user (102) wants to switch services from an "old" operator to a "new" operator. An operator switch without explicit user consent may have legal or business ramifications for both the "old" and "new" operators. The ramifications are even more severe if the switch is the result of actions of, for example, a hacker maliciously causing this switches in order to cause monetary or other damage to either operators or denial of service to the users. In such cases it is useful for both operators to be on record and have an archive of proof of user consent should future disputes arise.
摘要翻译：一种方法和系统，用于在用户（102）和设备（104）可能必须执行涉及两个不相互信任的实体或不需要合作感兴趣的功能的场景中提供同意记录。在一个这样的示例中，用户（102）希望将服务从“旧”运营商切换到“新”运营商。没有明确的用户同意的操作员切换可能对“旧”和“新”运营商都有法律或业务影响。如果交换机是例如黑客恶意导致该交换机以对运营商造成货币或其他损害或者拒绝对用户的服务的结果，则后果更为严重。在这种情况下，如果未来的争议出现，两个运营商都将被记录在案并拥有用户同意的证明档案。

4. 发明申请

WO2010033336A1 SECURE SERVER CERTIFICATE TRUST LIST UPDATE FOR CLIENT DEVICES 审中-公开
标题翻译：客户设备的安全服务器证书信任列表更新
公开(公告)号：WO2010033336A1
公开(公告)日：2010-03-25
申请号：PCT/US2009/054389
申请日：2009-08-20
申请人： MOTOROLA, INC. , UPP, Steven, D. , MEDVINSKY, Alexander , NAKHJIRI, Madjid, F.
发明人： UPP, Steven, D. , MEDVINSKY, Alexander , NAKHJIRI, Madjid, F.
IPC分类号： G06F21/00 , H04L29/06
CPC分类号： H04L63/20 , G06F21/33 , H04L63/0823
摘要： A method, a network element, and a client device for creating a trusted connection with a network are disclosed. A client device 104 may attempt to access a sub-network 106. The client device 104 may determine that a certificate of the sub-network 106 is issued by a certification authority absent from a device certificate trust list. The client device 104 may receive via the sub-network 106 a certificate trust list update 400 from a certificate trust list provider 108.
摘要翻译：公开了一种用于创建与网络的可信连接的方法，网络元件和客户端设备。客户端设备104可以尝试访问子网络106.客户端设备104可以确定子网络106的证书是由设备证书信任列表中不存在的证书颁发机构颁发的。客户端设备104可以经由子网络106从证书信任列表提供者108接收证书信任列表更新400。

5. 发明申请

WO2007005101A2 SYSTEM AND METHOD FOR ESTABLISHING A SHARED KEY BETWEEN NETWORK PEERS 审中-公开
标题翻译：在网络对等方之间建立共享关键的系统和方法
公开(公告)号：WO2007005101A2
公开(公告)日：2007-01-11
申请号：PCT/US2006/016575
申请日：2006-05-01
申请人： MOTOROLA, INC. , NAKHJIRI, Madjid, F. , NARAYANAN, Vidya , VENKITARAMAN, Narayanan
发明人： NAKHJIRI, Madjid, F. , NARAYANAN, Vidya , VENKITARAMAN, Narayanan
IPC分类号： G06F15/16
CPC分类号： H04L63/0272 , H04L9/083 , H04L9/0844 , H04L63/061 , H04L63/0892 , H04L2209/80 , H04L2463/061
摘要： An Authentication, Authorization, and Accounting (AAA) key, defining a first shared secret between a mobile node (108) and an AAA server (110), is acquired. A shared key becomes associated with the mobile node (108) and the VPN server (104). The shared key is formed, at least in part, from the AAA key. The shared key defines a second shared secret, which is between the mobile node (108) and the VPN server (104). A secure data tunnel is then established between the mobile node (108) and the VPN server (104) using the shared key.
摘要翻译：获取在移动节点（108）和AAA服务器（110）之间定义第一共享秘密的认证，授权和计费（AAA）密钥。共享密钥与移动节点（108）和VPN服务器（104）相关联。共享密钥至少部分地由AAA密钥形成。所述共享密钥定义在所述移动节点（108）和所述VPN服务器（104）之间的第二共享密钥。然后使用共享密钥在移动节点（108）和VPN服务器（104）之间建立安全数据隧道。

6. 发明申请

WO2008138271A1 METHOD AND SYSTEM FOR AUTHENTICATION CONFIRMATION USING EXTENSIBLE AUTHENTICATION PROTOCOL 审中-公开
标题翻译：使用可扩展认证协议进行认证确认的方法和系统
公开(公告)号：WO2008138271A1
公开(公告)日：2008-11-20
申请号：PCT/CN2008/070952
申请日：2008-05-13
申请人： HUAWEI TECHNOLOGIES CO., LTD. , NAKHJIRI, Madjid F.
发明人： NAKHJIRI, Madjid F.
IPC分类号： H04L29/06
CPC分类号： H04L63/08 , H04L63/162
摘要： A method for secure and reliable authentication in a communication system. In an embodiment, the authentication method includes performing authentication of a user utilizing Extensible Authentication Protocol (EAP), and transmitting a result indication message to the user. The result indication message can include additional information for security and reliability. The method also includes receiving an acknowledgement message from the user. The acknowledgement message is sent by the user for confirming the reception of the result indication. In an embodiment, the method also includes retransmitting the result indication message if the acknowledgement message is not received within a predetermined time. The additional information for security and reliability can include Message Authentication Code (MAC) and time interval information. The additional information for security and reliability can also include a security/reliability flag.
摘要翻译：一种在通信系统中安全可靠认证的方法。在一个实施例中，认证方法包括使用可扩展认证协议（EAP）来执行用户的认证，以及向用户发送结果指示消息。结果指示消息可以包括用于安全性和可靠性的附加信息。该方法还包括从用户接收确认消息。确认消息由用户发送以确认结果指示的接收。在一个实施例中，如果在预定时间内没有接收到确认消息，则该方法还包括重传结果指示消息。用于安全性和可靠性的附加信息可以包括消息认证码（MAC）和时间间隔信息。安全性和可靠性的附加信息还可以包括安全性/可靠性标志。

7. 发明申请

WO2008110055A1 TOKEN-BASED DYNAMIC KEY DISTRIBUTION METHOD FOR ROAMING ENVIRONMENTS 审中-公开
标题翻译：用于漫游环境的基于TOKEN的动态密钥分配方法
公开(公告)号：WO2008110055A1
公开(公告)日：2008-09-18
申请号：PCT/CN2007/071317
申请日：2007-12-25
申请人： HUAWEI TECHNOLOGIES CO., LTD. , NAKHJIRI, Madjid, F. , WAN, Changsheng
发明人： NAKHJIRI, Madjid, F. , WAN, Changsheng
IPC分类号： H04Q7/38
CPC分类号： H04L63/062 , H04L9/3213 , H04L63/0892 , H04L2209/80 , H04L2463/062 , H04W12/04 , H04W80/04
摘要： A method for establishing a new security association between a mobile node and a network source, includes creating a first token comprising a security association between a network source and a mobile node, the first token being encrypted using a first key known to the mobile node and a first trust authority within a home network associated with the mobile node, and creating a second token comprising the same security association between the network source and the mobile node, the second token being encrypted by using a second key known to the first trust authority and a second trust authority associated with the network source, wherein the first token and the second token are sent to the second trust authority using a chain of trust infrastructure.
摘要翻译：一种用于在移动节点和网络源之间建立新的安全关联的方法，包括创建包括网络源和移动节点之间的安全关联的第一令牌，所述第一令牌使用所述移动节点已知的第一密钥进行加密;以及与所述移动节点相关联的家庭网络内的第一信任机构，以及创建包括所述网络源与所述移动节点之间的相同安全关联的第二令牌，所述第二令牌通过使用所述第一信任机构已知的第二密钥进行加密;以及与所述网络源相关联的第二信任机构，其中所述第一令牌和所述第二令牌使用信任基础设施链发送到所述第二信任机构。

8. 发明申请

WO2006115741A2 METHOD AND APPARATUS FOR GENERATING SESSION KEYS 审中-公开
标题翻译：用于生成会话的方法和装置
公开(公告)号：WO2006115741A2
公开(公告)日：2006-11-02
申请号：PCT/US2006/013126
申请日：2006-04-07
申请人： MOTOROLA, INC. , VENKITARAMAN, Narayanan , NAKHJIRI, Madjid, F.
发明人： VENKITARAMAN, Narayanan , NAKHJIRI, Madjid, F.
IPC分类号： H04M1/66 , H04Q7/20
CPC分类号： H04L63/067 , H04W12/04 , H04W36/0038
摘要： Nonce exchange with a target BS is performed even when the MS connected to the source BS so when the mobile reaches the new BS, it will be able to create a fresh key quickly. Alternatively, the MS can provide the nonce directly to the target base station immediately (or very soon) upon handing over. In a similar manner, the mobile will receive the target BS nonce via one of several techniques. In a first embodiment of the present invention the target BS will share the BS nonce with the source BS which will provide the nonce to the MS. In a second embodiment of the present invention the target base station will transmit the nonce over-the-air to the MS as part to the initial exchanges leading to the set up of the wireless link between the MS and the target BS.
摘要翻译：即使连接到源BS的MS，当移动台到达新的BS时，即使与目标BS进行永久交换，也能够快速地创建新的密钥。或者，MS可以在交付时立即（或很快）将目标基站直接提供给目标基站。以类似的方式，移动台将通过几种技术之一接收目标BS随机数。在本发明的第一实施例中，目标BS将与将向MS提供随机数的源BS共享BS随机数。在本发明的第二实施例中，目标基站将作为一部分将作为MS和目标BS之间的无线链路建立的初始交换的空中无线传送到MS。

9. 发明申请

WO2011127053A1 LOCATING NETWORK RESOURCES FOR AN ENTITY BASED ON ITS DIGITAL CERTIFICATE 审中-公开
标题翻译：基于其数字证书为实体定位网络资源
公开(公告)号：WO2011127053A1
公开(公告)日：2011-10-13
申请号：PCT/US2011/031250
申请日：2011-04-05
申请人： GENERAL INSTRUMENT CORPORATION , NAKHJIRI, Madjid, F. , CHAN, Tat, Keung
发明人： NAKHJIRI, Madjid, F. , CHAN, Tat, Keung
IPC分类号： H04L29/06
CPC分类号： H04L63/0823
摘要： A method and apparatus are provided for locating network resources over a communication network. The method includes receiving a digital certificate identifying a first entity and extracting information from at least one predetermined field of the digital certificate. The extracted information is used as input to a location generation function to create a resource locator (e.g., a URL). The network resource is contacted over the communication network in accordance with a communication protocol using the resource locator to obtain requested information concerning the first entity.
摘要翻译：提供了一种用于通过通信网络定位网络资源的方法和装置。该方法包括接收标识第一实体的数字证书，并从数字证书的至少一个预定字段提取信息。所提取的信息被用作位置生成功能的输入以创建资源定位符（例如，URL）。根据使用资源定位器的通信协议，通过通信网络联系网络资源，以获得关于第一实体的请求信息。

10. 发明申请

WO2011106769A2 DYNAMIC CRYPTOGRAPHIC SUBSCRIBER-DEVICE IDENTITY BINDING FOR SUBSCRIBER MOBILITY 审中-公开
标题翻译：用于订阅者移动的动态CRYPTOGRAPHIC订阅者设备身份绑定
公开(公告)号：WO2011106769A2
公开(公告)日：2011-09-01
申请号：PCT/US2011026465
申请日：2011-02-28
申请人： GEN INSTRUMENT CORP , NAKHJIRI MADJID F , HOEPER KATRIN , MEDVINSKY ALEXANDER
发明人： NAKHJIRI MADJID F , HOEPER KATRIN , MEDVINSKY ALEXANDER
IPC分类号： H04L29/06
CPC分类号： H04L63/126 , H04L9/0861 , H04L9/3213 , H04L9/3263 , H04L63/061 , H04L63/08 , H04L63/0892 , H04L63/162 , H04L2209/603 , H04L2463/061 , H04L2463/082
摘要： A method of authentication and authorization over a communication system is provided. The method performs a first authentication of a device based on a set of device identity and credentials. The first authentication includes creation of a first set of keying material. The method also includes performing a second authentication of a subscriber based on a set of subscriber identity and credentials. The second authentication includes creation of a second set of keying material. A set of compound key material is created with a key derivation mechanism that uses the first set of keying material and the second set of keying material. A binding token is created by cryptographically signing at least the device identity authenticated in the first authentication and the subscriber identity authenticated in the second authentication using the set of compound keying material. The signed binding token is exchanged for verification with an authenticating and authorizing party.
摘要翻译：提供了一种通信系统的认证和授权方法。该方法基于一组设备身份和凭证来执行设备的第一认证。第一认证包括创建第一组密钥材料。该方法还包括基于一组订户身份和凭证来执行订户的第二认证。第二认证包括创建第二组密钥材料。使用密钥导出机制创建一组复合密钥材料，该机制使用第一组密钥材料和第二组密钥材料。绑定令牌是通过使用该组复合密钥材料至少加密地签名在第一认证中认证的设备身份和在第二认证中认证的用户身份来创建的。签署的绑定令牌与验证和授权方交换验证。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式