-
31.发明授权公开(公告)号:US09106409B2
公开(公告)日:2015-08-11
申请号:US11726527
申请日:2007-03-22
申请人: Rolf Blom , Karl Norrman , Mats Näslund
发明人: Rolf Blom , Karl Norrman , Mats Näslund
CPC分类号: H04L63/062 , H04L9/0844 , H04L9/0891 , H04L2209/80 , H04W12/04
摘要: A method and an arrangement for providing keys for protecting communication between a terminal (300) and service points in a communication network. A basic key (Ik) is first established with a service control node (304) when the terminal has entered the network. An initial modified key (Ik1) is then created in both the service control node and the terminal, by applying a predetermined first function (f) to at least the basic key and an initial value of a key version parameter (v). The initial modified key is sent to a first service point (302), such that it can be used to protect communication between the terminal and the first service point. When the terminal switches to a second service point (306), the first service point and the terminal both create a second modified key (Ik2) by applying a predetermined second function (g) to the initial modified key, and the first service point sends the second modified key to the second service point.
摘要翻译: 一种用于提供用于保护终端(300)与通信网络中的服务点之间的通信的密钥的方法和装置。 当终端进入网络时,首先与服务控制节点(304)建立基本密钥(Ik)。 然后,通过将预定的第一函数(f)应用于至少基本密钥和密钥版本参数(v)的初始值,在服务控制节点和终端两者中创建初始修改密钥(Ik1)。 初始修改的密钥被发送到第一服务点(302),使得其可以用于保护终端和第一服务点之间的通信。 当终端切换到第二服务点(306)时,第一服务点和终端都通过对初始修改密钥应用预定的第二功能(g)来创建第二修改密钥(Ik2),并且第一服务点发送 第二个修改密钥到第二个服务点。
-
公开(公告)号:US08874091B2
公开(公告)日:2014-10-28
申请号:US11997658
申请日:2006-07-11
申请人: Karl Norrman
发明人: Karl Norrman
CPC分类号: H04W8/22 , H04L67/04 , H04L67/303 , H04M3/42136 , H04M3/42178 , H04W8/18
摘要: An improved approach to mobile device capability management is described herein where a capability management device is provided at a mobile communication network. Upon change of a mobile device capability, a related notification is sent to the capability management device which applies a policy decision whether to track the capability change at the network side or not. Should the decision be ‘yes’, the capability management device starts a device management session to collect further information on a mobile device capability change beyond the information made available with the mobile device capability change notification. After retrieval of the mobile device capability change information, the capability management device will update its mobile device capability state accordingly.
摘要翻译: 本文描述了移动设备能力管理的改进方法,其中在移动通信网络处提供能力管理设备。 在更改移动设备能力时,将相关通知发送到能力管理设备,该能力管理设备应用策略决定是否跟踪网络侧的能力变化。 如果该决定为“是”,则能力管理设备启动设备管理会话以收集有关移动设备能力改变的进一步信息,超出移动设备能力改变通知所提供的信息。 检索移动设备能力变化信息后,能力管理设备将相应地更新其移动设备能力状态。
-
公开(公告)号:US08837737B2
公开(公告)日:2014-09-16
申请号:US13063997
申请日:2009-03-13
申请人: Rolf Blom , Fredrik Lindholm , Mats Naslund , Karl Norrman
发明人: Rolf Blom , Fredrik Lindholm , Mats Naslund , Karl Norrman
CPC分类号: H04L63/0869 , H04L9/0819 , H04L9/083 , H04L9/3213 , H04L63/0428 , H04L63/06 , H04L63/08
摘要: A method and apparatus for key management in a communication network. A Key Management Terminal KMS Terminal Server (KMS) receives from a first device a request for a token associated with a user identity, the user identity being associated with a second device. The KMS then sends the requested token and a user key associated with the user to the first device. The KMS subsequently receives the token from the second device. A second device key is generated using the user key and a modifying parameter associated with the second device. The modifying parameter is available to the first device for generating the second device key. The second device key is then sent from the KMS to the second device. The second device key can be used by the second device to authenticate itself to the first device, or for the first device to secure communications to the second device.
摘要翻译: 一种用于通信网络中密钥管理的方法和装置。 密钥管理服务器(KMS)从第一设备接收与用户身份相关联的令牌的请求,所述用户身份与第二设备相关联。 然后,KMS将所请求的令牌和与用户相关联的用户密钥发送到第一设备。 KMS随后从第二个设备接收令牌。 使用用户密钥和与第二设备相关联的修改参数来生成第二设备密钥。 修改参数可用于第一设备用于生成第二设备密钥。 然后,第二个设备密钥从KMS发送到第二个设备。 第二设备密钥可以由第二设备用于向第一设备或第一设备认证自身以确保与第二设备的通信。
-
公开(公告)号:US08661243B2
公开(公告)日:2014-02-25
申请号:US12997924
申请日:2008-06-16
申请人: Rolf Blom , Karl Norrman
发明人: Rolf Blom , Karl Norrman
IPC分类号: H04L29/06
CPC分类号: H04L63/168 , H04L65/605 , H04L65/608 , H04L69/22
摘要: A method apparatus for storing and forwarding media data in a communication network. An intermediate node disposed between a media data source node and a client node receives encrypted media data packets from the media data source node. The intermediate node stores the received media data packets in a memory for later sending to the client node, and adjusts fields in the original header of each stored media data packet to create modified media data packets having a modified header, and sends adjustment information to the client node. The adjustment information allows the client node to recreate the original headers from the modified headers, before decrypting the encrypted media packets with keying materials already sent between the media data source node and the client node. The modified media data packets are then sent to the client node for decryption. This allows the intermediate node to “store and forward” SRTP data without being able to access the encrypted data content.
摘要翻译: 一种在通信网络中存储和转发媒体数据的方法装置。 设置在媒体数据源节点和客户端节点之间的中间节点从媒体数据源节点接收加密的媒体数据分组。 中间节点将接收到的媒体数据分组存储在存储器中用于随后发送到客户端节点,并且调整每个存储的媒体数据分组的原始报头中的字段以创建具有修改的报头的修改的媒体数据分组,并将调整信息发送到 客户端节点。 调整信息允许客户端节点在已经在媒体数据源节点和客户机节点之间发送的密钥材料解密加密的媒体分组之前,从修改的报头重新创建原始报头。 然后将经修改的媒体数据分组发送到客户端节点进行解密。 这允许中间节点“存储和转发”SRTP数据,而不能访问加密的数据内容。
-
公开(公告)号:US08621570B2
公开(公告)日:2013-12-31
申请号:US12937008
申请日:2008-11-05
申请人: Mats Naslund , Jari Arkko , Rolf Blom , Vesa Lehtovirta , Karl Norrman , Stefan Rommer , Bengt Sahlin
发明人: Mats Naslund , Jari Arkko , Rolf Blom , Vesa Lehtovirta , Karl Norrman , Stefan Rommer , Bengt Sahlin
CPC分类号: H04W12/06 , G06F21/30 , H04L63/0272 , H04L63/08 , H04L63/0892 , H04L63/1433 , H04L63/162 , H04L63/164 , H04L63/20 , H04W60/00 , H04W72/0493
摘要: When setting up communication from a user equipment UE (1), such as for providing IP access for the UE in order to allow it to use some service, information or an indication or at least one network properly relating to a first network, e.g. the current access network (3, 3′), is sent to the UE from a node (13) in a sue and network such as the home network (5) of the subscriber ask UE. The information or indication can be sent in a first stage of an authentication procedure being part of the setting up of a connection from the UE. In particular, the network property can indicate whether the access network (3, 3′) is trusted or not.
摘要翻译: 当从用户设备UE(1)建立通信时,例如用于为UE提供IP接入,以便允许其使用与第一网络正确相关的至少一个网络的一些服务,信息或指示,例如, 当前接入网络(3,3')从诸如用户询问UE的归属网络(5)的第二网络中的节点(13)发送到UE。 可以在认证过程的第一阶段中发送信息或指示,这是作为来自UE的连接的建立的一部分。 特别地,网络属性可以指示接入网络(3,3')是否被信任。
-
公开(公告)号:US08600353B2
公开(公告)日:2013-12-03
申请号:US13099050
申请日:2011-05-02
IPC分类号: H04M1/66
CPC分类号: H04W12/10 , H04L63/123 , H04L63/126 , H04L63/205 , H04W36/0055 , H04W76/19 , H04W80/02 , H04W88/06
摘要: The present invention relates to Radio Resource Control, RRC Connection re-establishments of unauthenticated calls or sessions between MEs, and one or more eNodeBs. By making use of the Cell Identity of the cell in which a ME having radio connection malfunction resides, in the calculation of a Message Authentication Code for data Integrity, MAC-I a ME unique MAC-I can be calculated which is used for the identification and verification of MEs by a target base station such as a eNodeB, in RRC Connection re-establishment of unauthenticated calls.
摘要翻译: 本发明涉及无线资源控制,RRC连接重新建立未认证呼叫或ME之间的会话以及一个或多个eNodeB。 通过利用其中具有无线电连接故障的ME的小区的小区标识,在计算数据完整性的消息认证码时,可以计算用于识别的MAC-I ME唯一MAC-1 以及目标基站如eNodeB的ME的验证,在RRC连接中重新建立未认证的呼叫。
-
公开(公告)号:US20130156182A1
公开(公告)日:2013-06-20
申请号:US13674226
申请日:2012-11-12
申请人: Karl Norrman , Mats Naslund
发明人: Karl Norrman , Mats Naslund
IPC分类号: H04L9/08
CPC分类号: H04W12/06 , H04L9/065 , H04L9/0819 , H04L9/0838 , H04L9/0866 , H04L9/0869 , H04L9/0891 , H04L9/14 , H04L9/3271 , H04L2209/24 , H04L2209/80 , H04L2463/061 , H04W12/04
摘要: A technique for generating a cryptographic key is provided. The technique is particularly useful for protecting the communication between two entities cooperatively running a distributed security operation. The technique comprises providing at least two parameters, the first parameter comprising or deriving from some cryptographic keys which have been computed by the first entity by running the security operation; and the second parameter comprising or deriving from a token, where the token comprises an exclusive OR of a sequence number (SQN) and an Anonymity Key (AK). A key derivation function is applied to the provided parameters to generate the desired cryptographic key.
-
公开(公告)号:US20120254997A1
公开(公告)日:2012-10-04
申请号:US13177385
申请日:2011-07-06
IPC分类号: G06F12/14
CPC分类号: H04L63/14 , H04L63/1466 , H04L63/168 , H04L67/02 , H04L67/14 , H04L2463/061 , H04W12/04
摘要: Methods and apparatuses in a client terminal (400) and a web server (402) for enabling safe communication between said terminal and server. When the terminal obtains a web page from the server in a session, the terminal creates a context-specific key, Ks_NAF′, based on one or more context parameters, P1, . . . Pn, pertaining to said session and/or web page. The terminal then indicates the context-specific key in a login request to the server, and the server determines a context-specific key, Ks_NAF′, in the same manner to verify the client if the context-specific key determined in the web server matches the context-specific key received from the client terminal. The context-specific key is thus bound to and valid for the present context or session only and cannot be used in other contexts or sessions.
摘要翻译: 客户终端(400)和网络服务器(402)中的方法和装置,用于使所述终端和服务器之间能够进行安全通信。 当终端在会话中从服务器获得网页时,终端基于一个或多个上下文参数P1创建上下文特定密钥Ks_NAF'。 。 。 Pn,涉及所述会话和/或网页。 终端然后在向服务器的登录请求中指示上下文特定密钥,并且服务器以相同的方式确定上下文特定密钥Ks_NAF',以验证客户端,如果在web服务器中确定的上下文特定密钥匹配 从客户终端接收到的上下文相关密钥。 因此,上下文特定的密钥被绑定到并且仅对于当前上下文或会话有效,并且不能在其他上下文或会话中使用。
-
公开(公告)号:US20110255695A1
公开(公告)日:2011-10-20
申请号:US13141435
申请日:2008-12-23
申请人: Fredrik Lindholm , Mattias Johanson , Karl Norrman
发明人: Fredrik Lindholm , Mattias Johanson , Karl Norrman
IPC分类号: H04L9/08
CPC分类号: H04L9/0833
摘要: The present invention relates to a key management method to establish selective secret information in multiple disjoint groups, more specifically to a method of reducing the broadcast size in access hierarchies and localize and facilitate management in said access hierarchies. The key management method selects a number of subgroups. Each subgroup supports an instance of a key distribution method for receiving distributed key material, and is capable of computing a usage security key based on the distributed key material and predefined user group key material.
摘要翻译: 本发明涉及一种用于在多个不相交组中建立选择性秘密信息的密钥管理方法,更具体地涉及一种在接入层次中降低广播大小的方法,并且在所述接入层次中进行本地化和便利管理。 密钥管理方法选择多个子组。 每个子组支持用于接收分布式密钥材料的密钥分发方法的实例,并且能够基于分布式密钥材料和预定义的用户组密钥材料来计算使用安全密钥。
-
公开(公告)号:US07987366B2
公开(公告)日:2011-07-26
申请号:US10597864
申请日:2004-02-11
申请人: Rolf Blom , Mats Naslund , Elisabetta Carrara , Fredrik Lindholm , Karl Norrman
发明人: Rolf Blom , Mats Naslund , Elisabetta Carrara , Fredrik Lindholm , Karl Norrman
CPC分类号: H04L9/0844 , H04L9/0891 , H04L2209/80
摘要: The invention provides an establishment of a secret session key shared Between two network elements (NEa, NEb) belonging to different network domains (NDa, NDb). A first network element (NEa) of a first network domain (NDa) requests security parameters from an associated key management center (KMC) (AAAa). Upon reception of the request, the KMC (AAAa) generates a freshness token (FRESH) and calculates the session key (K) based on this token (FRESH) and a master key (KAB) shared with a second network domain (NDb). The security parameters are (securely) provided to the network element (NEa), which extracts the session key (K) and forwards the freshness token (FRESH) to the KMC (AAAb) of the second domain (NDb) through a second network element (NEb). Based on the token (FRESH) and the shared master key (KAB), the KMC (AAAb) generates a copy of the session key (K), which is (securely) provided to the second network element (NEb). The two network elements (NEa, NEb) now have shares the session key (K), enabling them to securely communicate with each other.
摘要翻译: 本发明提供了属于不同网络域(NDa,NDb)的两个网元(NEa,NEb)之间共享的秘密会话密钥的建立。 第一网络域(NDa)的第一网元(NEa)从相关联的密钥管理中心(AAAa)请求安全参数。 在接收到请求时,KMC(AAAa)生成新鲜令牌(FRESH),并且基于该令牌(FRESH)和与第二网络域(NDb)共享的主密钥(KAB)来计算会话密钥(K)。 安全参数(安全地)被提供给提取会话密钥(K)的网元(NEa),并通过第二网络元件将新鲜度令牌(FRESH)转发到第二域(NDb)的KMC(AAAb) (鼻)。 基于令牌(FRESH)和共享主密钥(KAB),KMC(AAAb)生成(安全地)提供给第二网元(NEb)的会话密钥(K)的副本。 两个网元(NEa,NEb)现在已经共享了会话密钥(K),使得它们能够彼此安全地通信。
-
-
-
-
-
-
-
-
-
搜索结果
94 条记录 (耗时 0.037 秒)
