专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

WO2012134369A1 METHODS AND APPARATUSES FOR AVOIDING DAMAGE IN NETWORK ATTACKS 审中-公开
标题翻译：避免网络攻击造成的损害的方法和设备
公开(公告)号：WO2012134369A1
公开(公告)日：2012-10-04
申请号：PCT/SE2011/050916
申请日：2011-07-06
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL) , OHLSSON, Oscar , LEHTOVIRTA, Vesa , MATTSSON, John , NORRMAN, Karl
发明人： OHLSSON, Oscar , LEHTOVIRTA, Vesa , MATTSSON, John , NORRMAN, Karl
IPC分类号： H04W12/06 , H04L9/32 , H04L29/06
CPC分类号： H04L63/14 , H04L63/1466 , H04L63/168 , H04L67/02 , H04L67/14 , H04L2463/061 , H04W12/04
摘要： Methods and apparatuses in a client terminal (400) and a web server (402) for enabling safe communication between said terminal and server. When the terminal obtains a web page from the server in a session, the terminal creates a context specific key, Ks_NAF', based on one or more context parameters, P1,...Pn, pertaining to said session and/or web page. The terminal then indicates the context specific key in a login request to the server, and the server determines a context specific key, Ks_NAF', in the same manner to verify the client if the context specific key determined in the web server matches the context specific key received from the client terminal. The context specific key is thus bound to and valid for the present context or session only and cannot be used in other contexts or sessions.
摘要翻译：客户终端（400）和网络服务器（402）中的方法和装置，用于使所述终端和服务器之间能够进行安全通信。当终端在会话中从服务器获得网页时，终端基于与所述会话和/或网页有关的一个或多个上下文参数P1，... Pn来创建上下文特定密钥Ks_NAF'。终端然后在向服务器的登录请求中指示上下文特定密钥，并且服务器以相同的方式确定上下文特定密钥Ks_NAF'，以验证客户端，如果在web服务器中确定的上下文特定密钥与上下文具体从客户终端收到的密钥。因此，上下文特定密钥被绑定到并且仅对于当前上下文或会话有效，并且不能在其他上下文或会话中使用。

2. 发明申请

WO2011081588A1 METHOD AND APPARATUS FOR SECURE ROUTING OF DATA PACKETS 审中-公开
标题翻译：数据包安全路由的方法和装置
公开(公告)号：WO2011081588A1
公开(公告)日：2011-07-07
申请号：PCT/SE2010/050001
申请日：2010-01-04
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL) , NÄSLUND, Mats , NORRMAN, Karl , YLITALO, Jukka , NIKANDER, Pekka
发明人： NÄSLUND, Mats , NORRMAN, Karl , YLITALO, Jukka , NIKANDER, Pekka
IPC分类号： H04L12/56
CPC分类号： H04L45/00 , H04L63/04 , H04L63/06
摘要： Methods and arrangements for supporting a forwarding process in routers (R1-R3) when routing data packets through a packet-switched network, by employing hierarchical parameters in which the hops of a predetermined transmission path between a sender (A) and a receiver are encoded. A name server (300) generates and distributes router-associated keys (K, K1-K3) to routers in the network which keys are used for computing the hierarchical parameters.
摘要翻译：在路由器（R1-R3）中通过分组交换网络路由数据分组时支持转发过程的方法和装置，通过采用其中编码发送器（A）和接收机之间的预定传输路径的跳数的分层参数。名称服务器（300）生成并将路由器相关密钥（K，K1-K3）分发给网络中用于计算层次参数的密钥的路由器。

3. 发明申请

WO2010099823A1 IP MULTIMEDIA SECURITY 审中-公开
标题翻译： IP多媒体安全
公开(公告)号：WO2010099823A1
公开(公告)日：2010-09-10
申请号：PCT/EP2009/052560
申请日：2009-03-04
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , NÄSLUND, Mats , BLOM, Rolf , CHENG, Yi , LINDHOLM, Fredrik , NORRMAN, Karl
发明人： NÄSLUND, Mats , BLOM, Rolf , CHENG, Yi , LINDHOLM, Fredrik , NORRMAN, Karl
IPC分类号： H04L29/06 , H04W12/04
CPC分类号： H04L63/06 , H04L9/0844 , H04L2209/80 , H04W12/04
摘要： A method of establishing keys for at least partially securing media plane data exchanged between first and second end users via respective first and second media plane network nodes. The method comprises sending session set-up signalling from said first end point towards said second end point, said session set-up signalling including a session key generated by said first end point. The set-up signalling is intercepted at a first signalling plane network node and a determination made as to whether or not a signalling plane key has already been established for securing the signalling plane between said first end point and said first signalling plane network node. If a signalling plane key has already been established, then a media plane key is derived from that signalling plane key, and the media plane key sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node. If a signalling plane key has not already been established, then an alternative media plane key is derived from said session key and sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node.
摘要翻译：一种建立用于经由相应的第一和第二媒体平面网络节点至少部分地保护在第一和第二终端用户之间交换的媒体平面数据的密钥的方法。该方法包括从所述第一端点向所述第二端点发送会话建立信令，所述会话建立信令包括由所述第一端点产生的会话密钥。建立信令在第一信令平面网络节点被拦截，并且确定信令平面密钥是否已被建立用于在所述第一终端和所述第一信令平面网络节点之间保护信令平面。如果已经建立了信令平面密钥，则从该信令平面密钥导出媒体平面密钥，并且将媒体平面密钥发送到所述第一媒体平面网络节点，以将介质平面固定在所述第一终端用户和所述第一媒体之间平面网络节点。如果还没有建立信令平面密钥，则从所述会话密钥导出替代媒体平面密钥，并将其发送到所述第一媒体平面网络节点，以便在所述第一终端用户和所述第一媒体平面网络节点之间保护媒体平面。

4. 发明申请

WO2009074356A1 METHODS AND APPARATUSES GENERATING A RADIO BASE STATION KEY IN A CELLULAR RADIO SYSTEM 审中-公开
标题翻译：在无线电系统中产生无线电基站的方法和装置
公开(公告)号：WO2009074356A1
公开(公告)日：2009-06-18
申请号：PCT/EP2008/058450
申请日：2008-07-01
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL) , BLOM, Rolf , NORRMAN, Karl , LINDSTRÖM, Magnus
发明人： BLOM, Rolf , NORRMAN, Karl , LINDSTRÖM, Magnus
IPC分类号： H04W12/04
CPC分类号： H04W12/04 , H04J11/0069 , H04L9/0656 , H04L2463/061 , H04W88/08
摘要： In a method and a system for providing secure communication in a cellular radio system radio base station key is generated by determining a set of data bits known to both the UE and the radio base station, and creating the radio base station key in response to the determined set of data.
摘要翻译：在用于在蜂窝无线电系统中提供安全通信的方法和系统中，通过确定UE和无线电基站已知的一组数据比特来生成无线基站密钥，并响应于该无线基站密钥创建无线基站密钥确定的数据集。

5. 发明申请

WO2007014630A1 AUTOMATIC MOBILE DEVICE CAPABILITY MANAGEMENT 审中-公开
标题翻译：自动移动设备能力管理
公开(公告)号：WO2007014630A1
公开(公告)日：2007-02-08
申请号：PCT/EP2006/006776
申请日：2006-07-11
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (publ) , NORRMAN, Karl , BARRIGA, Luis , HALEN, Joacim
发明人： NORRMAN, Karl , BARRIGA, Luis , HALEN, Joacim
IPC分类号： H04Q7/38 , H04L29/08 , H04M3/42
CPC分类号： H04W8/22 , H04L67/04 , H04L67/303 , H04M3/42136 , H04M3/42178 , H04W8/18
摘要： The present invention relates to an improved approach to mobile device capability management. Heretofore, a capability management device (14) is provided at a mobile communication network. Upon change of a mobile device capability, a related notification is sent to the capability management device (14) which applies a policy decision whether to track the capability change at the network side or not. Should the decision be ’yes’, the capability management device (14) starts a device management session to collect further information on a mobile device capability change beyond the information made available with the mobile device capability change notification. After retrieval of the mobile device capability change information, the capability management device (14) will update its mobile device capability state accordingly. Optionally, the capability management device (14) may share the generated information with third party (16) cooperating with the mobile device (10) for, e.g., service delivery.
摘要翻译：本发明涉及一种改进的移动设备能力管理方法。迄今为止，在移动通信网络中提供了能力管理装置（14）。在更改移动设备能力时，向能力管理设备（14）发送相关通知，该能力管理设备（14）应用策略决定是否跟踪网络侧的能力变化。如果决定为“是”，则能力管理装置（14）启动设备管理会话以收集有关移动设备能力改变的进一步信息，超出了可用于移动设备能力改变通知的信息。在检索到移动设备能力改变信息之后，能力管理设备（14）将相应地更新其移动设备能力状态。可选地，能力管理设备（14）可以与与移动设备（10）协作的第三方（16）共享生成的信息，以用于例如服务递送。

6. 发明申请

WO2006104438A1 PROTECTION OF DATA DELIVERED OUT-OF-ORDER 审中-公开
标题翻译：保护数据提供的无序
公开(公告)号：WO2006104438A1
公开(公告)日：2006-10-05
申请号：PCT/SE2006/000312
申请日：2006-03-09
申请人： TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) , CHEN, Ta-Wei , NORRMAN, Karl
发明人： CHEN, Ta-Wei , NORRMAN, Karl
IPC分类号： H04L29/06 , H04L12/56
CPC分类号： H04L47/10 , H04L63/0428 , H04L63/166 , H04L69/14 , H04L69/16 , H04L69/163 , H04L69/165
摘要： A basic idea of the invention is to separate ordered delivery data and unordered delivery data in a security protocol running on top of a reliable transport protocol, and perform a first type of security processing for ordered delivery data and a second different type of security processing for unordered delivery data in the security protocol. Preferably, data messages using ordered delivery and data messages using unordered delivery within a secure data stream are separated into two message sequence spaces on the security protocol layer, and data security processing is then performed differently in these two spaces. The invention is particularly suitable for a reliable transport protocol such as SCTP (Stream Control Transmission Protocol). The security protocol running on top of the transport protocol is preferably based on the TLS (Transport Layer Security) or a TLS-like protocol with a security processing extension for unordered delivery.
摘要翻译：本发明的基本思想是在可靠传输协议之上运行的安全协议中分离有序传送数据和无序传送数据，并对有序传送数据执行第一类型的安全处理，以及对第二种不同类型的安全处理进行安全处理安全协议中的无序传送数据。优选地，使用有序传送的数据消息和使用安全数据流内的无序传送的数据消息在安全协议层上分成两个消息序列空间，然后在这两个空间中进行不同的数据安全处理。本发明特别适用于诸如SCTP（流控制传输协议）的可靠传输协议。运行在传输协议之上的安全协议优选地基于TLS（传输层安全性）或具有用于无序传送的安全处理扩展的类TLS协议。

7. 发明申请

WO2013172750A1 SECURE PAGING 审中-公开
标题翻译：安全打包
公开(公告)号：WO2013172750A1
公开(公告)日：2013-11-21
申请号：PCT/SE2012/050517
申请日：2012-05-15
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL) , ARKKO, Jari , SAHLIN, Bengt , LARMO, Anna , SLAVOV, Kristian , NORRMAN, Karl
发明人： ARKKO, Jari , SAHLIN, Bengt , LARMO, Anna , SLAVOV, Kristian , NORRMAN, Karl
IPC分类号： H04W12/10 , H04W68/00 , H04L9/32
CPC分类号： H04W12/06 , H04L9/3226 , H04L63/0876 , H04L63/123 , H04L2209/38 , H04L2209/80 , H04W4/70 , H04W12/04 , H04W12/10 , H04W68/00 , H04W68/025
摘要： There is described a device for communicating with a network. The device receives a series of paging messages from a serving node in the network, where each paging message includes identification and authentication information sufficient to identify at least one device and authenticate the message, at least some of the information having been protected according to a sequence such that it varies between successive paging messages. The device verifies the protected part of the information using a cryptographic function and knowledge of the sequence and identifies whether the information indicates that message is an authentic message intended for that device. The device may act in response to the received paging message.
摘要翻译：描述了用于与网络进行通信的设备。该设备从网络中的服务节点接收一系列寻呼消息，其中每个寻呼消息包括足以识别至少一个设备并认证消息的标识和认证信息，至少一些信息已经根据序列被保护使得它在连续的寻呼消息之间变化。设备使用加密功能和序列的知识来验证信息的受保护部分，并且识别信息是否指示该消息是用于该设备的真实消息。该设备可以响应于接收到的寻呼消息而起作用。

8. 发明申请

WO2013117243A1 LAWFUL INTERCEPTION OF ENCRYPTED COMMUNICATIONS 审中-公开
标题翻译：严格界定加密通信
公开(公告)号：WO2013117243A1
公开(公告)日：2013-08-15
申请号：PCT/EP2012/057788
申请日：2012-04-27
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL) , NÄSLUND, Mats , IOVIENO, Maurizio , NORRMAN, Karl
发明人： NÄSLUND, Mats , IOVIENO, Maurizio , NORRMAN, Karl
IPC分类号： H04L29/06
CPC分类号： H04L63/0807 , H04L9/3213 , H04L63/0428 , H04L63/062 , H04L63/306
摘要： A method and apparatus for providing access to an encrypted communication between a sending node and a receiving node to a Law Enforcement Agency (LEA). A Key Management Server (KMS) function stores cryptographic information used to encrypt the communication at a database. The cryptographic information is associated with an identifier used to identify the encrypted communication between the sending node and the receiving node. The KMS receives a request for Lawful Interception, the request including an identity of a Lawful Interception target. The KMS uses the target identity to determine the identifier, and retrieves the cryptographic information associated with the identifier from the database. The cryptographic information can be used to decrypt the encrypted communication. The KMS then sends either information derived from the cryptographic information or a decrypted communication towards the LEA. This allows the LEA to obtain a decrypted version of the communication.
摘要翻译：一种用于向执法机构（LEA）提供对发送节点和接收节点之间的加密通信的访问的方法和装置。密钥管理服务器（KMS）功能存储用于加密数据库中的通信的加密信息。加密信息与用于识别发送节点和接收节点之间的加密通信的标识符相关联。 KMS收到合法侦听请求，该请求包括合法拦截目标的身份。 KMS使用目标身份确定标识符，并从数据库检索与标识符相关联的加密信息。加密信息可用于解密加密通信。然后，KMS将从加密信息或解密的通信导出的信息发送给LEA。这允许LEA获得通信的解密版本。

9. 发明申请

WO2011128183A2 METHOD AND APPARATUS FOR INTERWORKING WITH SINGLE SIGN-ON AUTHENTICATION ARCHITECTURE 审中-公开
标题翻译：用于与单一标识认证架构交互的方法和装置
公开(公告)号：WO2011128183A2
公开(公告)日：2011-10-20
申请号：PCT/EP2011/054303
申请日：2011-03-22
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL) , NIKANDER, Pekka , EKDAHL, Patrik , LEHTOVIRTA, Vesa , NORRMAN, Karl , WIFVESSON, Monica
发明人： NIKANDER, Pekka , EKDAHL, Patrik , LEHTOVIRTA, Vesa , NORRMAN, Karl , WIFVESSON, Monica
IPC分类号： H04L29/06
CPC分类号： H04L63/0815 , H04L63/0853 , H04L63/18 , H04W12/06
摘要： A method is provided for use in interworking a single sign-on authentication architecture and a further authentication architecture in a split terminal scenario. The split terminal scenario is one in which authentication under the single sign-on authentication architecture is required of a browsing agent (8) being used to access a relying party and in response, due to the interworking in the split terminal scenario, an associated authentication under the further authentication architecture is performed in relation to a separate authentication agent (7). A controlling agent (4) sends (C3) a token to the authentication agent (7). The controlling agent (4) sends (C4) a request to the browsing agent (8) to return a token for comparing with the token sent to the authentication agent (7). The controlling agent (4) waits (C6) for the authentication agent (7) or a user of the authentication agent (7) to communicate (A2) the received token to the browsing agent (8) via a secure and/or trusted channel and for the browsing agent (8), in response to the earlier received request, to forward (B4) the token to the controlling agent (4). The controlling agent (4) receives (C7) the token from the browsing agent (8). The controlling agent (4) compares (C10) the received token with the token sent to the authentication agent (7) to determine whether the authentication agent (7) is authorised to perform authentication on behalf of the browsing agent (8) and/or whether the browsing agent (8) is authorised to act as a representative for the authentication agent (7). The controlling agent (4) authenticates (C11) the browsing agent (8) to the relying party based on the associated authentication performed in relation to the authentication agent (7) if it is determined in the comparing step (C10) that the authentication agent (7) and/or browsing agent (8) is so authorised.
摘要翻译：提供了一种用于在分离终端场景中互通单一登录认证架构和另外的认证架构的方法。分裂终端场景是其中需要用于访问依赖方的浏览代理（8）的单点登录认证体系结构下的认证，并且由于分裂终端场景中的互通，相关联的认证在另外的认证体系结构下相对于单独的认证代理（7）执行。控制代理（4）向认证代理（7）发送（C3）令牌。控制代理（4）向浏览代理（8）发送（C4）请求以返回与发送给认证代理（7）的令牌进行比较的令牌。控制代理（4）等待认证代理（7）的认证代理（7）或认证代理（7）的用户通过安全和/或受信任的信道将接收的令牌（A2）通信（A2）到浏览代理（8）并且对于浏览代理（8），响应于较早接收到的请求，将令牌转发（B4）到控制代理（4）。控制代理（4）从浏览代理（8）接收（C7）令牌。控制代理（4）将接收的令牌（C10）与发送给认证代理（7）的令牌进行比较（C10），以确定认证代理（7）是否被授权代表浏览代理（8）执行认证和/或浏览代理（8）是否被授权充当认证代理（7）的代表。如果在比较步骤（C10）中确定认证代理（7）确定了相对于认证代理（7）执行的关联认证，则控制代理（4）将浏览代理（8）认证给依赖方（C11）（7）和/或浏览代理（8）被授权。

10. 发明申请

WO2011113873A1 ENHANCED KEY MANAGEMENT FOR SRNS RELOCATION 审中-公开
标题翻译：加强SRNS重点管理
公开(公告)号：WO2011113873A1
公开(公告)日：2011-09-22
申请号：PCT/EP2011/053999
申请日：2011-03-16
申请人： TELEFONAKTIEBOLAGET L M ERICSSON (PUBL) , NORRMAN, Karl , HEDBERG, Tomas , NÄSLUND, Mats
发明人： NORRMAN, Karl , HEDBERG, Tomas , NÄSLUND, Mats
IPC分类号： H04W12/04 , H04W36/00
CPC分类号： H04L9/08 , H04L63/06 , H04W12/04 , H04W12/08 , H04W36/0038 , H04W36/12
摘要： A method comprises maintaining, in a first node serving a mobile terminal over a connection protected by at least one first key, said first key and information about the key management capabilities of the mobile terminal. Upon relocation of the mobile terminal to a second node the method includes: if, and only if, said key management capabilities indicate an enhanced key management capability supported by the mobile terminal, modifying, by said first node, the first key, thereby creating a second key, sending, from the first node to the second node, the second key, and transmitting to the second node the information about the key management capabilities of the mobile terminal.
摘要翻译：一种方法包括在通过由至少一个第一密钥保护的连接上为移动终端服务的第一节点中保留所述第一密钥和关于移动终端的密钥管理能力的信息。在将移动终端重定位到第二节点时，该方法包括：如果并且仅当所述密钥管理能力指示由移动终端支持的增强密钥管理能力时，由所述第一节点修改第一密钥，从而创建第二密钥，从第一节点向第二节点发送第二密钥，并向第二节点发送关于移动终端的密钥管理能力的信息。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式