利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

94 条记录 (耗时 0.027 秒)

    Methods and apparatus for secure routing of data packets
    1.
    发明授权
    Methods and apparatus for secure routing of data packets 失效
    数据包安全路由的方法和装置

    公开(公告)号:US08788705B2

    公开(公告)日:2014-07-22

    申请号:US13520301

    申请日:2010-01-04

    申请人: Karl Norrman Jukka Ylitalo Mats Näslund Pekka Nikander

    发明人: Karl Norrman Jukka Ylitalo Mats Näslund Pekka Nikander

    IPC分类号: G06F15/173

    CPC分类号: H04L45/00 H04L63/04 H04L63/06

    摘要: Methods and arrangements for supporting a forwarding process in routers when routing data packets through a packet-switched network, by employing hierarchical parameters in which the hops of a predetermined transmission path between a sender and a receiver are encoded. A name server generates and distributes router-associated keys to routers in the network which keys are used for computing the hierarchical parameters.

    摘要翻译: 通过采用编码发送器和接收器之间的预定传输路径的跳的层次参数来支持通过分组交换网络路由数据分组时在路由器中的转发过程的方法和装置。 名称服务器生成并将与路由器相关的密钥分发给网络中用于计算分层参数的密钥的路由器。

    Methods and Apparatus for Secure Routing of Data Packets
    2.
    发明申请
    Methods and Apparatus for Secure Routing of Data Packets 失效
    数据包安全路由的方法与装置

    公开(公告)号:US20130124757A1

    公开(公告)日:2013-05-16

    申请号:US13520301

    申请日:2010-01-04

    申请人: Karl Norrman Jukka Ylitalo Mats Näslund Pekka Nikander

    发明人: Karl Norrman Jukka Ylitalo Mats Näslund Pekka Nikander

    IPC分类号: H04L12/56

    CPC分类号: H04L45/00 H04L63/04 H04L63/06

    摘要: Methods and arrangements for supporting a forwarding process in routers when routing data packets through a packet-switched network, by employing hierarchical parameters in which the hops of a predetermined transmission path between a sender and a receiver are encoded. A name server generates and distributes router-associated keys to routers in the network which keys are used for computing the hierarchical parameters.

    摘要翻译: 通过采用编码发送器和接收器之间的预定传输路径的跳的层次参数来支持通过分组交换网络路由数据分组时在路由器中的转发过程的方法和装置。 名称服务器生成并将与路由器相关的密钥分发给网络中用于计算分层参数的密钥的路由器。

    Method and Apparatus for Authenticating a Communication Device
    3.
    发明申请
    Method and Apparatus for Authenticating a Communication Device 有权
    用于认证通信设备的方法和设备

    公开(公告)号:US20130291071A1

    公开(公告)日:2013-10-31

    申请号:US13979476

    申请日:2011-07-19

    申请人: Rolf Blom Mats Näslund Karl Norrman

    发明人: Rolf Blom Mats Näslund Karl Norrman

    IPC分类号: H04L29/06

    CPC分类号: H04L63/08 H04L9/0833 H04L9/321 H04L9/3271 H04L63/104 H04L63/107 H04L2209/80 H04W4/70 H04W12/06

    摘要: According to an aspect of the present invention there is provided a method of operating a communication device, the communication device being part of a group comprising two or more communication devices that share a subscription to a communication network. The method comprises receiving a group authentication challenge from the network, at least part of the group authentication challenge having been generated using group authentication information that is associated with the shared subscription. The device then generates a device specific response to the group authentication challenge using the group authentication information and device specific authentication information and sends the device specific response to the network. The device is for example a member of a machine-type communication device group.

    摘要翻译: 根据本发明的一个方面,提供了一种操作通信设备的方法,所述通信设备是包括共享对通信网络的订阅的两个或更多个通信设备的组的一部分。 该方法包括从网络接收组认证挑战,使用与共享订阅相关联的组认证信息已经生成了组认证挑战的至少一部分。 然后,该设备使用组认证信息和设备特定认证信息生成对组认证挑战的设备特定响应,并将设备特定响应发送到网络。 该设备例如是机器型通信设备组的成员。

    IP multimedia security
    4.
    发明授权
    IP multimedia security 有权
    IP多媒体安全

    公开(公告)号:US08539564B2

    公开(公告)日:2013-09-17

    申请号:US13254013

    申请日:2009-03-04

    申请人: Mats Näslund Rolf Blom Yi Cheng Fredrik Lindholm Karl Norrman

    发明人: Mats Näslund Rolf Blom Yi Cheng Fredrik Lindholm Karl Norrman

    IPC分类号: G06F7/04

    CPC分类号: H04L63/06 H04L9/0844 H04L2209/80 H04W12/04

    摘要: A method of establishing keys for at least partially securing media plane data exchanged between first and second end users via respective first and second media plane network nodes. The method comprises sending session set-up signalling from said first end point towards said second end point, said session set-up signalling including a session key generated by said first end point. The set-up signalling is intercepted at a first signalling plane network node and a determination made as to whether or not a signalling plane key has already been established for securing the signalling plane between said first end point and said first signalling plane network node. If a signalling plane key has already been established, then a media plane key is derived from that signalling plane key, and the media plane key sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node. If a signalling plane key has not already been established, then an alternative media plane key is derived from said session key and sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node.

    摘要翻译: 一种建立用于经由相应的第一和第二媒体平面网络节点至少部分地保护在第一和第二终端用户之间交换的媒体平面数据的密钥的方法。 该方法包括从所述第一端点向所述第二端点发送会话建立信令,所述会话建立信令包括由所述第一端点产生的会话密钥。 建立信令在第一信令平面网络节点被拦截,并且确定信令平面密钥是否已被建立用于在所述第一终端和所述第一信令平面网络节点之间保护信令平面。 如果已经建立了信令平面密钥,则从该信令平面密钥导出媒体平面密钥,并且将媒体平面密钥发送到所述第一媒体平面网络节点,以将介质平面固定在所述第一终端用户和所述第一媒体之间 平面网络节点。 如果还没有建立信令平面密钥,则从所述会话密钥导出替代媒体平面密钥,并将其发送到所述第一媒体平面网络节点,以便在所述第一终端用户和所述第一媒体平面网络节点之间保护媒体平面。

    Method and apparatus for handling keys used for encryption and integrity
    5.
    发明授权
    Method and apparatus for handling keys used for encryption and integrity 有权
    用于处理用于加密和完整性的密钥的方法和装置

    公开(公告)号:US09106409B2

    公开(公告)日:2015-08-11

    申请号:US11726527

    申请日:2007-03-22

    申请人: Rolf Blom Karl Norrman Mats Näslund

    发明人: Rolf Blom Karl Norrman Mats Näslund

    IPC分类号: H04L9/08 H04L29/06 H04W12/04

    CPC分类号: H04L63/062 H04L9/0844 H04L9/0891 H04L2209/80 H04W12/04

    摘要: A method and an arrangement for providing keys for protecting communication between a terminal (300) and service points in a communication network. A basic key (Ik) is first established with a service control node (304) when the terminal has entered the network. An initial modified key (Ik1) is then created in both the service control node and the terminal, by applying a predetermined first function (f) to at least the basic key and an initial value of a key version parameter (v). The initial modified key is sent to a first service point (302), such that it can be used to protect communication between the terminal and the first service point. When the terminal switches to a second service point (306), the first service point and the terminal both create a second modified key (Ik2) by applying a predetermined second function (g) to the initial modified key, and the first service point sends the second modified key to the second service point.

    摘要翻译: 一种用于提供用于保护终端(300)与通信网络中的服务点之间的通信的密钥的方法和装置。 当终端进入网络时,首先与服务控制节点(304)建立基本密钥(Ik)。 然后,通过将预定的第一函数(f)应用于至少基本密钥和密钥版本参数(v)的初始值,在服务控制节点和终端两者中创建初始修改密钥(Ik1)。 初始修改的密钥被发送到第一服务点(302),使得其可以用于保护终端和第一服务点之间的通信。 当终端切换到第二服务点(306)时,第一服务点和终端都通过对初始修改密钥应用预定的第二功能(g)来创建第二修改密钥(Ik2),并且第一服务点发送 第二个修改密钥到第二个服务点。

    METHOD AND NETWORK FOR DELIVERING STREAMING DATA
    7.
    发明申请
    METHOD AND NETWORK FOR DELIVERING STREAMING DATA 有权
    提供数据流的方法和网络

    公开(公告)号:US20110047209A1

    公开(公告)日:2011-02-24

    申请号:US12895242

    申请日:2010-09-30

    申请人: Fredrik LINDHOLM Rolf Blom Karl Norrman Göran Selander Mats NÄSLUND

    发明人: Fredrik LINDHOLM Rolf Blom Karl Norrman Göran Selander Mats NÄSLUND

    IPC分类号: G06F15/16

    CPC分类号: H04L63/0442 G06F21/10 G06F2221/0737 G06F2221/0797 H04L29/06027 H04L63/0807 H04L65/4084 H04L65/607 H04L65/608 H04L67/14

    摘要: In a procedure for delivering streaming media, a Client first requests the media from an Order Server. The Order Server authenticates the Client and sends a ticket to the Client. Then, the Client sends the ticket to a Streaming Server. The Streaming Server checks the ticket for validity and if found valid encrypts the streaming data using a standardized real-time protocol such as the SRTP and transmits the encrypted data to the Client. The Client receives the data and decrypts them. Copyrighted material adapted to streaming can be securely delivered to the Client. The robust protocol used is very well suited for in particular wireless clients and similar devices having a low capacity such as cellular telephones and PDAs.

    摘要翻译: 在提供流媒体的过程中,客户端首先从订单服务器请求媒体。 订单服务器对客户端进行身份验证,并向客户端发送故障单。 然后,客户端将票证发送到流服务器。 流服务器检查故障单的有效性,并且如果发现有效使用诸如SRTP的标准化实时协议对流数据进行加密,并将加密的数据发送到客户端。 客户端接收数据并对其进行解密。 适用于流媒体的版权材料可以安全地传递给客户端。 所使用的鲁棒协议非常适合于具有低容量的特定无线客户端和类似设备,例如蜂窝电话和PDA。

    METHOD AND SYSTEM FOR PROTECTING SIGNALING INFORMATION
    8.
    发明申请
    METHOD AND SYSTEM FOR PROTECTING SIGNALING INFORMATION 审中-公开
    用于保护信号信息的方法和系统

    公开(公告)号:US20080181411A1

    公开(公告)日:2008-07-31

    申请号:US11956815

    申请日:2007-12-14

    申请人: Karl Norrman Mats Näslund

    发明人: Karl Norrman Mats Näslund

    IPC分类号: H04L9/08

    CPC分类号: H04L9/3242 H04J11/0069 H04L9/0844 H04L9/0861 H04L63/061 H04L63/12 H04L2209/80 H04L2463/061 H04W12/04 H04W12/10 H04W36/0038

    摘要: A path switch message in a mobile radio access network is protected as the message is sent over a user plane interface that may be insecure (e.g. lacks integrity and/or confidentiality protection). According to the invention a UE provides an AP with a fresh integrity key over an already existing and secure RAN channel enabling AP to use the integrity key to integrity protect information sent to a UPN. Specifically, UE derives locally at least a user plane key K1. The key derivation is done at authentication e.g. when performing an AKA procedure. On the network side CPN derives the same key K1 for delivery to UPN. At handover, the UE generates a fresh integrity key K3 by applying a Key Derivation Function (KDF) with at least the UP key K1 and a nonce, e.g. a sequence number.

    摘要翻译: 当消息通过可能不安全的用户平面接口(例如,缺乏完整性和/或机密性保护)发送时,移动无线电接入网络中的路径切换消息被保护。 根据本发明,UE通过已经存在和安全的RAN信道向AP提供新鲜完整性密钥,使得AP能够使用完整性密钥来完整性地保护发送到UPN的信息。 具体地说,UE本地至少导出用户面密钥K1。 密钥导出是在认证例如 当执行AKA程序时。 在网络侧,CPN得到与UPN相同的密钥K1。 在切换时,UE通过应用具有至少UP密钥K1和随机数的密钥导出函数(KDF)来生成新的完整性密钥K3。 一个序列号。

    Method and apparatus for authenticating a communication device
    9.
    发明授权
    Method and apparatus for authenticating a communication device 有权
    用于认证通信设备的方法和设备

    公开(公告)号:US09253178B2

    公开(公告)日:2016-02-02

    申请号:US13979476

    申请日:2011-07-19

    申请人: Rolf Blom Mats Näslund Karl Norrman

    发明人: Rolf Blom Mats Näslund Karl Norrman

    IPC分类号: H04L29/00 H04L29/06 H04L9/08 H04L9/32 H04W12/06 H04W4/00

    CPC分类号: H04L63/08 H04L9/0833 H04L9/321 H04L9/3271 H04L63/104 H04L63/107 H04L2209/80 H04W4/70 H04W12/06

    摘要: According to an aspect of the present invention there is provided a method of operating a communication device, the communication device being part of a group comprising two or more communication devices that share a subscription to a communication network. The method comprises receiving a group authentication challenge from the network, at least part of the group authentication challenge having been generated using group authentication information that is associated with the shared subscription. The device then generates a device specific response to the group authentication challenge using the group authentication information and device specific authentication information and sends the device specific response to the network. The device is for example a member of a machine-type communication device group.

    摘要翻译: 根据本发明的一个方面,提供了一种操作通信设备的方法,所述通信设备是包括共享对通信网络的订阅的两个或更多个通信设备的组的一部分。 该方法包括从网络接收组认证挑战,使用与共享订阅相关联的组认证信息已经生成了组认证挑战的至少一部分。 然后,该设备使用组认证信息和设备特定认证信息生成对组认证挑战的设备特定响应,并将设备特定响应发送到网络。 该设备例如是机器型通信设备组的成员。