-
公开(公告)号:US08645680B2
公开(公告)日:2014-02-04
申请号:US12997913
申请日:2009-05-06
申请人: Rolf Blom , Yi Cheng , John Mattsson , Mats Naslund , Karl Norrman
发明人: Rolf Blom , Yi Cheng , John Mattsson , Mats Naslund , Karl Norrman
IPC分类号: H04L29/06
CPC分类号: H04L65/601 , H04L63/0464 , H04L63/0478 , H04L63/06 , H04L63/123
摘要: A method and apparatus for sending protected media data from a data source node to a client node via an intermediate node. The data source node establishes a first hop-by-hop key to be shared with the intermediate node and an end-to-end key to be shared with the client node. A single security protocol instance is configured and used to trans-protocol form data from a media stream into transformed data using the keys. The transformed data is then sent to the intermediate node. The intermediate node uses the first hop-by-hop key to apply a security processing to the transformed data, and establishes a second hop-by-hop key with the client node. A second transformation is performed on the transformed data using the second hop-by-hop key to produce further transformed media data, which is then sent to the client node. At the client node a single security protocol instance is configured with the second hop-by-hop key and the end-to-end key, which are used to apply further security processing to the transformed media data.
摘要翻译: 一种用于经由中间节点将受保护媒体数据从数据源节点发送到客户端节点的方法和装置。 数据源节点建立与中间节点共享的第一个逐跳密钥和要与客户机节点共享的端对端密钥。 单个安全协议实例被配置并用于使用密钥将媒体流中的数据转换为变换数据。 然后将变换的数据发送到中间节点。 中间节点使用第一个逐跳密钥对转换的数据应用安全处理,并与客户端节点建立第二个逐跳密钥。 使用第二逐跳密钥对经变换的数据执行第二变换以产生进一步转换的媒体数据,然后将其转发到客户端节点。 在客户端节点,单个安全协议实例配置有第二个逐跳密钥和端对端密钥,用于对转换的媒体数据应用进一步的安全处理。
-
公开(公告)号:US08594334B2
公开(公告)日:2013-11-26
申请号:US13141435
申请日:2008-12-23
IPC分类号: H04L9/08
CPC分类号: H04L9/0833
摘要: The present invention relates to a key management method to establish selective secret information in multiple disjoint groups, more specifically to a method of reducing the broadcast size in access hierarchies and localize and facilitate management in said access hierarchies. The key management method selects a number of subgroups. Each subgroup supports an instance of a key distribution method for receiving distributed key material, and is capable of computing a usage security key based on the distributed key material and predefined user group key material.
摘要翻译: 本发明涉及一种用于在多个不相交组中建立选择性秘密信息的密钥管理方法,更具体地涉及一种在接入层次中降低广播大小的方法,并且在所述接入层次中进行本地化和便利管理。 密钥管理方法选择多个子组。 每个子组支持用于接收分布式密钥材料的密钥分发方法的实例,并且能够基于分布式密钥材料和预定义的用户组密钥材料来计算使用安全密钥。
-
公开(公告)号:US20130291071A1
公开(公告)日:2013-10-31
申请号:US13979476
申请日:2011-07-19
申请人: Rolf Blom , Mats Näslund , Karl Norrman
发明人: Rolf Blom , Mats Näslund , Karl Norrman
IPC分类号: H04L29/06
CPC分类号: H04L63/08 , H04L9/0833 , H04L9/321 , H04L9/3271 , H04L63/104 , H04L63/107 , H04L2209/80 , H04W4/70 , H04W12/06
摘要: According to an aspect of the present invention there is provided a method of operating a communication device, the communication device being part of a group comprising two or more communication devices that share a subscription to a communication network. The method comprises receiving a group authentication challenge from the network, at least part of the group authentication challenge having been generated using group authentication information that is associated with the shared subscription. The device then generates a device specific response to the group authentication challenge using the group authentication information and device specific authentication information and sends the device specific response to the network. The device is for example a member of a machine-type communication device group.
摘要翻译: 根据本发明的一个方面,提供了一种操作通信设备的方法,所述通信设备是包括共享对通信网络的订阅的两个或更多个通信设备的组的一部分。 该方法包括从网络接收组认证挑战,使用与共享订阅相关联的组认证信息已经生成了组认证挑战的至少一部分。 然后,该设备使用组认证信息和设备特定认证信息生成对组认证挑战的设备特定响应,并将设备特定响应发送到网络。 该设备例如是机器型通信设备组的成员。
-
公开(公告)号:US08539564B2
公开(公告)日:2013-09-17
申请号:US13254013
申请日:2009-03-04
申请人: Mats Näslund , Rolf Blom , Yi Cheng , Fredrik Lindholm , Karl Norrman
发明人: Mats Näslund , Rolf Blom , Yi Cheng , Fredrik Lindholm , Karl Norrman
IPC分类号: G06F7/04
CPC分类号: H04L63/06 , H04L9/0844 , H04L2209/80 , H04W12/04
摘要: A method of establishing keys for at least partially securing media plane data exchanged between first and second end users via respective first and second media plane network nodes. The method comprises sending session set-up signalling from said first end point towards said second end point, said session set-up signalling including a session key generated by said first end point. The set-up signalling is intercepted at a first signalling plane network node and a determination made as to whether or not a signalling plane key has already been established for securing the signalling plane between said first end point and said first signalling plane network node. If a signalling plane key has already been established, then a media plane key is derived from that signalling plane key, and the media plane key sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node. If a signalling plane key has not already been established, then an alternative media plane key is derived from said session key and sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node.
摘要翻译: 一种建立用于经由相应的第一和第二媒体平面网络节点至少部分地保护在第一和第二终端用户之间交换的媒体平面数据的密钥的方法。 该方法包括从所述第一端点向所述第二端点发送会话建立信令,所述会话建立信令包括由所述第一端点产生的会话密钥。 建立信令在第一信令平面网络节点被拦截,并且确定信令平面密钥是否已被建立用于在所述第一终端和所述第一信令平面网络节点之间保护信令平面。 如果已经建立了信令平面密钥,则从该信令平面密钥导出媒体平面密钥,并且将媒体平面密钥发送到所述第一媒体平面网络节点,以将介质平面固定在所述第一终端用户和所述第一媒体之间 平面网络节点。 如果还没有建立信令平面密钥,则从所述会话密钥导出替代媒体平面密钥,并将其发送到所述第一媒体平面网络节点,以便在所述第一终端用户和所述第一媒体平面网络节点之间保护媒体平面。
-
85.发明授权公开(公告)号:US08417952B2
公开(公告)日:2013-04-09
申请号:US12809125
申请日:2007-12-19
申请人: Yi Cheng , Luis Barriga , Karl Norrman
发明人: Yi Cheng , Luis Barriga , Karl Norrman
IPC分类号: H04L9/32
CPC分类号: H04W12/08 , G06F21/10 , G06F2221/0717 , H04L2463/101
摘要: The present invention relates to a method and an operator network node for enabling a user-defined DRM domain of *SIMs hosted by *SIM-enabled devices. The operator network node is connectable to a *SIM based device and to a content provider node, and comprises means for establishing a secure channel between a *SIM-based device and an operator network node, means for creating a DRM domain defined by at least one user of *SIM-based devices, means for receiving at the operator network node a registration request from the *SIM-based device to register the *SIM of the *SIM-based device into the created user-defined DRM domain, means for registering at the operator network node the *SIM of the *SIM-based device into the registered user-defined DRM domain, and means for making the registered information associated with the user-defined DRM domain available to the content provider. The invention also relates to a further method and the content provider comprising means for accessing in the operator network node registered information associated with a registered user-defined DRM domain comprising *SIMs of a user, and means for establishing a content provider defined DRM domain comprising at least one of the *SIMs of the user-defined DRM domain.
摘要翻译: 本发明涉及一种方法和运营商网络节点,用于启用由启用SIM的设备主持的* SIM的用户定义的DRM域。 运营商网络节点可连接到基于* SIM的设备和内容提供商节点,并且包括用于在基于* SIM的设备和运营商网络节点之间建立安全信道的装置,用于创建至少定义的DRM域的装置 用于基于SIM的设备的一个用户,用于在所述运营商网络节点处接收来自所述基于* SIM的设备的注册请求以将所述基于* SIM的设备的* SIM注册到所创建的用户定义的DRM域中的装置, 在运营商网络节点将基于* SIM的设备的* SIM注册到注册的用户定义的DRM域中,以及用于使与用户定义的DRM域相关联的注册信息可用于内容提供商的装置。 本发明还涉及一种另外的方法和内容提供器,其包括用于在运营商网络节点中访问与包括用户的SIM的注册用户定义的DRM域相关联的注册信息的装置,以及用于建立内容提供商定义的DRM域的装置,包括 用户定义的DRM域的* SIM中的至少一个。
-
公开(公告)号:US20130003967A1
公开(公告)日:2013-01-03
申请号:US13634920
申请日:2011-03-16
申请人: Karl Norrman , Tomas Hedberg , Mats Naslund
发明人: Karl Norrman , Tomas Hedberg , Mats Naslund
IPC分类号: H04L9/00
摘要: A method comprises maintaining, in a first node serving a mobile terminal over a connection protected by at least one first key, said first key and information about the key management capabilities of the mobile terminal. Upon relocation of the mobile terminal to a second node the method includes: if, and only if, said key management capabilities indicate an enhanced key management capability supported by the mobile terminal, modifying, by said first node, the first key, thereby creating a second key, sending, from the first node to the second node, the second key, and transmitting to the second node the information about the key management capabilities of the mobile terminal.
摘要翻译: 一种方法包括在通过由至少一个第一密钥保护的连接上为移动终端服务的第一节点中保留所述第一密钥和关于移动终端的密钥管理能力的信息。 在将移动终端重新定位到第二节点时,该方法包括:如果并且仅当所述密钥管理能力指示由移动终端支持的增强密钥管理能力时,由所述第一节点修改第一密钥,从而创建 第二密钥,从第一节点向第二节点发送第二密钥,并向第二节点发送关于移动终端的密钥管理能力的信息。
-
公开(公告)号:US20120166802A1
公开(公告)日:2012-06-28
申请号:US13348343
申请日:2012-01-11
申请人: Rolf BLOM , Karl Norrman
发明人: Rolf BLOM , Karl Norrman
IPC分类号: H04L9/32
CPC分类号: H04W12/04 , H04L9/0841 , H04L9/3271 , H04L63/0435 , H04L63/062 , H04L67/26 , H04L2209/56 , H04L2209/80 , H04W84/042
摘要: A method for establishing a security association between a client and a service node for the purpose of pushing information from the service node to the client, where the client and a key server share a base secret. The method comprises sending a request for generation and provision of a service key from the service node to a key server, the request identifying the client and the service node, generating a service key at the key server using the identities of the client and the service node, the base secret, and additional information, and sending the service key to the service node together with said additional information, forwarding said additional information from the service node to the client, and at the client, generating said service key using the received additional information and the base key. A similar approach may be used to provide p2p key management.
摘要翻译: 一种用于在客户机和服务节点之间建立安全关联以便将信息从服务节点推送到客户端的方法,其中客户端和密钥服务器共享基本秘密。 该方法包括从服务节点向密钥服务器发送生成和提供服务密钥的请求,所述请求标识客户端和服务节点,使用客户端和服务的身份在密钥服务器生成服务密钥 节点,基本秘密和附加信息,以及将服务密钥与所述附加信息一起发送到服务节点,将所述附加信息从服务节点转发到客户端,并且在客户端处,使用接收到的附加信息生成所述服务密钥 信息和基本键。 可以使用类似的方法来提供p2p密钥管理。
-
公开(公告)号:US08078733B2
公开(公告)日:2011-12-13
申请号:US11661550
申请日:2006-02-24
申请人: Bo Åström , Ignacio Más Ivars , Hans Carlsson , Yi Cheng , Karl Norrman
发明人: Bo Åström , Ignacio Más Ivars , Hans Carlsson , Yi Cheng , Karl Norrman
IPC分类号: G06F15/16
CPC分类号: H04L29/06027 , H04L65/1006 , H04L65/1016 , H04L65/1063 , H04L65/1069 , H04L65/1073 , H04L65/80
摘要: An IMS-enabled control channel for an IPTV service is provided by receiving at a Serving Call/State Control Function (S-CSCF) a Session Initiation Protocol (SIP) REGISTER message, the SIP REGISTER message identifying the originating user, receiving at the originating user a response from the S-CSCF indicating that the originating user has been authorized, and sending a SIP INVITE message from the S-CSCF to establish an open channel connection with a selected IPTV Application Server (AS). This open channel connection can then be used for the transmission of control messages, such as for starting play, starting recording, stopping play, etc., between the STB and the IPTV applications server, as well as for the delivery of personalized content, such as advertisements, voting responses, personalized voting triggers and targeted interactive events. By maintaining an open control channel with the IPTV AS, this offers a substantial reduction in the setup delay times for different applications.
摘要翻译: 通过在服务呼叫/状态控制功能(S-CSCF)处接收会话发起协议(SIP)REGISTER消息,识别始发用户的SIP REGISTER消息,以始发方式接收来提供用于IPTV服务的启用IMS的控制信道 用户从S-CSCF收到指示发起用户已被授权的响应,并从S-CSCF发送SIP INVITE消息,以建立与选定的IPTV应用服务器(AS)的开放信道连接。 然后,该开放通道连接可以用于控制消息的传输,例如在STB和IPTV应用服务器之间的开始播放,开始记录,停止播放等,以及用于传送个性化内容,诸如 作为广告,投票回复,个性化投票触发器和有针对性的交互式活动。 通过与IPTV AS保持开放的控制信道,这大大减少了不同应用的建立延迟时间。
-
公开(公告)号:US20110093698A1
公开(公告)日:2011-04-21
申请号:US12997913
申请日:2009-05-06
申请人: Rolf Blom , Yi Cheng , John Mattsson , Mats Naslund , Karl Norrman
发明人: Rolf Blom , Yi Cheng , John Mattsson , Mats Naslund , Karl Norrman
IPC分类号: H04L9/12
CPC分类号: H04L65/601 , H04L63/0464 , H04L63/0478 , H04L63/06 , H04L63/123
摘要: A method and apparatus for sending protected media data from a data source node to a client node via an intermediate node. The data source node establishes a first hop-by-hop key to be shared with the intermediate node and an end-to-end key to be shared with the client node. A single security protocol instance is configured and used to trans-protocol form data from a media stream into transformed data using the keys. The transformed data is then sent to the intermediate node. The intermediate node uses the first hop-by-hop key to apply a security processing to the transformed data, and establishes a second hop-by-hop key with the client node. A second transformation is performed on the transformed data using the second hop-by-hop key to produce further transformed media data, which is then sent to the client node. At the client node a single security protocol instance is configured with the second hop-by-hop key and the end-to-end key, which are used to apply further security processing to the transformed media data.
摘要翻译: 一种用于经由中间节点将受保护媒体数据从数据源节点发送到客户端节点的方法和装置。 数据源节点建立与中间节点共享的第一个逐跳密钥和要与客户机节点共享的端对端密钥。 单个安全协议实例被配置并用于使用密钥将媒体流中的数据转换为变换数据。 然后将变换的数据发送到中间节点。 中间节点使用第一个逐跳密钥对转换的数据应用安全处理,并与客户端节点建立第二个逐跳密钥。 使用第二逐跳密钥对经变换的数据执行第二变换以产生进一步转换的媒体数据,然后将其转发到客户端节点。 在客户端节点,单个安全协议实例配置有第二个逐跳密钥和端对端密钥,用于对转换的媒体数据应用进一步的安全处理。
-
公开(公告)号:US20110091036A1
公开(公告)日:2011-04-21
申请号:US12996214
申请日:2008-07-21
申请人: Karl Norrman , Mats Naslund
发明人: Karl Norrman , Mats Naslund
IPC分类号: H04L9/00
CPC分类号: H04W12/06 , H04L9/065 , H04L9/0819 , H04L9/0838 , H04L9/0866 , H04L9/0869 , H04L9/0891 , H04L9/14 , H04L9/3271 , H04L2209/24 , H04L2209/80 , H04L2463/061 , H04W12/04
摘要: A technique for generating a cryptographic key (120) is provided. The technique is particularly useful for protecting the communication between two entities (202, 302; 204, 304) cooperatively running a distributed security operation. The technique comprises providing at least two parameters (106, 108), the first parameter (106) comprising or deriving from some cryptographic keys (110, 112) which have been computed by the first entity (202, 302) by running the security operation; and the second parameter (108) comprising or deriving from a token (116) having a different value each time the security (114) operation is initiated by the second entity (204, 304) for the first entity (202, 302). A key derivation function is applied to the provided parameters (106, 108) to generate the desired cryptographic key (120).
摘要翻译: 提供了一种用于生成加密密钥(120)的技术。 该技术对于保护协作地运行分布式安全操作的两个实体(202,302; 204,304)之间的通信特别有用。 所述技术包括提供至少两个参数(106,108),所述第一参数(106)包括由所述第一实体(202,302)通过运行所述安全操作来计算的一些加密密钥(110,112) ; 并且所述第二参数(108)包括每个所述第一实体(202,302)由所述第二实体(204,304)发起所述安全性(114)操作)具有不同值的令牌(116)。 密钥导出函数被应用于所提供的参数(106,108)以生成期望的密码密钥(120)。
-
-
-
-
-
-
-
-
-
搜索结果
94 条记录 (耗时 0.035 秒)
