会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 3. 发明申请
    • IP MULTIMEDIA SECURITY
    • IP多媒体安全
    • WO2010099823A1
    • 2010-09-10
    • PCT/EP2009/052560
    • 2009-03-04
    • TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)NÄSLUND, MatsBLOM, RolfCHENG, YiLINDHOLM, FredrikNORRMAN, Karl
    • NÄSLUND, MatsBLOM, RolfCHENG, YiLINDHOLM, FredrikNORRMAN, Karl
    • H04L29/06H04W12/04
    • H04L63/06H04L9/0844H04L2209/80H04W12/04
    • A method of establishing keys for at least partially securing media plane data exchanged between first and second end users via respective first and second media plane network nodes. The method comprises sending session set-up signalling from said first end point towards said second end point, said session set-up signalling including a session key generated by said first end point. The set-up signalling is intercepted at a first signalling plane network node and a determination made as to whether or not a signalling plane key has already been established for securing the signalling plane between said first end point and said first signalling plane network node. If a signalling plane key has already been established, then a media plane key is derived from that signalling plane key, and the media plane key sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node. If a signalling plane key has not already been established, then an alternative media plane key is derived from said session key and sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node.
    • 一种建立用于经由相应的第一和第二媒体平面网络节点至少部分地保护在第一和第二终端用户之间交换的媒体平面数据的密钥的方法。 该方法包括从所述第一端点向所述第二端点发送会话建立信令,所述会话建立信令包括由所述第一端点产生的会话密钥。 建立信令在第一信令平面网络节点被拦截,并且确定信令平面密钥是否已被建立用于在所述第一终端和所述第一信令平面网络节点之间保护信令平面。 如果已经建立了信令平面密钥,则从该信令平面密钥导出媒体平面密钥,并且将媒体平面密钥发送到所述第一媒体平面网络节点,以将介质平面固定在所述第一终端用户和所述第一媒体之间 平面网络节点。 如果还没有建立信令平面密钥,则从所述会话密钥导出替代媒体平面密钥,并将其发送到所述第一媒体平面网络节点,以便在所述第一终端用户和所述第一媒体平面网络节点之间保护媒体平面。
    • 5. 发明申请
    • AUTOMATIC MOBILE DEVICE CAPABILITY MANAGEMENT
    • 自动移动设备能力管理
    • WO2007014630A1
    • 2007-02-08
    • PCT/EP2006/006776
    • 2006-07-11
    • TELEFONAKTIEBOLAGET LM ERICSSON (publ)NORRMAN, KarlBARRIGA, LuisHALEN, Joacim
    • NORRMAN, KarlBARRIGA, LuisHALEN, Joacim
    • H04Q7/38H04L29/08H04M3/42
    • H04W8/22H04L67/04H04L67/303H04M3/42136H04M3/42178H04W8/18
    • The present invention relates to an improved approach to mobile device capability management. Heretofore, a capability management device (14) is provided at a mobile communication network. Upon change of a mobile device capability, a related notification is sent to the capability management device (14) which applies a policy decision whether to track the capability change at the network side or not. Should the decision be ’yes’, the capability management device (14) starts a device management session to collect further information on a mobile device capability change beyond the information made available with the mobile device capability change notification. After retrieval of the mobile device capability change information, the capability management device (14) will update its mobile device capability state accordingly. Optionally, the capability management device (14) may share the generated information with third party (16) cooperating with the mobile device (10) for, e.g., service delivery.
    • 本发明涉及一种改进的移动设备能力管理方法。 迄今为止,在移动通信网络中提供了能力管理装置(14)。 在更改移动设备能力时,向能力管理设备(14)发送相关通知,该能力管理设备(14)应用策略决定是否跟踪网络侧的能力变化。 如果决定为“是”,则能力管理装置(14)启动设备管理会话以收集有关移动设备能力改变的进一步信息,超出了可用于移动设备能力改变通知的信息。 在检索到移动设备能力改变信息之后,能力管理设备(14)将相应地更新其移动设备能力状态。 可选地,能力管理设备(14)可以与与移动设备(10)协作的第三方(16)共享生成的信息,以用于例如服务递送。
    • 6. 发明申请
    • PROTECTION OF DATA DELIVERED OUT-OF-ORDER
    • 保护数据提供的无序
    • WO2006104438A1
    • 2006-10-05
    • PCT/SE2006/000312
    • 2006-03-09
    • TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)CHEN, Ta-WeiNORRMAN, Karl
    • CHEN, Ta-WeiNORRMAN, Karl
    • H04L29/06H04L12/56
    • H04L47/10H04L63/0428H04L63/166H04L69/14H04L69/16H04L69/163H04L69/165
    • A basic idea of the invention is to separate ordered delivery data and unordered delivery data in a security protocol running on top of a reliable transport protocol, and perform a first type of security processing for ordered delivery data and a second different type of security processing for unordered delivery data in the security protocol. Preferably, data messages using ordered delivery and data messages using unordered delivery within a secure data stream are separated into two message sequence spaces on the security protocol layer, and data security processing is then performed differently in these two spaces. The invention is particularly suitable for a reliable transport protocol such as SCTP (Stream Control Transmission Protocol). The security protocol running on top of the transport protocol is preferably based on the TLS (Transport Layer Security) or a TLS-like protocol with a security processing extension for unordered delivery.
    • 本发明的基本思想是在可靠传输协议之上运行的安全协议中分离有序传送数据和无序传送数据,并对有序传送数据执行第一类型的安全处理,以及对第二种不同类型的安全处理进行安全处理 安全协议中的无序传送数据。 优选地,使用有序传送的数据消息和使用安全数据流内的无序传送的数据消息在安全协议层上分成两个消息序列空间,然后在这两个空间中进行不同的数据安全处理。 本发明特别适用于诸如SCTP(流控制传输协议)的可靠传输协议。 运行在传输协议之上的安全协议优选地基于TLS(传输层安全性)或具有用于无序传送的安全处理扩展的类TLS协议。
    • 8. 发明申请
    • LAWFUL INTERCEPTION OF ENCRYPTED COMMUNICATIONS
    • 严格界定加密通信
    • WO2013117243A1
    • 2013-08-15
    • PCT/EP2012/057788
    • 2012-04-27
    • TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)NÄSLUND, MatsIOVIENO, MaurizioNORRMAN, Karl
    • NÄSLUND, MatsIOVIENO, MaurizioNORRMAN, Karl
    • H04L29/06
    • H04L63/0807H04L9/3213H04L63/0428H04L63/062H04L63/306
    • A method and apparatus for providing access to an encrypted communication between a sending node and a receiving node to a Law Enforcement Agency (LEA). A Key Management Server (KMS) function stores cryptographic information used to encrypt the communication at a database. The cryptographic information is associated with an identifier used to identify the encrypted communication between the sending node and the receiving node. The KMS receives a request for Lawful Interception, the request including an identity of a Lawful Interception target. The KMS uses the target identity to determine the identifier, and retrieves the cryptographic information associated with the identifier from the database. The cryptographic information can be used to decrypt the encrypted communication. The KMS then sends either information derived from the cryptographic information or a decrypted communication towards the LEA. This allows the LEA to obtain a decrypted version of the communication.
    • 一种用于向执法机构(LEA)提供对发送节点和接收节点之间的加密通信的访问的方法和装置。 密钥管理服务器(KMS)功能存储用于加密数据库中的通信的加密信息。 加密信息与用于识别发送节点和接收节点之间的加密通信的标识符相关联。 KMS收到合法侦听请求,该请求包括合法拦截目标的身份。 KMS使用目标身份确定标识符,并从数据库检索与标识符相关联的加密信息。 加密信息可用于解密加密通信。 然后,KMS将从加密信息或解密的通信导出的信息发送给LEA。 这允许LEA获得通信的解密版本。
    • 9. 发明申请
    • METHOD AND APPARATUS FOR INTERWORKING WITH SINGLE SIGN-ON AUTHENTICATION ARCHITECTURE
    • 用于与单一标识认证架构交互的方法和装置
    • WO2011128183A2
    • 2011-10-20
    • PCT/EP2011/054303
    • 2011-03-22
    • TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)NIKANDER, PekkaEKDAHL, PatrikLEHTOVIRTA, VesaNORRMAN, KarlWIFVESSON, Monica
    • NIKANDER, PekkaEKDAHL, PatrikLEHTOVIRTA, VesaNORRMAN, KarlWIFVESSON, Monica
    • H04L29/06
    • H04L63/0815H04L63/0853H04L63/18H04W12/06
    • A method is provided for use in interworking a single sign-on authentication architecture and a further authentication architecture in a split terminal scenario. The split terminal scenario is one in which authentication under the single sign-on authentication architecture is required of a browsing agent (8) being used to access a relying party and in response, due to the interworking in the split terminal scenario, an associated authentication under the further authentication architecture is performed in relation to a separate authentication agent (7). A controlling agent (4) sends (C3) a token to the authentication agent (7). The controlling agent (4) sends (C4) a request to the browsing agent (8) to return a token for comparing with the token sent to the authentication agent (7). The controlling agent (4) waits (C6) for the authentication agent (7) or a user of the authentication agent (7) to communicate (A2) the received token to the browsing agent (8) via a secure and/or trusted channel and for the browsing agent (8), in response to the earlier received request, to forward (B4) the token to the controlling agent (4). The controlling agent (4) receives (C7) the token from the browsing agent (8). The controlling agent (4) compares (C10) the received token with the token sent to the authentication agent (7) to determine whether the authentication agent (7) is authorised to perform authentication on behalf of the browsing agent (8) and/or whether the browsing agent (8) is authorised to act as a representative for the authentication agent (7). The controlling agent (4) authenticates (C11) the browsing agent (8) to the relying party based on the associated authentication performed in relation to the authentication agent (7) if it is determined in the comparing step (C10) that the authentication agent (7) and/or browsing agent (8) is so authorised.
    • 提供了一种用于在分离终端场景中互通单一登录认证架构和另外的认证架构的方法。 分裂终端场景是其中需要用于访问依赖方的浏览代理(8)的单点登录认证体系结构下的认证,并且由于分裂终端场景中的互通,相关联的认证 在另外的认证体系结构下相对于单独的认证代理(7)执行。 控制代理(4)向认证代理(7)发送(C3)令牌。 控制代理(4)向浏览代理(8)发送(C4)请求以返回与发送给认证代理(7)的令牌进行比较的令牌。 控制代理(4)等待认证代理(7)的认证代理(7)或认证代理(7)的用户通过安全和/或受信任的信道将接收的令牌(A2)通信(A2)到浏览代理(8) 并且对于浏览代理(8),响应于较早接收到的请求,将令牌转发(B4)到控制代理(4)。 控制代理(4)从浏览代理(8)接收(C7)令牌。 控制代理(4)将接收的令牌(C10)与发送给认证代理(7)的令牌进行比较(C10),以确定认证代理(7)是否被授权代表浏览代理(8)执行认证和/或 浏览代理(8)是否被授权充当认证代理(7)的代表。 如果在比较步骤(C10)中确定认证代理(7)确定了相对于认证代理(7)执行的关联认证,则控制代理(4)将浏览代理(8)认证给依赖方(C11) (7)和/或浏览代理(8)被授权。