Method and system for managing authentication and payment for use of broadcast material
    1.
    发明授权
    Method and system for managing authentication and payment for use of broadcast material 有权
    用于管理广播资料使用认证和付款的方法和系统

    公开(公告)号:US07966662B2

    公开(公告)日:2011-06-21

    申请号:US11031507

    申请日:2005-01-06

    IPC分类号: H04L9/32

    摘要: An authentication system is disclosed. The authentication system includes a content provider configured to distribute encrypted content, wherein the encrypted content is generated using a content key, and a client having a symmetric key and configured to store the encrypted content received from the content provider and issue a request to the content provider, wherein the request includes a cryptographic function configured to have the symmetric key and the encrypted content as input, wherein the content provider is further configured to verify the client via the request to ensure that the client has received the encrypted content.

    摘要翻译: 公开了一种认证系统。 该认证系统包括内容提供器,其被配置为分发加密的内容,其中使用内容密钥生成加密的内容,以及具有对称密钥的客户端,并且被配置为存储从内容提供者接收的加密内容并向内容发出请求 提供者,其中所述请求包括被配置为具有所述对称密钥和所述加密内容作为输入的加密功能,其中所述内容提供商还被配置为经由所述请求来验证所述客户端以确保所述客户端已经接收到所述加密的内容。

    Context limited shared secret
    3.
    发明授权
    Context limited shared secret 有权
    上下文有限共享秘密

    公开(公告)号:US08726019B2

    公开(公告)日:2014-05-13

    申请号:US11351448

    申请日:2006-02-10

    IPC分类号: H04L29/06

    CPC分类号: H04L9/085

    摘要: In a communication system in which two communication entities seek to have a private or confidential communication session, a trust relationship needs first be established. The trust relationship is based on the determination of a shared secret which in turn is generated from contextual information. The contextual information can be derived from the circumstances surrounding the communication session. For example, the contextual information can include topological information, time-based information, and transactional information. The shared secret may be self-generated or received from a third party. In either event, the shared secret may be used as key material for any cryptographic protocol used between the communication entities.

    摘要翻译: 在两个通信实体寻求私人或机密通信会话的通信系统中,首先需要建立信任关系。 信任关系是基于共享秘密的确定,而这个秘密又是从上下文信息中产生的。 上下文信息可以从通信会话周围的情况导出。 例如,上下文信息可以包括拓扑信息,基于时间的信息和事务信息。 共享密钥可以是自生产的或从第三方接收的。 在任一情况下,共享秘密可以用作在通信实体之间使用的任何加密协议的关键材料。

    Method and apparatus for providing authenticated challenges for broadcast-multicast communications in a communication system
    4.
    发明授权
    Method and apparatus for providing authenticated challenges for broadcast-multicast communications in a communication system 有权
    在通信系统中为广播多播通信提供认证挑战的方法和装置

    公开(公告)号:US08724803B2

    公开(公告)日:2014-05-13

    申请号:US10932514

    申请日:2004-09-01

    摘要: A method and apparatus for secure generation of a short-term key SK for viewing information content in a Multicast-broadcast-multimedia system are described. A short-term key is generated by a memory module residing in user equipment (UE) only when the source of the information used to generate the short-term key can be validated. A short-term key can be generated by a Broadcast Access Key (BAK) or a derivative of BAK and a changing value with a Message Authentication Code (MAC) appended to the changing value. A short-term key (SK) can also be generated by using a private key and a short-term key (SK) manager with a corresponding public key distributed to the memory module residing in the user equipment (UE), using a digital signature.

    摘要翻译: 描述用于安全地生成用于观看组播广播多媒体系统中的信息内容的短期密钥SK的方法和装置。 只有当用于生成短期密钥的信息的来源可以被验证时,由位于用户设备(UE)中的存储器模块产生短期密钥。 可以通过广播接入密钥(BAK)或BAK的派生产生短期密钥,并且将附加消息认证码(MAC)的变化值附加到变化值。 也可以通过使用私钥和短期密钥(SK)管理器,使用分配给驻留在用户设备(UE)中的存储器模块的相应公钥来生成短期密钥(SK),使用数字签名 。

    Secure bootstrapping for wireless communications
    5.
    发明授权
    Secure bootstrapping for wireless communications 有权
    无线通信的安全自举

    公开(公告)号:US07715822B2

    公开(公告)日:2010-05-11

    申请号:US11346704

    申请日:2006-02-03

    IPC分类号: H04M1/66

    摘要: A mutual authentication method is provided for securely agreeing application-security keys with mobile terminals supporting legacy Subscriber Identity Modules (e.g., GSM SIM and CDMA2000 R-UIM, which do not support 3G AKA mechanisms). A challenge-response key exchange is implemented between a bootstrapping server function (BSF) and mobile terminal (MT). The BSF generates an authentication challenge and sends it to the MT under a server-authenticated public key mechanism. The MT receives the challenge and determines whether it originates from the BSF based on a bootstrapping server certificate. The MT formulates a response to the authentication challenge based on keys derived from the authentication challenge and a pre-shared secret key. The BSF receives the authentication response and verifies whether it originates from the MT. Once verified, the BSF and MT independently calculate an application security key that the BSF sends to a requesting network application function to establish secure communications with the MT.

    摘要翻译: 提供了相互认证方法,用于与支持传统用户识别模块(例如,不支持3G AKA机制的GSM SIM和CDMA2000 R-UIM)的移动终端安全地同意应用安全密钥。 在引导服务器功能(BSF)和移动终端(MT)之间实现质询 - 响应密钥交换。 BSF生成认证挑战,并通过服务器认证的公钥机制将其发送给MT。 MT接收到挑战,并根据引导服务器证书确定它是从BSF发起的。 MT基于从认证挑战导出的密钥和预共享密钥来形成对认证挑战的响应。 BSF接收认证响应,并验证其是否来自MT。 一旦验证,BSF和MT独立地计算BSF发送到请求网络应用功能的应用安全密钥,以建立与MT的安全通信。

    URL-based certificate in a PKI
    6.
    发明授权
    URL-based certificate in a PKI 有权
    基于URL的证书在PKI中

    公开(公告)号:US08832431B2

    公开(公告)日:2014-09-09

    申请号:US13564472

    申请日:2012-08-01

    IPC分类号: H04L29/06

    摘要: A method of requesting and issuing a certificate from certification authority for use by an initiating correspondent with a registration authority is provided. The initiating correspondent makes a request for a certificate to the registration authority, and the registration authority sends the request to a certificate authority, which issues the certificate to the registration authority. The certificate is stored at a location in a directory and this location is associated with a pointer such as uniform resource locator (URL) that is derived from information contained in the certificate request. The initiating correspondent computes the location using the same information and forwards it to other corespondents. The other correspondents can then locate the certificate to authenticate the public key of the initiating correspondent.

    摘要翻译: 提供了一种从认证机构请求和颁发证书以供初始记者与注册机构使用的方法。 起诉记者向登记机关发出证书请求,登记机关向认证机关发送请求,认证机构向认证机构发放证书。 证书存储在目录中的位置,并且该位置与诸如从证书请求中包含的信息派生的统一资源定位符(URL)的指针相关联。 启动通讯员使用相同的信息计算位置,并将其转发给其他通讯员。 其他通讯员然后可以定位证书来验证初始通讯员的公钥。

    Method and system for managing authentication and payment for use of broadcast material
    7.
    发明申请
    Method and system for managing authentication and payment for use of broadcast material 有权
    用于管理广播资料使用认证和付款的方法和系统

    公开(公告)号:US20060048235A1

    公开(公告)日:2006-03-02

    申请号:US11031507

    申请日:2005-01-06

    IPC分类号: H04L9/32

    摘要: An authentication system is disclosed. The authentication system includes a content provider configured to distribute encrypted content, wherein the encrypted content is generated using a content key, and a client having a symmetric key and configured to store the encrypted content received from the content provider and issue a request to the content provider, wherein the request includes a cryptographic function configured to have the symmetric key and the encrypted content as input, wherein the content provider is further configured to verify the client via the request to ensure that the client has received the encrypted content.

    摘要翻译: 公开了一种认证系统。 该认证系统包括内容提供器,其被配置为分发加密的内容,其中使用内容密钥生成加密的内容,以及具有对称密钥的客户端,并且被配置为存储从内容提供者接收的加密内容并向内容发出请求 提供者,其中所述请求包括被配置为具有所述对称密钥和所述加密内容作为输入的加密功能,其中所述内容提供商还被配置为经由所述请求来验证所述客户端以确保所述客户端已经接收到所述加密的内容。

    URL-based certificate in a PKI
    9.
    发明授权
    URL-based certificate in a PKI 有权
    基于URL的证书在PKI中

    公开(公告)号:US08266425B2

    公开(公告)日:2012-09-11

    申请号:US11641943

    申请日:2006-12-20

    IPC分类号: H04L29/06

    摘要: A method of requesting and issuing a certificate from certification authority for use by an initiating correspondent with a registration authority is provided. The initiating correspondent makes a request for a certificate to the registration authority, and the registration authority sends the request to a certificate authority, which issues the certificate to the registration authority. The certificate is stored at a location in a directory and this location is associated with a pointer such as uniform resource locator (URL) that is derived from information contained in the certificate request. The initiating correspondent computes the location using the same information and forwards it to other corespondents. The other correspondents can then locate the certificate to authenticate the public key of the initiating correspondent.

    摘要翻译: 提供了一种从认证机构请求和颁发证书以供初始记者与注册机构使用的方法。 起诉记者向登记机关发出证书请求,登记机关向认证机关发送请求,认证机构向认证机构发放证书。 证书存储在目录中的位置,并且该位置与诸如从证书请求中包含的信息派生的统一资源定位符(URL)的指针相关联。 启动通讯员使用相同的信息计算位置,并将其转发给其他通讯员。 其他通讯员然后可以定位证书来验证初始通讯员的公钥。

    Secure registration for a multicast-broadcast-multimedia system (MBMS)
    10.
    发明授权
    Secure registration for a multicast-broadcast-multimedia system (MBMS) 有权
    组播广播多媒体系统(MBMS)的安全注册

    公开(公告)号:US08098818B2

    公开(公告)日:2012-01-17

    申请号:US10617215

    申请日:2003-07-07

    IPC分类号: H04L9/00

    摘要: A method and an apparatus for secure registration for a multicast-broadcast-multimedia system (MBMS) are disclosed. A random number is generated by a broadcast-multicast-service center (BM-SC) and broadcast to user equipment in the coverage area of a radio access network (RAN). A memory module or smart card (UICC) in the user equipment generates a radio access network key (RAK) which is a function of the random number and a key selected from the group consisting of a public land mobile network key (PK) and a broadcast access key (BAK), and then generates a temporary registration key (RGK) as a function of the RAK, a service identification number and a user identification number, for example, P-TMSI, which may be extracted by the RAN to authenticate the registration as legitimate.

    摘要翻译: 公开了一种用于组播广播多媒体系统(MBMS)的安全注册的方法和装置。 随机数由广播多播服务中心(BM-SC)产生,并广播到无线接入网(RAN)覆盖区域内的用户设备。 用户设备中的存储器模块或智能卡(UICC)生成作为随机数的函数的无线电接入网络密钥(RAK),以及从公共陆地移动网络密钥(PK)和 广播接入密钥(BAK),然后根据RAK,服务标识号和用户标识号(例如P-TMSI)生成临时注册密钥(RGK),其可以由RAN提取以认证 注册为合法。