专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

WO2006082507A1 APPARATUS, METHOD AND COMPUTER PROGRAM PRODUCT TO REDUCE TCP FLOODING ATTACKS WHILE CONSERVING WIRELESS NETWORK BANDWIDTH 审中-公开
标题翻译：装置，方法和计算机程序产品，以减少无线网络带宽下的TCP流量攻击
公开(公告)号：WO2006082507A1
公开(公告)日：2006-08-10
申请号：PCT/IB2006/000208
申请日：2006-02-03
申请人： NOKIA CORPORATION , NOKIA, INC. , SWAMI, Yogesh, P. , LE, Franck
发明人： SWAMI, Yogesh, P. , LE, Franck
IPC分类号： H04L29/06
CPC分类号： H04L63/1458 , H04W12/12
摘要： A method for operating a firewall includes: in response to the firewall receiving a TCP SYN request packet that is sent towards a first node from a second node, said TCP SYN request packet comprising a sequence value ("seq"), sending to the second node a SYNæACK packet, said SYNæACK packet comprising a seq and an ack_ sequence value ("ack_seq"), where ack_seq of the SYNæACK packet is not equal to the TCP SYN request packet's seq+1; and in response to the firewall receiving a TCP RST packet from the second node, verifying that the seq in the TCP RST packet matches the ack_seq of the SYNæACK packet and, if it does, designating the connection with the second node as an authorized connection.
摘要翻译：一种用于操作防火墙的方法包括：响应于防火墙接收从第二节点向第一节点发送的TCP SYN请求分组，所述TCP SYN请求分组包括序列值（“seq”），发送到第二节点节点SYNACKACK分组，所述SYNACKACK分组包括seq和ack_序列值（“ack_seq”），其中SYNACKACK分组的ack_seq不等于TCP SYN请求分组的seq + 1; 并且响应于防火墙从第二节点接收到TCP RST分组，验证TCP RST分组中的seq与SYNACKACK分组的ack_seq匹配，如果是，则指定与第二节点的连接作为授权连接。

2. 发明申请

WO2006085178A1 METHOD, APPARATUS AND COMPUTER PROGRAM PRODUCT ENABLING NEGOTIATION OF FIREWALL FEATURES BY ENDPOINTS 审中-公开
标题翻译：方法，装置和计算机程序产品使用端点启用防火功能的协商
公开(公告)号：WO2006085178A1
公开(公告)日：2006-08-17
申请号：PCT/IB2006/000193
申请日：2006-02-02
申请人： NOKIA CORPORATION , NOKIA, INC. , LE, Franck , SWAMI, Yogesh, Prem , BAJKO, Gabor
发明人： LE, Franck , SWAMI, Yogesh, Prem , BAJKO, Gabor
IPC分类号： H04L12/24 , H04L29/02
CPC分类号： H04L41/28 , H04L63/02 , H04L63/1441 , H04L63/20
摘要： Disclosed are examples of a method, system, devices and nodes to conduct communications between a device coupled to a communication network and a network security enforcement node, such as a firewall. An illustrative method includes, with a device coupled to a network security enforcement node through a communication network, requesting from the network security enforcement node information comprised of at least one of supported and enabled features and, in response to receiving the request, sending information descriptive of at least one of network security enforcement node supported and enabled features. The method may further include requesting by the device that at least one network security enforcement node feature be one of enabled or disabled.
摘要翻译：公开了用于在耦合到通信网络的设备与诸如防火墙的网络安全执行节点之间进行通信的方法，系统，设备和节点的示例。一种说明性方法包括：通过通信网络耦合到网络安全执行节点的设备，从网络请求安全执行节点包括支持和启用的特征中的至少一个的信息，并且响应于接收到请求，发送信息描述至少一个网络安全执行节点支持和启用的功能。该方法还可以包括：由设备请求至少一个网络安全执行节点特征是启用或禁用之一。

3. 发明申请

WO2005002172A1 SECURITY FOR PROTOCOL TRAVERSAL 审中-公开
标题翻译：协议保密协议
公开(公告)号：WO2005002172A1
公开(公告)日：2005-01-06
申请号：PCT/IB2004/002086
申请日：2004-06-23
申请人： NOKIA CORPORATION , LE, Franck , FACCIN, Stefano, M.
发明人： LE, Franck , FACCIN, Stefano, M.
IPC分类号： H04L29/06
CPC分类号： H04L63/123 , H04L9/3073 , H04L9/3247 , H04L9/3297 , H04L69/22 , H04L2209/80
摘要： The invention proposes a method for protecting packets to be sent from a first network node to a second network node, comprising the steps of generating (S21) validity information for a packet, generating (S22) a header for the packet, comprising the validity information, and sending (S23) the packet including the header from the first network node to the second network node, wherein the validity information comprises all necessary information required for performing a validity check of the packet. Thus, no pre-established security association or the like is necessary to verify the validity of a packet.
摘要翻译：本发明提出了一种保护要从第一网络节点发送到第二网络节点的分组的方法，包括以下步骤：产生（S21）分组的有效性信息，生成（S22）分组的报头，包括有效信息并且将包括所述报头的分组从所述第一网络节点发送（S23）到所述第二网络节点，其中所述有效性信息包括执行所述分组的有效性检查所需的所有必要信息。因此，不需要预先建立的安全关联等来验证分组的有效性。

4. 发明申请

WO2006021836A1 METHOD AND SYSTEM FOR CONFIGURING FIREWALLS IN THE PRESENCE OF PERFORMANCE ENHANCEMENT PROXIES 审中-公开
标题翻译：在性能增强项目存在下配置防火墙的方法和系统
公开(公告)号：WO2006021836A1
公开(公告)日：2006-03-02
申请号：PCT/IB2005/001749
申请日：2005-06-21
申请人： NOKIA CORPORATION , LE, Franck , LIU, Zhigang, C.
发明人： LE, Franck , LIU, Zhigang, C.
IPC分类号： H04L29/06
CPC分类号： H04L65/1006 , H04L63/0281 , H04L63/029 , H04L65/1016 , H04L65/105 , H04L65/1069 , H04L65/80 , H04L69/329
摘要： Signaling between a terminal equipment (10) and a session server (40) is provided which carries information on an expected media stream to or from the terminal equipment via a middle box (20) for optimizing the performance of data communications between the terminal equipment (10) and a correspondent node (30). On the basis of this information the session server (40) is enabled to create appropriate entries in a security entity (50) provided for the terminal equipment so that the media stream can successfully traverse the middle box (20) and the security entity (50).
摘要翻译：提供终端设备（10）和会话服务器（40）之间的信令，其经由用于优化终端设备（20）之间的数据通信的性能的中间盒（20）将期望媒体流的信息携带到终端设备或从终端设备 10）和通讯节点（30）。基于该信息，会话服务器（40）能够在为终端设备提供的安全实体（50）中创建适当的条目，使得媒体流可以成功地遍历中间盒（20）和安全实体（50））。

5. 发明申请

WO2003069872A1 DISCOVERY OF AN AGENT OR A SERVER IN AN IP NETWORK 审中-公开
标题翻译：在IP网络中发现代理或服务器
公开(公告)号：WO2003069872A1
公开(公告)日：2003-08-21
申请号：PCT/IB2003/000501
申请日：2003-02-14
申请人： NOKIA CORPORATION , LE, Franck , FACCIN, Stefano, M.
发明人： LE, Franck , FACCIN, Stefano, M.
IPC分类号： H04L29/12
CPC分类号： H04L29/12018 , H04L29/12933 , H04L61/10 , H04L61/6068 , H04L67/16 , H04W4/06 , H04W8/005 , H04W8/26 , H04W80/00 , H04W88/14
摘要： A method for discovering an agent in an IP environment comprising broadcasting router advertisement messages by router, wherein the messages comprise a first data element corresponding to a network prefix which identifies the network visited by a communication device; receiving the messages by the communication device; obtaining, by the communication device, a second data element identifying the agent; and computing an IP address of the agent by the communication device by using the first data element and the second data element.
摘要翻译：一种用于在IP环境中发现代理的方法，包括由路由器广播路由器通告消息，其中所述消息包括对应于识别由通信设备访问的网络的网络前缀的第一数据元素; 通过通信设备接收消息; 通过所述通信设备获得识别所述代理的第二数据元素; 以及通过使用第一数据元素和第二数据元素来计算通信设备的代理的IP地址。

6. 发明申请

WO2002068418A2 AUTHENTICATION AND DISTRIBUTION OF KEYS IN MOBILE IP NETWORK 审中-公开
标题翻译：移动IP网络中的认证和分发
公开(公告)号：WO2002068418A2
公开(公告)日：2002-09-06
申请号：PCT/IB2002/001658
申请日：2002-02-25
申请人： NOKIA CORPORATION , FACCIN, Stefano , LE, Franck
发明人： FACCIN, Stefano , LE, Franck
IPC分类号： C07D453/00
CPC分类号： H04L63/062 , H04L9/0841 , H04L63/0853 , H04L63/0869 , H04L2209/80 , H04W12/04 , H04W12/06 , H04W80/04
摘要： There is disclosed a method of establishing a connection between a mobile station and a serving domain, in which a first security association exists between the mobile node and an associated home domain, and a second security association exists between the serving domain and the home domain, the method comprising: transmitting a first message from the mobile node to the serving domain, the first message being encrypted in accordance with the first security association; transmitting the first message from the serving domain to the home domain; decrypting the first message in the home domain in accordance the first security association; transmitting a second message from the home domain to the serving domain, the second message being encrypted according to the first security association; transmitting the second message from the serving domain to the mobile node; decrypting the second message in the mobile node in accordance with the first security association.
摘要翻译：公开了一种在移动站和服务域之间建立连接的方法，其中在移动节点和相关联的归属域之间存在第一安全关联，并且在服务域和归属域之间存在第二安全关联，所述方法包括：从所述移动节点向所述服务域发送第一消息，所述第一消息根据所述第一安全关联进行加密; 将第一消息从服务域发送到归属域; 根据第一安全关联解密归属域中的第一消息; 将第二消息从所述归属域发送到所述服务域，所述第二消息根据所述第一安全关联进行加密; 将所述第二消息从所述服务域发送到所述移动节点; 根据第一安全关联在移动节点中解密第二消息。

7. 发明申请

WO2007003992A2 METHOD, SYSTEM & COMPUTER PROGRAM PRODUCT FOR DISCOVERING CHARACTERISTICS OF MIDDLEBOXES 审中-公开
标题翻译：用于发现中间盒特性的方法，系统和计算机程序产品
公开(公告)号：WO2007003992A2
公开(公告)日：2007-01-11
申请号：PCT/IB2006/001361
申请日：2006-05-25
申请人： NOKIA CORPORATION , LE, Franck , FACCIN, Stefano
发明人： LE, Franck , FACCIN, Stefano
CPC分类号： H04L29/12528 , H04L29/12471 , H04L29/12509 , H04L61/2553 , H04L61/2567 , H04L61/2575
摘要： A method, computer program product, communications device and system for enabling an end node or terminal to discover one or more characteristics of a firewall on the communications path between the end node and a data network are provided. In particular, middlebox configuration protocols have been extended to allow a user to run additional tests in order to determine, for example, whether a discovered firewall blocks unsolicited incoming requests, as well as what the length of time associated with a particular state created by the discovered firewall is.
摘要翻译：提供了用于使端节点或终端能够发现端节点和数据网络之间的通信路径上的防火墙的一个或多个特征的方法，计算机程序产品，通信设备和系统。特别是，中间件配置协议已经扩展到允许用户运行附加测试，以便确定例如发现的防火墙是否阻止未经请求的传入请求，以及与由该应用程序创建的特定状态相关的时间长度发现的防火墙是。

8. 发明申请

WO2002030132A3 METHOD AND SYSTEM FOR SECURITY MOBILITY BETWEEN DIFFERENT CELLULAR SYSTEMS 审中-公开
公开(公告)号：WO2002030132A3
公开(公告)日：2002-04-11
申请号：PCT/US2001/025929
申请日：2001-08-20
申请人： NOKIA CORPORATION , FACCIN, Stefano, M. , LE, Franck
发明人： FACCIN, Stefano, M. , LE, Franck
IPC分类号： H04Q7/32
摘要： Method and system for providing security mobility between two cellular systems. One or more ciphering keys are generated for a second cellular system by an interperability authentication center at a first cellular system and by a mobile device separetely . Traffic between the mobile device and the first cellular system is encrypted using one or more first ciphering keys for the first cellular system. A handover of the traffic of the mobile device. After approval of handoff and before handoff, the one or more second ciphering keys are sent from the first cellular system to the second cellular system. The traffic is handed off by the mobile device from the first cellular system to the second to the second cellulary system.. The traffic between the mobile device and the second cellulary system is encryped using the one or more second ciphering keys. The ciphering of the traffic is maintained during handoff.

9. 发明申请

WO2005064890A1 A METHOD TO SUPPORT MOBILE IP MOBILITY IN 3GPP NETWORKS WITH SIP ESTABLISHED COMMUNICATIONS 审中-公开
标题翻译：支持3GPP网络中移动IP移动性的方法与SIP建立通信
公开(公告)号：WO2005064890A1
公开(公告)日：2005-07-14
申请号：PCT/IB2004/004256
申请日：2004-12-15
申请人： NOKIA CORPORATION , LE, Franck , FACCIN, Stefano , PURNADI, Rene , GRECH, Sandro
发明人： LE, Franck , FACCIN, Stefano , PURNADI, Rene , GRECH, Sandro
IPC分类号： H04L29/06
CPC分类号： H04L63/0236 , H04L29/06027 , H04L63/0254 , H04L63/029 , H04L65/1006 , H04L65/1016 , H04L65/80 , H04W80/04 , H04W80/10
摘要： The invention proposes a method for controlling a connection between a first network node and a second network node, wherein the connection is controlled by a packet filtering function filtering packets such that a packet is discarded in case a source address and/or a destination address do not comply with a filtering rule, wherein the packet filtering function is configured at a connection set up, and at least one of the first or second network node is adapted to change its address, the method comprising the steps of informing the packet filtering function about the new address of the network node having changed its address, and updating the packet filter of the packet filtering function by using the new address of the network node having changed its address. The invention also proposes a corresponding network system comprising at least a network node and a packet filtering network element. Furthermore, the invention proposes a corresponding packet filtering network device.
摘要翻译：本发明提出了一种用于控制第一网络节点和第二网络节点之间的连接的方法，其中所述连接由过滤分组的分组过滤功能控制，使得在源地址和/或目的地地址做的情况下丢弃分组不符合过滤规则，其中所述包过滤功能被配置在建立的连接处，并且所述第一或第二网络节点中的至少一个适于改变其地址，所述方法包括以下步骤：通知所述包过滤功能关于网络节点的新地址已经改变了其地址，并且通过使用已经改变了其地址的网络节点的新地址来更新分组过滤功能的分组过滤器。本发明还提出了至少包括网络节点和分组过滤网络元件的对应网络系统。此外，本发明提出了一种相应的分组过滤网络设备。

10. 发明申请

WO2003026334A1 AUTHENTICATING IP PAGING REQUESTS AS SECURITY MECHANISM 审中-公开
标题翻译：作为安全机制认证IP寻呼请求
公开(公告)号：WO2003026334A1
公开(公告)日：2003-03-27
申请号：PCT/IB2002/003681
申请日：2002-09-12
申请人： NOKIA CORPORATION , LE, Franck , FACCIN, Stefano, M. , KOODLI, Rajeev , MALINEN, Jari, T.
发明人： LE, Franck , FACCIN, Stefano, M. , KOODLI, Rajeev , MALINEN, Jari, T.
IPC分类号： H04Q7/38
CPC分类号： H04L63/061 , H04L63/0838 , H04L63/1466 , H04W12/06 , H04W12/12 , H04W64/00 , H04W68/00 , H04W80/04
摘要： A method of authenticating a paging request within an IP environment, said environment comprising a paging area having a plurality of access router (PAR, AR) and at least one mobile node (MN), said method comprising the steps of: sharing a session security key (K) between said mobile node (MN) and an access router (PAR) to which said mobile node (MN) has been previously attached to; receiving (S1) a packet incoming for said mobile node (MN) by said previous access router (PAR), wherein said mobile node (MN) is in a dormant mode; submitting (S2) a paging request to all other access routers (AR) of said paging area by said previous access router (PAR) about the packet which came in, thereby also distributing said session security key (K); generating (S3) authentication parameters according to a predetermined process by an access router (AR) to which said mobile node (MN) is currently attached to; submitting (S4) said paging request from said access router (AR) to said mobile node (MN) including said authentication parameters; verifying (S5) the validity of said request by said mobile node (MN), wherein said authentication parameters are processed according to said predetermined process; and submitting (S6) a paging response from said mobile node (MN) to said access router (AR), wherein said response authenticates said paging request.
摘要翻译：一种在IP环境内认证寻呼请求的方法，所述环境包括具有多个接入路由器（PAR，AR）和至少一个移动节点（MN）的寻呼区域，所述方法包括以下步骤：共享会话安全所述移动节点（MN）和所述移动节点（MN）先前已经附接到的移动节点（MN）的接入路由器（PAR）之间的密钥（K）接收（S1）由所述先前访问路由器（PAR）进入所述移动节点（MN）的分组，其中所述移动节点（MN）处于休眠模式; 向所述先前访问路由器（PAR）向所述寻呼区域的所有其他接入路由器（AR）提交关于进入的分组的寻呼请求（S2），从而也分发所述会话安全密钥（K）; 根据所述移动节点（MN）当前附着到的接入路由器（AR）根据预定的处理生成（S3）认证参数; （S4）从所述接入路由器（AR）到包括所述认证参数的所述移动节点（MN）的所述寻呼请求; 验证（S5）所述移动节点（MN）的所述请求的有效性，其中所述认证参数根据所述预定过程进行处理; 以及向所述接入路由器（AR）提交（S6）从所述移动节点（MN）的寻呼响应，其中所述响应认证所述寻呼请求。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式