公开(公告)号：US20130117824A1

公开(公告)日：2013-05-09

申请号：US13806119

申请日：2010-06-22

申请人： Mats Naslund ,  Tereza Cristina Carvalho ,  Cristina Dominicini ,  Makan Pourzandi ,  Rony Sakuragui ,  Marcos Antonio Simplicio Junior

发明人： Mats Naslund ,  Tereza Cristina Carvalho ,  Cristina Dominicini ,  Makan Pourzandi ,  Rony Sakuragui ,  Marcos Antonio Simplicio Junior

IPC分类号： H04L29/06 ,  H04L9/32

CPC分类号： H04L63/08 ,  H04L9/0841 ,  H04L9/321 ,  H04L63/0407 ,  H04L63/062 ,  H04L63/0815 ,  H04L2209/80 ,  H04W12/02 ,  H04W12/04

摘要： A method for preserving privacy during authorisation in pervasive environments is described. The method includes an authorisation phase in which the user is provided with a reusable credential associated with verifiable constraints, and an operation phase where the service provider verifies the reusable credential before authorising the user. Third parties cannot link plural uses of the credential to each other, and the service provider cannot link plural uses of said credential to each other.

摘要翻译： 描述了在普及环境中授权期间保护隐私的方法。 该方法包括向用户提供与可验证约束相关联的可重用证书的授权阶段，以及服务提供商在授权用户之前验证可重用凭证的操作阶段。 第三方不能将凭证的复用用途彼此链接，并且服务提供者不能将所述证书的复数用法彼此链接起来。

公开(公告)号：US20110191859A1

公开(公告)日：2011-08-04

申请号：US13122687

申请日：2008-10-06

申请人： Mats Naslund ,  Tereza Cristina Melo de Brito Carvalho ,  Diego Sanchez Gallo ,  Makan Pourzandi ,  Marcos Antonio Simplicio Junior ,  Yeda Regina Venturini

发明人： Mats Naslund ,  Tereza Cristina Melo de Brito Carvalho ,  Diego Sanchez Gallo ,  Makan Pourzandi ,  Marcos Antonio Simplicio Junior ,  Yeda Regina Venturini

IPC分类号： G06F21/24

CPC分类号： H04N21/63345 ,  G06F21/10 ,  G06F2221/0706 ,  G06F2221/2149 ,  H04N21/2541 ,  H04N21/43615 ,  H04N21/64322 ,  H04N21/8355

摘要： A method of controlling access to content comprises receiving, at a domain gateway (3) of a domain (4), a request from a device (5) in the domain for access to the content. It is determined at the domain gateway whether the number of devices in the domain currently accessing the content is equal to a specified maximum number of devices that may simultaneously access the content. The maximum number of devices that may simultaneously access the content is independent of the number of devices in the domain. If the determination is that the number of devices in the domain currently accessing the content is less than the specified maximum number the request is allowed, otherwise it is refused.

摘要翻译： 控制对内容的访问的方法包括在域的域网关（3）处接收来自域中的用于访问内容的设备（5）的请求。 在域网关确定当前正在访问内容的域中的设备的数量是否等于可以同时访问内容的指定的最大数量的设备。 可以同时访问内容的最大设备数量与域中的设备数量无关。 如果确定当前正在访问内容的域中的设备数量小于指定的最大数量，则允许该请求，否则将被拒绝。

公开(公告)号：US20100260338A1

公开(公告)日：2010-10-14

申请号：US12744198

申请日：2008-11-21

申请人： Wassim Haddad ,  Mats Naslund

发明人： Wassim Haddad ,  Mats Naslund

IPC分类号： G06F21/22 ,  H04L9/00 ,  H04L9/08

CPC分类号： H04W12/04 ,  H04L9/3239 ,  H04L63/0823 ,  H04L2209/80 ,  H04L2463/081 ,  H04W8/082 ,  H04W12/06 ,  H04W80/04 ,  H04W88/02 ,  H04W88/182

摘要： A method and apparatus for establishing a cryptographic relationship between a first node and a second node in a communications network. The first node receives at least part of a cryptographic attribute of the second node, uses the received at least part of the cryptographic attribute to generate an identifier for the first node. The cryptographic attribute may a public key belonging to the second node, and the identifier may be a Cryptographically Generated IP address. The cryptographic relationship allows the second node to establish with a third node that it is entitled to act on behalf of the first node.

摘要翻译： 一种在通信网络中建立第一节点和第二节点之间的密码关系的方法和装置。 第一节点接收第二节点的加密属性的至少一部分，使用所接收的至少部分密码属性来生成第一节点的标识符。 加密属性可以是属于第二节点的公共密钥，并且该标识符可以是加密生成的IP地址。 加密关系允许第二节点与第三节点建立它有权代表第一节点行动。

公开(公告)号：US20080187137A1

公开(公告)日：2008-08-07

申请号：US11883879

申请日：2006-02-10

申请人： Pekka Nikander ,  Jari Arrko ,  Mats Naslund

发明人： Pekka Nikander ,  Jari Arrko ,  Mats Naslund

IPC分类号： H04L9/30 ,  H04L9/22 ,  H04L9/28

CPC分类号： H04L63/0414 ,  H04L9/0844 ,  H04L63/0272 ,  H04L63/164 ,  H04L2209/38 ,  H04L2209/80 ,  H04W12/02 ,  H04W12/04

摘要： A method of improving privacy by hiding, in an ordered sequence of messages M[x(1), D(1)], M[x(2), D(2)], etc, communicated between a first and at least one second party sharing a key k, metadata x(i) descriptive of message processing, wherein D(i) denotes payload data. The method comprises the first and the second party agreeing on a pseudo random mapping depending on a shared key k, Fk, mapping at least x(i) to y(i), and the first party modifying the messages by replacing x(i) by y(i) in each message M(x(i), D(i)). The first party then transmits the modified messages maintaining their original order, and on reception of a message M(y(m), D), the second party uses a mapping Gk to retrieve position m of received value and the original value x(m).

摘要翻译： 一种通过以有序的消息M [x（1），D（1）]，M [x（2），D（2）]等的顺序隐藏来提高隐私的方法，在第一和至少一个 共享密钥k的第二方，元数据x（i）描述消息处理，其中D（i）表示有效载荷数据。 该方法包括第一方和第二方根据共享密钥k至少映射至少x（i）至y（i）的伪随机映射，并且第一方修改 通过在每个消息M（x（i），D（i））中将x（i）替换y（i）的消息。 第一方然后发送修改的消息维持其原始顺序，并且在接收消息M（y（m），D）时，第二方使用映射G 来检索所接收的位置m 值和原始值x（m）。

公开(公告)号：US20070150794A1

公开(公告)日：2007-06-28

申请号：US10271945

申请日：2002-10-17

申请人： Mats Naslund ,  Rolf Blom

发明人： Mats Naslund ,  Rolf Blom

IPC分类号： H03M13/00

CPC分类号： H03M13/158 ,  G06F7/724 ,  G06F7/725 ,  H03M13/6561

摘要： Binary data representing a code word of an error-correcting code is used for calculating a syndrome, wherein a given portion of the binary data comprises k groups of data bits and represents a field element of the finite field GF(pk), p being an odd prime number, the field element comprising k coefficients in accordance with a polynomial basis representation, each group of data bits of the given portion representing a corresponding one of the k coefficients. The given portion is stored in a first general purpose register and is processed such that the k groups of data bits of the given portion are processed in parallel; determining whether the syndrome is equal to zero; and detecting and correcting errors in the binary data if the syndrome is not equal to zero.

摘要翻译： 表示纠错码的代码字的二进制数据用于计算校正子，其中二进制数据的给定部分包括k组数据位，并且表示有限域GF（p < / SUP>），p是奇素数，场元素包括根据多项式基表示的k个系数，给定部分的每组数据位表示k个系数中的相应一个。 给定部分存储在第一通用寄存器中，并被处理使得给定部分的k组数据位被并行处理; 确定综合征是否等于零; 以及如果所述综合征不等于零，则检测和校正二进制数据中的错误。

公开(公告)号：US20060288407A1

公开(公告)日：2006-12-21

申请号：US10530293

申请日：2003-09-17

申请人： Mats Naslund ,  Karl Norman ,  Tomas Goldbeck-Lowe

发明人： Mats Naslund ,  Karl Norman ,  Tomas Goldbeck-Lowe

IPC分类号： H04L9/32

CPC分类号： H04L63/0853 ,  H04L9/0844 ,  H04L9/3234 ,  H04L9/3271 ,  H04L12/06 ,  H04L2209/80 ,  H04W12/06 ,  H04W12/0802 ,  H04W12/12 ,  H04W12/1208 ,  H04W74/00

摘要： The invention generally relates to a tamper-resistant security device, such as a subscriber identity module or equivalent, which has an AKA (Authentication and Key Agreement) module for performing an AKA process with a security key stored in the device, as well as means for external communication. The idea according to the invention is to provide the tamper-resistant security device with an application adapted for cooperating with the AKA module and means for interfacing the AKA module and the application. The application cooperating with the AKA module is preferably a security and/or privacy enhancing application. The application is advantageously a software application implemented in an application environment of the security device. For increased security, the security device may also be adapted to detect whether it is operated in its normal secure environment or a foreign less secure environment, and set access rights to resident files or commands that could expose the AKA process or corresponding parameters accordingly.

摘要翻译： 本发明总体上涉及一种防篡改安全装置，例如订户身份模块或等同物，其具有用于使用存储在该装置中的安全密钥执行AKA过程的AKA（认证和密钥协商）模块，以及装置 用于外部沟通。 根据本发明的想法是为防篡改安全设备提供适于与AKA模块协作的应用和用于与AKA模块和应用程序进行接口的装置。 与AKA模块协作的应用优选地是安全和/或隐私增强应用。 该应用有利地是在安全设备的应用环境中实现的软件应用。 为了增加安全性，安全设备还可以适应于检测其是否在其正常安全环境或外部较不安全的环境中操作，并且设置对可能暴露AKA过程的驻留文件或命令或相应参数的访问权限。

公开(公告)号：US20050063544A1

公开(公告)日：2005-03-24

申请号：US10497568

申请日：2002-12-06

申请人： Ilkka Uusitalo ,  Pasi Ahonen ,  Rolf Blom ,  Boman Krister ,  Mats Naslund

发明人： Ilkka Uusitalo ,  Pasi Ahonen ,  Rolf Blom ,  Boman Krister ,  Mats Naslund

IPC分类号： H04L29/06 ,  H04L9/00

CPC分类号： H04L63/06 ,  H04L9/0841 ,  H04L9/0869 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/306

摘要： A method of facilitating the lawful interception of an IP session between two or more terminals 12,13, wherein said session uses encryption to secure traffic. The method comprises storing a key allocated to at least one of said terminals 12,13 or to at least one of the subscribers using one of the terminals 12,13, at the terminal 12,13 and at a node 5,8 within a network 1,6 through which said session is conducted, or a node coupled to that network. Prior to the creation of said session, a seed value is exchanged between the terminal 12,13 at which the key is stored and said node 5,8. The key and the seed value are used at both the terminal 12,13 and the node 5,8 to generate a pre-master key. The pre-master key becomes known to each of the terminals 12,13 involved in the IP session and to the network node 5,8. The pre-master key is used, directly or indirectly, to encrypt and decrypt traffic associated with said IP session.

摘要翻译： 一种促进在两个或多个终端12,13之间合法拦截IP会话的方法，其中所述会话使用加密来保证业务。 所述方法包括：在终端12,13和网络中的节点5,8处，存储分配给所述终端12,13中的至少一个的密钥或至少一个用户的终端12,13中的一个终端 1,6通过其进行所述会话，或者耦合到该网络的节点。 在创建所述会话之前，在存储密钥的终端12,13和所述节点5,8之间交换种子值。 密钥和种子值都在终端12,13和节点5,8两端使用以产生预先主密钥。 对于IP会话中涉及的每个终端12,13和网络节点5,8，预先主密钥变得已知。 预主密钥直接或间接地用于加密和解密与所述IP会话相关联的流量。

公开(公告)号：US08942377B2

公开(公告)日：2015-01-27

申请号：US13578356

申请日：2010-02-12

申请人： Wassim Haddad ,  Rolf Blom ,  Mats Naslund

发明人： Wassim Haddad ,  Rolf Blom ,  Mats Naslund

IPC分类号： H04L12/06 ,  H04W12/06 ,  H04L29/06

CPC分类号： H04W12/06 ,  H04L63/08 ,  H04L63/0823

摘要： A method and apparatus to establish trust between two nodes in a communications network. A first node receives from a network node authentication data unique to the first node, which can be used to derive a compact representation of verification data for the first node. The first node also receives a certified compact representation of verification data of all nodes in the network. The first node derives trust information from the authentication data for the node, and sends to a second node a message that includes the trust information and part of the authentication data. The second node has its own copy of the certified compact representation of verification data of all nodes in the network, and verifies the authenticity of the message from the first node using the compact representation of verification data of all nodes in the network and the received trust information and authentication data.

摘要翻译： 一种在通信网络中的两个节点之间建立信任的方法和装置。 第一节点从网络节点接收对第一节点唯一的认证数据，其可以用于导出用于第一节点的验证数据的紧凑表示。 第一个节点还接收到网络中所有节点的验证数据的认证紧凑表示。 第一节点从节点的认证数据中导出信任信息，并向第二节点发送包含信任信息和认证数据的一部分的消息。 第二节点具有网络中所有节点的验证数据的经认证的紧凑表示的副本，并使用网络中所有节点的验证数据的紧密表示和接收到的信任来验证来自第一节点的消息的真实性 信息和认证数据。

公开(公告)号：US08776183B2

公开(公告)日：2014-07-08

申请号：US10580297

申请日：2004-11-05

申请人： Pubudu Chandrasiri ,  Bulent Ozgur Gurleyen ,  Mats Naslund ,  Annika Jonsson ,  Christian Gehrmann

发明人： Pubudu Chandrasiri ,  Bulent Ozgur Gurleyen ,  Mats Naslund ,  Annika Jonsson ,  Christian Gehrmann

IPC分类号： H04L29/06

CPC分类号： H04L63/0272 ,  H04L29/06027 ,  H04L29/12009 ,  H04L29/12367 ,  H04L61/2514 ,  H04L63/0428 ,  H04L63/065 ,  H04L63/0823 ,  H04L63/104 ,  H04L63/164 ,  H04L65/1016 ,  H04W4/06 ,  H04W8/26 ,  H04W12/08 ,  H04W84/10

摘要： A Personal Area Network Security Domain (PSD) is formed between devices (142, 150, 152, 154 and 156). The PSD allows the sharing of data and/or resources between the devices within the PSD. The devices within the PSD are located remotely from one another. For example, communication between device (150 and 156) will be performed via mobile or cellular telephone network (120), the Internet (140) and mobile or cellular telephone network (126). Each network (120, 126) is provided with a PSD Hub, which enables an IPsec secure connection between the devices (150 and 156) to be established.

摘要翻译： 在设备（142,150,152,154和156）之间形成个人区域网络安全域（PSD）。 PSD允许在PSD内的设备之间共享数据和/或资源。 PSD内的设备彼此远离。 例如，设备（150和156）之间的通信将通过移动或蜂窝电话网络（120），因特网（140）和移动或蜂窝电话网络（126）来执行。 每个网络（120,126）设置有PSD集线器，其能够建立设备（150和156）之间的IPsec安全连接。

公开(公告)号：US08650397B2

公开(公告)日：2014-02-11

申请号：US13120679

申请日：2008-09-24

申请人： Wassim Haddad ,  Mats Naslund

发明人： Wassim Haddad ,  Mats Naslund

IPC分类号： H04L9/32

CPC分类号： H04L9/0827 ,  H04L9/0844 ,  H04L45/60 ,  H04L63/062

摘要： Before actually communicating information/data between two endpoints (C, S) connected to a network a secure and confidential distribution of a special key (K h) is performed to nodes (R j) along a path in the network. This is allowed by performing a path handshaking procedure in which first a hint token is forwarded along the path in a first direction and then a disclosure token is forwarded in the opposite direction. In forwarding the disclosure token it is verified in the nodes against the already received hint token. This assures that only nodes on-the particular path will receive the special key or possibly some other information related thereto.

摘要翻译： 在连接到网络的两个端点（C，S）上实际传达信息/数据之前，沿着网络中的路径对节点（R j）执行特殊密钥（Kh）的安全和机密分发。 这是通过执行路径握手过程来允许的，其中首先沿第一方向沿着路径转发提示令牌，然后以相反的方向转发公开令牌。 在转发公开令牌时，它在节点中针对已经接收的提示令牌进行验证。 这确保只有特定路径上的节点将接收到特殊密钥或可能与其相关的某些其他信息。