-
公开(公告)号:US20120272064A1
公开(公告)日:2012-10-25
申请号:US13097184
申请日:2011-04-29
IPC分类号: H04L9/32
CPC分类号: H04L9/0894 , H04L63/061 , H04L63/0869 , H04L63/306
摘要: Techniques are disclosed for discovering security associations formed in communication environments. For example, a method for forming a discoverable security association between a first computing device (e.g., a first client) and a second computing device (e.g., a second client) comprises the following steps. The first computing device is provided with a seed that is used by the first computing device to generate a secret that is used by the first computing device to compute a key for use in securing communications with the second computing device. The secret is re-computable based on knowledge of the seed and the key is re-computable based on knowledge of the secret such that a third computing device (e.g., an intercepting server) can use the re-computed key to intercept communications between the first computing device and the second computing device unbeknownst to the first computing device and the second computing device. By way of example, the key may be a result of an identity based authenticated key exchange.
摘要翻译: 公开了用于发现在通信环境中形成的安全关联的技术。 例如,用于在第一计算设备(例如,第一客户端)和第二计算设备(例如,第二客户端)之间形成可发现的安全关联的方法包括以下步骤。 第一计算设备被提供有种子,该种子由第一计算设备用于生成由第一计算设备用于计算密钥以用于保护与第二计算设备的通信的密钥。 基于种子的知识可以重新计算秘密,并且基于秘密的知识可以重新计算密钥,使得第三计算设备(例如,拦截服务器)可以使用重新计算的密钥来拦截 第一计算设备和第二计算设备不受第一计算设备和第二计算设备的影响。 作为示例,密钥可以是基于身份的认证密钥交换的结果。
-
12.发明申请Automated Security Provisioning Protocol for Wide Area Network Communication Devices in Open Device Environment 有权用于开放设备环境中的广域网通信设备的自动安全配置协议公开(公告)号:US20110016321A1
公开(公告)日:2011-01-20
申请号:US12503051
申请日:2009-07-14
IPC分类号: H04L29/06
CPC分类号: H04L63/061 , H04L63/0442 , H04L63/0869 , H04L67/12 , H04L67/34 , H04W4/00 , H04W4/70 , H04W8/205 , H04W12/04 , H04W12/06 , H04W74/00 , H04W84/04 , H04W92/18
摘要: An automated security provisioning protocol is provided for wide area network communication devices in an open device environment, such as cellular communication devices in a machine-to-machine (M2M) environment. For example, a method for performing a security provisioning protocol between a first communication device and a second communication device over at least one wide area communication network comprises the following steps from the perspective of the first communication device. The first communication device automatically uses access information not previously provisioned in the wide area communication network to gain access to the wide area communication network for an initial purpose of communicating with the second communication device. The first communication device, upon gaining access to the wide area communication network, automatically performs an authenticated key exchange operation with the second communication device over the wide area communication network and establishes a secure communication key as a result of the authenticated key exchange operation for subsequent use by the first communication device for secure communications. The wide area communication network is operated by a first entity and the second communication device is operated by a second entity.
摘要翻译: 在诸如机器对机器(M2M)环境中的蜂窝通信设备的开放设备环境中为广域网通信设备提供自动安全提供协议。 例如,用于在第一通信设备和第二通信设备之间通过至少一个广域通信网络执行安全提供协议的方法包括从第一通信设备的角度来看以下步骤。 第一通信设备自动使用广域通信网络中以前未配置的接入信息,以获得对广域通信网络的访问,以便与第二通信设备进行通信的初始目的。 第一通信设备在通过广域通信网访问时,通过广域通信网络自动执行与第二通信设备的认证密钥交换操作,并且作为后续认证的密钥交换操作的结果建立安全通信密钥 由第一通信设备用于安全通信。 广域通信网络由第一实体操作,第二通信设备由第二实体操作。
-
公开(公告)号:US08769288B2
公开(公告)日:2014-07-01
申请号:US13097184
申请日:2011-04-29
CPC分类号: H04L9/0894 , H04L63/061 , H04L63/0869 , H04L63/306
摘要: Techniques are disclosed for discovering security associations formed in communication environments. For example, a method for forming a discoverable security association between a first computing device (e.g., a first client) and a second computing device (e.g., a second client) comprises the following steps. The first computing device is provided with a seed that is used by the first computing device to generate a secret that is used by the first computing device to compute a key for use in securing communications with the second computing device. The secret is re-computable based on knowledge of the seed and the key is re-computable based on knowledge of the secret such that a third computing device (e.g., an intercepting server) can use the re-computed key to intercept communications between the first computing device and the second computing device unbeknownst to the first computing device and the second computing device. By way of example, the key may be a result of an identity based authenticated key exchange.
摘要翻译: 公开了用于发现在通信环境中形成的安全关联的技术。 例如,用于在第一计算设备(例如,第一客户端)和第二计算设备(例如,第二客户端)之间形成可发现的安全关联的方法包括以下步骤。 第一计算设备被提供有种子,该种子由第一计算设备用于生成由第一计算设备用于计算密钥以用于保护与第二计算设备的通信的密钥。 基于种子的知识可以重新计算秘密,并且基于秘密的知识可以重新计算密钥,使得第三计算设备(例如,拦截服务器)可以使用重新计算的密钥来拦截 第一计算设备和第二计算设备不受第一计算设备和第二计算设备的影响。 作为示例,密钥可以是基于身份的认证密钥交换的结果。
-
公开(公告)号:US08667151B2
公开(公告)日:2014-03-04
申请号:US11836313
申请日:2007-08-09
IPC分类号: G06F15/16
CPC分类号: H04L63/06 , H04L63/162 , H04L63/18
摘要: In one embodiment, a method of the invention has the steps of: (A) establishing an access-layer security association (SA) between a mobile node (MN) and an authentication authorization accounting (AAA) server; (B) deriving a secondary key from an extended master session key (EMSK) corresponding to the access-layer SA; (C) providing the secondary key to a home agent; and (D) based on the secondary key, establishing an SA corresponding to an Open System Interconnection (OSI) layer higher than the access layer for securing communications between the home agent and a selected network node. In various embodiments, the selected network node can be (i) the MN, (ii) a proxy node configured on behalf of the MN, or (iii) a proxy node configured on behalf of the home agent.
摘要翻译: 在一个实施例中,本发明的方法具有以下步骤:(A)在移动节点(MN)和认证授权计费(AAA)服务器之间建立接入层安全关联(SA); (B)从对应于接入层SA的扩展主会话密钥(EMSK)导出次密钥; (C)向本地代理人提供次要密钥; 和(D)基于所述次级密钥,建立与所述接入层以上的开放系统互连(OSI)层对应的SA,以保护所述归属代理和所选网络节点之间的通信。 在各种实施例中,所选择的网络节点可以是(i)MN,(ii)代表MN配置的代理节点,或(iii)代表归属代理配置的代理节点。
-
公开(公告)号:US20130297939A1
公开(公告)日:2013-11-07
申请号:US13932573
申请日:2013-07-01
CPC分类号: H04L9/0847 , H04L9/3073
摘要: A key agreement protocol between a first party and a second party comprises the following steps from the first party perspective. An encrypted first random key component is directed to the second party, the first random key component having been computed at the first party and encrypted using a public key of the second party in accordance with an identity based encryption operation. An encrypted second random key component corresponding to the second party is received. The encrypted second random key component is decrypted using a private key of the first party. A session key for use in subsequent communications between the first party and the second party is computed based at least in part on the second random key component.
摘要翻译: 第一方和第二方之间的关键协议协议包括从第一方面的以下步骤。 加密的第一随机密钥组件指向第二方,第一随机密钥组件已经在第一方被计算并且使用第二方的公开密钥根据基于身份的加密操作加密。 接收对应于第二方的加密的第二随机密钥组件。 使用第一方的私钥对加密的第二随机密钥组件进行解密。 至少部分地基于第二随机密钥分量计算用于第一方和第二方之间的后续通信中的会话密钥。
-
公开(公告)号:US08510558B2
公开(公告)日:2013-08-13
申请号:US12372242
申请日:2009-02-17
IPC分类号: H04L9/32
CPC分类号: H04L9/0847 , H04L9/3073
摘要: A key agreement protocol between a first party and a second party comprises the following steps from the first party perspective. An encrypted first random key component is sent to the second party, the first random key component being encrypted using a public key of the second party in accordance with an identity based encryption operation. An encrypted random key component pair is received from the second party, the random key component pair being formed from the first random key component and a second random key component computed at the second party, and encrypted at the second party using a public key of the first party in accordance with the identity based encryption operation. The second random key component, in encrypted form, is sent to the second party, the second random key component being encrypted using the public key of the second party. A key for use in subsequent communications between the first party and the second party is computable at the first party based on the second random key component. The key may be computed at the second party based on the first random key component.
摘要翻译: 第一方和第二方之间的关键协议协议包括从第一方面的以下步骤。 加密的第一随机密钥组件被发送到第二方,第一随机密钥组件使用第二方的公开密钥根据基于身份的加密操作进行加密。 从第二方接收加密的随机密钥分量对,随机密钥分量对由第一随机密钥分量和在第二方计算的第二随机密钥分量形成,并在第二方使用公钥 第一方按照基于身份的加密操作。 将加密形式的第二随机密钥组件发送给第二方,第二随机密钥组件使用第二方的公钥进行加密。 在第一方和第二方之间的后续通信中使用的密钥可以在第一方基于第二随机密钥分量计算。 可以基于第一随机密钥分量在第二方计算密钥。
-
公开(公告)号:US08301883B2
公开(公告)日:2012-10-30
申请号:US12549907
申请日:2009-08-28
IPC分类号: H04L29/06
CPC分类号: H04L9/3073 , H04L9/0825 , H04L9/0833 , H04L9/0847 , H04L63/306 , H04L2209/80
摘要: A method for managing a conference between two or more parties comprises an identity based authenticated key exchange between a conference management element and each of the two or more parties seeking to participate in the conference. Messages exchanged between the conference management element and the two or more parties are encrypted based on respective identities of recipients of the messages. The method comprises the conference management element receiving from each party a random group key component. The random group key component is computed by each party based on a random number used by the party during the key authentication operation and random key components computed by a subset of others of the two or more parties seeking to participate in the conference. The conference management element sends to each party the random group key components computed by the parties such that each party can compute the same group key.
摘要翻译: 一种用于在两个或多个方之间管理会议的方法包括会议管理元件与寻求参加会议的两个或多个方中的每个之间的基于身份的认证密钥交换。 在会议管理单元与两个或多个会话之间交换的消息基于消息的接收者的相应身份被加密。 该方法包括从各方接收随机组密钥分量的会议管理单元。 随机组密钥分量由各方根据在密钥认证操作期间由该方使用的随机数和由寻求参与会议的两个或多个方的其他人的子集计算的随机密钥分量来计算。 会议管理单元向各方发送由各方计算的随机组密钥分量,使得各方可以计算相同的组密钥。
-
公开(公告)号:US20110055567A1
公开(公告)日:2011-03-03
申请号:US12549932
申请日:2009-08-28
CPC分类号: H04L63/306 , H04L9/0825 , H04L9/0833 , H04L9/0847 , H04L9/0894 , H04L9/3073 , H04L2209/80
摘要: Principles of the invention provide one or more secure key management protocols for use in communication environments such as a media plane of a multimedia communication system. For example, a method for performing an authenticated key agreement protocol, in accordance with a multimedia communication system, between a first party and a second party comprises, at the first party, the following steps. Note that encryption/decryption is performed in accordance with an identity based encryption operation. At least one private key for the first party is obtained from a key service. A first message comprising an encrypted first random key component is sent from the first party to the second party, the first random key component having been computed at the first party, and the first message having been encrypted using a public key of the second party. A second message comprising an encrypted random key component pair is received at the first party from the second party, the random key component pair having been formed from the first random key component and a second random key component computed at the second party, and the second message having been encrypted at the second party using a public key of the first party. The second message is decrypted by the first party using the private key obtained by the first party from the key service to obtain the second random key component. A third message comprising the second random key component is sent from the first party to the second party, the third message having been encrypted using the public key of the second party. The first party computes a secure key based on the second random key component, the secure key being used for conducting at least one call session with the second party via a media plane of the multimedia communication system.
摘要翻译: 本发明的原理提供了一种或多种用于诸如多媒体通信系统的媒体平面的通信环境中的安全密钥管理协议。 例如,在第一方和第二方之间执行根据多媒体通信系统的认证密钥协商协议的方法包括在第一方处理以下步骤。 注意,根据基于身份的加密操作来执行加密/解密。 从关键服务获得至少一个第一方私钥。 包括加密的第一随机密钥组件的第一消息从第一方发送到第二方,第一随机密钥组件已经在第一方被计算,并且第一消息已经使用第二方的公钥加密。 在第一方从第二方接收包括加密的随机密钥分量对的第二消息,所述随机密钥分量对已经由第一随机密钥分量和在第二方计算的第二随机密钥分量形成, 消息已经使用第一方的公钥在第二方加密。 由第一方使用由密钥服务获得的第一方获得的私钥来解密第二消息以获得第二随机密钥分量。 包括第二随机密钥分量的第三消息从第一方发送到第二方,第三消息已经使用第二方的公钥加密。 第一方基于第二随机密钥组件计算安全密钥,该安全密钥用于经由多媒体通信系统的媒体平面与第二方进行至少一个呼叫会话。
-
公开(公告)号:US20100211779A1
公开(公告)日:2010-08-19
申请号:US12372242
申请日:2009-02-17
CPC分类号: H04L9/0847 , H04L9/3073
摘要: A key agreement protocol between a first party and a second party comprises the following steps from the first party perspective. An encrypted first random key component is sent to the second party, the first random key component being encrypted using a public key of the second party in accordance with an identity based encryption operation. An encrypted random key component pair is received from the second party, the random key component pair being formed from the first random key component and a second random key component computed at the second party, and encrypted at the second party using a public key of the first party in accordance with the identity based encryption operation. The second random key component, in encrypted form, is sent to the second party, the second random key component being encrypted using the public key of the second party. A key for use in subsequent communications between the first party and the second party is computable at the first party based on the second random key component. The key may be computed at the second party based on the first random key component.
摘要翻译: 第一方和第二方之间的关键协议协议包括从第一方面的以下步骤。 加密的第一随机密钥组件被发送到第二方,第一随机密钥组件使用第二方的公开密钥根据基于身份的加密操作进行加密。 从第二方接收加密的随机密钥分量对,随机密钥分量对由第一随机密钥分量和在第二方计算的第二随机密钥分量形成,并在第二方使用公钥 第一方按照基于身份的加密操作。 将加密形式的第二随机密钥组件发送给第二方,第二随机密钥组件使用第二方的公钥进行加密。 在第一方和第二方之间的后续通信中使用的密钥可以在第一方基于第二随机密钥分量计算。 可以基于第一随机密钥分量在第二方计算密钥。
-
20.发明授权Automated security provisioning protocol for wide area network communication devices in open device environment 有权用于开放设备环境中的广域网通信设备的自动安全配置协议公开(公告)号:US09590961B2
公开(公告)日:2017-03-07
申请号:US12503051
申请日:2009-07-14
IPC分类号: H04L29/06 , H04W4/00 , H04W12/04 , H04W12/06 , H04L29/08 , H04W8/20 , H04W74/00 , H04W84/04 , H04W92/18
CPC分类号: H04L63/061 , H04L63/0442 , H04L63/0869 , H04L67/12 , H04L67/34 , H04W4/00 , H04W4/70 , H04W8/205 , H04W12/04 , H04W12/06 , H04W74/00 , H04W84/04 , H04W92/18
摘要: An automated security provisioning protocol is provided for wide area network communication devices in an open device environment, such as cellular communication devices in a machine-to-machine (M2M) environment. For example, a method for performing a security provisioning protocol between a first communication device and a second communication device over at least one wide area communication network comprises the following steps from the perspective of the first communication device. The first communication device automatically uses access information not previously provisioned in the wide area communication network to gain access to the wide area communication network for an initial purpose of communicating with the second communication device. The first communication device, upon gaining access to the wide area communication network, automatically performs an authenticated key exchange operation with the second communication device over the wide area communication network and establishes a secure communication key as a result of the authenticated key exchange operation for subsequent use by the first communication device for secure communications. The wide area communication network is operated by a first entity and the second communication device is operated by a second entity.
摘要翻译: 在诸如机器对机器(M2M)环境中的蜂窝通信设备的开放设备环境中为广域网通信设备提供自动安全提供协议。 例如,用于在第一通信设备和第二通信设备之间通过至少一个广域通信网络执行安全提供协议的方法包括从第一通信设备的角度来看以下步骤。 第一通信设备自动使用广域通信网络中以前未配置的接入信息,以获得对广域通信网络的访问,以便与第二通信设备进行通信的初始目的。 第一通信设备在通过广域通信网访问时,通过广域通信网络自动执行与第二通信设备的认证密钥交换操作,并且作为后续认证的密钥交换操作的结果建立安全通信密钥 由第一通信设备用于安全通信。 广域通信网络由第一实体操作,第二通信设备由第二实体操作。
-
-
-
-
-
-
-
-
-
搜索结果
33 条记录 (耗时 0.024 秒)
