利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

94 条记录 (耗时 0.034 秒)

    Method and apparatus for handling keys used for encryption and integrity
    21.
    发明申请
    Method and apparatus for handling keys used for encryption and integrity 有权
    用于处理用于加密和完整性的密钥的方法和装置

    公开(公告)号:US20070230707A1

    公开(公告)日:2007-10-04

    申请号:US11726527

    申请日:2007-03-22

    申请人: Rolf Blom Karl Norrman Mats Naslund

    发明人: Rolf Blom Karl Norrman Mats Naslund

    IPC分类号: H04L9/00

    CPC分类号: H04L63/062 H04L9/0844 H04L9/0891 H04L2209/80 H04W12/04

    摘要: A method and an arrangement for providing keys for protecting communication between a terminal (300) and service points in a communication network. A basic key (Ik) is first established with a service control node (304) when the terminal has entered the network. An initial modified key (Ik1) is then created in both the service control node and the terminal, by applying a predetermined first function (f) to at least the basic key and an initial value of a key version parameter (v). The initial modified key is sent to a first service point (302), such that it can be used to protect communication between the terminal and the first service point. When the terminal switches to a second service point (306), the first service point and the terminal both create a second modified key (Ik2) by applying a predetermined second function (g) to the initial modified key, and the first service point sends the second modified key to the second service point.

    摘要翻译: 一种用于提供用于保护终端(300)与通信网络中的服务点之间的通信的密钥的方法和装置。 当终端进入网络时,首先与服务控制节点(304)建立基本密钥(Ik)。 然后,通过将预定的第一功能(f)应用于至少基本密钥和密钥的初始值,在服务控制节点和终端两者中创建初始修改密钥(Ik1< 1>) 版本参数(v)。 初始修改的密钥被发送到第一服务点(302),使得其可以用于保护终端和第一服务点之间的通信。 当终端切换到第二服务点(306)时,第一服务点和终端都通过将预定的第二功能(g)应用于初始修改的密钥来创建第二修改密钥(Ik> 2< 密钥,第一服务点将第二修改密钥发送到第二服务点。

    CRYPTOGRAPHIC KEY MANAGEMENT IN COMMUNICATION NETWORKS
    23.
    发明申请
    CRYPTOGRAPHIC KEY MANAGEMENT IN COMMUNICATION NETWORKS 有权
    通信网络中的CRYPTOGRAPHIC KEY MANAGEMENT

    公开(公告)号:US20080095362A1

    公开(公告)日:2008-04-24

    申请号:US11857621

    申请日:2007-09-19

    申请人: Rolf Blom Karl Norrman Mats Naslund

    发明人: Rolf Blom Karl Norrman Mats Naslund

    IPC分类号: H04L9/14

    CPC分类号: H04L9/321 H04L63/062 H04L63/08 H04L2209/80 H04L2463/061 H04W12/04 H04W12/06 H04W36/0038

    摘要: An authentication server and a system and method for managing cryptographic keys across different combinations of user terminals, access networks, and core networks. A Transformation Coder Entity (TCE) creates a master key (Mk), which is used to derive keys during the authentication procedure. During handover between the different access types, the Mk or a transformed Mk is passed between two nodes that hold the key in the respective access networks when a User Equipment (UE) terminal changes access. The transformation of the Mk is performed via a one-way function, and has the effect that if the Mk is somehow compromised, it is not possible to automatically obtain access to previously used master keys. The transformation is performed based on the type of authenticator node and type of UE/identity module with which the transformed key is to be utilized. The Mk is never used directly, but is only used to derive the keys that are directly used to protect the access link.

    摘要翻译: 一种认证服务器,以及用于管理跨越用户终端,接入网络和核心网络的不同组合的加密密钥的系统和方法。 转换编码器实体(TCE)创建主密钥(Mk),用于在认证过程期间导出密钥。 在不同访问类型之间的切换期间,当用户设备(UE)终端改变访问时,Mk或经变换的Mk在保持密钥的两个节点之间传递。 通过单向函数执行Mk的转换,并且具有以下效果:如果Mk以某种方式受损,则不可能自动获得对先前使用的主密钥的访问。 基于认证者节点的类型和使用变换密钥的UE /身份模块的类型进行转换。 Mk从不直接使用,但仅用于派生直接用于保护访问链接的密钥。

    METHOD AND NETWORK FOR DELIVERING STREAMING DATA
    25.
    发明申请
    METHOD AND NETWORK FOR DELIVERING STREAMING DATA 有权
    提供数据流的方法和网络

    公开(公告)号:US20110047209A1

    公开(公告)日:2011-02-24

    申请号:US12895242

    申请日:2010-09-30

    申请人: Fredrik LINDHOLM Rolf Blom Karl Norrman Göran Selander Mats NÄSLUND

    发明人: Fredrik LINDHOLM Rolf Blom Karl Norrman Göran Selander Mats NÄSLUND

    IPC分类号: G06F15/16

    CPC分类号: H04L63/0442 G06F21/10 G06F2221/0737 G06F2221/0797 H04L29/06027 H04L63/0807 H04L65/4084 H04L65/607 H04L65/608 H04L67/14

    摘要: In a procedure for delivering streaming media, a Client first requests the media from an Order Server. The Order Server authenticates the Client and sends a ticket to the Client. Then, the Client sends the ticket to a Streaming Server. The Streaming Server checks the ticket for validity and if found valid encrypts the streaming data using a standardized real-time protocol such as the SRTP and transmits the encrypted data to the Client. The Client receives the data and decrypts them. Copyrighted material adapted to streaming can be securely delivered to the Client. The robust protocol used is very well suited for in particular wireless clients and similar devices having a low capacity such as cellular telephones and PDAs.

    摘要翻译: 在提供流媒体的过程中,客户端首先从订单服务器请求媒体。 订单服务器对客户端进行身份验证,并向客户端发送故障单。 然后,客户端将票证发送到流服务器。 流服务器检查故障单的有效性,并且如果发现有效使用诸如SRTP的标准化实时协议对流数据进行加密,并将加密的数据发送到客户端。 客户端接收数据并对其进行解密。 适用于流媒体的版权材料可以安全地传递给客户端。 所使用的鲁棒协议非常适合于具有低容量的特定无线客户端和类似设备,例如蜂窝电话和PDA。

    Method and Apparatus for Delivering Keying Information
    27.
    发明申请
    Method and Apparatus for Delivering Keying Information 有权
    提供键控信息的方法和装置

    公开(公告)号:US20080273704A1

    公开(公告)日:2008-11-06

    申请号:US12095813

    申请日:2006-07-11

    申请人: Karl Norrman Rolf Blom Fredrik Lindholm

    发明人: Karl Norrman Rolf Blom Fredrik Lindholm

    IPC分类号: H04L9/08

    CPC分类号: H04W12/02 H04L63/0272 H04L63/062 H04L63/08 H04L63/164 H04L65/1016 H04W12/04

    摘要: A method of delivering an application key or keys to an application server for use in securing data exchanged between the application server and a user equipment, the user equipment accessing a communications network via an access domain. The method comprises running an Authentication and Key Agreement procedure between the user equipment and a home domain in order to make keying material available to the user equipment and to an access enforcement point. At least a part of said keying material is used to secure a communication tunnel between the user equipment and the access enforcement point, and one or more application keys are derived within the home domain using at least part of said keying material. Said application key(s) is(are) provided to said application server, and the same application key(s) derived at the user equipment, wherein said access enforcement point is unable to derive or have access to said application key(s).

    摘要翻译: 将应用密钥或密钥递送到应用服务器以用于保护在应用服务器和用户设备之间交换的数据的方法,所述用户设备经由接入域访问通信网络。 该方法包括在用户设备和归属域之间运行认证和密钥协商过程,以使密钥材料可用于用户设备和访问执行点。 所述密钥材料的至少一部分用于保护用户设备和访问执行点之间的通信隧道,并且使用至少部分所述密钥材料在归属域内导出一个或多个应用密钥。 所述应用密钥被提供给所述应用服务器,以及在用户设备导出的相同的应用密钥,其中所述访问执行点不能导出或访问所述应用密钥。

    Method and apparatus for delivering keying information
    28.
    发明授权
    Method and apparatus for delivering keying information 有权
    提供密钥信息的方法和装置

    公开(公告)号:US09503890B2

    公开(公告)日:2016-11-22

    申请号:US12095813

    申请日:2006-07-11

    申请人: Karl Norrman Rolf Blom Fredrik Lindholm

    发明人: Karl Norrman Rolf Blom Fredrik Lindholm

    IPC分类号: H04L9/32 H04W12/02 H04L29/06 H04W12/04

    CPC分类号: H04W12/02 H04L63/0272 H04L63/062 H04L63/08 H04L63/164 H04L65/1016 H04W12/04

    摘要: A method of delivering an application key or keys to an application server for use in securing data exchanged between the application server and a user equipment, the user equipment accessing a communications network via an access domain. The method comprises running an Authentication and Key Agreement procedure between the user equipment and a home domain in order to make keying material available to the user equipment and to an access enforcement point. At least a part of said keying material is used to secure a communication tunnel between the user equipment and the access enforcement point, and one or more application keys are derived within the home domain using at least part of said keying material. Said application key(s) is(are) provided to said application server, and the same application key(s) derived at the user equipment, wherein said access enforcement point is unable to derive or have access to said application key(s).

    摘要翻译: 将应用密钥或密钥递送到应用服务器以用于保护在应用服务器和用户设备之间交换的数据的方法,所述用户设备经由接入域访问通信网络。 该方法包括在用户设备和归属域之间运行认证和密钥协商过程,以使密钥材料可用于用户设备和访问执行点。 所述密钥材料的至少一部分用于保护用户设备和访问执行点之间的通信隧道,并且使用至少部分所述密钥材料在归属域内导出一个或多个应用密钥。 所述应用密钥被提供给所述应用服务器,以及在用户设备导出的相同的应用密钥,其中所述访问执行点不能导出或访问所述应用密钥。

    Security policy distribution to communication terminals
    29.
    发明授权
    Security policy distribution to communication terminals 有权
    通信终端的安全策略分配

    公开(公告)号:US08819765B2

    公开(公告)日:2014-08-26

    申请号:US12863746

    申请日:2008-01-22

    申请人: Mats Naslund Michael Liljenstam Karl Norrman Bengt Sahlin

    发明人: Mats Naslund Michael Liljenstam Karl Norrman Bengt Sahlin

    IPC分类号: G06F17/00 H04L29/06

    CPC分类号: H04L41/0893 H04L63/20 H04L63/205 H04W12/02

    摘要: A method and arrangement for distributing a security policy to a communication terminal having an association with a home communication network, but being present in a visited communication network. The home communication network generates its own preferred security policy Ph and the visited communication network generates its own preferred security policy Pv. A communication network entity in the visited communication network combines the security policies and selects security algorithms and/or functions to apply from the combined security policy. By generating security policy vectors of both networks and combining them before the security algorithms are selected, both networks are able to influence the selection without requiring the use of signaling messages.

    摘要翻译: 一种用于将安全策略分发给具有与归属通信网络相关联但存在于被访问的通信网络中的通信终端的方法和装置。 家庭通信网络生成自己的首选安全策略Ph,并且被访问的通信网络生成其自己的优选安全策略Pv。 访问通信网络中的通信网络实体组合安全策略并选择从组合的安全策略应用的安全算法和/或功能。 通过在选择安全算法之前生成两个网络的安全策略向量并组合它们,两个网络能够影响选择,而不需要使用信令消息。