公开(公告)号：US20090253409A1

公开(公告)日：2009-10-08

申请号：US12193165

申请日：2008-08-18

申请人： Kristian Slavov ,  Patrik Mikael Salmela

发明人： Kristian Slavov ,  Patrik Mikael Salmela

IPC分类号： H04M1/66 ,  H04Q7/20

CPC分类号： H04W12/06 ,  H04L9/0844 ,  H04L9/3273 ,  H04L63/0823 ,  H04L67/12 ,  H04L2209/80 ,  H04W4/00 ,  H04W4/50 ,  H04W4/70 ,  H04W12/0023

摘要： A method and apparatus is provided for authentication between a home network and a wireless device during device activation using a registration server as a trusted agent. The wireless device owner subscribes to the services of the home network and the home network registers as the service provider with the registration server. When the home network registers with the registration server, the registration server provides authentication data to the home network to use for authentication with the wireless device. Because the wireless device has no prior knowledge of the home network, the wireless device connects to the registration server to obtain contact information for the home network. The registration server provides home network data to the wireless device. In some embodiments, the registration server may also provide second authentication data to the wireless device for authenticating the home network. When the wireless device subsequently connects to the home network to download permanent security credentials, the home network uses the information provided by the registration server to authenticate itself to the wireless device. The authentication procedure prevents a third party from fraudulently obtaining confidential information from the home network or the wireless device.

摘要翻译： 提供了一种用于在使用注册服务器作为可信代理的设备激活期间家庭网络和无线设备之间的认证的方法和装置。 无线设备所有者通过注册服务器预订家庭网络和家庭网络的服务作为服务提供商。 当家庭网络向注册服务器注册时，注册服务器向家庭网络提供认证数据以用于与无线设备的认证。 因为无线设备没有家庭网络的先验知识，所以无线设备连接到注册服务器以获得家庭网络的联系信息。 注册服务器向无线设备提供家庭网络数据。 在一些实施例中，注册服务器还可以向无线设备提供用于认证家庭网络的第二认证数据。 当无线设备随后连接到家庭网络以下载永久的安全凭证时，家庭网络使用注册服务器提供的信息来向无线设备认证自身。 认证过程防止第三方从家庭网络或无线设备欺骗性地获取机密信息。

公开(公告)号：US08705439B2

公开(公告)日：2014-04-22

申请号：US12301371

申请日：2006-05-24

申请人： Jukka Ylitalo ,  Jan Melen ,  Patrik Mikael Salmela

发明人： Jukka Ylitalo ,  Jan Melen ,  Patrik Mikael Salmela

IPC分类号： H04W4/00

CPC分类号： H04L29/12028 ,  H04L29/12311 ,  H04L61/103 ,  H04L61/2084 ,  H04L63/0823 ,  H04L63/1458 ,  H04W12/06 ,  H04W84/005

摘要： A method of handling mobility-related signaling in a communications system comprising a mobile node, a mobile router, and a peer node. The method comprises providing the mobile router with a delegation certificate that is cryptographically signed by or on behalf of the mobile node. At the mobile router, a mobility-related signaling exchange is initiated with the peer node on behalf of the mobile node, the mobile router providing to the peer node within this exchange, said delegation certificate or an identification of the certificate, and a sequence number associated with the certificate. At the peer node, the received sequence number is compared with a sequence number maintained by the peer node in respect of the delegation certificate, and the exchange authorized in dependence upon the result of the comparison.

摘要翻译： 一种在包括移动节点，移动路由器和对等节点的通信系统中处理移动性相关信令的方法。 该方法包括向移动路由器提供由移动节点或代表移动节点密码地签名的授权证书。 在移动路由器处，代表移动节点的对等节点发起与移动性有关的信令交换，移动路由器提供给该交换机内的对等节点，所述授权证书或证书的标识以及序列号 与证书相关联。 在对等节点处，将所接收的序列号与对等节点相对于委托证书维护的序列号进行比较，并且根据比较结果授权交换。

公开(公告)号：US20090217348A1

公开(公告)日：2009-08-27

申请号：US12135256

申请日：2008-06-09

申请人： Patrik Mikael Salmela ,  Kristian Slavov

发明人： Patrik Mikael Salmela ,  Kristian Slavov

IPC分类号： G06F21/00

CPC分类号： H04W12/06 ,  H04L63/08 ,  H04L67/12 ,  H04W4/00 ,  H04W4/70 ,  H04W8/20 ,  H04W88/02

摘要： Disclosed are a system and methods for associating a “generic” wireless device, i.e., a device that is not pre-programmed with subscription credentials corresponding to a particular operator, with a Home Operator designated by the device's owner. The disclosed system and methods further facilitate the automatic linking of a newly activated M2M device to an appropriate server for downloading the subscription credentials for the Home Operator. The disclosed system includes a registration server for maintaining electronic registration data for a plurality of wireless devices and for directing newly activated wireless devices to a server for downloading “permanent” subscription credentials, such as a downloadable USIM. The disclosed system further includes a subscription server for updating registration server entries to reflect an association between a first wireless device and its corresponding home network. In some embodiments, the subscription server may be further configured for downloading subscription credentials to subscribing wireless devices.

摘要翻译： 公开了一种用于将“通用”无线设备即未被预编程的设备与对应于特定运营商的订阅凭证与由设备所有者指定的归属运营商相关联的系统和方法。 所公开的系统和方法进一步促进了将新激活的M2M设备自动链接到适当的服务器，以便下载家庭运营商的订阅凭证。 所公开的系统包括用于维护多个无线设备的电子注册数据并用于将新激活的无线设备引导到服务器以下载“永久”订阅凭证（诸如可下载的USIM）的注册服务器。 所公开的系统还包括订阅服务器，用于更新注册服务器条目以反映第一无线设备与其对应的归属网络之间的关联。 在一些实施例中，预订服务器可以被进一步配置用于将订阅凭证下载到订阅无线设备。

公开(公告)号：US20090217038A1

公开(公告)日：2009-08-27

申请号：US12139773

申请日：2008-06-16

申请人： Vesa Petteri Lehtovirta ,  Patrik Mikael Salmela ,  Kristian Slavov

发明人： Vesa Petteri Lehtovirta ,  Patrik Mikael Salmela ,  Kristian Slavov

IPC分类号： G06F21/00

CPC分类号： H04L63/0853 ,  H04L29/12783 ,  H04L61/35 ,  H04W4/00 ,  H04W4/70 ,  H04W12/0023 ,  H04W12/06

摘要： Methods and apparatus for locating and accessing a data server in a wireless network are disclosed. The disclosed techniques may be used to allow a wireless device provided with temporary credentials to access a wireless network and obtain a network address for a data server for downloading subscription credentials. An exemplary wireless device comprises a processing unit configured to send an access authentication request to a wireless network, and to receive an authentication challenge value from the wireless network in response. The processing unit is further configured to generate a cryptographic response from the authentication challenge value and to send the cryptographic response to the wireless network, and to also derive a data server address from the authentication challenge value. Thus, the authentication challenge value serves two purposes—as a challenge key for use in a network access authentication procedure, and as a carrier for data server address information.

摘要翻译： 公开了一种用于在无线网络中定位和访问数据服务器的方法和装置。 所公开的技术可以用于允许具有临时凭证的无线设备访问无线网络并且获得数据服务器的用于下载订阅凭证的网络地址。 示例性无线设备包括被配置为向无线网络发送接入认证请求并响应于从无线网络接收认证挑战值的处理单元。 处理单元还被配置为从认证质询值生成密码响应，并将加密响应发送到无线网络，并且还从认证挑战值导出数据服务器地址。 因此，认证挑战值具有两个目的，作为在网络访问认证过程中使用的挑战密钥以及用作数据服务器地址信息的载体。

公开(公告)号：US08407769B2

公开(公告)日：2013-03-26

申请号：US12135256

申请日：2008-06-09

申请人： Patrik Mikael Salmela ,  Kristian Slavov

发明人： Patrik Mikael Salmela ,  Kristian Slavov

IPC分类号： G06F7/00

CPC分类号： H04W12/06 ,  H04L63/08 ,  H04L67/12 ,  H04W4/00 ,  H04W4/70 ,  H04W8/20 ,  H04W88/02

摘要： Disclosed are a system and methods for associating a “generic” wireless device, i.e., a device that is not pre-programmed with subscription credentials corresponding to a particular operator, with a Home Operator designated by the device's owner. The disclosed system and methods further facilitate the automatic linking of a newly activated M2M device to an appropriate server for downloading the subscription credentials for the Home Operator. The disclosed system includes a registration server for maintaining electronic registration data for a plurality of wireless devices and for directing newly activated wireless devices to a server for downloading “permanent” subscription credentials, such as a downloadable USIM. The disclosed system further includes a subscription server for updating registration server entries to reflect an association between a first wireless device and its corresponding home network. In some embodiments, the subscription server may be further configured for downloading subscription credentials to subscribing wireless devices.

摘要翻译： 公开了一种用于将通用无线设备即未被预编程的设备与对应于特定运营商的订阅证书相关联的系统和方法与由设备所有者指定的归属运营商相关联的系统和方法。 所公开的系统和方法进一步促进了将新激活的M2M设备自动链接到适当的服务器，以便下载家庭运营商的订阅凭证。 所公开的系统包括用于维护多个无线设备的电子注册数据并用于将新激活的无线设备引导到服务器以用于下载永久订阅凭证（诸如可下载的USIM）的注册服务器。 所公开的系统还包括订阅服务器，用于更新注册服务器条目以反映第一无线设备与其对应的归属网络之间的关联。 在一些实施例中，预订服务器可以被进一步配置用于将订阅凭证下载到订阅无线设备。

公开(公告)号：US20090217364A1

公开(公告)日：2009-08-27

申请号：US12140728

申请日：2008-06-17

申请人： Patrik Mikael Salmela ,  Vesa Petteri Lehtovirta ,  Kristian Slavov

发明人： Patrik Mikael Salmela ,  Vesa Petteri Lehtovirta ,  Kristian Slavov

IPC分类号： H04L9/32 ,  G06F21/00

CPC分类号： H04W12/06 ,  H04L67/12 ,  H04L69/40 ,  H04W88/02 ,  H04W88/18

摘要： According to the teachings presented herein, a wireless communication device reverts from subscription credentials to temporary access credentials, in response to detecting an access failure. The device uses its temporary access credentials to gain temporary network access, either through a preferred network (e.g., home network) or through any one of one or more non-preferred networks (e.g., visited networks). After gaining temporary access, the device determines whether it needs new subscription credentials and, if so, uses the temporary access to obtain them. Correspondingly, in one or more embodiments, a registration server is configured to support such operations, such as by providing determination of credential validity and/or by redirecting the device to a new home operator for obtaining new subscription credentials.

摘要翻译： 根据本文给出的教导，响应于检测到访问失败，无线通信设备从订阅凭证还原为临时访问凭证。 该设备使用其临时访问凭证来通过优选网络（例如，家庭网络）或通过一个或多个非优选网络（例如访问网络）中的任何一个来获得临时网络访问。 获得临时访问权限后，设备将确定是否需要新的订阅凭证，如果是，则使用临时访问获取它们。 相应地，在一个或多个实施例中，注册服务器被配置为支持这样的操作，例如通过提供凭证有效性的确定和/或通过将设备重定向到新的家庭运营商来获得新的订阅凭证。

公开(公告)号：US08553883B2

公开(公告)日：2013-10-08

申请号：US12140728

申请日：2008-06-17

申请人： Patrik Mikael Salmela ,  Vesa Petteri Lehtovirta ,  Kristian Slavov

发明人： Patrik Mikael Salmela ,  Vesa Petteri Lehtovirta ,  Kristian Slavov

IPC分类号： H04L29/06

CPC分类号： H04W12/06 ,  H04L67/12 ,  H04L69/40 ,  H04W88/02 ,  H04W88/18

摘要： According to the teachings presented herein, a wireless communication device reverts from subscription credentials to temporary access credentials, in response to detecting an access failure. The device uses its temporary access credentials to gain temporary network access, either through a preferred network (e.g., home network) or through any one of one or more non-preferred networks (e.g., visited networks). After gaining temporary access, the device determines whether it needs new subscription credentials and, if so, uses the temporary access to obtain them. Correspondingly, in one or more embodiments, a registration server is configured to support such operations, such as by providing determination of credential validity and/or by redirecting the device to a new home operator for obtaining new subscription credentials.

摘要翻译： 根据本文给出的教导，响应于检测到访问失败，无线通信设备从订阅凭证还原为临时访问凭证。 该设备使用其临时访问凭证来通过优选网络（例如，家庭网络）或通过一个或多个非优选网络（例如访问网络）中的任何一个来获得临时网络访问。 获得临时访问权限后，设备将确定是否需要新的订阅凭证，如果是，则使用临时访问获取它们。 相应地，在一个或多个实施例中，注册服务器被配置为支持这样的操作，例如通过提供凭证有效性的确定和/或通过将设备重定向到新的家庭运营商来获得新的订阅凭证。

公开(公告)号：US07873825B2

公开(公告)日：2011-01-18

申请号：US10599761

申请日：2004-04-15

申请人： Petri Jokela ,  Pekka Nikander ,  Patrik Mikael Salmela ,  Jari Arkko ,  Jukka Ylitalo

发明人： Petri Jokela ,  Pekka Nikander ,  Patrik Mikael Salmela ,  Jari Arkko ,  Jukka Ylitalo

IPC分类号： H04L29/06

CPC分类号： H04L29/12018 ,  H04L29/12066 ,  H04L61/10 ,  H04L61/1511 ,  H04L63/08 ,  H04L63/164 ,  H04L69/24 ,  H04L69/329 ,  H04W8/04 ,  H04W80/04

摘要： A method of using the Host Identity Protocol (HIP) to at least partially secure communications between a first host operating in a first network environment and a second, HIP-enabled, host operating in a second network environment, with a gateway node forming a gateway between the two environments. An identifier is associated with the first host, stored at the gateway node, and sent to the first host. The identifier is then used as a source address in a subsequent session initiation message sent from the first host to the gateway node, having an indication that the destination of the message is the second host. The stored identifier at the gateway node is then used to negotiate a secure HIP connection to the second host. The first network environment may be a UMTS or GPRS environment, in which case the gateway node may be a Gateway GPRS Support Node (GGSN).

摘要翻译： 一种使用主机身份协议（HIP）至少部分地保护在第一网络环境中操作的第一主机与在第二网络环境中操作的第二启用HIP的主机之间的通信与形成网关的网关节点 在两个环境之间。 标识符与第一主机相关联，存储在网关节点处，并被发送到第一主机。 然后，该标识符用作从第一主机发送到网关节点的后续会话发起消息中的源地址，其具有消息的目的地是第二主机的指示。 网关节点处的存储的标识符然后用于协商到第二主机的安全HIP连接。 第一网络环境可以是UMTS或GPRS环境，在这种情况下，网关节点可以是网关GPRS支持节点（GGSN）。

公开(公告)号：US20100027465A1

公开(公告)日：2010-02-04

申请号：US12301371

申请日：2006-05-24

申请人： Jukka Ylitalo ,  Jan Melen ,  Patrik Mikael Salmela

发明人： Jukka Ylitalo ,  Jan Melen ,  Patrik Mikael Salmela

IPC分类号： H04W8/02

CPC分类号： H04L29/12028 ,  H04L29/12311 ,  H04L61/103 ,  H04L61/2084 ,  H04L63/0823 ,  H04L63/1458 ,  H04W12/06 ,  H04W84/005

摘要： A method of handling mobility-related signaling in a communications system comprising a mobile node, a mobile router, and a peer node. The method comprises providing the mobile router with a delegation certificate that is cryptographically signed by or on behalf of the mobile node. At the mobile router, a mobility-related signaling exchange is initiated with the peer node on behalf of the mobile node, the mobile router providing to the peer node within this exchange, said delegation certificate or an identification of the certificate, and a sequence number associated with the certificate. At the peer node, the received sequence number is compared with a sequence number maintained by the peer node in respect of the delegation certificate, and the exchange authorised in dependence upon the result of the comparison.

摘要翻译： 一种在包括移动节点，移动路由器和对等节点的通信系统中处理移动性相关信令的方法。 该方法包括向移动路由器提供由移动节点或代表移动节点密码地签名的授权证书。 在移动路由器处，代表移动节点的对等节点发起与移动性有关的信令交换，移动路由器提供给该交换机内的对等节点，所述授权证书或证书的标识以及序列号 与证书相关联。 在对等节点处，将所接收的序列号与对等节点相对于委托证书维护的序列号进行比较，并且根据比较结果授权交换。