-
公开(公告)号:US08929543B2
公开(公告)日:2015-01-06
申请号:US13634920
申请日:2011-03-16
申请人: Karl Norrman , Tomas Hedberg , Mats Naslund
发明人: Karl Norrman , Tomas Hedberg , Mats Naslund
摘要: A method comprises maintaining, in a first node serving a mobile terminal over a connection protected by at least one first key, said first key and information about the key management capabilities of the mobile terminal. Upon relocation of the mobile terminal to a second node the method includes: if, and only if, said key management capabilities indicate an enhanced key management capability supported by the mobile terminal, modifying, by said first node, the first key, thereby creating a second key, sending, from the first node to the second node, the second key, and transmitting to the second node the information about the key management capabilities of the mobile terminal.
摘要翻译: 一种方法包括在通过由至少一个第一密钥保护的连接上为移动终端服务的第一节点中保留所述第一密钥和关于移动终端的密钥管理能力的信息。 在将移动终端重新定位到第二节点时,该方法包括:如果并且仅当所述密钥管理能力指示由移动终端支持的增强密钥管理能力时,由所述第一节点修改第一密钥,从而创建 第二密钥,从第一节点向第二节点发送第二密钥,并向第二节点发送关于移动终端的密钥管理能力的信息。
-
32.发明申请Robust and flexible digital rights management involving a tamper-resistant identity module 有权强大而灵活的数字版权管理涉及防篡改身份模块公开(公告)号:US20050278787A1
公开(公告)日:2005-12-15
申请号:US10524583
申请日:2002-12-19
申请人: Mats Naslund , Karl Norrman
发明人: Mats Naslund , Karl Norrman
CPC分类号: H04L63/0428 , G06F21/10 , G06F2221/0711 , G06F2221/2115 , G06F2221/2129 , G06F2221/2135 , G06F2221/2137 , G06F2221/2153 , H04L63/08 , H04L63/0807 , H04L63/0823 , H04L63/0853 , H04L63/0869 , H04L2463/101 , H04W8/22 , H04W12/04 , H04W12/06
摘要: The invention relates to digital rights management, and proposes the implementation of a DRM agent (125) into a tamper-resistant identity module (120) adapted for engagement with a client system (100), such as a mobile phone or a computer system. The DRM agent (125) is generally implemented with functionality for enabling usage, such as rendering or execution of protected digital content provided to the client system from a content provider In general, the DRM agent (125) includes functionality for cryptographic processing of DRM metadata associated with the digital content to be rendered. In a particularly advantageous realization, the DRM agent is implemented as an application in the application environment of the identity module. The DRM application can be preprogrammed into the application environment, or securely downloaded from a trusted party associated with the identity module. The invention also relates to a distributed DRM module, with communication between distributed DRM agents (125, 135) based on usage-device specific key information.
摘要翻译: 本发明涉及数字版权管理,并且提出将DRM代理(125)实现到适用于与例如移动电话或计算机系统的客户端系统(100)接合的防篡改身份模块(120)中。 DRM代理(125)通常由具有用于启用使用的功能来实现,例如从内容提供商呈现或执行提供给客户端系统的受保护数字内容通常,DRM代理(125)包括用于DRM元数据的密码处理的功能 与要呈现的数字内容相关联。 在特别有利的实现中,DRM代理被实现为身份模块的应用环境中的应用。 DRM应用可以被预编程到应用环境中,或者从与身份模块相关联的可信方安全地下载。 本发明还涉及一种基于使用设备特定密钥信息的分布式DRM代理(125,135)之间的通信的分布式DRM模块。
-
公开(公告)号:US10432606B2
公开(公告)日:2019-10-01
申请号:US14370862
申请日:2012-04-27
申请人: Mats Naslund , Maurizio Iovieno , Karl Norrman
发明人: Mats Naslund , Maurizio Iovieno , Karl Norrman
摘要: A method and apparatus for providing access to an encrypted communication between a sending node and a receiving node to a Law Enforcement Agency (LEA). A Key Management Server (KMS) function stores cryptographic information used to encrypt the communication at a database. The cryptographic information is associated with an identifier used to identify the encrypted communication between the sending node and the receiving node. The KMS receives a request for Lawful Interception, the request including an identity of a Lawful Interception target. The KMS uses the target identity to determine the identifier, and retrieves the cryptographic information associated with the identifier from the database. The cryptographic information can be used to decrypt the encrypted communication. The KMS then sends either information derived from the cryptographic information or a decrypted communication towards the LEA. This allows the LEA to obtain a decrypted version of the communication.
-
公开(公告)号:US08340288B2
公开(公告)日:2012-12-25
申请号:US12996214
申请日:2008-07-21
申请人: Karl Norrman , Mats Naslund
发明人: Karl Norrman , Mats Naslund
IPC分类号: H04L29/06
CPC分类号: H04W12/06 , H04L9/065 , H04L9/0819 , H04L9/0838 , H04L9/0866 , H04L9/0869 , H04L9/0891 , H04L9/14 , H04L9/3271 , H04L2209/24 , H04L2209/80 , H04L2463/061 , H04W12/04
摘要: A technique for generating a cryptographic key (120) is provided. The technique is particularly useful for protecting the communication between two entities (202, 302; 204, 304) cooperatively running a distributed security operation. The technique comprises providing at least two parameters (106, 108), the first parameter (106) comprising or deriving from some cryptographic keys (110, 112) which have been computed by the first entity (202, 302) by running the security operation; and the second parameter (108) comprising or deriving from a token (116) having a different value each time the security (114) operation is initiated by the second entity (204, 304) for the first entity (202, 302). A key derivation function is applied to the provided parameters (106, 108) to generate the desired cryptographic key (120).
摘要翻译: 提供了一种用于生成加密密钥(120)的技术。 该技术对于保护协作地运行分布式安全操作的两个实体(202,302; 204,304)之间的通信特别有用。 所述技术包括提供至少两个参数(106,108),所述第一参数(106)包括由所述第一实体(202,302)通过运行所述安全操作来计算的一些加密密钥(110,112) ; 并且所述第二参数(108)包括每个所述第一实体(202,302)由所述第二实体(204,304)发起所述安全性(114)操作)具有不同值的令牌(116)。 密钥导出函数被应用于所提供的参数(106,108)以生成期望的密码密钥(120)。
-
公开(公告)号:US07725709B2
公开(公告)日:2010-05-25
申请号:US11470554
申请日:2006-09-06
IPC分类号: H04L29/06
CPC分类号: H04L9/12 , H04L9/0861 , H04L9/16
摘要: Methods for cryptographic synchronization of data packets. A roll-over counter (ROC) value is periodically appended to and transmitted with a data packet when a function of the packet sequence number equals a predetermined value. The ROC effectively synchronizes the cryptographic transformation of the data packets. Although the disclosed methods are generally applicable to many transmission protocols, they are particularly adaptable for use in systems wherein the data packets are transmitted to a receiver using the Secure Real-Time Transport Protocol (SRTP) as defined in Internet Engineering Task Force (IETF) Request for Comments (RFC) 3711.
摘要翻译: 数据包的密码同步方法。 当分组序列号的功能等于预定值时,翻转计数器(ROC)值周期性地附加到数据分组并与数据分组一起发送。 ROC有效地同步数据包的加密转换。 虽然所公开的方法通常适用于许多传输协议,但是它们特别适用于在使用因特网工程任务组(IETF)中定义的安全实时传输协议(SRTP)将数据分组发送到接收机的系统中, 请求注释(RFC)3711。
-
36.发明授权Robust and flexible digital rights management involving a tamper-resistant identity module 有权强大而灵活的数字版权管理涉及防篡改身份模块公开(公告)号:US07568234B2
公开(公告)日:2009-07-28
申请号:US10524583
申请日:2002-12-19
申请人: Mats Naslund , Karl Norrman
发明人: Mats Naslund , Karl Norrman
IPC分类号: H04L9/00
CPC分类号: H04L63/0428 , G06F21/10 , G06F2221/0711 , G06F2221/2115 , G06F2221/2129 , G06F2221/2135 , G06F2221/2137 , G06F2221/2153 , H04L63/08 , H04L63/0807 , H04L63/0823 , H04L63/0853 , H04L63/0869 , H04L2463/101 , H04W8/22 , H04W12/04 , H04W12/06
摘要: The invention relates to digital rights management, and proposes the implementation of a DRM agent (125) into a tamper-resistant identity module (120) adapted for engagement with a client system (100), such as a mobile phone or a computer system. The DRM agent (125) is generally implemented with functionality for enabling usage, such as rendering or execution of protected digital content provided to the client system from a content provider. In general, the DRM agent (125) includes functionality for cryptographic processing of DRM metadata associated with the digital content to be rendered. In a particularly advantageous realization, the DRM agent is implemented as an application in the application environment of the identity module. The DRM application can be preprogrammed into the application environment, or securely downloaded from a trusted party associated with the identity module. The invention also relates to a distributed DRM module, with communication between distributed DRM agents (125, 135) based on usage-device specific key information.
摘要翻译: 本发明涉及数字版权管理,并且提出将DRM代理(125)实现到适用于与例如移动电话或计算机系统的客户端系统(100)接合的防篡改身份模块(120)中。 DRM代理(125)通常用功能来实现,用于实现使用,例如从内容提供商呈现或执行提供给客户端系统的受保护的数字内容。 通常,DRM代理(125)包括用于与要呈现的数字内容相关联的DRM元数据的密码处理的功能。 在特别有利的实现中,DRM代理被实现为身份模块的应用环境中的应用。 DRM应用可以被预编程到应用环境中,或者从与身份模块相关联的可信方安全地下载。 本发明还涉及一种基于使用设备特定密钥信息的分布式DRM代理(125,135)之间的通信的分布式DRM模块。
-
公开(公告)号:US20130003967A1
公开(公告)日:2013-01-03
申请号:US13634920
申请日:2011-03-16
申请人: Karl Norrman , Tomas Hedberg , Mats Naslund
发明人: Karl Norrman , Tomas Hedberg , Mats Naslund
IPC分类号: H04L9/00
摘要: A method comprises maintaining, in a first node serving a mobile terminal over a connection protected by at least one first key, said first key and information about the key management capabilities of the mobile terminal. Upon relocation of the mobile terminal to a second node the method includes: if, and only if, said key management capabilities indicate an enhanced key management capability supported by the mobile terminal, modifying, by said first node, the first key, thereby creating a second key, sending, from the first node to the second node, the second key, and transmitting to the second node the information about the key management capabilities of the mobile terminal.
摘要翻译: 一种方法包括在通过由至少一个第一密钥保护的连接上为移动终端服务的第一节点中保留所述第一密钥和关于移动终端的密钥管理能力的信息。 在将移动终端重新定位到第二节点时,该方法包括:如果并且仅当所述密钥管理能力指示由移动终端支持的增强密钥管理能力时,由所述第一节点修改第一密钥,从而创建 第二密钥,从第一节点向第二节点发送第二密钥,并向第二节点发送关于移动终端的密钥管理能力的信息。
-
公开(公告)号:US20110091036A1
公开(公告)日:2011-04-21
申请号:US12996214
申请日:2008-07-21
申请人: Karl Norrman , Mats Naslund
发明人: Karl Norrman , Mats Naslund
IPC分类号: H04L9/00
CPC分类号: H04W12/06 , H04L9/065 , H04L9/0819 , H04L9/0838 , H04L9/0866 , H04L9/0869 , H04L9/0891 , H04L9/14 , H04L9/3271 , H04L2209/24 , H04L2209/80 , H04L2463/061 , H04W12/04
摘要: A technique for generating a cryptographic key (120) is provided. The technique is particularly useful for protecting the communication between two entities (202, 302; 204, 304) cooperatively running a distributed security operation. The technique comprises providing at least two parameters (106, 108), the first parameter (106) comprising or deriving from some cryptographic keys (110, 112) which have been computed by the first entity (202, 302) by running the security operation; and the second parameter (108) comprising or deriving from a token (116) having a different value each time the security (114) operation is initiated by the second entity (204, 304) for the first entity (202, 302). A key derivation function is applied to the provided parameters (106, 108) to generate the desired cryptographic key (120).
摘要翻译: 提供了一种用于生成加密密钥(120)的技术。 该技术对于保护协作地运行分布式安全操作的两个实体(202,302; 204,304)之间的通信特别有用。 所述技术包括提供至少两个参数(106,108),所述第一参数(106)包括由所述第一实体(202,302)通过运行所述安全操作来计算的一些加密密钥(110,112) ; 并且所述第二参数(108)包括每个所述第一实体(202,302)由所述第二实体(204,304)发起所述安全性(114)操作)具有不同值的令牌(116)。 密钥导出函数被应用于所提供的参数(106,108)以生成期望的密码密钥(120)。
-
公开(公告)号:US20100293595A1
公开(公告)日:2010-11-18
申请号:US12863746
申请日:2008-01-22
申请人: Mats Naslund , Michael Liljenstam , Karl Norrman , Bengt Sahlin
发明人: Mats Naslund , Michael Liljenstam , Karl Norrman , Bengt Sahlin
IPC分类号: H04L29/06
CPC分类号: H04L41/0893 , H04L63/20 , H04L63/205 , H04W12/02
摘要: A method and arrangement for distributing a security policy to a communication terminal having an association with a home communication network, but being present in a visited communication network. The home communication network (106) generates its own preferred security policy Ph and the visited communication network (102) generates its own preferred security policy Pv. A communication network entity (104) in the visited communication network combines the security policies and selects security algorithms/functions to apply from the combined security policy. By generating a security policy vectors of both networks and combine them before the security algorithms are selected, enables both networks to influence the selection without affecting use of existing signalling messages.
摘要翻译: 一种用于将安全策略分发给具有与归属通信网络相关联但存在于被访问的通信网络中的通信终端的方法和装置。 家庭通信网络(106)生成其自己的优选安全策略Ph,并且被访问的通信网络(102)生成其自己的优选安全策略Pv。 访问通信网络中的通信网络实体(104)组合安全策略并选择从组合的安全策略应用的安全算法/功能。 通过生成两个网络的安全策略向量并在选择安全算法之前将它们组合起来,使得两个网络能够影响选择,而不影响现有信令消息的使用。
-
公开(公告)号:US20070113085A1
公开(公告)日:2007-05-17
申请号:US11470554
申请日:2006-09-06
申请人: Mats Naslund , Karl Norrman , Vesa Lehtovirta , Alex Raith
发明人: Mats Naslund , Karl Norrman , Vesa Lehtovirta , Alex Raith
IPC分类号: H04L9/00
CPC分类号: H04L9/12 , H04L9/0861 , H04L9/16
摘要: Methods for cryptographic synchronization of data packets. A roll-over counter (ROC) value is periodically appended to and transmitted with a data packet when a function of the packet sequence number equals a predetermined value. The ROC effectively synchronizes the cryptographic transformation of the data packets. Although the disclosed methods are generally applicable to many transmission protocols, they are particularly adaptable for use in systems wherein the data packets are transmitted to a receiver using the Secure Real-Time Transport Protocol (SRTP) as defined in Internet Engineering Task Force (IETF) Request for Comments (RFC) 3711.
摘要翻译: 数据包的密码同步方法。 当分组序列号的功能等于预定值时,翻转计数器(ROC)值周期性地附加到数据分组并与数据分组一起发送。 ROC有效地同步数据包的加密转换。 虽然所公开的方法通常适用于许多传输协议,但是它们特别适用于在使用因特网工程任务组(IETF)中定义的安全实时传输协议(SRTP)将数据分组发送到接收机的系统中, 请求注释(RFC)3711。
-
-
-
-
-
-
-
-
-
搜索结果
94 条记录 (耗时 0.131 秒)
