Discovery of security associations
    1.
    发明授权
    Discovery of security associations 有权
    发现安全关联

    公开(公告)号:US08769288B2

    公开(公告)日:2014-07-01

    申请号:US13097184

    申请日:2011-04-29

    IPC分类号: H04L9/32 H04L9/00

    摘要: Techniques are disclosed for discovering security associations formed in communication environments. For example, a method for forming a discoverable security association between a first computing device (e.g., a first client) and a second computing device (e.g., a second client) comprises the following steps. The first computing device is provided with a seed that is used by the first computing device to generate a secret that is used by the first computing device to compute a key for use in securing communications with the second computing device. The secret is re-computable based on knowledge of the seed and the key is re-computable based on knowledge of the secret such that a third computing device (e.g., an intercepting server) can use the re-computed key to intercept communications between the first computing device and the second computing device unbeknownst to the first computing device and the second computing device. By way of example, the key may be a result of an identity based authenticated key exchange.

    摘要翻译: 公开了用于发现在通信环境中形成的安全关联的技术。 例如,用于在第一计算设备(例如,第一客户端)和第二计算设备(例如,第二客户端)之间形成可发现的安全关联的方法包括以下步骤。 第一计算设备被提供有种子,该种子由第一计算设备用于生成由第一计算设备用于计算密钥以用于保护与第二计算设备的通信的密钥。 基于种子的知识可以重新计算秘密,并且基于秘密的知识可以重新计算密钥,使得第三计算设备(例如,拦截服务器)可以使用重新计算的密钥来拦截 第一计算设备和第二计算设备不受第一计算设备和第二计算设备的影响。 作为示例,密钥可以是基于身份的认证密钥交换的结果。

    Bootstrapping method for setting up a security association
    2.
    发明授权
    Bootstrapping method for setting up a security association 有权
    用于设置安全关联的Bootstrapping方法

    公开(公告)号:US08667151B2

    公开(公告)日:2014-03-04

    申请号:US11836313

    申请日:2007-08-09

    IPC分类号: G06F15/16

    摘要: In one embodiment, a method of the invention has the steps of: (A) establishing an access-layer security association (SA) between a mobile node (MN) and an authentication authorization accounting (AAA) server; (B) deriving a secondary key from an extended master session key (EMSK) corresponding to the access-layer SA; (C) providing the secondary key to a home agent; and (D) based on the secondary key, establishing an SA corresponding to an Open System Interconnection (OSI) layer higher than the access layer for securing communications between the home agent and a selected network node. In various embodiments, the selected network node can be (i) the MN, (ii) a proxy node configured on behalf of the MN, or (iii) a proxy node configured on behalf of the home agent.

    摘要翻译: 在一个实施例中,本发明的方法具有以下步骤:(A)在移动节点(MN)和认证授权计费(AAA)服务器之间建立接入层安全关联(SA); (B)从对应于接入层SA的扩展主会话密钥(EMSK)导出次密钥; (C)向本地代理人提供次要密钥; 和(D)基于所述次级密钥,建立与所述接入层以上的开放系统互连(OSI)层对应的SA,以保护所述归属代理和所选网络节点之间的通信。 在各种实施例中,所选择的网络节点可以是(i)MN,(ii)代表MN配置的代理节点,或(iii)代表归属代理配置的代理节点。

    IDENTITY BASED AUTHENTICATED KEY AGREEMENT PROTOCOL
    3.
    发明申请
    IDENTITY BASED AUTHENTICATED KEY AGREEMENT PROTOCOL 有权
    基于身份认证的认证协议协议

    公开(公告)号:US20130297939A1

    公开(公告)日:2013-11-07

    申请号:US13932573

    申请日:2013-07-01

    IPC分类号: H04L9/08 H04L9/30

    CPC分类号: H04L9/0847 H04L9/3073

    摘要: A key agreement protocol between a first party and a second party comprises the following steps from the first party perspective. An encrypted first random key component is directed to the second party, the first random key component having been computed at the first party and encrypted using a public key of the second party in accordance with an identity based encryption operation. An encrypted second random key component corresponding to the second party is received. The encrypted second random key component is decrypted using a private key of the first party. A session key for use in subsequent communications between the first party and the second party is computed based at least in part on the second random key component.

    摘要翻译: 第一方和第二方之间的关键协议协议包括从第一方面的以下步骤。 加密的第一随机密钥组件指向第二方,第一随机密钥组件已经在第一方被计算并且使用第二方的公开密钥根据基于身份的加密操作加密。 接收对应于第二方的加密的第二随机密钥组件。 使用第一方的私钥对加密的第二随机密钥组件进行解密。 至少部分地基于第二随机密钥分量计算用于第一方和第二方之间的后续通信中的会话密钥。

    Identity based authenticated key agreement protocol
    4.
    发明授权
    Identity based authenticated key agreement protocol 有权
    基于身份的认证密钥协商协议

    公开(公告)号:US08510558B2

    公开(公告)日:2013-08-13

    申请号:US12372242

    申请日:2009-02-17

    IPC分类号: H04L9/32

    CPC分类号: H04L9/0847 H04L9/3073

    摘要: A key agreement protocol between a first party and a second party comprises the following steps from the first party perspective. An encrypted first random key component is sent to the second party, the first random key component being encrypted using a public key of the second party in accordance with an identity based encryption operation. An encrypted random key component pair is received from the second party, the random key component pair being formed from the first random key component and a second random key component computed at the second party, and encrypted at the second party using a public key of the first party in accordance with the identity based encryption operation. The second random key component, in encrypted form, is sent to the second party, the second random key component being encrypted using the public key of the second party. A key for use in subsequent communications between the first party and the second party is computable at the first party based on the second random key component. The key may be computed at the second party based on the first random key component.

    摘要翻译: 第一方和第二方之间的关键协议协议包括从第一方面的以下步骤。 加密的第一随机密钥组件被发送到第二方,第一随机密钥组件使用第二方的公开密钥根据基于身份的加密操作进行加密。 从第二方接收加密的随机密钥分量对,随机密钥分量对由第一随机密钥分量和在第二方计算的第二随机密钥分量形成,并在第二方使用公钥 第一方按照基于身份的加密操作。 将加密形式的第二随机密钥组件发送给第二方,第二随机密钥组件使用第二方的公钥进行加密。 在第一方和第二方之间的后续通信中使用的密钥可以在第一方基于第二随机密钥分量计算。 可以基于第一随机密钥分量在第二方计算密钥。

    Secure key management in conferencing system
    5.
    发明授权
    Secure key management in conferencing system 有权
    会议系统中的安全密钥管理

    公开(公告)号:US08301883B2

    公开(公告)日:2012-10-30

    申请号:US12549907

    申请日:2009-08-28

    IPC分类号: H04L29/06

    摘要: A method for managing a conference between two or more parties comprises an identity based authenticated key exchange between a conference management element and each of the two or more parties seeking to participate in the conference. Messages exchanged between the conference management element and the two or more parties are encrypted based on respective identities of recipients of the messages. The method comprises the conference management element receiving from each party a random group key component. The random group key component is computed by each party based on a random number used by the party during the key authentication operation and random key components computed by a subset of others of the two or more parties seeking to participate in the conference. The conference management element sends to each party the random group key components computed by the parties such that each party can compute the same group key.

    摘要翻译: 一种用于在两个或多个方之间管理会议的方法包括会议管理元件与寻求参加会议的两个或多个方中的每个之间的基于身份的认证密钥交换。 在会议管理单元与两个或多个会话之间交换的消息基于消息的接收者的相应身份被加密。 该方法包括从各方接收随机组密钥分量的会议管理单元。 随机组密钥分量由各方根据在密钥认证操作期间由该方使用的随机数和由寻求参与会议的两个或多个方的其他人的子集计算的随机密钥分量来计算。 会议管理单元向各方发送由各方计算的随机组密钥分量,使得各方可以计算相同的组密钥。

    Secure Key Management in Multimedia Communication System
    6.
    发明申请
    Secure Key Management in Multimedia Communication System 有权
    多媒体通信系统中的安全密钥管理

    公开(公告)号:US20110055567A1

    公开(公告)日:2011-03-03

    申请号:US12549932

    申请日:2009-08-28

    摘要: Principles of the invention provide one or more secure key management protocols for use in communication environments such as a media plane of a multimedia communication system. For example, a method for performing an authenticated key agreement protocol, in accordance with a multimedia communication system, between a first party and a second party comprises, at the first party, the following steps. Note that encryption/decryption is performed in accordance with an identity based encryption operation. At least one private key for the first party is obtained from a key service. A first message comprising an encrypted first random key component is sent from the first party to the second party, the first random key component having been computed at the first party, and the first message having been encrypted using a public key of the second party. A second message comprising an encrypted random key component pair is received at the first party from the second party, the random key component pair having been formed from the first random key component and a second random key component computed at the second party, and the second message having been encrypted at the second party using a public key of the first party. The second message is decrypted by the first party using the private key obtained by the first party from the key service to obtain the second random key component. A third message comprising the second random key component is sent from the first party to the second party, the third message having been encrypted using the public key of the second party. The first party computes a secure key based on the second random key component, the secure key being used for conducting at least one call session with the second party via a media plane of the multimedia communication system.

    摘要翻译: 本发明的原理提供了一种或多种用于诸如多媒体通信系统的媒体平面的通信环境中的安全密钥管理协议。 例如,在第一方和第二方之间执行根据多媒体通信系统的认证密钥协商协议的方法包括在第一方处理以下步骤。 注意,根据基于身份的加密操作来执行加密/解密。 从关键服务获得至少一个第一方私钥。 包括加密的第一随机密钥组件的第一消息从第一方发送到第二方,第一随机密钥组件已经在第一方被计算,并且第一消息已经使用第二方的公钥加密。 在第一方从第二方接收包括加密的随机密钥分量对的第二消息,所述随机密钥分量对已经由第一随机密钥分量和在第二方计算的第二随机密钥分量形成, 消息已经使用第一方的公钥在第二方加密。 由第一方使用由密钥服务获得的第一方获得的私钥来解密第二消息以获得第二随机密钥分量。 包括第二随机密钥分量的第三消息从第一方发送到第二方,第三消息已经使用第二方的公钥加密。 第一方基于第二随机密钥组件计算安全密钥,该安全密钥用于经由多媒体通信系统的媒体平面与第二方进行至少一个呼叫会话。

    System and method for cell-edge performance management in wireless systems using centralized scheduling
    7.
    发明申请
    System and method for cell-edge performance management in wireless systems using centralized scheduling 审中-公开
    使用集中式调度的无线系统中的小区边缘性能管理系统和方法

    公开(公告)号:US20100284346A1

    公开(公告)日:2010-11-11

    申请号:US12455220

    申请日:2009-05-30

    IPC分类号: H04W72/04

    摘要: A method is provided for scheduling transmission resources to a mobile station served by a plurality of base stations. According to the method of the invention, a centralized scheduler is provided at a network node operative to serve each of the plurality of base stations and the centralized scheduler acts to prioritize scheduling of transmission resources to the mobile station as a function of feedback information respecting data received by the mobile station from each of at least two of the plurality of base stations.

    摘要翻译: 提供了一种用于向由多个基站服务的移动台调度传输资源的方法。 根据本发明的方法,在网络节点处提供集中式调度器,该网络节点可操作以服务于多个基站中的每一个,并且集中式调度器根据与数据相关的反馈信息的函数优先考虑向移动台调度传输资源 由移动站从多个基站中的至少两个中的每一个接收。

    Identity Based Authenticated Key Agreement Protocol
    8.
    发明申请
    Identity Based Authenticated Key Agreement Protocol 有权
    基于身份的认证密钥协商协议

    公开(公告)号:US20100211779A1

    公开(公告)日:2010-08-19

    申请号:US12372242

    申请日:2009-02-17

    IPC分类号: H04L9/32 H04L9/06

    CPC分类号: H04L9/0847 H04L9/3073

    摘要: A key agreement protocol between a first party and a second party comprises the following steps from the first party perspective. An encrypted first random key component is sent to the second party, the first random key component being encrypted using a public key of the second party in accordance with an identity based encryption operation. An encrypted random key component pair is received from the second party, the random key component pair being formed from the first random key component and a second random key component computed at the second party, and encrypted at the second party using a public key of the first party in accordance with the identity based encryption operation. The second random key component, in encrypted form, is sent to the second party, the second random key component being encrypted using the public key of the second party. A key for use in subsequent communications between the first party and the second party is computable at the first party based on the second random key component. The key may be computed at the second party based on the first random key component.

    摘要翻译: 第一方和第二方之间的关键协议协议包括从第一方面的以下步骤。 加密的第一随机密钥组件被发送到第二方,第一随机密钥组件使用第二方的公开密钥根据基于身份的加密操作进行加密。 从第二方接收加密的随机密钥分量对,随机密钥分量对由第一随机密钥分量和在第二方计算的第二随机密钥分量形成,并在第二方使用公钥 第一方按照基于身份的加密操作。 将加密形式的第二随机密钥组件发送给第二方,第二随机密钥组件使用第二方的公钥进行加密。 在第一方和第二方之间的后续通信中使用的密钥可以在第一方基于第二随机密钥分量计算。 可以基于第一随机密钥分量在第二方计算密钥。

    NETWORK-ASSISTED PEER-TO-PEER SECURE COMMUNICATION ESTABLISHMENT
    9.
    发明申请
    NETWORK-ASSISTED PEER-TO-PEER SECURE COMMUNICATION ESTABLISHMENT 审中-公开
    网络协调对等安全通信机构

    公开(公告)号:US20130110920A1

    公开(公告)日:2013-05-02

    申请号:US13283133

    申请日:2011-10-27

    IPC分类号: G06F15/16

    CPC分类号: H04L67/104 H04L63/04

    摘要: Techniques are disclosed for establishing network-assisted secure communications in a peer-to-peer environment. For example, a method for secure communications comprises the following steps. A first computing device provides connectivity information associated therewith to a network server. The first computing device receives connectivity information respectively associated with one or more other computing devices from the network server. The first computing device, independent of the network server, establishes a security association with at least one of the one or more other computing devices. The first computing device, independent of the network server, participates in a secure peer-to-peer session with the at least one other computing device.

    摘要翻译: 公开了用于在对等环境中建立网络辅助安全通信的技术。 例如,用于安全通信的方法包括以下步骤。 第一计算设备向网络服务器提供与之相关联的连接信息。 第一计算设备从网络服务器接收分别与一个或多个其他计算设备相关联的连接信息。 独立于网络服务器的第一计算设备与一个或多个其他计算设备中的至少一个建立安全关联。 独立于网络服务器的第一计算设备参与与至少一个其他计算设备的安全对等会话。

    SECURE KEY MANAGEMENT IN CONFERENCING SYSTEM
    10.
    发明申请
    SECURE KEY MANAGEMENT IN CONFERENCING SYSTEM 有权
    会议系统中的安全关键管理

    公开(公告)号:US20120322416A1

    公开(公告)日:2012-12-20

    申请号:US13596823

    申请日:2012-08-28

    IPC分类号: H04W12/06

    摘要: A method for managing a conference between two or more parties comprises an identity based authenticated key exchange between a conference management element and each of the two or more parties seeking to participate in the conference. Messages exchanged between the conference management element and the two or more parties are encrypted based on respective identities of recipients of the messages. The method comprises the conference management element receiving from each party a random group key component. The random group key component is computed by each party based on a random number used by the party during the key authentication operation and random key components computed by a subset of others of the two or more parties seeking to participate in the conference. The conference management element sends to each party the random group key components computed by the parties such that each party can compute the same group key.

    摘要翻译: 一种用于在两个或多个方之间管理会议的方法包括会议管理元件与寻求参加会议的两个或多个方中的每个之间的基于身份的认证密钥交换。 在会议管理单元与两个或多个会话之间交换的消息基于消息的接收者的相应身份被加密。 该方法包括从各方接收随机组密钥分量的会议管理单元。 随机组密钥分量由各方根据在密钥认证操作期间由该方使用的随机数和由寻求参与会议的两个或多个方的其他人的子集计算的随机密钥分量来计算。 会议管理单元向各方发送由各方计算的随机组密钥分量,使得各方可以计算相同的组密钥。