-
公开(公告)号:US10007904B2
公开(公告)日:2018-06-26
申请号:US13806451
申请日:2010-06-29
申请人: Mattias Eld , Petter Arvidsson , Goran Selander
发明人: Mattias Eld , Petter Arvidsson , Goran Selander
CPC分类号: G06Q20/3227 , G06Q20/3229 , G06Q20/40 , H04L63/0823
摘要: It is presented a security server arranged to set up communication between a merchant device and a customer payment application. The security server comprises: a receiver arranged to receive a first message comprising a customer identifier, an application identifier and a security token; a determiner arranged to determine whether the merchant device is authorized; a transmitter arranged to send a second message to the merchant device, the second message indicating that the merchant device is authorized to effect payment; and a channel establisher arranged to set up a secure channel between the merchant device and the customer payment application in a secure element being adapted to be comprised in a mobile communication terminal, wherein all communication between the merchant device and the customer payment application is controlled by the security server. Corresponding methods, merchant device, computer programs and computer program products are also presented.
-
公开(公告)号:US20100146274A1
公开(公告)日:2010-06-10
申请号:US12601569
申请日:2007-06-18
申请人: Mats Naslund , Magnus Almgren , Harald Kallin , Goran Selander
发明人: Mats Naslund , Magnus Almgren , Harald Kallin , Goran Selander
CPC分类号: H04W12/10 , H04L9/06 , H04L9/08 , H04L9/32 , H04L63/12 , H04L63/123 , H04L2463/061 , H04W12/04 , H04W88/02
摘要: A module (2) for integrity protection of messages transmitted from a mobile software defined radio (SDR) terminal (1), the module provided with a confined cryptographic key K and arranged to receive loaded SDR-code. The module derives an integrity protecting key Rk from at least said cryptographic key K, and provides a periodic integrity protection on-line of generated messages using said key integrity protecting key Rk, and the integrity of said messages is verified by an integrity checking node (10) of the access network.
摘要翻译: 一种用于对从移动软件定义的无线电(SDR)终端(1)发送的消息的完整性保护的模块(2),所述模块提供有密闭密码密钥K并且被布置成接收加载的SDR码。 该模块从至少所述加密密钥K导出完整性保护密钥Rk,并使用所述密钥完整性保护密钥Rk在线生成的消息提供周期性完整性保护,并且所述消息的完整性由完整性检查节点 10)的接入网络。
-
公开(公告)号:US20070127719A1
公开(公告)日:2007-06-07
申请号:US10575727
申请日:2004-10-13
申请人: Goran Selander , Fredrik Lindholm , Magnus Nystrom
发明人: Goran Selander , Fredrik Lindholm , Magnus Nystrom
IPC分类号: H04L9/00
CPC分类号: H04L9/0861 , H04L9/0891 , H04L2209/38
摘要: The invention generally relates to management of cryptographic key generations in an information environment comprising a key-producing side generating and distributing key information to a key-consuming side. A basic concept of the invention is to define, by means of a predetermined one-way key derivation function, a relationship between generations of keys such that earlier generations of keys efficiently may be derived from later ones but not the other way around. A basic idea according to the invention is therefore to replace, at key update, key information of an older key generation by the key information of the new key generation on the key-consuming side. Whenever necessary, the key-consuming side iteratively applies the predetermined one-way key derivation function to derive key information of at least one older key generation from the key information of the new key generation. In this way, storage requirements on the key-consuming side can be significantly reduced.
摘要翻译: 本发明一般涉及在信息环境中密码密钥世代的管理,包括密钥生成侧生成密钥信息到密钥消耗侧。 本发明的基本概念是通过预定的单向密钥导出函数来定义密钥的代数之间的关系,使得早期的密钥有效地可以从后来的密钥导出,而不是相反地导出。 因此,根据本发明的基本思想是通过关键消费侧的新密钥生成的密钥信息来代替关键更新时的老密钥生成的密钥信息。 只要有必要,关键消费方迭代地应用预定的单向密钥导出函数,从新密钥生成的密钥信息中导出至少一个较旧密钥生成的密钥信息。 以这种方式,可以显着减少关键消费方面的存储要求。
-
4.发明申请Monitoring of digital content provided from a content provider over a network 审中-公开通过网络监视从内容提供商提供的数字内容公开(公告)号:US20050246282A1
公开(公告)日:2005-11-03
申请号:US10524423
申请日:2003-04-25
申请人: Mats Naslund , Goran Selander , Ulf Vjorkengren
发明人: Mats Naslund , Goran Selander , Ulf Vjorkengren
CPC分类号: H04L63/0428 , H04L63/0823 , H04L2463/101 , Y02P90/845
摘要: The invention refers to monitoring usage of digital content provided from a content provider (30) over a network (40) to a client system (10). In the client system (10), a logging agent (150) generates and stores information concerning usage of the digital content individually for each usage to be monitored. The generated information is entered in a usage log (170; 175), either stored in the client system (10) or at a trusted party. The logged usage information is also authenticated allowing identification of the client using the associated digital content. The entries (172) of the log (170; 175) may include a representation (172-1) of the content, information about usage quality (172-2) and/or usage time (172-N). The logging agent (150) is preferably implemented in a portable tamper-resistant module (400), e.g. a network subscriber identity module. The module (400) may be pre-manufactured with the logging agent (150), or the agent (150) can be downloaded thereto.
摘要翻译: 本发明涉及通过网络(40)向客户端系统(10)监视从内容提供商(30)提供的数字内容的使用。 在客户端系统(10)中,记录代理(150)针对要监视的每个使用情况分别产生和存储关于数字内容的使用的信息。 生成的信息被输入到使用日志(170; 175)中,存储在客户端系统(10)中或在可信方中。 记录的使用信息也被认证,允许使用相关联的数字内容来识别客户端。 日志(170; 175)的条目(172)可以包括内容的表示(172-1),关于使用质量(172-2)和/或使用时间(172-N)的信息。 测井剂(150)优选地实现在便携式防篡改模块(400)中,例如。 网络用户识别模块。 模块(400)可以用测井剂(150)预先制造,或者可以向其下载代理(150)。
-
5.发明申请System and method for transcoding encrypted multimedia messages transmitted between two devices 审中-公开用于对在两个设备之间传输的加密多媒体消息进行代码转换的系统和方法公开(公告)号:US20050172127A1
公开(公告)日:2005-08-04
申请号:US10769566
申请日:2004-01-31
申请人: Frank Hartung , Goran Selander
发明人: Frank Hartung , Goran Selander
CPC分类号: H04L51/066 , G06F21/10 , H04L51/38 , H04L63/0464
摘要: A system, method and transcoding proxy are described herein that are capable of transcoding encrypted content, like an encrypted multimedia message or a multimedia message containing encrypted elements parts, which is transmitted between two devices (e.g., mobile phones). Basically, the transcoding proxy receives an encrypted multimedia message from a first device (e.g., mobile phone). The transcoding proxy then requests and receives a transcoding rights object (TRO) message from a rights issuer which includes a content encryption key (CEK) and a transcoding permission message (optional). After receiving the TRO message, the transcoding proxy is able to (1) decrypt the encrypted multimedia message (2) transcode the decrypted multimedia message so it matches the capabilities of a second device and could be accessed by a user of the second device (e.g., mobile phone) and (3) re-encrypt the transcoded multimedia message. The transcoding proxy then sends the re-encrypted transcoded multimedia message to the second device.
摘要翻译: 本文描述了能够对加密的内容进行转码的系统,方法和代码转换代理,例如加密的多媒体消息或包含加密的元素部分的多媒体消息,其在两个设备(例如,移动电话)之间传输。 基本上,代码转换代理从第一设备(例如,移动电话)接收加密的多媒体消息。 代码转换代理然后从包括内容加密密钥(CEK)和转码许可消息(可选)的权限发布者请求并接收转码权限对象(TRO)消息。 代码转换代理在接收到TRO消息之后能够(1)解密加密的多媒体消息(2)对解密的多媒体消息进行转码,使其与第二设备的能力相匹配,并且可被第二设备的用户(例如, ,手机)和(3)重新加密转码的多媒体消息。 代码转换代理然后将重新加密的经代码转换的多媒体消息发送到第二设备。
-
公开(公告)号:US07861097B2
公开(公告)日:2010-12-28
申请号:US10533120
申请日:2003-10-27
CPC分类号: G06F21/72 , G06F21/602 , H04L9/0844 , H04L9/3234 , H04L9/3271 , H04L2209/603
摘要: A tamper-resistant electronic circuit is configured for implementation in a device. The electronic circuit securely implements and utilizes device-specific security data during operation in the device, and is basically provided with a tamper-resistantly stored secret not accessible over an external circuit interface. The electronic circuit is also provided with functionality for performing cryptographic processing at least partly in response to the stored secret to generate an instance of device-specific security data that is internally confined within said electronic circuit during usage of the device. The electronic circuit is further configured for performing one or more security-related operations or algorithms in response to the internally confined device-specific security data. In this way, secure implementation and utilization device-specific security data for security purposes can be effectively accomplished. The security is uncompromised since the stored secret is never available outside the electronic circuit, and the device-specific security data is internally confined within the circuit during usage or operation of the device.
摘要翻译: 防篡改电子电路被配置为在设备中实现。 电子电路在设备运行期间安全地实施并利用设备专用的安全数据,并且基本上设置有不能通过外部电路接口访问的防篡改存储的秘密。 电子电路还具有用于至少部分地响应所存储的秘密来执行加密处理的功能,以在设备的使用期间产生内部限制在所述电子电路内的设备专用安全数据的实例。 电子电路还被配置为响应于内部限制的设备特定安全数据执行一个或多个与安全相关的操作或算法。 以这种方式,可以有效地实现用于安全目的的安全实现和利用设备特定的安全数据。 安全性是不妥协的,因为存储的秘密在电子电路之外永远不可用,并且设备特定的安全数据在设备的使用或操作期间内部被限制在电路内。
-
公开(公告)号:US20100325415A1
公开(公告)日:2010-12-23
申请号:US12866474
申请日:2008-03-25
申请人: Borje Ohlman , Goran Selander
发明人: Borje Ohlman , Goran Selander
IPC分类号: H04L9/00
CPC分类号: H04L12/1881 , H04L9/0656 , H04L63/067 , H04L65/4076 , H04L65/607 , H04L65/80 , H04L69/14
摘要: A method and apparatus for distributing time-controlled media. A media chunk is encrypted using cryptographic materials and sending the encrypted media chunk over a media channel. The cryptographic materials are distributed over a time-guaranteed control channel such that the cryptographic materials are received by a remote receiver node after the remote receiver receives the encrypted media chunk. The receiver node receives the encrypted media chunk over the media channel and stores the encrypted media chunk in a memory at the receiver node. The receiver node also receives the cryptographic materials over the time guaranteed channel, and uses the cryptographic materials to decrypt the encrypted media chunk. In this way, the receiver node cannot render the media chunk until it has received the cryptographic materials.
摘要翻译: 一种用于分发时间控制媒体的方法和装置。 使用加密材料加密媒体块,并通过媒体信道发送加密的媒体块。 加密材料通过时间保证的控制信道分布,使得密码材料在远程接收器接收到加密的媒体块之后由远程接收器节点接收。 接收机节点通过媒体信道接收加密的媒体块,并将加密的媒体块存储在接收机节点的存储器中。 接收器节点还在时间保证信道上接收加密材料,并使用加密材料解密加密的媒体块。 以这种方式,接收器节点在接收到加密材料之前不能呈现媒体块。
-
8.发明申请公开(公告)号:US20130104241A1
公开(公告)日:2013-04-25
申请号:US13505358
申请日:2009-11-02
发明人: Rolf Blom , Per-Olof Nerbrant , Goran Selander , Steinar Dahlin
IPC分类号: G06F21/60
CPC分类号: G06F21/60 , G06F21/10 , G06F2221/0755 , G06Q30/02
摘要: Devices for providing flexible control of rendering of protected media comprising first and second content objects are provided. An instruction database combines with traditional use of digital rights objects for determining, at rights parsing and instruction handler, conditions for rendering of first content object. Conditions may force the user to render second content objects or to input requested data and may adapt to environmental conditions exemplary relating to user profile, location, or time of day. A set of second content objects may be pre-determined and specified in provided instructions. User selection, from a list of second content objects, of a specified number of second content objects, provides for generation of a key enabling successful rendering of first content object.
摘要翻译: 提供了用于提供包括第一和第二内容对象的受保护媒体的呈现的灵活控制的设备。 指令数据库与数字版权对象的传统使用相结合,用于在权限解析和指令处理器处确定用于呈现第一内容对象的条件。 条件可能迫使用户呈现第二内容对象或输入所请求的数据,并且可以适应与用户简档,位置或时间有关的示例性的环境条件。 可以在提供的指令中预先确定和指定一组第二内容对象。 从第二内容对象的列表中选择指定数量的第二内容对象的用户提供了能够成功呈现第一内容对象的密钥的生成。
-
公开(公告)号:US20060101288A1
公开(公告)日:2006-05-11
申请号:US10533120
申请日:2003-10-27
IPC分类号: G06F12/14
CPC分类号: G06F21/72 , G06F21/602 , H04L9/0844 , H04L9/3234 , H04L9/3271 , H04L2209/603
摘要: The invention concerns a tamper-resistant electronic circuit configured for implementation in a device. The electronic circuit securely implements and utilizes device-specific security data during operation in the device, and is basically provided with a tamper-resistantly stored secret not accessible over an external circuit interface. The electronic circuit is also provided with functionality for performing cryptographic processing at least partly in response to the stored secret to generate an instance of device-specific security data that is internally confined within said electronic circuit during usage of the device. The electronic circuit is further configured for performing one or more security-related operations or algorithms in response to the internally confined device-specific security data. In this way, secure implementation and utilization device-specific security data for security purposes can be effectively accomplished. The security is uncompromised since the stored secret is never available outside the electronic circuit, and the device-specific security data is internally confined within the circuit during usage or operation of the device.
摘要翻译: 本发明涉及被配置为在设备中实现的防篡改电子电路。 电子电路在设备运行期间安全地实施并利用设备专用的安全数据,并且基本上设置有不能通过外部电路接口访问的防篡改存储的秘密。 电子电路还具有用于至少部分地响应所存储的秘密来执行加密处理的功能,以在设备的使用期间产生内部限制在所述电子电路内的设备专用安全数据的实例。 电子电路还被配置为响应于内部限制的设备特定安全数据执行一个或多个与安全相关的操作或算法。 以这种方式,可以有效地实现用于安全目的的安全实现和利用设备特定的安全数据。 安全性是不妥协的,因为存储的秘密在电子电路之外永远不可用,并且设备特定的安全数据在设备的使用或操作期间内部被限制在电路内。
-
10.发明申请METHODS, SERVER, MERCHANT DEVICE, COMPUTER PROGRAMS AND COMPUTER PROGRAM PRODUCTS FOR SETTING UP COMMUNICATION 有权方法,服务器,商业设备,计算机程序和用于设置通信的计算机程序产品公开(公告)号:US20130103590A1
公开(公告)日:2013-04-25
申请号:US13806451
申请日:2010-06-29
IPC分类号: G06Q20/40
CPC分类号: G06Q20/3227 , G06Q20/3229 , G06Q20/40 , H04L63/0823
摘要: It is presented a security server arranged to set up communication between a merchant device and a customer payment application. The security server comprises: a receiver arranged to receive a first message comprising a customer identifier, an application identifier and a security token; a determiner arranged to determine whether the merchant device is authorised; a transmitter arranged to send a second message to the merchant device, the second message indicating that the merchant device is authorised to effect payment; and a channel establisher arranged to set up a secure channel between the merchant device and the customer payment application in a secure element being adapted to be comprised in a mobile communication terminal, wherein all communication between the merchant device and the customer payment application is controlled by the security server. Corresponding methods, merchant device, computer programs and computer program products are also presented.
摘要翻译: 它被呈现为安排用于设置商家设备和客户支付应用之间的通信的安全服务器。 安全服务器包括:接收器,被布置为接收包括客户标识符,应用标识符和安全令牌的第一消息; 确定器,用于确定商家设备是否被授权; 发送器,被布置为向所述商家设备发送第二消息,所述第二消息指示所述商家设备被授权进行支付; 以及频道建立器,其被布置成在适于包含在移动通信终端中的安全元件中在所述商家设备和所述客户支付应用之间建立安全通道,其中所述商家设备和所述客户支付应用之间的所有通信由 安全服务器。 还提出了相应的方法,商家设备,计算机程序和计算机程序产品。
-
-
-
-
-
-
-
-
-
搜索结果
10 条记录 (耗时 0.018 秒)