专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

WO2007081588A3 TOKEN-BASED DISTRIBUTED GENERATION OF SECURITY KEYING MATERIAL 审中-公开
标题翻译：基于令牌的分布式安全钥匙材料生成
公开(公告)号：WO2007081588A3
公开(公告)日：2007-12-27
申请号：PCT/US2006049650
申请日：2006-12-29
申请人： MOTOROLA INC , NAKHJIRI MADJID F , NAKHJIRI MAHSA , VENKITARAMAN NARAYANAN
发明人： NAKHJIRI MADJID F , NAKHJIRI MAHSA , VENKITARAMAN NARAYANAN
IPC分类号： H04K1/00
CPC分类号： H04L63/06 , H04L63/0807 , H04L63/0869 , H04L63/0892 , H04L2463/081 , H04W12/04 , H04W12/06 , Y04S40/24
摘要： A method and apparatus for delegating distribution of security keying material for the communication path between a mobile entity and a network service function, to the mobile entity. An authorization token is issued to the mobile entity which then supplies security keying material for the communication path. The keying material may be created by the Mobile entity itself. The mobile entity sends the security path material and the authorization token to a network service function. The network service function checks the authorization token to determine if the mobile entity is authorized to create the key material. If so, the received keying material is installed for use in securing the communication path with the mobile entity. The network service function may also be issued with a token to show that it is trusted by the issuer of the token.
摘要翻译：一种用于将用于移动实体和网络服务功能之间的通信路径的安全密钥材料的分配委托给移动实体的方法和装置。授权令牌被发给移动实体，然后该移动实体为通信路径提供安全密钥材料。密钥材料可以由移动实体本身创建。移动实体将安全路径材料和授权令牌发送到网络服务功能。网络服务功能检查授权令牌以确定移动实体是否被授权创建密钥材料。如果是这样，则接收的密钥资料被安装用于保护与移动实体的通信路径。网络服务功能也可以与令牌一起发布以表明其被令牌的发行者信任。

2. 发明申请

WO2006115741B1 METHOD AND APPARATUS FOR GENERATING SESSION KEYS 审中-公开
标题翻译：用于生成会话密钥的方法和设备
公开(公告)号：WO2006115741B1
公开(公告)日：2007-02-22
申请号：PCT/US2006013126
申请日：2006-04-07
申请人： MOTOROLA INC , VENKITARAMAN NARAYANAN , NAKHJIRI MADJID F
发明人： VENKITARAMAN NARAYANAN , NAKHJIRI MADJID F
IPC分类号： H04W12/04
CPC分类号： H04L63/067 , H04W12/04 , H04W36/0038
摘要： Nonce exchange (figure 2) with a target BS is performed even when the MS connected to the source BS so when the mobile reaches the new BS. it will be able to create a fresh key quickly. Alternately, the MS can provide the nonce directly to the target BS immediately (or very soon) upon handing over. In a similar manner, the mobile will require the target BS nonce via one of several techniques. In a first embodiment of the present invention the target BS will share the BS nonce with the source BS which will provide the nonce to the MS. In a second embodiment of the present invention the target BS will transmit the nonce over-the-air to the MS as part to the initial exchange leading to the set up of the wireless link between the MS and the target BS.
摘要翻译：即使当连接到源BS的移动台到达新的BS时，也执行与目标BS的随机数交换（图2）。它将能够快速创建一个新的密钥。或者，MS可以在移交时立即（或很快）将该随机数直接提供给目标BS。以类似的方式，移动台将通过几种技术之一需要目标BS随机数。在本发明的第一实施例中，目标BS将与将向MS提供nonce的源BS共享BS nonce。在本发明的第二实施例中，目标BS将向MS发送随机数，作为导致建立MS与目标BS之间的无线链路的初始交换的一部分。

3. 发明申请

WO2007005101A3 SYSTEM AND METHOD FOR ESTABLISHING A SHARED KEY BETWEEN NETWORK PEERS 审中-公开
标题翻译：在网络对等方之间建立共享关键的系统和方法
公开(公告)号：WO2007005101A3
公开(公告)日：2009-06-25
申请号：PCT/US2006016575
申请日：2006-05-01
申请人： MOTOROLA INC , NAKHJIRI MADJID F , NARAYANAN VIDYA , VENKITARAMAN NARAYANAN
发明人： NAKHJIRI MADJID F , NARAYANAN VIDYA , VENKITARAMAN NARAYANAN
IPC分类号： G06F15/16
CPC分类号： H04L63/0272 , H04L9/083 , H04L9/0844 , H04L63/061 , H04L63/0892 , H04L2209/80 , H04L2463/061
摘要： An Authentication, Authorization, and Accounting (AAA) key, defining a first shared secret between a mobile node (108) and an AAA server (110), is acquired. A shared key becomes associated with the mobile node (108) and the VPN server (104). The shared key is formed, at least in part, from the AAA key. The shared key defines a second shared secret, which is between the mobile node (108) and the VPN server (104). A secure data tunnel is then established between the mobile node (108) and the VPN server (104) using the shared key.
摘要翻译：获取在移动节点（108）和AAA服务器（110）之间定义第一共享秘密的认证，授权和计费（AAA）密钥。共享密钥与移动节点（108）和VPN服务器（104）相关联。共享密钥至少部分地由AAA密钥形成。所述共享密钥定义在所述移动节点（108）和所述VPN服务器（104）之间的第二共享密钥。然后使用共享密钥在移动节点（108）和VPN服务器（104）之间建立安全数据隧道。

4. 发明申请

WO2006115741A3 METHOD AND APPARATUS FOR GENERATING SESSION KEYS 审中-公开
标题翻译：用于生成会话的方法和装置
公开(公告)号：WO2006115741A3
公开(公告)日：2007-01-11
申请号：PCT/US2006013126
申请日：2006-04-07
申请人： MOTOROLA INC , VENKITARAMAN NARAYANAN , NAKHJIRI MADJID F
发明人： VENKITARAMAN NARAYANAN , NAKHJIRI MADJID F
IPC分类号： H04W12/04
CPC分类号： H04L63/067 , H04W12/04 , H04W36/0038
摘要： Nonce exchange (figure 2) with a target BS is performed even when the MS connected to the source BS so when the mobile reaches the new BS. it will be able to create a fresh key quickly. Alternately, the MS can provide the nonce directly to the target BS immediately (or very soon) upon handing over. In a similar manner, the mobile will require the target BS nonce via one of several techniques. In a first embodiment of the present invention the target BS will share the BS nonce with the source BS which will provide the nonce to the MS. In a second embodiment of the present invention the target BS will transmit the nonce over-the-air to the MS as part to the initial exchange leading to the set up of the wireless link between the MS and the target BS.
摘要翻译：即使当连接到源BS的MS，当移动台到达新的BS时，也执行与目标BS的随机交换（图2）。它将能够快速创建一个新的键。或者，MS可以在交付时立即（或很快）将目标BS直接提供给目标BS。以类似的方式，移动台将通过几种技术之一来要求目标BS随机数。在本发明的第一实施例中，目标BS将与将向MS提供随机数的源BS共享BS随机数。在本发明的第二实施例中，目标BS将作为初始交换的一部分将空中无线传送到MS，导致建立MS与目标BS之间的无线链路。

5. 发明申请

WO2007027290A2 METHOD AND APPARATUS FOR USER AUTHENTICATION 审中-公开
标题翻译：用户认证的方法和设备
公开(公告)号：WO2007027290A2
公开(公告)日：2007-03-08
申请号：PCT/US2006025580
申请日：2006-06-29
申请人： MOTOROLA INC , ROUX PIERRE , FRATTI MARCO , NAKHJIRI MADJID F
发明人： ROUX PIERRE , FRATTI MARCO , NAKHJIRI MADJID F
IPC分类号： H04L9/00
CPC分类号： H04L9/321 , H04L9/3231 , H04L9/3273 , H04L2209/56
摘要： The invention provides for secure end-to-end user authentication by a remote server (101) communicating with a communication device (107). The communication device (107) further communicates with an authentication device (111), which provides a user authentication message (319) to the communication device (107) for forwarding to the remote server (101). The authentication device (111) comprises a data store (209) for storing user authentication credentials. A user authentication processor (205) performs a local authentication of a user of the authentication device (107) in response to a user input. An authentication processor (203) generates the authentication message (319) if the user authentication is valid. The authentication processor (203) implements a cryptographic function based on the user authentication credentials. A transmitter (201) then transmits the authentication message (319) to the communication device (107).
摘要翻译：本发明提供了与通信设备（107）通信的远程服务器（101）的安全的端到端用户认证。通信装置（107）还与向通信装置（107）提供用户认证消息（319）以进行远程服务器（101）的认证装置（111）进行通信。认证装置（111）包括用于存储用户认证证书的数据存储（209）。用户认证处理器（205）响应于用户输入执行认证设备（107）的用户的本地认证。如果用户认证有效，则认证处理器（203）生成认证消息（319）。认证处理器（203）基于用户认证凭据来实现加密功能。然后，发射机（201）将认证消息（319）发送到通信设备（107）。

6. 发明申请

WO2007055828A3 METHOD AND APPARATUS FOR PROVIDING AUTHORIZATION MATERIAL 审中-公开
标题翻译：用于提供授权材料的方法和设备
公开(公告)号：WO2007055828A3
公开(公告)日：2007-11-15
申请号：PCT/US2006038306
申请日：2006-09-30
申请人： MOTOROLA INC , NAKHJIRI MADJID F
发明人： NAKHJIRI MADJID F
IPC分类号： G06F7/04
CPC分类号： H04L9/3297 , H04L9/321 , H04L9/3271 , H04L63/08 , H04L63/0892 , H04L2209/80
摘要： Various embodiments are described to address the problem of duplicated authentication processing in authorizing servers. Generally expressed, an authorizing server (220), such as an AAA server, sends (305) authorization material to a first access service node (210), such as a foreign agent or SIP agent. The authorization material is for a second access service node (230) and corresponds to a mobile node (201). The first access service node then forwards (307) the authorization material to the second access service node. By distributing the authorization material in this way, the second access service node need not communicate with the authorizing server to obtain the authorization material and neither does the authorizing server need to send messaging to both access service nodes. Thus, benefits such as reduced authorizing server load and reduced registration delays may be realized depending on the embodiment employed.
摘要翻译：描述了各种实施例以解决授权服务器中的重复认证处理的问题。一般来说，诸如AAA服务器的授权服务器（220）向第一接入服务节点（210）（诸如外地代理或SIP代理）发送（305）授权资料。该授权材料用于第二访问服务节点（230）并且对应于移动节点（201）。第一接入服务节点然后将授权资料转发（307）到第二接入服务节点。通过以这种方式分配授权资料，第二访问服务节点不需要与授权服务器通信以获得授权资料，授权服务器也不需要向两个访问服务节点发送消息。因此，取决于所采用的实施例，可以实现诸如减少授权服务器负载和减少登记延迟的益处。

7. 发明申请

WO2011106769A2 DYNAMIC CRYPTOGRAPHIC SUBSCRIBER-DEVICE IDENTITY BINDING FOR SUBSCRIBER MOBILITY 审中-公开
标题翻译：用于订阅者移动的动态CRYPTOGRAPHIC订阅者设备身份绑定
公开(公告)号：WO2011106769A2
公开(公告)日：2011-09-01
申请号：PCT/US2011026465
申请日：2011-02-28
申请人： GEN INSTRUMENT CORP , NAKHJIRI MADJID F , HOEPER KATRIN , MEDVINSKY ALEXANDER
发明人： NAKHJIRI MADJID F , HOEPER KATRIN , MEDVINSKY ALEXANDER
IPC分类号： H04L29/06
CPC分类号： H04L63/126 , H04L9/0861 , H04L9/3213 , H04L9/3263 , H04L63/061 , H04L63/08 , H04L63/0892 , H04L63/162 , H04L2209/603 , H04L2463/061 , H04L2463/082
摘要： A method of authentication and authorization over a communication system is provided. The method performs a first authentication of a device based on a set of device identity and credentials. The first authentication includes creation of a first set of keying material. The method also includes performing a second authentication of a subscriber based on a set of subscriber identity and credentials. The second authentication includes creation of a second set of keying material. A set of compound key material is created with a key derivation mechanism that uses the first set of keying material and the second set of keying material. A binding token is created by cryptographically signing at least the device identity authenticated in the first authentication and the subscriber identity authenticated in the second authentication using the set of compound keying material. The signed binding token is exchanged for verification with an authenticating and authorizing party.
摘要翻译：提供了一种通信系统的认证和授权方法。该方法基于一组设备身份和凭证来执行设备的第一认证。第一认证包括创建第一组密钥材料。该方法还包括基于一组订户身份和凭证来执行订户的第二认证。第二认证包括创建第二组密钥材料。使用密钥导出机制创建一组复合密钥材料，该机制使用第一组密钥材料和第二组密钥材料。绑定令牌是通过使用该组复合密钥材料至少加密地签名在第一认证中认证的设备身份和在第二认证中认证的用户身份来创建的。签署的绑定令牌与验证和授权方交换验证。

8. 发明申请

WO2012119015A9 PROVIDING SUBSCRIBER CONSENT IN AN OPERATOR EXCHANGE 审中-公开
标题翻译：在操作者交换中提供订户同意
公开(公告)号：WO2012119015A9
公开(公告)日：2012-12-13
申请号：PCT/US2012027353
申请日：2012-03-01
申请人： GEN INSTRUMENT CORP , NAKHJIRI MADJID F
发明人： NAKHJIRI MADJID F
IPC分类号： H04L29/06 , G06F21/00
CPC分类号： H04L63/08 , G06F21/42 , H04L63/10
摘要： A method and system for providing a record of consent in scenarios in which the user (102) and a device (104) may have to perform a function that involves two entities that don't trust each other or are not necessary interested in cooperating. In one such example, a user (102) wants to switch services from an "old" operator to a "new" operator. An operator switch without explicit user consent may have legal or business ramifications for both the "old" and "new" operators. The ramifications are even more severe if the switch is the result of actions of, for example, a hacker maliciously causing this switches in order to cause monetary or other damage to either operators or denial of service to the users. In such cases it is useful for both operators to be on record and have an archive of proof of user consent should future disputes arise.
摘要翻译：一种方法和系统，用于在用户（102）和设备（104）可能必须执行涉及两个彼此不信任或不需要协作的实体的功能的场景中提供同意记录。在一个这样的例子中，用户（102）想要将服务从“旧”运营商切换到“新”运营商。未经用户明确同意的操作员切换可能对“旧”和“新”运营商具有法律或业务影响。如果交换机是例如黑客恶意导致这些交换机以致对运营商造成金钱或其他损害或对用户拒绝服务的行为的结果，则分枝更为严重。在这种情况下，两家运营商都应该记录在案，并且在将来发生争议时应备有用户同意的证据档案。

9. 发明申请

WO2004051422A3 METHOD AND APPARATUS FOR PPP LINK HANDOFF 审中-公开
标题翻译：用于PPP链路切换的方法和设备
公开(公告)号：WO2004051422A3
公开(公告)日：2004-10-07
申请号：PCT/US0338131
申请日：2003-11-25
申请人： MOTOROLA INC
发明人： NAKHJIRI MADJID F , RAMANNA SHREESHA , SINGH AJOY K
IPC分类号： H04L12/56 , H04L29/06 , G06F15/16
CPC分类号： H04W36/0033 , H04L69/16 , H04L69/168 , H04W40/02
摘要： To address the need for an apparatus and method of PPP link handoff that reduces setup time and air interface bandwidth requirements, an approach to PPP context transfer is disclosed. This approach can cut the number of PPP establishment messages by 50 to 100% and can save a significant amount of time in PPP state machine transitions, due to the multiphase nature of PPP. Generally, the old AR (306) transfers most of its information about its PPP link with a mobile (330) to the new AR (305). After the transfer of the PPP variables is complete, the new AR is able to omit negotiation of many already known PPP parameters from the PPP re-establishment procedure with the mobile. The old AR starts transferring the mobile's PPP state to the new AR based either on an internal trigger, a request from the new AR, or a request from the mobile.
摘要翻译：为了解决对减少建立时间和空中接口带宽需求的PPP链路切换装置和方法的需求，公开了一种PPP上下文传输的方法。由于PPP的多相特性，这种方法可以将PPP建立消息的数量减少50％到100％，并且可以节省PPP状态机转换的大量时间。通常，旧的AR（306）将其关于它的PPP链路的大部分信息与移动台（330）转移到新的AR（305）。 PPP变量传输完成后，新的AR可以省略PPP重建过程中许多已知的PPP参数与移动设备的协商。旧AR开始基于内部触发器，来自新AR的请求或来自移动设备的请求，将移动设备的PPP状态转移到新的AR。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式