-
公开(公告)号:US08661243B2
公开(公告)日:2014-02-25
申请号:US12997924
申请日:2008-06-16
申请人: Rolf Blom , Karl Norrman
发明人: Rolf Blom , Karl Norrman
IPC分类号: H04L29/06
CPC分类号: H04L63/168 , H04L65/605 , H04L65/608 , H04L69/22
摘要: A method apparatus for storing and forwarding media data in a communication network. An intermediate node disposed between a media data source node and a client node receives encrypted media data packets from the media data source node. The intermediate node stores the received media data packets in a memory for later sending to the client node, and adjusts fields in the original header of each stored media data packet to create modified media data packets having a modified header, and sends adjustment information to the client node. The adjustment information allows the client node to recreate the original headers from the modified headers, before decrypting the encrypted media packets with keying materials already sent between the media data source node and the client node. The modified media data packets are then sent to the client node for decryption. This allows the intermediate node to “store and forward” SRTP data without being able to access the encrypted data content.
摘要翻译: 一种在通信网络中存储和转发媒体数据的方法装置。 设置在媒体数据源节点和客户端节点之间的中间节点从媒体数据源节点接收加密的媒体数据分组。 中间节点将接收到的媒体数据分组存储在存储器中用于随后发送到客户端节点,并且调整每个存储的媒体数据分组的原始报头中的字段以创建具有修改的报头的修改的媒体数据分组,并将调整信息发送到 客户端节点。 调整信息允许客户端节点在已经在媒体数据源节点和客户机节点之间发送的密钥材料解密加密的媒体分组之前,从修改的报头重新创建原始报头。 然后将经修改的媒体数据分组发送到客户端节点进行解密。 这允许中间节点“存储和转发”SRTP数据,而不能访问加密的数据内容。
-
公开(公告)号:US08600353B2
公开(公告)日:2013-12-03
申请号:US13099050
申请日:2011-05-02
IPC分类号: H04M1/66
CPC分类号: H04W12/10 , H04L63/123 , H04L63/126 , H04L63/205 , H04W36/0055 , H04W76/19 , H04W80/02 , H04W88/06
摘要: The present invention relates to Radio Resource Control, RRC Connection re-establishments of unauthenticated calls or sessions between MEs, and one or more eNodeBs. By making use of the Cell Identity of the cell in which a ME having radio connection malfunction resides, in the calculation of a Message Authentication Code for data Integrity, MAC-I a ME unique MAC-I can be calculated which is used for the identification and verification of MEs by a target base station such as a eNodeB, in RRC Connection re-establishment of unauthenticated calls.
摘要翻译: 本发明涉及无线资源控制,RRC连接重新建立未认证呼叫或ME之间的会话以及一个或多个eNodeB。 通过利用其中具有无线电连接故障的ME的小区的小区标识,在计算数据完整性的消息认证码时,可以计算用于识别的MAC-I ME唯一MAC-1 以及目标基站如eNodeB的ME的验证,在RRC连接中重新建立未认证的呼叫。
-
公开(公告)号:US20120254997A1
公开(公告)日:2012-10-04
申请号:US13177385
申请日:2011-07-06
IPC分类号: G06F12/14
CPC分类号: H04L63/14 , H04L63/1466 , H04L63/168 , H04L67/02 , H04L67/14 , H04L2463/061 , H04W12/04
摘要: Methods and apparatuses in a client terminal (400) and a web server (402) for enabling safe communication between said terminal and server. When the terminal obtains a web page from the server in a session, the terminal creates a context-specific key, Ks_NAF′, based on one or more context parameters, P1, . . . Pn, pertaining to said session and/or web page. The terminal then indicates the context-specific key in a login request to the server, and the server determines a context-specific key, Ks_NAF′, in the same manner to verify the client if the context-specific key determined in the web server matches the context-specific key received from the client terminal. The context-specific key is thus bound to and valid for the present context or session only and cannot be used in other contexts or sessions.
摘要翻译: 客户终端(400)和网络服务器(402)中的方法和装置,用于使所述终端和服务器之间能够进行安全通信。 当终端在会话中从服务器获得网页时,终端基于一个或多个上下文参数P1创建上下文特定密钥Ks_NAF'。 。 。 Pn,涉及所述会话和/或网页。 终端然后在向服务器的登录请求中指示上下文特定密钥,并且服务器以相同的方式确定上下文特定密钥Ks_NAF',以验证客户端,如果在web服务器中确定的上下文特定密钥匹配 从客户终端接收到的上下文相关密钥。 因此,上下文特定的密钥被绑定到并且仅对于当前上下文或会话有效,并且不能在其他上下文或会话中使用。
-
公开(公告)号:US20110255695A1
公开(公告)日:2011-10-20
申请号:US13141435
申请日:2008-12-23
申请人: Fredrik Lindholm , Mattias Johanson , Karl Norrman
发明人: Fredrik Lindholm , Mattias Johanson , Karl Norrman
IPC分类号: H04L9/08
CPC分类号: H04L9/0833
摘要: The present invention relates to a key management method to establish selective secret information in multiple disjoint groups, more specifically to a method of reducing the broadcast size in access hierarchies and localize and facilitate management in said access hierarchies. The key management method selects a number of subgroups. Each subgroup supports an instance of a key distribution method for receiving distributed key material, and is capable of computing a usage security key based on the distributed key material and predefined user group key material.
摘要翻译: 本发明涉及一种用于在多个不相交组中建立选择性秘密信息的密钥管理方法,更具体地涉及一种在接入层次中降低广播大小的方法,并且在所述接入层次中进行本地化和便利管理。 密钥管理方法选择多个子组。 每个子组支持用于接收分布式密钥材料的密钥分发方法的实例,并且能够基于分布式密钥材料和预定义的用户组密钥材料来计算使用安全密钥。
-
公开(公告)号:US07917946B2
公开(公告)日:2011-03-29
申请号:US10472526
申请日:2002-04-10
申请人: Fredrik Lindholm , Rolf Blom , Karl Norrman , Göran Selander , Mats Näslund
发明人: Fredrik Lindholm , Rolf Blom , Karl Norrman , Göran Selander , Mats Näslund
IPC分类号: G06F17/00 , G06F17/30 , G06F12/14 , G06F15/16 , G06F15/173 , H04N7/16 , H04N7/167 , H04L29/06 , H04L9/32 , H04L9/08 , H04L9/00 , H04K1/00
CPC分类号: H04L63/0442 , G06F21/10 , G06F2221/0737 , G06F2221/0797 , H04L29/06027 , H04L63/0807 , H04L65/4084 , H04L65/607 , H04L65/608 , H04L67/14
摘要: In a procedure for delivering streaming media, a Client first requests the media from an Order Server. The Order Server authenticates the Client and sends a ticket to the Client. Then, the Client sends the ticket to a Streaming Server. The Streaming Server checks the ticket for validity and if found valid encrypts the streaming data using a standardized real-time protocol such as the SRTP and transmits the encrypted data to the Client. The Client receives the data and decrypts them. Copyrighted material adapted to streaming can be securely delivered to the Client. The robust protocol used is very well suited for in particular wireless clients and similar devices having a low capacity such as cellular telephones and PDAs.
摘要翻译: 在提供流媒体的过程中,客户端首先从订单服务器请求媒体。 订单服务器对客户端进行身份验证,并向客户端发送故障单。 然后,客户端将票证发送到流服务器。 流服务器检查故障单的有效性,如果发现有效,则使用标准化的实时协议(如SRTP)对流数据进行加密,并将加密的数据发送到客户端。 客户端接收数据并对其进行解密。 适用于流媒体的版权材料可以安全地传递给客户端。 所使用的鲁棒协议非常适合于具有低容量的特定无线客户端和类似设备,例如蜂窝电话和PDA。
-
公开(公告)号:US20110047209A1
公开(公告)日:2011-02-24
申请号:US12895242
申请日:2010-09-30
申请人: Fredrik LINDHOLM , Rolf Blom , Karl Norrman , Göran Selander , Mats NÄSLUND
发明人: Fredrik LINDHOLM , Rolf Blom , Karl Norrman , Göran Selander , Mats NÄSLUND
IPC分类号: G06F15/16
CPC分类号: H04L63/0442 , G06F21/10 , G06F2221/0737 , G06F2221/0797 , H04L29/06027 , H04L63/0807 , H04L65/4084 , H04L65/607 , H04L65/608 , H04L67/14
摘要: In a procedure for delivering streaming media, a Client first requests the media from an Order Server. The Order Server authenticates the Client and sends a ticket to the Client. Then, the Client sends the ticket to a Streaming Server. The Streaming Server checks the ticket for validity and if found valid encrypts the streaming data using a standardized real-time protocol such as the SRTP and transmits the encrypted data to the Client. The Client receives the data and decrypts them. Copyrighted material adapted to streaming can be securely delivered to the Client. The robust protocol used is very well suited for in particular wireless clients and similar devices having a low capacity such as cellular telephones and PDAs.
摘要翻译: 在提供流媒体的过程中,客户端首先从订单服务器请求媒体。 订单服务器对客户端进行身份验证,并向客户端发送故障单。 然后,客户端将票证发送到流服务器。 流服务器检查故障单的有效性,并且如果发现有效使用诸如SRTP的标准化实时协议对流数据进行加密,并将加密的数据发送到客户端。 客户端接收数据并对其进行解密。 适用于流媒体的版权材料可以安全地传递给客户端。 所使用的鲁棒协议非常适合于具有低容量的特定无线客户端和类似设备,例如蜂窝电话和PDA。
-
47.发明申请公开(公告)号:US20100263040A1
公开(公告)日:2010-10-14
申请号:US12681212
申请日:2008-07-30
摘要: A method and apparatus is provided for detecting the start of a secure mode by a user terminal (12) without explicit signaling. After the network (30) commands the user terminal to switch to secure mode and receives a data packet from the user terminal, the receiving network node (22) determines the security mode of the user terminal by determining whether valid security has been applied to the received data packet by the user terminal.
摘要翻译: 提供了一种方法和装置,用于在没有明确信令的情况下检测用户终端(12)开始安全模式。 在网络(30)命令用户终端切换到安全模式并从用户终端接收数据分组之后,接收网络节点(22)通过确定是否将有效的安全性应用于用户终端来确定用户终端的安全模式 由用户终端接收数据包。
-
公开(公告)号:US20080181411A1
公开(公告)日:2008-07-31
申请号:US11956815
申请日:2007-12-14
申请人: Karl Norrman , Mats Näslund
发明人: Karl Norrman , Mats Näslund
IPC分类号: H04L9/08
CPC分类号: H04L9/3242 , H04J11/0069 , H04L9/0844 , H04L9/0861 , H04L63/061 , H04L63/12 , H04L2209/80 , H04L2463/061 , H04W12/04 , H04W12/10 , H04W36/0038
摘要: A path switch message in a mobile radio access network is protected as the message is sent over a user plane interface that may be insecure (e.g. lacks integrity and/or confidentiality protection). According to the invention a UE provides an AP with a fresh integrity key over an already existing and secure RAN channel enabling AP to use the integrity key to integrity protect information sent to a UPN. Specifically, UE derives locally at least a user plane key K1. The key derivation is done at authentication e.g. when performing an AKA procedure. On the network side CPN derives the same key K1 for delivery to UPN. At handover, the UE generates a fresh integrity key K3 by applying a Key Derivation Function (KDF) with at least the UP key K1 and a nonce, e.g. a sequence number.
摘要翻译: 当消息通过可能不安全的用户平面接口(例如,缺乏完整性和/或机密性保护)发送时,移动无线电接入网络中的路径切换消息被保护。 根据本发明,UE通过已经存在和安全的RAN信道向AP提供新鲜完整性密钥,使得AP能够使用完整性密钥来完整性地保护发送到UPN的信息。 具体地说,UE本地至少导出用户面密钥K1。 密钥导出是在认证例如 当执行AKA程序时。 在网络侧,CPN得到与UPN相同的密钥K1。 在切换时,UE通过应用具有至少UP密钥K1和随机数的密钥导出函数(KDF)来生成新的完整性密钥K3。 一个序列号。
-
公开(公告)号:US09253178B2
公开(公告)日:2016-02-02
申请号:US13979476
申请日:2011-07-19
申请人: Rolf Blom , Mats Näslund , Karl Norrman
发明人: Rolf Blom , Mats Näslund , Karl Norrman
CPC分类号: H04L63/08 , H04L9/0833 , H04L9/321 , H04L9/3271 , H04L63/104 , H04L63/107 , H04L2209/80 , H04W4/70 , H04W12/06
摘要: According to an aspect of the present invention there is provided a method of operating a communication device, the communication device being part of a group comprising two or more communication devices that share a subscription to a communication network. The method comprises receiving a group authentication challenge from the network, at least part of the group authentication challenge having been generated using group authentication information that is associated with the shared subscription. The device then generates a device specific response to the group authentication challenge using the group authentication information and device specific authentication information and sends the device specific response to the network. The device is for example a member of a machine-type communication device group.
摘要翻译: 根据本发明的一个方面,提供了一种操作通信设备的方法,所述通信设备是包括共享对通信网络的订阅的两个或更多个通信设备的组的一部分。 该方法包括从网络接收组认证挑战,使用与共享订阅相关联的组认证信息已经生成了组认证挑战的至少一部分。 然后,该设备使用组认证信息和设备特定认证信息生成对组认证挑战的设备特定响应,并将设备特定响应发送到网络。 该设备例如是机器型通信设备组的成员。
-
公开(公告)号:US20150079941A1
公开(公告)日:2015-03-19
申请号:US14400228
申请日:2012-05-15
申请人: Jari Arkko , Anna Larmo , Karl Norrman , Bengt Sahlin , Kristian Slavov
发明人: Jari Arkko , Anna Larmo , Karl Norrman , Bengt Sahlin , Kristian Slavov
CPC分类号: H04W12/06 , H04L9/3226 , H04L63/0876 , H04L63/123 , H04L2209/38 , H04L2209/80 , H04W4/70 , H04W12/00514 , H04W12/04 , H04W12/10 , H04W68/00 , H04W68/025
摘要: There is described a device for communicating with a network. The device receives a series of paging messages from a serving node in the network, where each paging message includes identification and authentication information sufficient to identify at least one device and authenticate the message, at least some of the information having been protected according to a sequence such that it varies between successive paging messages. The device verifies the protected part of the information using a cryptographic function and knowledge of the sequence and identifies whether the information indicates that message is an authentic message intended for that device. The device may act in response to the received paging message.
摘要翻译: 描述了用于与网络进行通信的设备。 该设备从网络中的服务节点接收一系列寻呼消息,其中每个寻呼消息包括足以识别至少一个设备并认证消息的标识和认证信息,至少一些信息已经根据序列被保护 使得它在连续的寻呼消息之间变化。 设备使用加密功能和序列的知识来验证信息的受保护部分,并且识别信息是否指示该消息是用于该设备的真实消息。 该设备可以响应于接收到的寻呼消息而起作用。
-
-
-
-
-
-
-
-
-
搜索结果
94 条记录 (耗时 0.028 秒)
