-
1.发明授权Apparatus and method for over-the-air (OTA) provisioning of authentication and key agreement (AKA) credentials between two access systems 有权用于空中(OTA)提供两个接入系统之间的认证和密钥协商(AKA)凭证的设备和方法公开(公告)号:US08589689B2
公开(公告)日:2013-11-19
申请号:US12777048
申请日:2010-05-10
摘要: A method and apparatus for over-the-air provisioning of authentication credentials at an access device via a first access system, wherein the authentication credentials are for a second access system lacking an over-the-air provisioning procedure. For example, the second access system may be a 3GPP system using AKA authentication methods. The first access system may be CDMA, using an OTASP or IOTA procedure. Provisioning the authentication credentials may include provisioning any of a 3GPP AKA authentication root key (K), AKA authentication related parameters, an AKA authentication algorithm to be used in the 3GPP authentication, or authentication algorithm customization parameters.
摘要翻译: 一种用于经由第一接入系统在接入设备处空出配置认证证书的方法和装置,其中所述认证证书用于缺少空中供应过程的第二接入系统。 例如,第二接入系统可以是使用AKA认证方法的3GPP系统。 第一接入系统可以是CDMA,使用OTASP或IOTA过程。 配置认证证书可以包括提供3GPP AKA认证根密钥(K),AKA认证相关参数,要在3GPP认证中使用的AKA认证算法或认证算法定制参数中的任何一个。
-
2.发明申请Apparatus and Method for Over-the-Air (OTA) Provisioning of Authentication and Key Agreement (AKA) Credentials Between Two Access Systems 有权双向访问系统中的空中认证和密钥协商(AKA)证书的空中(OTA)设备和方法公开(公告)号:US20110119492A1
公开(公告)日:2011-05-19
申请号:US12777048
申请日:2010-05-10
摘要: A method and apparatus for over-the-air provisioning of authentication credentials at an access device via a first access system, wherein the authentication credentials are for a second access system lacking an over-the-air provisioning procedure. For example, the second access system may be a 3GPP system using AKA authentication methods. The first access system may be CDMA, using an OTASP or IOTA procedure. Provisioning the authentication credentials may include provisioning any of a 3GPP AKA authentication root key (K), AKA authentication related parameters, an AKA authentication algorithm to be used in the 3GPP authentication, or authentication algorithm customization parameters.
摘要翻译: 一种用于经由第一接入系统在接入设备处空出配置认证证书的方法和装置,其中所述认证证书用于缺少空中供应过程的第二接入系统。 例如,第二接入系统可以是使用AKA认证方法的3GPP系统。 第一接入系统可以是CDMA,使用OTASP或IOTA过程。 配置认证证书可以包括提供3GPP AKA认证根密钥(K),AKA认证相关参数,要在3GPP认证中使用的AKA认证算法或认证算法定制参数中的任何一个。
-
公开(公告)号:US20120233685A1
公开(公告)日:2012-09-13
申请号:US13213401
申请日:2011-08-19
CPC分类号: H04W12/06 , H04L63/0823 , H04L63/0853 , H04W12/12
摘要: Disclosed is a method for authentication of a remote station by a management station using a secure element. In the method, the remote station receives an identity request from the secure element. The identity request includes a first challenge provided to the secure element by the management station. The remote station forwards an identity response to the secure element. The identity response includes a response to the first challenge that is signed by a key of the remote station, and the signed response to the first challenge is for use by the management station to authenticate the remote station.
摘要翻译: 公开了一种使用安全元件由管理站对远程站进行认证的方法。 在该方法中,远程站从安全元件接收身份请求。 身份请求包括由管理站提供给安全元件的第一挑战。 远程站将身份响应转发到安全元件。 身份响应包括由远程站的密钥签署的对第一挑战的响应,并且对第一挑战的签名响应由管理站用于对远程站进行认证。
-
公开(公告)号:US09668128B2
公开(公告)日:2017-05-30
申请号:US13213401
申请日:2011-08-19
CPC分类号: H04W12/06 , H04L63/0823 , H04L63/0853 , H04W12/12
摘要: Disclosed is a method for authentication of a remote station by a management station using a secure element. In the method, the remote station receives an identity request from the secure element. The identity request includes a first challenge provided to the secure element by the management station. The remote station forwards an identity response to the secure element. The identity response includes a response to the first challenge that is signed by a key of the remote station, and the signed response to the first challenge is for use by the management station to authenticate the remote station.
-
公开(公告)号:US08938621B2
公开(公告)日:2015-01-20
申请号:US13274968
申请日:2011-11-18
申请人: Yinian Mao , Anand Palanigounder , Qing Li , Edward George Tiedemann, Jr. , John Wallace Nasielski
发明人: Yinian Mao , Anand Palanigounder , Qing Li , Edward George Tiedemann, Jr. , John Wallace Nasielski
CPC分类号: G06F21/73 , G06F21/70 , H04L9/3239
摘要: A method of operating a computer system includes: obtaining, at the computer system, verification-input information associated with each of multiple hardware components of the computer system; cryptographically processing, at the computer system, the verification-input information to obtain a cryptographic result; and determining, at the computer system, whether to allow or inhibit, depending upon a comparison of the cryptographic result with a verification value, further operation of at least one of the hardware components.
摘要翻译: 一种操作计算机系统的方法包括:在计算机系统处获得与计算机系统的多个硬件组件中的每一个相关联的验证输入信息; 在计算机系统处密码处理验证输入信息以获得密码结果; 以及在所述计算机系统处,根据所述密码结果与验证值的比较来确定是否允许或禁止所述硬件组件中的至少一个的进一步操作。
-
公开(公告)号:US20130132734A1
公开(公告)日:2013-05-23
申请号:US13274968
申请日:2011-11-18
申请人: Yinian MAO , Anand Palanigounder , Qing Li , Edward George Tiedemann, JR. , John Wallace Nasielski
发明人: Yinian MAO , Anand Palanigounder , Qing Li , Edward George Tiedemann, JR. , John Wallace Nasielski
IPC分类号: G06F21/00
CPC分类号: G06F21/73 , G06F21/70 , H04L9/3239
摘要: A method of operating a computer system includes: obtaining, at the computer system, verification-input information associated with each of multiple hardware components of the computer system; cryptographically processing, at the computer system, the verification-input information to obtain a cryptographic result; and determining, at the computer system, whether to allow or inhibit, depending upon a comparison of the cryptographic result with a verification value, further operation of at least one of the hardware components.
-
7.发明授权Apparatus and method for transitioning enhanced security context from a UTRAN/GERAN-based serving network to an E-UTRAN-based serving network 有权用于将增强的安全上下文从基于UTRAN / GERAN的服务网络转移到基于E-UTRAN的服务网络的装置和方法公开(公告)号:US09084110B2
公开(公告)日:2015-07-14
申请号:US13159212
申请日:2011-06-13
CPC分类号: H04W12/04 , H04L9/08 , H04L63/06 , H04W36/0038
摘要: Disclosed is a method for transitioning an enhanced security context from a UTRAN/GERAN-based serving network to an E-UTRAN-based serving network. In the method, the remote station the remote station generates first and second session keys, in accordance with the enhanced security context, using a first enhanced security context root key associated with a UTRAN/GERAN-based serving network and a first information element. The remote station receives a first message from the E-UTRAN-based serving network. The first message signals to the remote station to generate a second enhanced security context root key for use with the E-UTRAN-based serving network. The remote station generates, in response to the first message, the second enhanced security context root key from the first enhanced security context root key using the s first and second session keys as inputs. The remote station protects wireless communications, on the E-UTRAN-based serving network, based on the second enhanced security context root key.
摘要翻译: 公开了一种用于将增强的安全上下文从基于UTRAN / GERAN的服务网络转换到基于E-UTRAN的服务网络的方法。 在该方法中,远程站使用与基于UTRAN / GERAN的服务网络和第一信息元素相关联的第一增强型安全上下文根密钥,根据增强的安全上下文生成第一和第二会话密钥。 远程站从基于E-UTRAN的服务网络接收第一消息。 第一消息向远程站发信号以产生用于与基于E-UTRAN的服务网络一起使用的第二增强安全上下文根密钥。 响应于第一消息,远程站使用第一和第二会话密钥作为输入,从第一增强安全上下文根密钥生成第二增强安全上下文根密钥。 远程站基于第二增强安全上下文根密钥来保护基于E-UTRAN的服务网络上的无线通信。
-
8.发明授权公开(公告)号:US08886164B2
公开(公告)日:2014-11-11
申请号:US12625047
申请日:2009-11-24
CPC分类号: H04W12/06 , H04L63/0823 , H04L65/1073 , H04W84/045
摘要: Methods, apparatus, and systems to perform secure registration of a femto access point for trusted access to an operator-controlled network element. Method steps include establishing a security association for at least one said femto access point, making a request using the security association to an operator-controlled network element, which requests a secure registration credential from an authorizing component. The operator-controlled network element constructs a secure registration credential and sends the secure registration credential to the requesting femto access point, thus authorizing trusted access by the requesting femto access point to access operator-controlled network elements. Embodiments include establishing a security association via an IPsec security association received from a security gateway which is within an operator-controlled domain and using an operator-controlled database of IPsec inner addresses. In some embodiments the femto access point conducts message exchanges using one or more IMS protocols and components, including call session control function elements, which elements in turn may authorize a femto access point within the IMS domain, may or access non-IMS network elements for authorization.
摘要翻译: 用于执行毫微微接入点的安全注册的方法,装置和系统,用于对操作者控制的网络元件的可信访问。 方法步骤包括为至少一个所述毫微微接入点建立安全关联,使用安全关联向来自授权组件请求安全注册凭证的操作员控制的网络元件进行请求。 运营商控制的网络元件构造安全注册凭证,并将安全注册凭证发送到请求的毫微微接入点,从而授权请求的毫微微接入点的可信访问访问运营商控制的网络元件。 实施例包括通过从操作者控制的域内的安全网关接收的IPsec安全关联来建立安全关联,并且使用操作者控制的IPsec内部地址的数据库。 在一些实施例中,毫微微接入点使用一个或多个IMS协议和组件进行消息交换,所述IMS协议和组件包括呼叫会话控制功能元件,哪些元件又可以授权IMS域内的毫微微接入点,或可以访问非IMS网络元件 授权
-
公开(公告)号:US08776223B2
公开(公告)日:2014-07-08
申请号:US13351006
申请日:2012-01-16
申请人: Arun Balakrishnan , Alexander Gantman , Renwei Ge , Daniel Komaromy , Yinian Mao , Anand Palanigounder , Brian M. Rosenberg
发明人: Arun Balakrishnan , Alexander Gantman , Renwei Ge , Daniel Komaromy , Yinian Mao , Anand Palanigounder , Brian M. Rosenberg
IPC分类号: G06F21/00
CPC分类号: G06F21/54
摘要: A method, apparatus, and/or system for execution prevention is provided. A state indicator for a first subset of a plurality of memory pages of executable code in a memory device is set to a non-executable state. A state indicator for a second subset of the plurality of memory pages is set to an executable state, where the second subset of the plurality of memory pages includes indirection stubs to functions in the first subset of the plurality of memory pages. Upon execution of an application, a function call is directed to a corresponding indirection stub in the second subset of the plurality of memory pages which modifies the state indicator for a corresponding function in the first subset of the plurality of memory pages prior to directing execution of the called function from the first subset of the plurality of memory pages.
摘要翻译: 提供了用于执行预防的方法,装置和/或系统。 用于存储器设备中的可执行代码的多个存储器页的第一子集的状态指示符被设置为不可执行状态。 多个存储器页的第二子集的状态指示符被设置为可执行状态,其中多个存储器页的第二子集包括多个存储器页的第一子集中的功能的间接存根。 在执行应用程序时,将功能调用定向到多个存储器页面的第二子集中的对应的间接存根,其在指导执行之前修改多个存储器页的第一子集中的相应功能的状态指示符 来自多个存储器页的第一子集的被调用函数。
-
公开(公告)号:US08473002B2
公开(公告)日:2013-06-25
申请号:US13091013
申请日:2011-04-20
IPC分类号: H04W88/02
CPC分类号: H04W12/06 , H04L63/0823 , H04L63/0869 , H04W48/02 , H04W76/10 , H04W88/02
摘要: A method and apparatus are provided for a subsidizing service provider entity to personalize a subscriber device to ensure the subscriber device cannot be used in a network of a different service provider entity. As the service provider entity subsidizes the subscriber device, it desires to ensure that subscriber device is personalized such that the subscriber device may operate only in its network and not a network of a different service provider entity. The subscriber device is pre-configured with a plurality of provider-specific and/or unassociated root certificates by the manufacturer of the subscriber device. A communication service is established between the service provider entity and the subscriber device allowing for the mutual authentication of the subscriber device and the service provider entity. After mutual authentication, the service provider entity sends a command to the subscriber device to disable/delete some/all root certificates that are unassociated with the service provider entity.
-
-
-
-
-
-
-
-
-
搜索结果
58 条记录 (耗时 0.027 秒)