-
81.发明授权公开(公告)号:US08429399B2
公开(公告)日:2013-04-23
申请号:US12681212
申请日:2008-07-30
IPC分类号: H04L9/00
摘要: A method and apparatus is provided for detecting the start of a secure mode by a user terminal (12) without explicit signaling. After the network (30) commands the user terminal to switch to secure mode and receives a data packet from the user terminal, the receiving network node (22) determines the security mode of the user terminal by determining whether valid security has been applied to the received data packet by the user terminal.
摘要翻译: 提供了一种方法和装置,用于在没有明确信令的情况下检测用户终端(12)开始安全模式。 在网络(30)命令用户终端切换到安全模式并从用户终端接收数据分组之后,接收网络节点(22)通过确定是否将有效的安全性应用于用户终端来确定用户终端的安全模式 由用户终端接收数据包。
-
公开(公告)号:US08340288B2
公开(公告)日:2012-12-25
申请号:US12996214
申请日:2008-07-21
申请人: Karl Norrman , Mats Naslund
发明人: Karl Norrman , Mats Naslund
IPC分类号: H04L29/06
CPC分类号: H04W12/06 , H04L9/065 , H04L9/0819 , H04L9/0838 , H04L9/0866 , H04L9/0869 , H04L9/0891 , H04L9/14 , H04L9/3271 , H04L2209/24 , H04L2209/80 , H04L2463/061 , H04W12/04
摘要: A technique for generating a cryptographic key (120) is provided. The technique is particularly useful for protecting the communication between two entities (202, 302; 204, 304) cooperatively running a distributed security operation. The technique comprises providing at least two parameters (106, 108), the first parameter (106) comprising or deriving from some cryptographic keys (110, 112) which have been computed by the first entity (202, 302) by running the security operation; and the second parameter (108) comprising or deriving from a token (116) having a different value each time the security (114) operation is initiated by the second entity (204, 304) for the first entity (202, 302). A key derivation function is applied to the provided parameters (106, 108) to generate the desired cryptographic key (120).
摘要翻译: 提供了一种用于生成加密密钥(120)的技术。 该技术对于保护协作地运行分布式安全操作的两个实体(202,302; 204,304)之间的通信特别有用。 所述技术包括提供至少两个参数(106,108),所述第一参数(106)包括由所述第一实体(202,302)通过运行所述安全操作来计算的一些加密密钥(110,112) ; 并且所述第二参数(108)包括每个所述第一实体(202,302)由所述第二实体(204,304)发起所述安全性(114)操作)具有不同值的令牌(116)。 密钥导出函数被应用于所提供的参数(106,108)以生成期望的密码密钥(120)。
-
公开(公告)号:US20110055566A1
公开(公告)日:2011-03-03
申请号:US12991542
申请日:2008-05-13
申请人: Karl Norrman , Patrik Salmela , Kristian Slavov
发明人: Karl Norrman , Patrik Salmela , Kristian Slavov
CPC分类号: H04L63/068 , H04L9/3213 , H04L9/3297 , H04L63/08 , H04L63/0807 , H04L63/1458 , H04W12/04 , H04W12/06
摘要: A method and apparatus for verifying a request for service in a communication network. An authentication node generates a secret and transmits the secret to a node providing a service. The authentication node then receives a request for authentication from a requesting node, and once the requesting node is authenticated, the authorisation node sends an identifier for the requesting node and a first token, which is derived using the secret and the identifier. A service providing node subsequently receives a request for service from the requesting node, the request including the identifier for the requesting node and the first token. The service providing node derives a second token using the identifier and the secret. If the first token and the second token match, then the service providing node allows the request, and if the first token and the second token do not match, then the request is refused.
摘要翻译: 一种用于在通信网络中验证服务请求的方法和装置。 认证节点生成秘密,并将秘密发送给提供服务的节点。 然后,认证节点从请求节点接收认证请求,一旦认证请求节点,授权节点就发送请求节点的标识符和使用秘密和标识符导出的第一个令牌。 服务提供节点随后从请求节点接收服务请求,该请求包括请求节点和第一令牌的标识符。 服务提供节点使用标识符和秘密导出第二个令牌。 如果第一令牌和第二令牌匹配,则服务提供节点允许请求,并且如果第一令牌和第二令牌不匹配,则该请求被拒绝。
-
公开(公告)号:US07725709B2
公开(公告)日:2010-05-25
申请号:US11470554
申请日:2006-09-06
IPC分类号: H04L29/06
CPC分类号: H04L9/12 , H04L9/0861 , H04L9/16
摘要: Methods for cryptographic synchronization of data packets. A roll-over counter (ROC) value is periodically appended to and transmitted with a data packet when a function of the packet sequence number equals a predetermined value. The ROC effectively synchronizes the cryptographic transformation of the data packets. Although the disclosed methods are generally applicable to many transmission protocols, they are particularly adaptable for use in systems wherein the data packets are transmitted to a receiver using the Secure Real-Time Transport Protocol (SRTP) as defined in Internet Engineering Task Force (IETF) Request for Comments (RFC) 3711.
摘要翻译: 数据包的密码同步方法。 当分组序列号的功能等于预定值时,翻转计数器(ROC)值周期性地附加到数据分组并与数据分组一起发送。 ROC有效地同步数据包的加密转换。 虽然所公开的方法通常适用于许多传输协议,但是它们特别适用于在使用因特网工程任务组(IETF)中定义的安全实时传输协议(SRTP)将数据分组发送到接收机的系统中, 请求注释(RFC)3711。
-
85.发明授权Robust and flexible digital rights management involving a tamper-resistant identity module 有权强大而灵活的数字版权管理涉及防篡改身份模块公开(公告)号:US07568234B2
公开(公告)日:2009-07-28
申请号:US10524583
申请日:2002-12-19
申请人: Mats Naslund , Karl Norrman
发明人: Mats Naslund , Karl Norrman
IPC分类号: H04L9/00
CPC分类号: H04L63/0428 , G06F21/10 , G06F2221/0711 , G06F2221/2115 , G06F2221/2129 , G06F2221/2135 , G06F2221/2137 , G06F2221/2153 , H04L63/08 , H04L63/0807 , H04L63/0823 , H04L63/0853 , H04L63/0869 , H04L2463/101 , H04W8/22 , H04W12/04 , H04W12/06
摘要: The invention relates to digital rights management, and proposes the implementation of a DRM agent (125) into a tamper-resistant identity module (120) adapted for engagement with a client system (100), such as a mobile phone or a computer system. The DRM agent (125) is generally implemented with functionality for enabling usage, such as rendering or execution of protected digital content provided to the client system from a content provider. In general, the DRM agent (125) includes functionality for cryptographic processing of DRM metadata associated with the digital content to be rendered. In a particularly advantageous realization, the DRM agent is implemented as an application in the application environment of the identity module. The DRM application can be preprogrammed into the application environment, or securely downloaded from a trusted party associated with the identity module. The invention also relates to a distributed DRM module, with communication between distributed DRM agents (125, 135) based on usage-device specific key information.
摘要翻译: 本发明涉及数字版权管理,并且提出将DRM代理(125)实现到适用于与例如移动电话或计算机系统的客户端系统(100)接合的防篡改身份模块(120)中。 DRM代理(125)通常用功能来实现,用于实现使用,例如从内容提供商呈现或执行提供给客户端系统的受保护的数字内容。 通常,DRM代理(125)包括用于与要呈现的数字内容相关联的DRM元数据的密码处理的功能。 在特别有利的实现中,DRM代理被实现为身份模块的应用环境中的应用。 DRM应用可以被预编程到应用环境中,或者从与身份模块相关联的可信方安全地下载。 本发明还涉及一种基于使用设备特定密钥信息的分布式DRM代理(125,135)之间的通信的分布式DRM模块。
-
公开(公告)号:US20080307528A1
公开(公告)日:2008-12-11
申请号:US11883052
申请日:2006-03-09
申请人: Ta-wei Chen , Karl Norrman
发明人: Ta-wei Chen , Karl Norrman
CPC分类号: H04L47/10 , H04L63/0428 , H04L63/166 , H04L69/14 , H04L69/16 , H04L69/163 , H04L69/165
摘要: A basic idea of the invention is to separate ordered delivery data and unordered delivery data in a security protocol running on top of a reliable transport protocol, and perform a first type of security processing for ordered delivery data and a second different type of security processing for unordered delivery data in the security protocol. Preferably, data messages using ordered delivery and data messages using unordered delivery within a secure data stream are separated into two message sequence spaces on the security protocol layer, and data security processing is then performed differently in these two spaces. The invention is particularly suitable for a reliable transport protocol such as SCTP (Stream Control Transmission Protocol). The security protocol running on top of the transport protocol is preferably based on the TLS (Transport Layer Security) or a TLS-like protocol with a security processing extension for unordered delivery.
摘要翻译: 本发明的基本思想是在可靠传输协议之上运行的安全协议中分离有序传送数据和无序传送数据,并对有序传送数据执行第一类型的安全处理,以及对第二种不同类型的安全处理进行安全处理 安全协议中的无序传送数据。 优选地,使用有序传送的数据消息和使用安全数据流内的无序传送的数据消息在安全协议层上分成两个消息序列空间,然后在这两个空间中进行不同的数据安全处理。 本发明特别适用于诸如SCTP(流控制传输协议)的可靠传输协议。 运行在传输协议之上的安全协议优选地基于TLS(传输层安全性)或具有用于无序传送的安全处理扩展的类TLS协议。
-
公开(公告)号:US20080220759A1
公开(公告)日:2008-09-11
申请号:US11997658
申请日:2006-07-11
申请人: Karl Norrman
发明人: Karl Norrman
IPC分类号: H04M3/00
CPC分类号: H04W8/22 , H04L67/04 , H04L67/303 , H04M3/42136 , H04M3/42178 , H04W8/18
摘要: The present invention relates to an improved approach to mobile device capability management. Heretofore, a capability management device is provided at a mobile communication network. Upon change of a mobile device capability, a related notification is sent to the capability management device which applies a policy decision whether to track the capability change at the network side or not. Should the decision be ‘yes’, the capability management device starts a device management session to collect further information on a mobile device capability change beyond the information made available with the mobile device capability change notification. After retrieval of the mobile device capability change information, the capability management device will update its mobile device capability state accordingly. Optionally, the capability management device may share the generated information with third party cooperating with the mobile device for, e.g., service delivery.
摘要翻译: 本发明涉及一种改进的移动设备能力管理方法。 迄今为止,在移动通信网络中提供了能力管理装置。 在更改移动设备能力时,将相关通知发送到能力管理设备,该能力管理设备应用策略决定是否跟踪网络侧的能力变化。 如果该决定为“是”,则能力管理设备启动设备管理会话以收集有关移动设备能力改变的进一步信息,超出移动设备能力改变通知所提供的信息。 检索移动设备能力变化信息后,能力管理设备将相应地更新其移动设备能力状态。 可选地,能力管理设备可以与与移动设备协作的第三方共享生成的信息,以用于例如服务递送。
-
公开(公告)号:US09661534B2
公开(公告)日:2017-05-23
申请号:US14374455
申请日:2012-04-24
申请人: Karl Norrman
发明人: Karl Norrman
CPC分类号: H04W36/0083 , H04L63/1466 , H04L63/20 , H04L63/205 , H04W12/08 , H04W12/12 , H04W36/0038 , H04W36/08 , H04W40/04
摘要: The invention provides a system and method for repairing corrupt security information. At a serving node in a telecommunications network, security capabilities of a terminal are received when the terminal registers with the serving node. The received security capabilities are stored. A path switch request message is received from a target base station following an X2 handover request sent from a source base station to the target base station for handover of the terminal, the path switch request including the security capabilities of the terminal. The serving node determines whether the security capabilities of the terminal stored in the storage medium should be sent to the target base station. If so, the serving node sends the stored security capabilities of the terminal to the target base station for use in reselecting security algorithms to be used in communications between the target base station and terminal following the handover.
-
公开(公告)号:US20150092942A1
公开(公告)日:2015-04-02
申请号:US14372920
申请日:2014-01-30
申请人: Stefan Wager , Niklas Johansson , Karl Norrman , Oumer Teyeb , Vesa Virkki
发明人: Stefan Wager , Niklas Johansson , Karl Norrman , Oumer Teyeb , Vesa Virkki
CPC分类号: H04W12/04 , H04L9/14 , H04L63/061 , H04L2209/24 , H04L2209/80
摘要: Techniques for the secure generation of a set of encryption keys to be used for communication between a wireless terminal and an assisting base station in a dual-connectivity scenario. An example method includes generating (810) an assisting security key for the assisting base station, based on an anchor base station key. The generated assisting security key is sent (820) to the assisting base station, for use by the assisting base station in encrypting data traffic sent to the wireless terminal or in generating one or more additional assisting security keys for encrypting data traffic sent to the wireless terminal while the wireless terminal is dually connected to the anchor base station and the assisting base station. The anchor base station key, or a key derived from the anchor base station key, is used (830) for encrypting data sent to the wireless terminal by the anchor base station.
摘要翻译: 用于在双连接情况下用于无线终端和辅助基站之间的通信的一组加密密钥的安全生成的技术。 示例性方法包括基于锚基站密钥生成(810)辅助基站的辅助安全密钥。 生成的辅助安全密钥被发送(820)到辅助基站,供辅助基站用于加密发送到无线终端的数据业务,或者生成一个或多个附加辅助安全密钥,用于加密发送到无线终端的数据业务 终端,而无线终端双重连接到锚基站和辅助基站。 使用锚基站密钥或从锚基站密钥导出的密钥(830)来加密由锚基站发送给无线终端的数据。
-
公开(公告)号:US08594334B2
公开(公告)日:2013-11-26
申请号:US13141435
申请日:2008-12-23
IPC分类号: H04L9/08
CPC分类号: H04L9/0833
摘要: The present invention relates to a key management method to establish selective secret information in multiple disjoint groups, more specifically to a method of reducing the broadcast size in access hierarchies and localize and facilitate management in said access hierarchies. The key management method selects a number of subgroups. Each subgroup supports an instance of a key distribution method for receiving distributed key material, and is capable of computing a usage security key based on the distributed key material and predefined user group key material.
摘要翻译: 本发明涉及一种用于在多个不相交组中建立选择性秘密信息的密钥管理方法,更具体地涉及一种在接入层次中降低广播大小的方法,并且在所述接入层次中进行本地化和便利管理。 密钥管理方法选择多个子组。 每个子组支持用于接收分布式密钥材料的密钥分发方法的实例,并且能够基于分布式密钥材料和预定义的用户组密钥材料来计算使用安全密钥。
-
-
-
-
-
-
-
-
-
搜索结果
94 条记录 (耗时 0.028 秒)
