-
公开(公告)号:US20150079941A1
公开(公告)日:2015-03-19
申请号:US14400228
申请日:2012-05-15
申请人: Jari Arkko , Anna Larmo , Karl Norrman , Bengt Sahlin , Kristian Slavov
发明人: Jari Arkko , Anna Larmo , Karl Norrman , Bengt Sahlin , Kristian Slavov
CPC分类号: H04W12/06 , H04L9/3226 , H04L63/0876 , H04L63/123 , H04L2209/38 , H04L2209/80 , H04W4/70 , H04W12/00514 , H04W12/04 , H04W12/10 , H04W68/00 , H04W68/025
摘要: There is described a device for communicating with a network. The device receives a series of paging messages from a serving node in the network, where each paging message includes identification and authentication information sufficient to identify at least one device and authenticate the message, at least some of the information having been protected according to a sequence such that it varies between successive paging messages. The device verifies the protected part of the information using a cryptographic function and knowledge of the sequence and identifies whether the information indicates that message is an authentic message intended for that device. The device may act in response to the received paging message.
摘要翻译: 描述了用于与网络进行通信的设备。 该设备从网络中的服务节点接收一系列寻呼消息,其中每个寻呼消息包括足以识别至少一个设备并认证消息的标识和认证信息,至少一些信息已经根据序列被保护 使得它在连续的寻呼消息之间变化。 设备使用加密功能和序列的知识来验证信息的受保护部分,并且识别信息是否指示该消息是用于该设备的真实消息。 该设备可以响应于接收到的寻呼消息而起作用。
-
公开(公告)号:US08601604B2
公开(公告)日:2013-12-03
申请号:US12991542
申请日:2008-05-13
申请人: Karl Norrman , Patrik Salmela , Kristian Slavov
发明人: Karl Norrman , Patrik Salmela , Kristian Slavov
IPC分类号: H04N7/16
CPC分类号: H04L63/068 , H04L9/3213 , H04L9/3297 , H04L63/08 , H04L63/0807 , H04L63/1458 , H04W12/04 , H04W12/06
摘要: A method and apparatus for verifying a request for service in a communication network. An authentication node generates a secret and transmits the secret to a node providing a service. The authentication node then receives a request for authentication from a requesting node, and once the requesting node is authenticated, the authorization node sends an identifier for the requesting node and a first token, which is derived using the secret and the identifier. A service providing node subsequently receives a request for service from the requesting node, the request including the identifier for the requesting node and the first token. The service providing node derives a second token using the identifier and the secret. If the first token and the second token match, then the service providing node allows the request, and if the first token and the second token do not match, then the request is refused.
摘要翻译: 一种用于在通信网络中验证服务请求的方法和装置。 认证节点生成秘密,并将秘密发送给提供服务的节点。 认证节点然后从请求节点接收认证请求,并且一旦请求节点被认证,授权节点就发送用于请求节点的标识符和使用秘密和标识符导出的第一令牌。 服务提供节点随后从请求节点接收服务请求,该请求包括请求节点和第一令牌的标识符。 服务提供节点使用标识符和秘密导出第二个令牌。 如果第一令牌和第二令牌匹配,则服务提供节点允许请求,并且如果第一令牌和第二令牌不匹配,则该请求被拒绝。
-
公开(公告)号:US20110055566A1
公开(公告)日:2011-03-03
申请号:US12991542
申请日:2008-05-13
申请人: Karl Norrman , Patrik Salmela , Kristian Slavov
发明人: Karl Norrman , Patrik Salmela , Kristian Slavov
CPC分类号: H04L63/068 , H04L9/3213 , H04L9/3297 , H04L63/08 , H04L63/0807 , H04L63/1458 , H04W12/04 , H04W12/06
摘要: A method and apparatus for verifying a request for service in a communication network. An authentication node generates a secret and transmits the secret to a node providing a service. The authentication node then receives a request for authentication from a requesting node, and once the requesting node is authenticated, the authorisation node sends an identifier for the requesting node and a first token, which is derived using the secret and the identifier. A service providing node subsequently receives a request for service from the requesting node, the request including the identifier for the requesting node and the first token. The service providing node derives a second token using the identifier and the secret. If the first token and the second token match, then the service providing node allows the request, and if the first token and the second token do not match, then the request is refused.
摘要翻译: 一种用于在通信网络中验证服务请求的方法和装置。 认证节点生成秘密,并将秘密发送给提供服务的节点。 然后,认证节点从请求节点接收认证请求,一旦认证请求节点,授权节点就发送请求节点的标识符和使用秘密和标识符导出的第一个令牌。 服务提供节点随后从请求节点接收服务请求,该请求包括请求节点和第一令牌的标识符。 服务提供节点使用标识符和秘密导出第二个令牌。 如果第一令牌和第二令牌匹配,则服务提供节点允许请求,并且如果第一令牌和第二令牌不匹配,则该请求被拒绝。
-
4.发明授权公开(公告)号:US09569237B2
公开(公告)日:2017-02-14
申请号:US14369455
申请日:2011-12-29
申请人: Jukka Ylitalo , András Méhes , Patrik Salmela , Kristian Slavov
发明人: Jukka Ylitalo , András Méhes , Patrik Salmela , Kristian Slavov
IPC分类号: G06F15/173 , G06F15/16 , G06F9/455 , H04W4/00
CPC分类号: G06F9/45533 , G06F9/45558 , G06F2009/45595 , H04W4/60 , H04W4/70 , H04W12/04
摘要: A method is presented of establishing communications with a Virtual Machine, VM, in a virtualized computing environment using a 3GPPcommunications network. The method includes establishing a Machine-to-Machine Equipment Platform, M2MEP, which comprises a Communications Module, CM, providing an end-point of a communication channel between the 3GPP network and the VM. A virtual Machine-to-Machine Equipment is established that comprises a VM running on the M2MEP and a downloadable Subscriber Identity Module, associated with the CM. The Subscriber Identity Module includes security data and functions for enabling access via the 3GPP network. The CM utilizes data in the Subscriber Identity Module for controlling communication over the communication channel between the VM and the 3GPP network.
摘要翻译: 提出了一种使用3GPP通信网络在虚拟化计算环境中与虚拟机VM建立通信的方法。 该方法包括建立一个机器到机器设备平台,M2MEP,其包括通信模块CM,其提供3GPP网络和VM之间的通信信道的端点。 建立了虚拟机对机器设备,其包括在M2MEP上运行的VM和与CM相关联的可下载的订户身份模块。 订户身份模块包括用于通过3GPP网络访问的安全数据和功能。 CM利用订户身份模块中的数据来控制在VM与3GPP网络之间的通信信道上的通信。
-
公开(公告)号:US20100177698A1
公开(公告)日:2010-07-15
申请号:US12664608
申请日:2007-06-14
申请人: Patrik Salmela , Kristian Slavov , Pekka Nikander
发明人: Patrik Salmela , Kristian Slavov , Pekka Nikander
IPC分类号: H04W8/02
CPC分类号: H04W80/04 , H04W88/182
摘要: A network comprises a NetLMM domain having at least one Host Identity Protocol proxy coupled to one or more Access Points for communicating with a Mobile Node and acting, in use, as an Access Router for the NetLMM domain. Use of an HIP proxy as an Access Router allows the Access Router itself to be mobile. Furthermore, the Access Router can reside in IPv4 networks, and can even be behind NAT boxes located between the Access Router and a Local Mobility Anchor to which the Access Router is registered. The invention may be applied using a hierarchical architecture in which each domain comprises a respective Local Mobility Anchor coupled to each HIP proxy acting as an Access Router in the domain. The Local Mobility Anchor of a domain may itself be an HIP Local Mobility Anchor. Alternatively, the HIP proxies in a domain may be arranged in a distributed manner.
摘要翻译: 网络包括具有耦合到一个或多个接入点的至少一个主机身份协议代理的NetLMM域,用于与移动节点进行通信,并在使用中作为NetLMM域的接入路由器。 使用HIP代理作为访问路由器允许访问路由器本身是移动的。 此外,接入路由器可以驻留在IPv4网络中,甚至可以位于接入路由器和接入路由器注册的本地移动锚点之间的NAT框之后。 可以使用分层架构来应用本发明,其中每个域包括耦合到在域中用作接入路由器的每个HIP代理的相应的本地移动性锚点。 域的本地移动锚本身可能是HIP本地移动锚点。 或者,域中的HIP代理可以以分布式方式排列。
-
6.发明授权Method and apparatus for managing subscription credentials in a wireless communication device 有权一种用于在无线通信设备中管理订阅凭证的方法和装置公开(公告)号:US08553883B2
公开(公告)日:2013-10-08
申请号:US12140728
申请日:2008-06-17
IPC分类号: H04L29/06
摘要: According to the teachings presented herein, a wireless communication device reverts from subscription credentials to temporary access credentials, in response to detecting an access failure. The device uses its temporary access credentials to gain temporary network access, either through a preferred network (e.g., home network) or through any one of one or more non-preferred networks (e.g., visited networks). After gaining temporary access, the device determines whether it needs new subscription credentials and, if so, uses the temporary access to obtain them. Correspondingly, in one or more embodiments, a registration server is configured to support such operations, such as by providing determination of credential validity and/or by redirecting the device to a new home operator for obtaining new subscription credentials.
摘要翻译: 根据本文给出的教导,响应于检测到访问失败,无线通信设备从订阅凭证还原为临时访问凭证。 该设备使用其临时访问凭证来通过优选网络(例如,家庭网络)或通过一个或多个非优选网络(例如访问网络)中的任何一个来获得临时网络访问。 获得临时访问权限后,设备将确定是否需要新的订阅凭证,如果是,则使用临时访问获取它们。 相应地,在一个或多个实施例中,注册服务器被配置为支持这样的操作,例如通过提供凭证有效性的确定和/或通过将设备重定向到新的家庭运营商来获得新的订阅凭证。
-
公开(公告)号:US09286100B2
公开(公告)日:2016-03-15
申请号:US14368360
申请日:2011-12-29
申请人: Patrik Salmela , Kristian Slavov , Jukka Ylitalo
发明人: Patrik Salmela , Kristian Slavov , Jukka Ylitalo
CPC分类号: G06F9/45533 , G06F9/4856
摘要: A method of migrating a virtual machine comprises a first manager, managing a first computing environment (such as a computing cloud), initiates migration of a virtual machine currently executing on a first vM2ME (virtual machine-to-machine equipment) in the first computing environment to a second computing environment (such as another computing cloud). Once the VM has migrated, the first manager disables execution of the first vM2ME.
摘要翻译: 迁移虚拟机的方法包括:管理第一计算环境(例如计算云)的第一管理器,在第一计算中启动当前在第一vM2ME(虚拟机对机器设备)上执行的虚拟机的迁移 环境到第二计算环境(例如另一计算云)。 VM迁移之后,第一个管理员将禁用第一个vM2ME的执行。
-
8.发明申请公开(公告)号:US20140373012A1
公开(公告)日:2014-12-18
申请号:US14369455
申请日:2011-12-29
申请人: Jukka Ylitalo , András Méhes , Patrik Salmela , Kristian Slavov
发明人: Jukka Ylitalo , András Méhes , Patrik Salmela , Kristian Slavov
CPC分类号: G06F9/45533 , G06F9/45558 , G06F2009/45595 , H04W4/60 , H04W4/70 , H04W12/04
摘要: A method is presented of establishing communications with a Virtual Machine, VM, in a virtualised computing environment using a 3GPPcommunications network. The method includes establishing a Machine-to-Machine Equipment Platform, M2MEP, which comprises a Communications Module, CM, providing an end-point of a communication channel between the 3GPP network and the VM. A virtual Machine-to-Machine Equipment is established that comprises a VM running on the M2MEP and a downloadable Subscriber Identity Module, associated with the CM. The Subscriber Identity Module includes security data and functions for enabling access via the 3GPP network. The CM utilises data in the Subscriber Identity Module for controlling communication over the communication channel between the VM and the 3GPP network.
摘要翻译: 提出了一种使用3GPP通信网络在虚拟化计算环境中与虚拟机VM建立通信的方法。 该方法包括建立一个机器到机器设备平台,M2MEP,其包括通信模块CM,其提供3GPP网络和VM之间的通信信道的端点。 建立了虚拟机对机器设备,其包括在M2MEP上运行的VM和与CM相关联的可下载的订户身份模块。 订户身份模块包括用于通过3GPP网络访问的安全数据和功能。 CM利用订户身份模块中的数据来控制在VM与3GPP网络之间的通信信道上的通信。
-
9.发明申请Remote Provisioning of 3GPP Downloadable Subscriber Identity Module for Virtual Machine Applications 有权用于虚拟机应用的3GPP可下载用户身份模块的远程配置公开(公告)号:US20140337940A1
公开(公告)日:2014-11-13
申请号:US14369538
申请日:2011-12-29
申请人: Kristian Slavov , Patrik Salmela , Jukka Ylitalo
发明人: Kristian Slavov , Patrik Salmela , Jukka Ylitalo
摘要: A method is presented of providing a subscriber identity for the provision of services on behalf of the subscriber in a virtual computing environment. The method includes receiving a request to establish an execution environment for a virtual machine-to-machine equipment, vM2 M E. The vM2ME is provided, comprising software for execution in the virtual computing environment and a downloadable Subscriber Identity Module. A Communications Module, CM, is set up for execution in a domain of a virtualisation platform. The CM provides an end-point for communications between the vM2ME and a 3GPP network. The Subscriber Identity Module is installed for execution together with the CM, the Subscriber Identity Module including a 3GPP identity of the subscriber, security data and functions for enabling access to the vM2ME via the 3GPP network.
摘要翻译: 提出了一种提供用于在虚拟计算环境中代表用户提供服务的订户身份的方法。 该方法包括接收建立用于虚拟机对机器设备vM2M E的执行环境的请求。提供vM2ME,其包括用于在虚拟计算环境中执行的软件和可下载的订户身份模块。 通信模块CM设置为在虚拟化平台的域中执行。 CM为vM2ME和3GPP网络之间的通信提供了一个端点。 用户身份模块被安装为与CM一起执行,订户身份模块包括用户的3GPP身份,安全数据和用于通过3GPP网络访问vM2ME的功能。
-
10.发明申请Method of Authenticating Home Operator for Over-the-Air Provisioning of a Wireless Device 审中-公开验证无线设备无线供电的家庭运营商的方法公开(公告)号:US20090253409A1
公开(公告)日:2009-10-08
申请号:US12193165
申请日:2008-08-18
CPC分类号: H04W12/06 , H04L9/0844 , H04L9/3273 , H04L63/0823 , H04L67/12 , H04L2209/80 , H04W4/00 , H04W4/50 , H04W4/70 , H04W12/0023
摘要: A method and apparatus is provided for authentication between a home network and a wireless device during device activation using a registration server as a trusted agent. The wireless device owner subscribes to the services of the home network and the home network registers as the service provider with the registration server. When the home network registers with the registration server, the registration server provides authentication data to the home network to use for authentication with the wireless device. Because the wireless device has no prior knowledge of the home network, the wireless device connects to the registration server to obtain contact information for the home network. The registration server provides home network data to the wireless device. In some embodiments, the registration server may also provide second authentication data to the wireless device for authenticating the home network. When the wireless device subsequently connects to the home network to download permanent security credentials, the home network uses the information provided by the registration server to authenticate itself to the wireless device. The authentication procedure prevents a third party from fraudulently obtaining confidential information from the home network or the wireless device.
摘要翻译: 提供了一种用于在使用注册服务器作为可信代理的设备激活期间家庭网络和无线设备之间的认证的方法和装置。 无线设备所有者通过注册服务器预订家庭网络和家庭网络的服务作为服务提供商。 当家庭网络向注册服务器注册时,注册服务器向家庭网络提供认证数据以用于与无线设备的认证。 因为无线设备没有家庭网络的先验知识,所以无线设备连接到注册服务器以获得家庭网络的联系信息。 注册服务器向无线设备提供家庭网络数据。 在一些实施例中,注册服务器还可以向无线设备提供用于认证家庭网络的第二认证数据。 当无线设备随后连接到家庭网络以下载永久的安全凭证时,家庭网络使用注册服务器提供的信息来向无线设备认证自身。 认证过程防止第三方从家庭网络或无线设备欺骗性地获取机密信息。
-
-
-
-
-
-
-
-
-
搜索结果
16 条记录 (耗时 0.032 秒)
