专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

WO2007081588A2 TOKEN-BASED DISTRIBUTED GENERATION OF SECURITY KEYING MATERIAL 审中-公开
标题翻译：基于TOKEN的分布式安全关键材料的生成
公开(公告)号：WO2007081588A2
公开(公告)日：2007-07-19
申请号：PCT/US2006/049650
申请日：2006-12-29
申请人： MOTOROLA, INC. , NAKHJIRI, Madjid, F. , NAKHJIRI, Mahsa , VENKITARAMAN, Narayanan
发明人： NAKHJIRI, Madjid, F. , NAKHJIRI, Mahsa , VENKITARAMAN, Narayanan
IPC分类号： H04K1/00
CPC分类号： H04L63/06 , H04L63/0807 , H04L63/0869 , H04L63/0892 , H04L2463/081 , H04W12/04 , H04W12/06 , Y04S40/24
摘要： A method and apparatus for delegating distribution of security keying material for the communication path between a mobile entity and a network service function, to the mobile entity. An authorization token is issued to the mobile entity which then supplies security keying material for the communication path. The keying material may be created by the Mobile entity itself. The mobile entity sends the security path material and the authorization token to a network service function. The network service function checks the authorization token to determine if the mobile entity is authorized to create the key material. If so, the received keying material is installed for use in securing the communication path with the mobile entity. The network service function may also be issued with a token to show that it is trusted by the issuer of the token.
摘要翻译：一种用于将用于移动实体和网络服务功能之间的通信路径的安全密钥材料的分发委托给移动实体的方法和装置。向移动实体发出授权令牌，然后提供用于通信路径的安全密钥资料。密钥材料可以由移动实体本身创建。移动实体将安全路径材料和授权令牌发送到网络服务功能。网络服务功能检查授权令牌以确定移动实体是否被授权创建密钥资料。如果是，则接收到的密钥材料被安装用于保护与移动实体的通信路径。也可以向网络服务功能发出一个令牌，以表明它被令牌的发行者信任。

2. 发明申请

WO2007005101A2 SYSTEM AND METHOD FOR ESTABLISHING A SHARED KEY BETWEEN NETWORK PEERS 审中-公开
标题翻译：在网络对等方之间建立共享关键的系统和方法
公开(公告)号：WO2007005101A2
公开(公告)日：2007-01-11
申请号：PCT/US2006/016575
申请日：2006-05-01
申请人： MOTOROLA, INC. , NAKHJIRI, Madjid, F. , NARAYANAN, Vidya , VENKITARAMAN, Narayanan
发明人： NAKHJIRI, Madjid, F. , NARAYANAN, Vidya , VENKITARAMAN, Narayanan
IPC分类号： G06F15/16
CPC分类号： H04L63/0272 , H04L9/083 , H04L9/0844 , H04L63/061 , H04L63/0892 , H04L2209/80 , H04L2463/061
摘要： An Authentication, Authorization, and Accounting (AAA) key, defining a first shared secret between a mobile node (108) and an AAA server (110), is acquired. A shared key becomes associated with the mobile node (108) and the VPN server (104). The shared key is formed, at least in part, from the AAA key. The shared key defines a second shared secret, which is between the mobile node (108) and the VPN server (104). A secure data tunnel is then established between the mobile node (108) and the VPN server (104) using the shared key.
摘要翻译：获取在移动节点（108）和AAA服务器（110）之间定义第一共享秘密的认证，授权和计费（AAA）密钥。共享密钥与移动节点（108）和VPN服务器（104）相关联。共享密钥至少部分地由AAA密钥形成。所述共享密钥定义在所述移动节点（108）和所述VPN服务器（104）之间的第二共享密钥。然后使用共享密钥在移动节点（108）和VPN服务器（104）之间建立安全数据隧道。

3. 发明申请

WO2006115741A2 METHOD AND APPARATUS FOR GENERATING SESSION KEYS 审中-公开
标题翻译：用于生成会话的方法和装置
公开(公告)号：WO2006115741A2
公开(公告)日：2006-11-02
申请号：PCT/US2006/013126
申请日：2006-04-07
申请人： MOTOROLA, INC. , VENKITARAMAN, Narayanan , NAKHJIRI, Madjid, F.
发明人： VENKITARAMAN, Narayanan , NAKHJIRI, Madjid, F.
IPC分类号： H04M1/66 , H04Q7/20
CPC分类号： H04L63/067 , H04W12/04 , H04W36/0038
摘要： Nonce exchange with a target BS is performed even when the MS connected to the source BS so when the mobile reaches the new BS, it will be able to create a fresh key quickly. Alternatively, the MS can provide the nonce directly to the target base station immediately (or very soon) upon handing over. In a similar manner, the mobile will receive the target BS nonce via one of several techniques. In a first embodiment of the present invention the target BS will share the BS nonce with the source BS which will provide the nonce to the MS. In a second embodiment of the present invention the target base station will transmit the nonce over-the-air to the MS as part to the initial exchanges leading to the set up of the wireless link between the MS and the target BS.
摘要翻译：即使连接到源BS的MS，当移动台到达新的BS时，即使与目标BS进行永久交换，也能够快速地创建新的密钥。或者，MS可以在交付时立即（或很快）将目标基站直接提供给目标基站。以类似的方式，移动台将通过几种技术之一接收目标BS随机数。在本发明的第一实施例中，目标BS将与将向MS提供随机数的源BS共享BS随机数。在本发明的第二实施例中，目标基站将作为一部分将作为MS和目标BS之间的无线链路建立的初始交换的空中无线传送到MS。

4. 发明申请

WO2007055828A2 METHOD AND APPARATUS FOR PROVIDING AUTHORIZATION MATERIAL 审中-公开
标题翻译：提供授权材料的方法和装置
公开(公告)号：WO2007055828A2
公开(公告)日：2007-05-18
申请号：PCT/US2006/038306
申请日：2006-09-30
申请人： MOTOROLA, INC. , NAKHJIRI, Madjid, F.
发明人： NAKHJIRI, Madjid, F.
IPC分类号： H04L9/32
CPC分类号： H04L9/3297 , H04L9/321 , H04L9/3271 , H04L63/08 , H04L63/0892 , H04L2209/80
摘要： Various embodiments are described to address the problem of duplicated authentication processing in authorizing servers. Generally expressed, an authorizing server (220), such as an AAA server, sends (305) authorization material to a first access service node (210), such as a foreign agent or SIP agent. The authorization material is for a second access service node (230) and corresponds to a mobile node (201). The first access service node then forwards (307) the authorization material to the second access service node. By distributing the authorization material in this way, the second access service node need not communicate with the authorizing server to obtain the authorization material and neither does the authorizing server need to send messaging to both access service nodes. Thus, benefits such as reduced authorizing server load and reduced registration delays may be realized depending on the embodiment employed.
摘要翻译：描述了各种实施例来解决授权服务器中的重复认证处理的问题。通常表示，诸如AAA服务器的授权服务器（220）向诸如外部代理或SIP代理的第一接入服务节点（210）发送（305）授权资料。所述授权材料用于第二接入服务节点（230），并对应于移动节点（201）。然后，第一接入服务节点将授权材料转发（307）到第二接入服务节点。通过以这种方式分发授权材料，第二访问服务节点不需要与授权服务器进行通信以获得授权资料，授权服务器也不需要向两个接入服务节点发送消息。因此，取决于所使用的实施例，可以实现减少授权服务器负载和减少注册延迟的益处。

5. 发明申请

WO2010033336A1 SECURE SERVER CERTIFICATE TRUST LIST UPDATE FOR CLIENT DEVICES 审中-公开
标题翻译：客户设备的安全服务器证书信任列表更新
公开(公告)号：WO2010033336A1
公开(公告)日：2010-03-25
申请号：PCT/US2009/054389
申请日：2009-08-20
申请人： MOTOROLA, INC. , UPP, Steven, D. , MEDVINSKY, Alexander , NAKHJIRI, Madjid, F.
发明人： UPP, Steven, D. , MEDVINSKY, Alexander , NAKHJIRI, Madjid, F.
IPC分类号： G06F21/00 , H04L29/06
CPC分类号： H04L63/20 , G06F21/33 , H04L63/0823
摘要： A method, a network element, and a client device for creating a trusted connection with a network are disclosed. A client device 104 may attempt to access a sub-network 106. The client device 104 may determine that a certificate of the sub-network 106 is issued by a certification authority absent from a device certificate trust list. The client device 104 may receive via the sub-network 106 a certificate trust list update 400 from a certificate trust list provider 108.
摘要翻译：公开了一种用于创建与网络的可信连接的方法，网络元件和客户端设备。客户端设备104可以尝试访问子网络106.客户端设备104可以确定子网络106的证书是由设备证书信任列表中不存在的证书颁发机构颁发的。客户端设备104可以经由子网络106从证书信任列表提供者108接收证书信任列表更新400。

6. 发明申请

WO2007027290A3 METHOD AND APPARATUS FOR USER AUTHENTICATION 审中-公开
公开(公告)号：WO2007027290A3
公开(公告)日：2007-03-08
申请号：PCT/US2006/025580
申请日：2006-06-29
申请人： MOTOROLA, INC. , ROUX, Pierre, , FRATTI, Marco, , NAKHJIRI, Madjid, F.
发明人： ROUX, Pierre, , FRATTI, Marco, , NAKHJIRI, Madjid, F.
IPC分类号： H04L9/00
摘要： The invention provides for secure end-to-end user authentication by a remote server (101) communicating with a communication device (107). The communication device (107) further communicates with an authentication device (111), which provides a user authentication message (319) to the communication device (107) for forwarding to the remote server (101). The authentication device (111) comprises a data store (209) for storing user authentication credentials. A user authentication processor (205) performs a local authentication of a user of the authentication device (107) in response to a user input. An authentication processor (203) generates the authentication message (319) if the user authentication is valid. The authentication processor (203) implements a cryptographic function based on the user authentication credentials. A transmitter (201) then transmits the authentication message (319) to the communication device (107).

7. 发明申请

WO2012119015A1 PROVIDING SUBSCRIBER CONSENT IN AN OPERATOR EXCHANGE 审中-公开
标题翻译：在操作员交换中提供订阅者同意
公开(公告)号：WO2012119015A1
公开(公告)日：2012-09-07
申请号：PCT/US2012/027353
申请日：2012-03-01
申请人： GENERAL INSTRUMENT CORPORATION , NAKHJIRI, Madjid, F.
发明人： NAKHJIRI, Madjid, F.
IPC分类号： H04L29/06 , G06F21/00
CPC分类号： H04L63/08 , G06F21/42 , H04L63/10
摘要： A method and system for providing a record of consent in scenarios in which the user (102) and a device (104) may have to perform a function that involves two entities that don't trust each other or are not necessary interested in cooperating. In one such example, a user (102) wants to switch services from an "old" operator to a "new" operator. An operator switch without explicit user consent may have legal or business ramifications for both the "old" and "new" operators. The ramifications are even more severe if the switch is the result of actions of, for example, a hacker maliciously causing this switches in order to cause monetary or other damage to either operators or denial of service to the users. In such cases it is useful for both operators to be on record and have an archive of proof of user consent should future disputes arise.
摘要翻译：一种方法和系统，用于在用户（102）和设备（104）可能必须执行涉及两个不相互信任的实体或不需要合作感兴趣的功能的场景中提供同意记录。在一个这样的示例中，用户（102）希望将服务从“旧”运营商切换到“新”运营商。没有明确的用户同意的操作员切换可能对“旧”和“新”运营商都有法律或业务影响。如果交换机是例如黑客恶意导致该交换机以对运营商造成货币或其他损害或者拒绝对用户的服务的结果，则后果更为严重。在这种情况下，如果未来的争议出现，两个运营商都将被记录在案并拥有用户同意的证明档案。

8. 发明申请

WO2008110055A1 TOKEN-BASED DYNAMIC KEY DISTRIBUTION METHOD FOR ROAMING ENVIRONMENTS 审中-公开
标题翻译：用于漫游环境的基于TOKEN的动态密钥分配方法
公开(公告)号：WO2008110055A1
公开(公告)日：2008-09-18
申请号：PCT/CN2007/071317
申请日：2007-12-25
申请人： HUAWEI TECHNOLOGIES CO., LTD. , NAKHJIRI, Madjid, F. , WAN, Changsheng
发明人： NAKHJIRI, Madjid, F. , WAN, Changsheng
IPC分类号： H04Q7/38
CPC分类号： H04L63/062 , H04L9/3213 , H04L63/0892 , H04L2209/80 , H04L2463/062 , H04W12/04 , H04W80/04
摘要： A method for establishing a new security association between a mobile node and a network source, includes creating a first token comprising a security association between a network source and a mobile node, the first token being encrypted using a first key known to the mobile node and a first trust authority within a home network associated with the mobile node, and creating a second token comprising the same security association between the network source and the mobile node, the second token being encrypted by using a second key known to the first trust authority and a second trust authority associated with the network source, wherein the first token and the second token are sent to the second trust authority using a chain of trust infrastructure.
摘要翻译：一种用于在移动节点和网络源之间建立新的安全关联的方法，包括创建包括网络源和移动节点之间的安全关联的第一令牌，所述第一令牌使用所述移动节点已知的第一密钥进行加密;以及与所述移动节点相关联的家庭网络内的第一信任机构，以及创建包括所述网络源与所述移动节点之间的相同安全关联的第二令牌，所述第二令牌通过使用所述第一信任机构已知的第二密钥进行加密;以及与所述网络源相关联的第二信任机构，其中所述第一令牌和所述第二令牌使用信任基础设施链发送到所述第二信任机构。

9. 发明申请

WO2011127053A1 LOCATING NETWORK RESOURCES FOR AN ENTITY BASED ON ITS DIGITAL CERTIFICATE 审中-公开
标题翻译：基于其数字证书为实体定位网络资源
公开(公告)号：WO2011127053A1
公开(公告)日：2011-10-13
申请号：PCT/US2011/031250
申请日：2011-04-05
申请人： GENERAL INSTRUMENT CORPORATION , NAKHJIRI, Madjid, F. , CHAN, Tat, Keung
发明人： NAKHJIRI, Madjid, F. , CHAN, Tat, Keung
IPC分类号： H04L29/06
CPC分类号： H04L63/0823
摘要： A method and apparatus are provided for locating network resources over a communication network. The method includes receiving a digital certificate identifying a first entity and extracting information from at least one predetermined field of the digital certificate. The extracted information is used as input to a location generation function to create a resource locator (e.g., a URL). The network resource is contacted over the communication network in accordance with a communication protocol using the resource locator to obtain requested information concerning the first entity.
摘要翻译：提供了一种用于通过通信网络定位网络资源的方法和装置。该方法包括接收标识第一实体的数字证书，并从数字证书的至少一个预定字段提取信息。所提取的信息被用作位置生成功能的输入以创建资源定位符（例如，URL）。根据使用资源定位器的通信协议，通过通信网络联系网络资源，以获得关于第一实体的请求信息。

10. 发明申请

WO2008064589A1 SYSTEM FOR USING AN AUTHORIZATION TOKEN TO SEPARATE AUTHENTICATION AND AUTHORIZATION SERVICES 审中-公开
标题翻译：使用授权进行单独认证和授权服务的系统
公开(公告)号：WO2008064589A1
公开(公告)日：2008-06-05
申请号：PCT/CN2007/070570
申请日：2007-08-27
申请人： HUAWEI TECHNOLOGIES CO., LTD. , NAKHJIRI, Madjid, F.
发明人： NAKHJIRI, Madjid, F.
IPC分类号： H04L12/56
CPC分类号： H04L9/3242 , H04L9/321 , H04L63/06 , H04L63/0807 , H04L63/0892
摘要： A novel system for utilizing an authorization token to separate authentication and authorization services is disclosed by embodiments of the present invention. The system authenticates a client to an authenticating server; generates an authorization token with the authenticating server and the client; and authorizes services for the client using the generated authorization token.
摘要翻译：通过本发明的实施例公开了一种用于利用授权令牌来分离认证和授权服务的新颖系统。系统认证客户端到认证服务器; 与认证服务器和客户端生成授权令牌; 并使用生成的授权令牌授权客户端的服务。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式