-
公开(公告)号:US07715822B2
公开(公告)日:2010-05-11
申请号:US11346704
申请日:2006-02-03
IPC分类号: H04M1/66
CPC分类号: H04L63/0869 , H04L63/0853 , H04W12/06
摘要: A mutual authentication method is provided for securely agreeing application-security keys with mobile terminals supporting legacy Subscriber Identity Modules (e.g., GSM SIM and CDMA2000 R-UIM, which do not support 3G AKA mechanisms). A challenge-response key exchange is implemented between a bootstrapping server function (BSF) and mobile terminal (MT). The BSF generates an authentication challenge and sends it to the MT under a server-authenticated public key mechanism. The MT receives the challenge and determines whether it originates from the BSF based on a bootstrapping server certificate. The MT formulates a response to the authentication challenge based on keys derived from the authentication challenge and a pre-shared secret key. The BSF receives the authentication response and verifies whether it originates from the MT. Once verified, the BSF and MT independently calculate an application security key that the BSF sends to a requesting network application function to establish secure communications with the MT.
摘要翻译: 提供了相互认证方法,用于与支持传统用户识别模块(例如,不支持3G AKA机制的GSM SIM和CDMA2000 R-UIM)的移动终端安全地同意应用安全密钥。 在引导服务器功能(BSF)和移动终端(MT)之间实现质询 - 响应密钥交换。 BSF生成认证挑战,并通过服务器认证的公钥机制将其发送给MT。 MT接收到挑战,并根据引导服务器证书确定它是从BSF发起的。 MT基于从认证挑战导出的密钥和预共享密钥来形成对认证挑战的响应。 BSF接收认证响应,并验证其是否来自MT。 一旦验证,BSF和MT独立地计算BSF发送到请求网络应用功能的应用安全密钥,以建立与MT的安全通信。
-
2.发明授权Apparatus and method for over-the-air (OTA) provisioning of authentication and key agreement (AKA) credentials between two access systems 有权用于空中(OTA)提供两个接入系统之间的认证和密钥协商(AKA)凭证的设备和方法公开(公告)号:US08589689B2
公开(公告)日:2013-11-19
申请号:US12777048
申请日:2010-05-10
摘要: A method and apparatus for over-the-air provisioning of authentication credentials at an access device via a first access system, wherein the authentication credentials are for a second access system lacking an over-the-air provisioning procedure. For example, the second access system may be a 3GPP system using AKA authentication methods. The first access system may be CDMA, using an OTASP or IOTA procedure. Provisioning the authentication credentials may include provisioning any of a 3GPP AKA authentication root key (K), AKA authentication related parameters, an AKA authentication algorithm to be used in the 3GPP authentication, or authentication algorithm customization parameters.
摘要翻译: 一种用于经由第一接入系统在接入设备处空出配置认证证书的方法和装置,其中所述认证证书用于缺少空中供应过程的第二接入系统。 例如,第二接入系统可以是使用AKA认证方法的3GPP系统。 第一接入系统可以是CDMA,使用OTASP或IOTA过程。 配置认证证书可以包括提供3GPP AKA认证根密钥(K),AKA认证相关参数,要在3GPP认证中使用的AKA认证算法或认证算法定制参数中的任何一个。
-
3.发明授权Method and system for managing authentication and payment for use of broadcast material 有权用于管理广播资料使用认证和付款的方法和系统公开(公告)号:US07966662B2
公开(公告)日:2011-06-21
申请号:US11031507
申请日:2005-01-06
IPC分类号: H04L9/32
CPC分类号: G06F21/10 , H04L9/0822 , H04L9/083 , H04L9/321 , H04L12/189 , H04L63/0823 , H04L63/126 , H04L2209/60 , H04L2463/101
摘要: An authentication system is disclosed. The authentication system includes a content provider configured to distribute encrypted content, wherein the encrypted content is generated using a content key, and a client having a symmetric key and configured to store the encrypted content received from the content provider and issue a request to the content provider, wherein the request includes a cryptographic function configured to have the symmetric key and the encrypted content as input, wherein the content provider is further configured to verify the client via the request to ensure that the client has received the encrypted content.
摘要翻译: 公开了一种认证系统。 该认证系统包括内容提供器,其被配置为分发加密的内容,其中使用内容密钥生成加密的内容,以及具有对称密钥的客户端,并且被配置为存储从内容提供者接收的加密内容并向内容发出请求 提供者,其中所述请求包括被配置为具有所述对称密钥和所述加密内容作为输入的加密功能,其中所述内容提供商还被配置为经由所述请求来验证所述客户端以确保所述客户端已经接收到所述加密的内容。
-
公开(公告)号:US08718279B2
公开(公告)日:2014-05-06
申请号:US10870303
申请日:2004-06-16
IPC分类号: H04L9/00
CPC分类号: H04W12/08 , H04L9/0844 , H04L9/14 , H04L63/0428 , H04L63/06 , H04L2209/601 , H04L2209/80 , H04L2463/101 , H04W84/12
摘要: Apparatus and method for provisioning an access key used for a controlled access broadcast service is disclosed. In one aspect, a method for secure processing in a device that securely stores a secret key comprises receiving a plurality of challenges from a network, generating a plurality of ciphering keys based on the secret key and the plurality of challenges, and generating an access key based on the plurality of ciphering keys.
摘要翻译: 公开了用于提供用于受控访问广播服务的访问密钥的设备和方法。 一方面,一种用于在安全地存储秘密密钥的设备中进行安全处理的方法包括从网络接收多个挑战,基于所述秘密密钥和所述多个挑战生成多个加密密钥,以及生成访问密钥 基于多个加密密钥。
-
5.发明授权公开(公告)号:US08724803B2
公开(公告)日:2014-05-13
申请号:US10932514
申请日:2004-09-01
申请人: James Semple , Gregory Gordon Rose
发明人: James Semple , Gregory Gordon Rose
CPC分类号: H04L63/067 , H04L9/0822 , H04L9/3242 , H04L9/3247 , H04L63/0823 , H04L63/123 , H04L63/126 , H04L2209/60 , H04L2209/80 , H04W4/06 , H04W12/04 , H04W12/06 , H04W12/10
摘要: A method and apparatus for secure generation of a short-term key SK for viewing information content in a Multicast-broadcast-multimedia system are described. A short-term key is generated by a memory module residing in user equipment (UE) only when the source of the information used to generate the short-term key can be validated. A short-term key can be generated by a Broadcast Access Key (BAK) or a derivative of BAK and a changing value with a Message Authentication Code (MAC) appended to the changing value. A short-term key (SK) can also be generated by using a private key and a short-term key (SK) manager with a corresponding public key distributed to the memory module residing in the user equipment (UE), using a digital signature.
摘要翻译: 描述用于安全地生成用于观看组播广播多媒体系统中的信息内容的短期密钥SK的方法和装置。 只有当用于生成短期密钥的信息的来源可以被验证时,由位于用户设备(UE)中的存储器模块产生短期密钥。 可以通过广播接入密钥(BAK)或BAK的派生产生短期密钥,并且将附加消息认证码(MAC)的变化值附加到变化值。 也可以通过使用私钥和短期密钥(SK)管理器,使用分配给驻留在用户设备(UE)中的存储器模块的相应公钥来生成短期密钥(SK),使用数字签名 。
-
公开(公告)号:US08726019B2
公开(公告)日:2014-05-13
申请号:US11351448
申请日:2006-02-10
IPC分类号: H04L29/06
CPC分类号: H04L9/085
摘要: In a communication system in which two communication entities seek to have a private or confidential communication session, a trust relationship needs first be established. The trust relationship is based on the determination of a shared secret which in turn is generated from contextual information. The contextual information can be derived from the circumstances surrounding the communication session. For example, the contextual information can include topological information, time-based information, and transactional information. The shared secret may be self-generated or received from a third party. In either event, the shared secret may be used as key material for any cryptographic protocol used between the communication entities.
摘要翻译: 在两个通信实体寻求私人或机密通信会话的通信系统中,首先需要建立信任关系。 信任关系是基于共享秘密的确定,而这个秘密又是从上下文信息中产生的。 上下文信息可以从通信会话周围的情况导出。 例如,上下文信息可以包括拓扑信息,基于时间的信息和事务信息。 共享密钥可以是自生产的或从第三方接收的。 在任一情况下,共享秘密可以用作在通信实体之间使用的任何加密协议的关键材料。
-
公开(公告)号:US09734495B2
公开(公告)日:2017-08-15
申请号:US12789722
申请日:2010-05-28
CPC分类号: G06Q20/32 , G06Q20/20 , G06Q20/204 , G06Q20/425
摘要: Mobile commerce authentication and authorization systems enable currently existing point-of-sale devices that are neither structurally nor systemically altered to conduct financial transactions with a customer using an access terminal across a wireless communications system. The point-of-sale devices receive an input from a payment instrument replacement, which identifies the transaction to the point-of-sale device as a transaction including an access terminal. Authentication of the user of the access terminal is achieved at least by application of position and/or location determinable features of the access terminal, the position and/or location of a point-of-sale device of a vendor or merchant where the customer seeks to purchase goods or services, and the payment sum entered on the point-of-sale device. A payment matching server may assist in processing the location data and the payment sum amount across communications network.
-
8.发明授权Prevention of cross site request forgery attacks by conditional use cookies 有权通过有条件的使用cookies防止跨站点请求伪造攻击公开(公告)号:US09118619B2
公开(公告)日:2015-08-25
申请号:US13451443
申请日:2012-04-19
CPC分类号: H04L67/02 , H04L63/1433 , H04L63/1466 , H04L63/1483 , H04L63/168
摘要: To inhibit cross-site forgery attacks, different types/classes of cookies are used. A first cookie and a second cookie are generated by a web server and provided to a client browser during a web session. The first cookie defines a first set of use conditions for when the first cookie is to be used within the web session. The second cookie defines a second set of use conditions for when the second cookie is to be used within the web session. The client browser determines which (if any) of the first cookie or second cookie to send to the web server based on the use conditions defined within each cookie and the operation(s) sought by the client browser. The web server may grant different or the same privileges to operation(s) being sought by the client browser depending on whether the first or second cookie is sent by the client browser.
摘要翻译: 为了防止跨站点的伪造攻击,使用不同类型/类别的cookie。 第一个cookie和第二个cookie由Web服务器生成,并在Web会话期间提供给客户端浏览器。 第一个cookie定义了在Web会话中何时使用第一个cookie的第一组使用条件。 第二个cookie定义了在Web会话中使用第二个cookie时的第二组使用条件。 客户端浏览器根据每个cookie中定义的使用条件和客户端浏览器寻求的操作,确定要发送到Web服务器的第一个cookie或第二个cookie的哪个(如果有的话)。 网络服务器可以根据客户端浏览器是否发送第一或第二cookie来为客户端浏览器寻求的操作授予不同的或相同的权限。
-
公开(公告)号:US20130013433A1
公开(公告)日:2013-01-10
申请号:US13614667
申请日:2012-09-13
CPC分类号: G06Q20/40 , G06Q20/02 , G06Q20/04 , G06Q20/20 , G06Q20/202 , G06Q20/204 , G06Q20/206 , G06Q20/32 , G06Q20/3224 , G06Q20/325 , G06Q20/3278 , G06Q20/425 , G06Q30/00 , G06Q30/0601
摘要: The mobile commerce authentication and authorization system allows a user of a currently existing mobile wireless communications instrument to conduct financial transactions, including purchases, across a wireless communications system using location data to authorize and authenticate the user and the transaction. The location of the mobile wireless communications instrument and the location of a vendor point-of-sale device are matched with a payment sum. Authentication of the mobile wireless communications instrument user is achieved at least by application of the position and/or location determinable features of the mobile wireless communications instrument, the position and/or location of a point-of-sale device of a vendor or merchant where the instrument user seeks to purchase goods or services, and the payment sum entered on the point-of-sale device. A transaction matching subsystem located in a wireless customer server hub may assist in processing the location data and the payment sum across the wireless communications network.
摘要翻译: 移动商务认证和授权系统允许当前存在的移动无线通信工具的用户通过使用位置数据的无线通信系统进行金融交易,包括购买,以授权和认证用户和交易。 移动无线通信仪器的位置和供应商销售点设备的位置与支付金额相匹配。 移动无线通信仪器用户的认证至少通过应用移动无线通信仪器的位置和/或位置可确定特征,供应商或商家的销售点设备的位置和/或位置来实现, 仪器用户寻求购买商品或服务,以及在销售点设备上输入的支付金额。 位于无线客户服务器集线器中的事务匹配子系统可以协助在无线通信网络处理位置数据和支付金额。
-
10.发明申请Apparatus and Method for Over-the-Air (OTA) Provisioning of Authentication and Key Agreement (AKA) Credentials Between Two Access Systems 有权双向访问系统中的空中认证和密钥协商(AKA)证书的空中(OTA)设备和方法公开(公告)号:US20110119492A1
公开(公告)日:2011-05-19
申请号:US12777048
申请日:2010-05-10
摘要: A method and apparatus for over-the-air provisioning of authentication credentials at an access device via a first access system, wherein the authentication credentials are for a second access system lacking an over-the-air provisioning procedure. For example, the second access system may be a 3GPP system using AKA authentication methods. The first access system may be CDMA, using an OTASP or IOTA procedure. Provisioning the authentication credentials may include provisioning any of a 3GPP AKA authentication root key (K), AKA authentication related parameters, an AKA authentication algorithm to be used in the 3GPP authentication, or authentication algorithm customization parameters.
摘要翻译: 一种用于经由第一接入系统在接入设备处空出配置认证证书的方法和装置,其中所述认证证书用于缺少空中供应过程的第二接入系统。 例如,第二接入系统可以是使用AKA认证方法的3GPP系统。 第一接入系统可以是CDMA,使用OTASP或IOTA过程。 配置认证证书可以包括提供3GPP AKA认证根密钥(K),AKA认证相关参数,要在3GPP认证中使用的AKA认证算法或认证算法定制参数中的任何一个。
-
-
-
-
-
-
-
-
-
搜索结果
53 条记录 (耗时 0.029 秒)
