-
公开(公告)号:US07568223B2
公开(公告)日:2009-07-28
申请号:US10893047
申请日:2004-07-15
IPC分类号: H04L9/00
CPC分类号: H04L29/06027 , G06F12/1408 , G06F21/606 , G06F2207/7219 , G06F2211/008 , G06F2221/2129 , H04L9/083 , H04L9/0841 , H04L9/3213 , H04L9/3263 , H04L63/0435 , H04L63/0442 , H04L63/061 , H04L63/062 , H04L63/0807 , H04L63/12 , H04L65/1043
摘要: A secure Internet Protocol (IP) telephony system, apparatus, and methods are disclosed. Communications over an IP telephony system can be secured by securing communications to and from a Cable Telephony Adapter (CTA). The system can include one or more CTAs, network servers, servers configured as signaling controllers, key distribution centers (KDC), and can include gateways that couple the IP telephony system to a Public Switched Telephone Network (PSTN). Each CTA can be configured as secure hardware and can be configured with multiple encryption keys that are used to communicate signaling or bearer channel communications. The KDC can be configured to periodically distribute symmetric encryption keys to secure communications between devices that have been provisioned to operate in the system and signaling controllers. The secure devices, such as the CTA, can communicate with other secure devices by establishing signaling and bearer channels that are encrypted with session specific symmetric keys derived from a symmetric key distributed by a signaling controller.
摘要翻译: 公开了一种安全的因特网协议(IP)电话系统,装置和方法。 通过IP电话系统的通信可以通过保护与有线电话适配器(CTA)的通信来保护。 该系统可以包括一个或多个CTA,网络服务器,配置为信令控制器的服务器,密钥分配中心(KDC),并且可以包括将IP电话系统耦合到公共交换电话网络(PSTN)的网关。 每个CTA都可以配置为安全硬件,并且可以配置多个用于通信信令或承载信道通信的加密密钥。 KDC可以被配置为周期性地分配对称加密密钥以保护已经被提供以在系统和信令控制器中操作的设备之间的通信。 诸如CTA之类的安全设备可以通过建立用由信令控制器分配的对称密钥导出的会话专用对称密钥加密的信令和承载信道来与其他安全设备进行通信。
-
公开(公告)号:US20090323954A1
公开(公告)日:2009-12-31
申请号:US12490124
申请日:2009-06-23
CPC分类号: H04L29/06027 , G06F12/1408 , G06F21/606 , G06F2207/7219 , G06F2211/008 , G06F2221/2129 , H04L9/083 , H04L9/0841 , H04L9/3213 , H04L9/3263 , H04L63/0435 , H04L63/0442 , H04L63/061 , H04L63/062 , H04L63/0807 , H04L63/12 , H04L65/1043
摘要: A secure Internet Protocol (IP) telephony system, apparatus, and methods are disclosed. Communications over an IP telephony system can be secured by securing communications to and from a Cable Telephony Adapter (CTA). The system can include one or more CTAs, network servers, servers configured as signaling controllers, key distribution centers (KDC), and can include gateways that couple the IP telephony system to a Public Switched Telephone Network (PSTN). Each CTA can be configured as secure hardware and can be configured with multiple encryption keys that are used to communicate signaling or bearer channel communications. The KDC can be configured to periodically distribute symmetric encryption keys to secure communications between devices that have been provisioned to operate in the system and signaling controllers. The secure devices, such as the CTA, can communicate with other secure devices by establishing signaling and bearer channels that are encrypted with session specific symmetric keys derived from a symmetric key distributed by a signaling controller.
摘要翻译: 公开了一种安全的因特网协议(IP)电话系统,装置和方法。 通过IP电话系统的通信可以通过保护与有线电话适配器(CTA)的通信来保护。 该系统可以包括一个或多个CTA,网络服务器,配置为信令控制器的服务器,密钥分配中心(KDC),并且可以包括将IP电话系统耦合到公共交换电话网络(PSTN)的网关。 每个CTA都可以配置为安全硬件,并且可以配置多个用于通信信令或承载信道通信的加密密钥。 KDC可以被配置为周期性地分配对称加密密钥以保护已经被提供以在系统和信令控制器中操作的设备之间的通信。 诸如CTA之类的安全设备可以通过建立用由信令控制器分配的对称密钥导出的会话专用对称密钥加密的信令和承载信道来与其他安全设备进行通信。
-
公开(公告)号:US08544077B2
公开(公告)日:2013-09-24
申请号:US12490124
申请日:2009-06-23
IPC分类号: G06F7/04
CPC分类号: H04L29/06027 , G06F12/1408 , G06F21/606 , G06F2207/7219 , G06F2211/008 , G06F2221/2129 , H04L9/083 , H04L9/0841 , H04L9/3213 , H04L9/3263 , H04L63/0435 , H04L63/0442 , H04L63/061 , H04L63/062 , H04L63/0807 , H04L63/12 , H04L65/1043
摘要: A secure Internet Protocol (IP) telephony system, apparatus, and methods are disclosed. Communications over an IP telephony system can be secured by securing communications to and from a Cable Telephony Adapter (CTA). The system can include one or more CTAs, network servers, servers configured as signaling controllers, key distribution centers (KDC), and can include gateways that couple the IP telephony system to a Public Switched Telephone Network (PSTN). Each CTA can be configured as secure hardware and can be configured with multiple encryption keys that are used to communicate signaling or bearer channel communications. The KDC can be configured to periodically distribute symmetric encryption keys to secure communications between devices that have been provisioned to operate in the system and signaling controllers. The secure devices, such as the CTA, can communicate with other secure devices by establishing signaling and bearer channels that are encrypted with session specific symmetric keys derived from a symmetric key distributed by a signaling controller.
-
公开(公告)号:US09130928B2
公开(公告)日:2015-09-08
申请号:US13087847
申请日:2011-04-15
申请人: Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Eric J. Sprunk , Fan Wang , Ting Yao
发明人: Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Eric J. Sprunk , Fan Wang , Ting Yao
CPC分类号: H04L63/0823 , G06F21/572 , H04L63/06 , H04L2463/102
摘要: A method for updating network-enabled devices with new identity data includes generating a plurality of new identity data records and loading the new identity data records onto an update server. A request is received at the update server for new identity data from at least one network-enabled device having a previously assigned identity linked to an identifier. The previously assigned identifier is linked to a new identifier that is linked to one of the new identity data records. One or more new identity data records are securely delivered to the network-enabled device.
摘要翻译: 用新的身份数据更新启用网络的设备的方法包括生成多个新的身份数据记录并将新的身份数据记录加载到更新服务器上。 在更新服务器处接收到来自具有链接到标识符的先前分配的身份的至少一个启用网络的设备的新身份数据的请求。 先前分配的标识符被链接到链接到新的身份数据记录之一的新标识符。 一个或多个新的身份数据记录被安全地传送到启用网络的设备。
-
公开(公告)号:US08589674B2
公开(公告)日:2013-11-19
申请号:US13350072
申请日:2012-01-13
IPC分类号: H04L9/00
CPC分类号: H04L9/0891 , H04L9/12 , H04L9/3268
摘要: In one embodiment, a method includes receiving a revocation request for revoking a model type of a device. A first computing device determines a list of device unit identifiers (UIDs) that are associated with the model type from a database. The device UIDs are for devices of the model type manufactured by a first entity. The method adds the list of device UIDs to a device revocation list and outputs the device revocation list to revoke a validity of secure information associated with devices associated with the list of device UIDs.
摘要翻译: 在一个实施例中,一种方法包括接收用于撤销设备的模型类型的吊销请求。 第一计算设备确定与数据库中的模型类型相关联的设备单元标识符(UID)的列表。 设备UID用于由第一实体制造的型号类型的设备。 该方法将设备UID的列表添加到设备撤销列表,并输出设备撤销列表以撤销与设备UID列表相关联的设备相关联的安全信息的有效性。
-
6.发明授权Self-generation of certificates using secure microprocessor in a device for transferring digital information 有权在用于传输数字信息的设备中使用安全微处理器自动生成证书公开(公告)号:US06839841B1
公开(公告)日:2005-01-04
申请号:US09890178
申请日:2000-01-28
CPC分类号: H04L63/0442 , G06F21/33 , G06F21/606 , G06F2221/2129 , H04L29/06027 , H04L63/06 , H04L63/061 , H04L63/062 , H04L63/0823 , H04L63/12 , H04L65/1043
摘要: Devices in a telecommunications system are provided with means to self-generate public key pairs and certificates. This eliminates the need for such keys and certificates to be sent to the devices from an outside source so a single-trust approach can be maintained. A manufacturer's certificate is installed into a device it the time of manufacture. The device only issues itself certificates based on a signed request from an external outside server. The device's self-issued certificates incorporate information obtained from the server in a profile. This allows control by the server over a device's self-issued certificates. In order to prevent tampering, and breaking, of the self-issued certificates, the certificate issuing process occurs within a secure microprocessor.
摘要翻译: 电信系统中的设备具有自我生成公钥对和证书的手段。 这消除了将这些密钥和证书从外部源发送到设备的需要,因此可以维持单一信任方法。 制造商的证书安装在制造时的设备中。 设备只会根据外部外部服务器的签名请求发出证书。 设备的自颁发证书包含从配置文件中的服务器获得的信息。 这允许服务器通过设备的自颁发证书进行控制。 为了防止自发证书的篡改和破坏,证书颁发过程发生在安全微处理器内。
-
公开(公告)号:US08761401B2
公开(公告)日:2014-06-24
申请号:US11846045
申请日:2007-08-28
申请人: Eric J. Sprunk , Alexander Medvinsky , Xin Qiu , Stuart Moskovics , Liqiang Chen
发明人: Eric J. Sprunk , Alexander Medvinsky , Xin Qiu , Stuart Moskovics , Liqiang Chen
CPC分类号: H04L9/0844 , H04L9/006 , H04L9/0822 , H04L63/0428 , H04L63/062 , H04L63/0823 , H04L63/166
摘要: A system and method for securely distributing PKI data, such as one or more private keys or other confidential digital information, from a PKI data generation facility to a product in a product personalization facility that is not connected to the PKI data generation facility and is assumed to be a non-secure product personalization facility. The system includes a PKI data loader for securely transmitting the encrypted PKI data transferred from the PKI data generator to a PKI server at the product personalization facility. The PKI server then transfers the PKI data to the product of interest, typically via a PKI station acting as a proxy between the PKI server and the product. In each communication step, PKI data being transferred is encrypted multiple times and the system is designed such that if any intermediate node is compromised with all of its keys, the overall system has not yet been compromised.
摘要翻译: 用于将PKI数据(例如一个或多个私钥或其他机密数字信息)的PKI数据安全地分发到不连接到PKI数据生成设备并被假定的产品个性化设施中的产品的系统和方法 成为不安全的产品个性化设施。 该系统包括PKI数据加载器,用于将从PKI数据发生器传送的加密的PKI数据安全地发送到产品个性化设施的PKI服务器。 PKI服务器然后将PKI数据传送到感兴趣的产品,通常通过充当PKI服务器和产品之间代理的PKI站。 在每个通信步骤中,正在传送的PKI数据被加密多次,并且系统被设计成使得如果任何中间节点与其所有密钥相冲突,则整个系统尚未被破坏。
-
公开(公告)号:US20130185551A1
公开(公告)日:2013-07-18
申请号:US13350072
申请日:2012-01-13
IPC分类号: H04L29/06
CPC分类号: H04L9/0891 , H04L9/12 , H04L9/3268
摘要: In one embodiment, a method includes receiving a revocation request for revoking a model type of a device. A first computing device determines a list of device unit identifiers (UIDs) that are associated with the model type from a database. The device UIDs are for devices of the model type manufactured by a first entity. The method adds the list of device UIDs to a device revocation list and outputs the device revocation list to revoke a validity of secure information associated with devices associated with the list of device UIDs.
摘要翻译: 在一个实施例中,一种方法包括接收用于撤销设备的模型类型的吊销请求。 第一计算设备确定与数据库中的模型类型相关联的设备单元标识符(UID)的列表。 设备UID用于由第一实体制造的型号类型的设备。 该方法将设备UID的列表添加到设备撤销列表,并输出设备撤销列表以撤销与设备UID列表相关联的设备相关联的安全信息的有效性。
-
公开(公告)号:US20110258685A1
公开(公告)日:2011-10-20
申请号:US13087847
申请日:2011-04-15
申请人: Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Eric J. Sprunk , Fan Wang , Ting Yao
发明人: Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Eric J. Sprunk , Fan Wang , Ting Yao
CPC分类号: H04L63/0823 , G06F21/572 , H04L63/06 , H04L2463/102
摘要: A method for updating network-enabled devices with new identity data includes generating a plurality of new identity data records and loading the new identity data records onto an update server. A request is received at the update server for new identity data from at least one network-enabled device having a previously assigned identity linked to an identifier. The previously assigned identifier is linked to a new identifier that is linked to one of the new identity data records. One or more new identity data records are securely delivered to the network-enabled device.
摘要翻译: 用新的身份数据更新启用网络的设备的方法包括生成多个新的身份数据记录并将新的身份数据记录加载到更新服务器上。 在更新服务器处接收到来自具有链接到标识符的先前分配的身份的至少一个启用网络的设备的新身份数据的请求。 先前分配的标识符被链接到链接到新的身份数据记录之一的新标识符。 一个或多个新的身份数据记录被安全地传送到启用网络的设备。
-
公开(公告)号:US08321663B2
公开(公告)日:2012-11-27
申请号:US12650943
申请日:2009-12-31
IPC分类号: H04L9/00
CPC分类号: H04L9/3263 , H04L9/3247 , H04L63/0823 , H04L63/162 , H04L2209/60 , H04L2209/80 , H04W12/06
摘要: A method is provided for enhancing security of a communication session between first and second endpoints which employs a key management protocol. The method includes sending a first message to a first end point over a communications network requesting a secure communication session therewith. The message includes an identity of a second end point requesting the authenticated communication session. A digital certificate is received from the first endpoint over the communications network. The digital certificate is issued by a certifying source verifying information contained in the digital certificate. The digital certificate includes a plurality of fields, one or more of which are transformed in accordance with a transformation algorithm. A reverse transform is applied to the one or more transformed fields to obtain the one or more fields. The digital certificate is validated and a second message is sent to the first endpoint indicating that validation is complete.
摘要翻译: 提供了一种用于增强使用密钥管理协议的第一和第二端点之间的通信会话的安全性的方法。 该方法包括通过通信网络向第一终端发送请求与其的安全通信会话的第一消息。 该消息包括请求认证通信会话的第二端点的标识。 通过通信网络从第一端点接收数字证书。 数字证书由认证来源验证数字证书中包含的信息。 数字证书包括多个字段,其中一个或多个字段根据变换算法进行变换。 对一个或多个变换字段应用反向变换以获得一个或多个字段。 验证数字证书,并将第二个消息发送到第一个端点,表示验证完成。
-
-
-
-
-
-
-
-
-
搜索结果
128 条记录 (耗时 0.031 秒)
