-
1.发明申请公开(公告)号:US20110307694A1
公开(公告)日:2011-12-15
申请号:US12813153
申请日:2010-06-10
CPC分类号: H04L63/065 , H04L9/0844 , H04L9/3271 , H04L63/0815 , H04L63/0884 , H04L63/104 , H04L2209/80 , H04W4/00 , H04W4/70 , H04W12/06
摘要: Automated secure registration techniques for communication devices are provided which address the problem of allowing multiple clients to gain access to one system, and thus provide a solution to the “reverse single sign-on” problem. For example, a method for registering a group of two or more communication devices in a communication network comprises the following steps. A group challenge message is sent from a network device to the group of two or more communication devices. The network device receives one or more response messages to the group challenge respectively from one or more of the group of two or more communication devices, wherein the response message from each of the responding communication devices in the group comprises a group credential corresponding to the group.
摘要翻译: 提供了用于通信设备的自动安全注册技术,其解决了允许多个客户端访问一个系统的问题,并且因此提供了“反向单点登录”问题的解决方案。 例如,用于在通信网络中注册两个或更多个通信设备的组的方法包括以下步骤。 群组挑战消息从网络设备发送到两个或更多个通信设备的组。 网络设备分别从两个或更多个通信设备的一个或多个通信设备中分别接收到组呼叫的一个或多个响应消息,其中来自组中的每个响应通信设备的响应消息包括与该组对应的组凭证 。
-
2.发明授权公开(公告)号:US09450928B2
公开(公告)日:2016-09-20
申请号:US12813153
申请日:2010-06-10
CPC分类号: H04L63/065 , H04L9/0844 , H04L9/3271 , H04L63/0815 , H04L63/0884 , H04L63/104 , H04L2209/80 , H04W4/00 , H04W4/70 , H04W12/06
摘要: Automated secure registration techniques for communication devices are provided which address the problem of allowing multiple clients to gain access to one system, and thus provide a solution to the “reverse single sign-on” problem. For example, a method for registering a group of two or more communication devices in a communication network comprises the following steps. A group challenge message is sent from a network device to the group of two or more communication devices. The network device receives one or more response messages to the group challenge respectively from one or more of the group of two or more communication devices, wherein the response message from each of the responding communication devices in the group comprises a group credential corresponding to the group.
摘要翻译: 提供了用于通信设备的自动安全注册技术,其解决了允许多个客户端访问一个系统的问题,并且因此提供了“反向单点登录”问题的解决方案。 例如,用于在通信网络中注册两个或更多个通信设备的组的方法包括以下步骤。 群组挑战消息从网络设备发送到两个或更多个通信设备的组。 网络设备分别从两个或更多个通信设备的一个或多个通信设备中分别接收到组呼叫的一个或多个响应消息,其中来自组中的每个响应通信设备的响应消息包括与该组对应的组凭证 。
-
公开(公告)号:US09166778B2
公开(公告)日:2015-10-20
申请号:US13548835
申请日:2012-07-13
CPC分类号: H04L9/08 , H04L9/0833 , H04L9/0847 , H04L9/3073
摘要: A method for securing at least one message transferred in a communication system from a first computing device to a second computing device in a peer-to-peer manner. At the first computing device, an identity based authenticated key exchange session is established with a third computing device operating as a peer authenticator. The identity based authenticated key exchange session has an identity based authenticated session key associated therewith. The first computing device obtains from the third computing device a random key component of the second computing device, wherein the random key component of the second computing device is encrypted by the third computing device using the identity based authenticated session key prior to sending the random key component of the second computing device to the first computing device. A peer-to-peer messaging key is computed at the first computing device using the random key component of the second computing device.
摘要翻译: 一种用于将通信系统中传送的至少一个消息从第一计算设备以对等方式保护到第二计算设备的方法。 在第一计算设备处,基于身份的认证密钥交换会话与作为对等体认证者操作的第三计算设备建立。 基于身份的认证密钥交换会话具有与其相关联的基于身份的经认证的会话密钥。 第一计算设备从第三计算设备获得第二计算设备的随机密钥组件,其中第二计算设备的随机密钥组件在发送随机密钥之前由第三计算设备使用基于身份的认证会话密钥加密 第二计算设备的组件到第一计算设备。 使用第二计算设备的随机密钥组件在第一计算设备处计算对等消息传递密钥。
-
公开(公告)号:US20130110920A1
公开(公告)日:2013-05-02
申请号:US13283133
申请日:2011-10-27
IPC分类号: G06F15/16
CPC分类号: H04L67/104 , H04L63/04
摘要: Techniques are disclosed for establishing network-assisted secure communications in a peer-to-peer environment. For example, a method for secure communications comprises the following steps. A first computing device provides connectivity information associated therewith to a network server. The first computing device receives connectivity information respectively associated with one or more other computing devices from the network server. The first computing device, independent of the network server, establishes a security association with at least one of the one or more other computing devices. The first computing device, independent of the network server, participates in a secure peer-to-peer session with the at least one other computing device.
摘要翻译: 公开了用于在对等环境中建立网络辅助安全通信的技术。 例如,用于安全通信的方法包括以下步骤。 第一计算设备向网络服务器提供与之相关联的连接信息。 第一计算设备从网络服务器接收分别与一个或多个其他计算设备相关联的连接信息。 独立于网络服务器的第一计算设备与一个或多个其他计算设备中的至少一个建立安全关联。 独立于网络服务器的第一计算设备参与与至少一个其他计算设备的安全对等会话。
-
公开(公告)号:US20130182848A1
公开(公告)日:2013-07-18
申请号:US13548835
申请日:2012-07-13
IPC分类号: H04L9/08
CPC分类号: H04L9/08 , H04L9/0833 , H04L9/0847 , H04L9/3073
摘要: A method for securing at least one message transferred in a communication system from a first computing device to a second computing device in a peer-to-peer manner. At the first computing device, an identity based authenticated key exchange session is established with a third computing device operating as a peer authenticator. The identity based authenticated key exchange session has an identity based authenticated session key associated therewith. The first computing device obtains from the third computing device a random key component of the second computing device, wherein the random key component of the second computing device is encrypted by the third computing device using the identity based authenticated session key prior to sending the random key component of the second computing device to the first computing device. A peer-to-peer messaging key is computed at the first computing device using the random key component of the second computing device.
摘要翻译: 一种用于将通信系统中传送的至少一个消息从第一计算设备以对等方式保护到第二计算设备的方法。 在第一计算设备处,基于身份的认证密钥交换会话与作为对等体认证者操作的第三计算设备建立。 基于身份的认证密钥交换会话具有与其相关联的基于身份的经认证的会话密钥。 第一计算设备从第三计算设备获得第二计算设备的随机密钥组件,其中第二计算设备的随机密钥组件在发送随机密钥之前由第三计算设备使用基于身份的认证会话密钥加密 第二计算设备的组件到第一计算设备。 使用第二计算设备的随机密钥组件在第一计算设备处计算对等消息传递密钥。
-
6.发明授权Methods and apparatuses for secure information sharing in social networks using randomly-generated keys 有权使用随机生成的密钥在社交网络中进行安全信息共享的方法和装置公开(公告)号:US08769259B2
公开(公告)日:2014-07-01
申请号:US13345241
申请日:2012-01-06
IPC分类号: H04L29/06
CPC分类号: H04L9/0822
摘要: There can be problems with the security of social networking communications. For example, there may be occasions when a number of friends wish to communicate securely through a social network infrastructure, such that non-trusted 3rd-party entities, such as a Social Network Operator or host that provides the application infrastructure, does not overhear the communication. In response to the above problems, embodiments presented propose a set of innovative, lightweight solutions, considering that in certain scenarios the Social Network Operator may not be a trusted entity. Embodiments of the present invention are directed to methods and apparatuses for secure information sharing in social networks using random keys.
摘要翻译: 社交网络通信的安全性可能存在问题。 例如,当许多朋友希望通过社交网络基础设施安全地进行通信时,可能会出现这样的情况,使得诸如社交网络运营商或提供应用基础设施的主机之类的非信任的第三方实体不会听到 通讯。 针对上述问题,所提出的实施例提出了一组创新的,轻量级的解决方案,考虑到在某些情况下,社交网络运营商可能不是可靠的实体。 本发明的实施例涉及使用随机密钥的社交网络中的安全信息共享的方法和装置。
-
7.发明授权公开(公告)号:US09537663B2
公开(公告)日:2017-01-03
申请号:US13528802
申请日:2012-06-20
CPC分类号: H04L9/3271 , H04L63/0853 , H04W12/06
摘要: A challenge manipulation and restoration capability is provided for use during network authentication. A mobile device (MD) and a subscriber server (SS) each have provisioned therein a binding key (B-KEY) that is associated with a subscriber identity of a network authentication module (NAM) of the MD. The SS obtains an authentication vector (AV) in response to a request from a Radio Access Network (RAN) when the MD attempts to attach to the RAN. The AV includes an original authentication challenge parameter (ACP). The SS encrypts the original ACP based on its B-KEY, and updates the AV by replacing the original ACP with the encrypted ACP. The MD receives the encrypted ACP, and decrypts the encrypted ACP based on its B-KEY to recover the original ACP. The MD provides the original ACP to the NAM for use in computing an authentication response for validation by the RAN.
摘要翻译: 提供在网络认证期间使用的挑战操纵和恢复能力。 移动设备(MD)和订户服务器(SS)各自已经提供了与MD的网络认证模块(NAM)的订户身份相关联的绑定密钥(B-KEY)。 当MD尝试附加到RAN时,SS响应于来自无线电接入网络(RAN)的请求而获得认证向量(AV)。 AV包括原始认证挑战参数(ACP)。 SS根据其B-KEY加密原始ACP,并通过用加密的ACP替换原始ACP来更新AV。 MD接收加密的ACP,并根据其B-KEY对加密的ACP进行解密,以恢复原来的ACP。 MD将原始ACP提供给NAM,用于计算用于RAN的验证的认证响应。
-
8.发明申请公开(公告)号:US20130343538A1
公开(公告)日:2013-12-26
申请号:US13528802
申请日:2012-06-20
CPC分类号: H04L9/3271 , H04L63/0853 , H04W12/06
摘要: A challenge manipulation and restoration capability is provided for use during network authentication. A mobile device (MD) and a subscriber server (SS) each have provisioned therein a binding key (B-KEY) that is associated with a subscriber identity of a network authentication module (NAM) of the MD. The SS obtains an authentication vector (AV) in response to a request from a Radio Access Network (RAN) when the MD attempts to attach to the RAN. The AV includes an original authentication challenge parameter (ACP). The SS encrypts the original ACP based on its B-KEY, and updates the AV by replacing the original ACP with the encrypted ACP. The MD receives the encrypted ACP, and decrypts the encrypted ACP based on its B-KEY to recover the original ACP. The MD provides the original ACP to the NAM for use in computing an authentication response for validation by the RAN.
摘要翻译: 提供在网络认证期间使用的挑战操纵和恢复能力。 移动设备(MD)和订户服务器(SS)各自已经提供了与MD的网络认证模块(NAM)的订户身份相关联的绑定密钥(B-KEY)。 当MD尝试附加到RAN时,SS响应于来自无线电接入网络(RAN)的请求而获得认证向量(AV)。 AV包括原始认证挑战参数(ACP)。 SS根据其B-KEY加密原始ACP,并通过用加密的ACP替换原始ACP来更新AV。 MD接收加密的ACP,并根据其B-KEY对加密的ACP进行解密,以恢复原来的ACP。 MD将原始ACP提供给NAM,用于计算用于RAN的验证的认证响应。
-
公开(公告)号:US20130291100A1
公开(公告)日:2013-10-31
申请号:US13459402
申请日:2012-04-30
IPC分类号: G06F21/00
CPC分类号: H04L63/1466 , H04W4/70 , H04W12/1206
摘要: An example method includes receiving at a network node a packet destined for an intended destination. The network node determines whether the packet is associated with a machine-to-machine communication. The network node determines whether forwarding of the packet to the intended destination is prohibited, wherein forwarding of the packet is prohibited when the packet is originated from a first machine-to-machine device and is destined to a first host other than a machine-to-machine server associated with machine-to-machine communications. The network node forwards the packet to the intended destination when forwarding the packet is not prohibited.
摘要翻译: 示例性方法包括在网络节点处接收目的地是预定目的地的分组。 网络节点确定分组是否与机器到机器通信相关联。 网络节点确定是否禁止将分组转发到预期目的地,其中当分组来自第一机器到机器设备并且发往除机器之外的第一主机时,禁止转发分组 与机器到机器通信相关的机器服务器。 网络节点在转发数据包不被禁止时将数据包转发到预定的目的地。
-
公开(公告)号:US20120047558A1
公开(公告)日:2012-02-23
申请号:US12859503
申请日:2010-08-19
CPC分类号: H04L63/0869 , H04L63/10 , H04W4/00 , H04W4/50 , H04W4/70
摘要: An automated method is provided for mutual discovery between a network entity and a client entity that cooperate for providing a service in a machine-to-machine environment. In an embodiment, the network entity receives an identifier in a communication from a server on behalf of the client entity. At some point in time, the network entity receives a communication containing the identifier from the client entity. Before or after receiving the client entity communication, the network entity discovers itself to the client entity. Some time after receiving the client entity communication, the network entity authenticates the client entity, establishes a permanent security association with the client entity, and initiates the service.
摘要翻译: 提供了一种自动化方法,用于网络实体和协作用于在机器到机器环境中提供服务的客户端实体之间的相互发现。 在一个实施例中,网络实体代表客户实体从服务器接收通信中的标识符。 在某个时间点,网络实体从客户实体接收包含标识符的通信。 在接收到客户端实体通信之前或之后,网络实体发现自己到客户端实体。 网络实体收到客户端实体一段时间后,对客户端实体进行身份认证,与客户端实体建立永久安全关联,并启动业务。
-
-
-
-
-
-
-
-
-
搜索结果
18 条记录 (耗时 0.026 秒)
