-
公开(公告)号:US20070043940A1
公开(公告)日:2007-02-22
申请号:US11207801
申请日:2005-08-22
IPC分类号: H04L9/00
CPC分类号: H04L63/0272 , H04L63/0281 , H04L63/0464 , H04L63/0471 , H04L63/164 , H04W12/02
摘要: A method for enabling a mobile node to transmit encrypted data over a path including a wireless link and an untrusted link, while avoiding double encryption on any link. The data on the end-to-end path is encrypted using an application specific security mechanism, or an L2 mechanism is used for encrypting the data on the wireless link as mandated by the wireless standards, and an application specific security mechanism is used for encrypting the data on the untrusted link. By avoiding redundant double encryption, the method of the invention results in optimizing the use of network resources in bandwidth-limited wireless networks and increases the life of the mobile node battery.
摘要翻译: 一种使得移动节点能够在包括无线链路和不可信链路的路径上传送加密数据的方法,同时避免在任何链路上的双重加密。 端到端路径上的数据使用特定于应用的安全机制进行加密,或者根据无线标准规定使用L2机制来加密无线链路上的数据,并且使用特定于应用的安全机制进行加密 不可信链接上的数据。 通过避免冗余双重加密,本发明的方法导致优化在带宽受限的无线网络中的网络资源的使用,并且增加了移动节点电池的寿命。
-
公开(公告)号:US07613920B2
公开(公告)日:2009-11-03
申请号:US11207801
申请日:2005-08-22
IPC分类号: H04L29/06
CPC分类号: H04L63/0272 , H04L63/0281 , H04L63/0464 , H04L63/0471 , H04L63/164 , H04W12/02
摘要: A method for enabling a mobile node to transmit encrypted data over a path including a wireless link and an untrusted link, while avoiding double encryption on any link. The data on the end-to-end path is encrypted using an application specific security mechanism, or an L2 mechanism is used for encrypting the data on the wireless link as mandated by the wireless standards, and an application specific security mechanism is used for encrypting the data on the untrusted link. By avoiding redundant double encryption, the method of the invention results in optimizing the use of network resources in bandwidth-limited wireless networks and increases the life of the mobile node battery.
摘要翻译: 一种使得移动节点能够在包括无线链路和不可信链路的路径上传送加密数据的方法,同时避免在任何链路上的双重加密。 端到端路径上的数据使用特定于应用的安全机制进行加密,或者根据无线标准规定使用L2机制来加密无线链路上的数据,并且使用特定于应用的安全机制进行加密 不可信链接上的数据。 通过避免冗余双重加密,本发明的方法导致优化在带宽受限的无线网络中的网络资源的使用,并且增加了移动节点电池的寿命。
-
3.发明申请Method of authenticating a mobile network node in establishing a peer-to-peer secure context between a pair of communicating mobile network nodes 有权在一对通信移动网络节点之间建立对等安全上下文的步骤中认证移动网络节点的方法公开(公告)号:US20060087999A1
公开(公告)日:2006-04-27
申请号:US10970137
申请日:2004-10-22
IPC分类号: H04Q7/00
CPC分类号: H04L63/0853 , H04L63/04 , H04L63/0869 , H04W12/06 , H04W76/14
摘要: Methods for authenticating peer mobile network nodes for establishing a secure peer-to-peer communications context in an ad-hoc network are presented. The methods include accessing wireless infrastructure network entities at low bandwidth and for a short time duration to obtain cryptographic information regarding a peer mobile network node for the purpose of establishing secure peer-to-peer communications therewith ad-hoc network. Having received cryptographic information regarding a peer mobile network node, the method further includes challenging the peer network node with a challenge phrase derived from the cryptographic information received, receiving a response, and establishing a secure communications context to the peer mobile network node based on the validity of the received response. Advantages are derived from addressing security threats encountered in provisioning ad-hoc networking, by leveraging wireless infrastructure network security architecture, exemplary deployed in UMTS/GSM infrastructure networks, enabling seamless mobile network node authentication through the existing UMTS and/or GSM authentication infrastructure, while pervasively communicating with peer mobile network nodes in an ad-hoc network.
摘要翻译: 提出了用于认证对等移动网络节点以在自组织网络中建立安全的对等通信上下文的方法。 这些方法包括以低带宽和短时间的时间访问无线基础设施网络实体以获得关于对等移动网络节点的加密信息,以便与其自组织网络建立安全的对等通信。 已经接收到关于对等移动网络节点的加密信息,该方法还包括利用从所接收的加密信息导出的挑战短语来挑战对等网络节点,接收响应,以及基于所述对等移动网络节点向对等移动网络节点建立安全通信上下文 接收到的响应的有效性。 优点来自于通过利用无线基础设施网络安全架构,部署在UMTS / GSM基础设施网络中的示例性部署,通过现有的UMTS和/或GSM认证基础设施实现无缝移动网络节点认证,从而解决了提供自组织网络中遇到的安全威胁,同时 与ad-hoc网络中的对等移动网络节点进行广泛的通信。
-
公开(公告)号:US20100070761A1
公开(公告)日:2010-03-18
申请号:US12212368
申请日:2008-09-17
申请人: Christophe Gustave , Vinod Choyi , Shu-Lin Chen
发明人: Christophe Gustave , Vinod Choyi , Shu-Lin Chen
IPC分类号: H04L9/06
CPC分类号: H04L9/3247 , H04L9/3263 , H04L9/3297
摘要: A method is provided in a telecommunications network for authenticating a sender (10) of a message to a recipient of the message. The method includes: registering the sender (10) with a trusted certificate authority (CA) (20), the registering including providing the CA (20) with (i) identification information identifying the sender (10) and (ii) a public key (12) of the sender (10); creating an authentication certificate (30) including the sender's identification information and the sender's public key (12); signing the certificate (30) with a private key (28) of the CA (20); provisioning a message sending device (52) of the sender (10) with the certificate (30) that was signed with the private key (28) of the CA (20); provisioning a message receiving device (40) of the recipient with a public key (24) of the CA (20), the CA's public key (24) being a corresponding counterpart to the CA's private key (28); generating a signature with a private key (14) of the sender (10), the sender's private key (14) being a corresponding counterpart for the sender's public key (12); sending a message from sender's message sending device (52), the message including the certificate (30) and the signature; retrieving the message with the recipient's message receiving device (40); using the CA's public key (24) with which the recipient's receiving device (40) was provisioned to obtain the sender's public key (12) from the certificate (30) received in the retrieved message; and, using the sender's public key (12) obtained from the certificate (30) received in the retrieved message to verify the signature generated with the sender's private key (14).
摘要翻译: 在电信网络中提供了一种方法,用于向消息的接收方认证消息的发送者(10)。 该方法包括:向可信证书机构(CA)(20)注册发送者(10),该注册包括向CA(20)提供(i)识别发送者(10)的识别信息和(ii)公开密钥 (10)的(12); 创建包括所述发送者的识别信息和所述发送者的公开密钥(12)的认证证书(30); 用CA(20)的私钥(28)签署证书(30); 用CA(20)的私钥(28)签名的证书(30)来设置发送者(10)的消息发送设备(52); 通过所述CA(20)的公开密钥(24)提供所述接收者的消息接收设备(40),所述CA的公开密钥(24)是所述CA的私钥(28)的相应对应物; 使用所述发送者(10)的私钥(14)生成签名,所述发送者的私钥(14)是所述发送者的公开密钥(12)的对应的对应物; 从发送者的消息发送装置(52)发送消息,所述消息包括证书(30)和签名; 用接收者的消息接收装置(40)检索消息; 使用接收者的接收设备(40)提供的CA的公开密钥(24)从在所检索的消息中接收的证书(30)获得发送者的公开密钥(12); 以及使用从所检索的消息中接收的证书(30)获得的发送者的公开密钥(12)来验证使用发送者的私钥(14)生成的签名。
-
公开(公告)号:US20090046839A1
公开(公告)日:2009-02-19
申请号:US11893325
申请日:2007-08-15
IPC分类号: H04M1/56
CPC分类号: H04L63/0823 , H04L63/12 , H04L65/1069 , H04M3/382 , H04M2203/6045 , H04W12/06
摘要: A method comprising a plurality of operations. An operation is provided for receiving an authentication certificate of a called party. Telephony apparatus of a party calling the called party performs receiving the authentication certificate. An operation is provided for facilitating authentication of the authentication certificate and called party identification information thereof in response to receiving the authentication certificate. An operation is provided for providing an authentication notification in response to facilitating the authentication of the authentication certificate and the called party identification information. The authentication notification indicates successful authentication in response to the authentication being successful and wherein the authentication notification indicates non-successful authentication in response to the authentication not being successful.
摘要翻译: 一种包括多个操作的方法。 提供用于接收被叫方的认证证书的操作。 呼叫被叫方的电话设备执行接收认证证书。 响应于接收到认证证书,提供了用于促进认证证书的认证和被叫方标识信息的操作。 提供了一种操作来提供认证通知以响应认证证书和被叫方识别信息的认证。 认证通知响应于认证成功而指示成功认证,并且其中认证通知响应于认证不成功而指示不成功认证。
-
6.发明申请On-demand authentication of call session party information during a telephone call 审中-公开呼叫会话聚会信息在电话呼叫期间的按需认证公开(公告)号:US20090025075A1
公开(公告)日:2009-01-22
申请号:US11879307
申请日:2007-07-17
IPC分类号: G06F7/04
CPC分类号: H04M7/123 , H04L63/0823 , H04M3/38 , H04M2203/6045
摘要: A method comprises a plurality of operations. An operation is performed for requesting authentication of a target call session party during a call session between the target party and a call session party requesting said authentication. An operation is performed for receiving authentication information of the target call session party during the call session in response to requesting said authentication. An operation is performed for facilitating authentication of said authentication information during the call session in response to receiving said authentication information.
摘要翻译: 一种方法包括多个操作。 在目标方和请求所述认证的呼叫会话方之间的呼叫会话期间执行用于请求对目标呼叫会话方的认证的操作。 响应于请求所述认证,执行在呼叫会话期间接收目标呼叫会话方的认证信息的操作。 响应于接收到所述认证信息,执行呼叫会话期间认证所述认证信息的操作。
-
7.发明授权Methods and apparatus for use in sharing credentials amongst a plurality of mobile communication devices 有权用于在多个移动通信设备之间共享凭证的方法和装置公开(公告)号:US08977856B2
公开(公告)日:2015-03-10
申请号:US13601471
申请日:2012-08-31
IPC分类号: H04L29/06
CPC分类号: H04W12/04 , H04L9/0822 , H04L9/0825
摘要: Techniques for use in sharing a plurality of credential objects of a user account amongst a plurality of mobile devices operative in a wireless network are described. In one illustrative example, a network infrastructure (e.g. a cloud) stores a plurality of encrypted credential objects in association with the user account. Each encrypted credential object is encrypted with a credential key. The network infrastructure also stores a plurality of encrypted forms of the credential key in association with the user account. Each encrypted form of the credential key is encrypted with a respective one of a plurality of device keys. Each device key is stored at respective one of the mobile devices. The network infrastructure provides, to the mobile devices, access to the encrypted credential key and the encrypted credential objects.
摘要翻译: 描述用于在无线网络中操作的多个移动设备之间共享用户帐户的多个凭证对象的技术。 在一个说明性示例中,网络基础设施(例如云)与用户帐户相关联地存储多个加密的凭证对象。 每个加密凭证对象都使用凭证密钥进行加密。 网络基础结构还存储与用户帐户相关联的凭证密钥的多个加密形式。 证书密钥的每个加密形式用多个设备密钥中的相应的一个加密。 每个设备密钥存储在相应的一个移动设备上。 网络基础设施向移动设备提供对加密凭证密钥和加密凭证对象的访问。
-
公开(公告)号:US20080307513A1
公开(公告)日:2008-12-11
申请号:US11811306
申请日:2007-06-07
申请人: Stanley Chow , Jeff Smith , Christophe Gustave
发明人: Stanley Chow , Jeff Smith , Christophe Gustave
IPC分类号: H04L9/32
CPC分类号: H04L51/04 , H04L51/12 , H04L63/0823 , H04L63/126
摘要: A certificate registry system is configured to issue authentication certificates to each one of a plurality of information providers and to maintain a root certificate corresponding to all of the authentication certificates. Each one of the authentication certificates links respective authentication information thereof to identification information of a corresponding one of the information providers. Each one of the authentication certificates includes a respective Instant Messaging (IM) screen name information of the information provider. The authentication certificates of the certificate registry are associated in a manner at least partially dependent upon at least one of a particular type of information that the information providers provide, a particular organization that the information providers are associated with, a particular type profession in which the information providers are engaged and a particular geographical region in which the information providers are located.
摘要翻译: 证书注册系统被配置为向多个信息提供者中的每个信息提供者发送认证证书,并且维护与所有认证证书相对应的根证书。 每个认证证书将其相应的认证信息链接到相应的一个信息提供者的识别信息。 每个认证证书包括信息提供者的相应即时消息(IM)屏幕名称信息。 证书注册管理机构的认证证书至少部分地取决于信息提供者提供的特定类型的信息,信息提供者所关联的特定组织,特定类型职业中的至少一个,其中 信息提供者参与信息提供者所在的特定地理区域。
-
9.发明申请公开(公告)号:US20070067845A1
公开(公告)日:2007-03-22
申请号:US11232004
申请日:2005-09-22
申请人: Douglas Wiemer , Jean-Marc Robert , Bradley McFarlane , Christophe Gustave , Stanley Chow , Jian Tang
发明人: Douglas Wiemer , Jean-Marc Robert , Bradley McFarlane , Christophe Gustave , Stanley Chow , Jian Tang
IPC分类号: G06F11/00
CPC分类号: H04L63/1433 , G06F21/577 , H04L41/0233 , H04L41/12 , H04L41/28
摘要: The invention is directed to providing threat and risk analysis for a network that has a high degree of inter-relationships and interdependencies among the assets comprising it, using a “cut set” enumeration method. The identified cut sets are used as the basis to the threat and risk analysis, since each cut set may affect the traffic between two dependent assets in the network, and thereby affect the security state of the dependent assets themselves. The affected security state may be confidentiality, integrity, availability, or other network or security relevant parameter.
摘要翻译: 本发明旨在使用“切割集”枚举方法为包括它的资产之间的高度相互关系和相互依赖性的网络提供威胁和风险分析。 识别的切割集合被用作威胁和风险分析的基础,因为每个切割集可能会影响网络中两个相关资产之间的流量,从而影响从属资产本身的安全状态。 受影响的安全状态可能是机密性,完整性,可用性或其他网络或安全相关参数。
-
10.发明申请Methods And Apparatus For Use In Sharing Credentials Amongst A Plurality Of Mobile Communication Devices 有权用于在多个移动通信设备之间共享证书的方法和装置公开(公告)号:US20140068261A1
公开(公告)日:2014-03-06
申请号:US13601471
申请日:2012-08-31
CPC分类号: H04W12/04 , H04L9/0822 , H04L9/0825
摘要: Techniques for use in sharing a plurality of credential objects of a user account amongst a plurality of mobile devices operative in a wireless network are described. In one illustrative example, a network infrastructure (e.g. a cloud) stores a plurality of encrypted credential objects in association with the user account. Each encrypted credential object is encrypted with a credential key. The network infrastructure also stores a plurality of encrypted forms of the credential key in association with the user account. Each encrypted form of the credential key is encrypted with a respective one of a plurality of device keys. Each device key is stored at respective one of the mobile devices. The network infrastructure provides, to the mobile devices, access to the encrypted credential key and the encrypted credential objects.
摘要翻译: 描述用于在无线网络中操作的多个移动设备之间共享用户帐户的多个凭证对象的技术。 在一个说明性示例中,网络基础设施(例如云)与用户帐户相关联地存储多个加密的凭证对象。 每个加密凭证对象都使用凭证密钥进行加密。 网络基础结构还存储与用户帐户相关联的凭证密钥的多个加密形式。 证书密钥的每个加密形式用多个设备密钥中的相应的一个加密。 每个设备密钥存储在相应的一个移动设备上。 网络基础设施向移动设备提供对加密凭证密钥和加密凭证对象的访问。
-
-
-
-
-
-
-
-
-
搜索结果
32 条记录 (耗时 0.021 秒)
