-
公开(公告)号:US08856509B2
公开(公告)日:2014-10-07
申请号:US13207394
申请日:2011-08-10
CPC分类号: H04L63/0884 , H04L9/0844 , H04L9/321 , H04L9/3271 , H04L63/067 , H04L63/0892 , H04L63/105 , H04L63/166
摘要: A method of authentication and authorization over a communications system is provided. Disclosed herein are systems and methods for creating a cryptographic evidence, called authentication/authorization evidence, AE, when a successful authentication/authorization between a client and an authentication server is complete. There are a variety of methods for generating AE. For instance, the AE can be data that is exchanged during the authentication signaling or data that results from it. A distinctive point being that AE results from the authentication process and is used as prior state for the following TLS exchange. An example for creation of AE, is as follows: EAP authentications typically result in an Extended Master Session Key (EMSK). The EMSK can be used to create an Evidence Master Key (EMK) that can then be used to create AE for a variety of servers.
摘要翻译: 提供了一种通信系统的认证和授权方法。 本文公开了当客户端和认证服务器之间的成功认证/授权完成时,用于创建加密证据的系统和方法,称为认证/授权证据。 有多种生成AE的方法。 例如,AE可以是在认证信令期间交换的数据或由其产生的数据。 一个独特之处在于,AE来自认证过程,并被用作以下TLS交换的先前状态。 创建AE的示例如下:EAP认证通常导致扩展主会话密钥(EMSK)。 EMSK可用于创建证据主密钥(EMK),然后可用于为各种服务器创建AE。
-
公开(公告)号:US20120042160A1
公开(公告)日:2012-02-16
申请号:US13207394
申请日:2011-08-10
CPC分类号: H04L63/0884 , H04L9/0844 , H04L9/321 , H04L9/3271 , H04L63/067 , H04L63/0892 , H04L63/105 , H04L63/166
摘要: A method of authentication and authorization over a communications system is provided. Disclosed herein are systems and methods for creating a cryptographic evidence, called authentication/authorization evidence, AE, when a successful authentication/authorization between a client and an authentication server is complete. There are a variety of methods for generating AE. For instance, the AE can be data that is exchanged during the authentication signaling or data that results from it. A distinctive point being that AE results from the authentication process and is used as prior state for the following TLS exchange. An example for creation of AE, is as follows: EAP authentications typically result in an Extended Master Session Key (EMSK). The EMSK can be used to create an Evidence Master Key (EMK) that can then be used to create AE for a variety of servers.
摘要翻译: 提供了一种通信系统的认证和授权方法。 本文公开了当客户端和认证服务器之间的成功认证/授权完成时,用于创建加密证据的系统和方法,称为认证/授权证据。 有多种生成AE的方法。 例如,AE可以是在认证信令期间交换的数据或由其产生的数据。 一个独特之处在于,AE来自认证过程,并被用作以下TLS交换的先前状态。 创建AE的示例如下:EAP认证通常导致扩展主会话密钥(EMSK)。 EMSK可用于创建证据主密钥(EMK),然后可用于为各种服务器创建AE。
-
3.发明授权公开(公告)号:US09178869B2
公开(公告)日:2015-11-03
申请号:US13080301
申请日:2011-04-05
申请人: Madjid F. Nakhjiri , Tat Keung Chan
发明人: Madjid F. Nakhjiri , Tat Keung Chan
IPC分类号: G06F15/173 , H04L29/06
CPC分类号: H04L63/0823
摘要: A method and apparatus are provided for locating network resources over a communication network. The method includes receiving a digital certificate identifying a first entity and extracting information from at least one predetermined field of the digital certificate. The extracted information is used as input to a location generation function to create a resource locator (e.g., a URL). The network resource is contacted over the communication network in accordance with a communication protocol using the resource locator to obtain requested information concerning the first entity.
摘要翻译: 提供了一种用于通过通信网络定位网络资源的方法和装置。 该方法包括接收标识第一实体的数字证书,并从数字证书的至少一个预定字段提取信息。 所提取的信息被用作位置生成功能的输入以创建资源定位符(例如,URL)。 根据使用资源定位器的通信协议,通过通信网络联系网络资源,以获得关于第一实体的请求信息。
-
4.发明申请公开(公告)号:US20110246646A1
公开(公告)日:2011-10-06
申请号:US13080301
申请日:2011-04-05
申请人: Madjid F. Nakhjiri , Tat Keung Chan
发明人: Madjid F. Nakhjiri , Tat Keung Chan
IPC分类号: G06F15/16
CPC分类号: H04L63/0823
摘要: A method and apparatus are provided for locating network resources over a communication network. The method includes receiving a digital certificate identifying a first entity and extracting information from at least one predetermined field of the digital certificate. The extracted information is used as input to a location generation function to create a resource locator (e.g., a URL). The network resource is contacted over the communication network in accordance with a communication protocol using the resource locator to obtain requested information concerning the first entity.
摘要翻译: 提供了一种用于通过通信网络定位网络资源的方法和装置。 该方法包括接收标识第一实体的数字证书,并从数字证书的至少一个预定字段提取信息。 所提取的信息被用作位置生成功能的输入以创建资源定位符(例如,URL)。 根据使用资源定位器的通信协议,通过通信网络联系网络资源,以获得关于第一实体的请求信息。
-
5.发明申请公开(公告)号:US20100318791A1
公开(公告)日:2010-12-16
申请号:US12814554
申请日:2010-06-14
IPC分类号: H04L29/06
CPC分类号: H04L63/0823 , H04L9/3268 , H04L63/10 , H04L2209/603 , H04L2209/76
摘要: Systems and methods are disclosed for providing certificate status information about a certificate includes receiving, at a Certificate Status Information Protocol (CSIP) proxy device the certificate identity information about the certificate of the second device. Then determining, using the CSIP proxy device, whether the certificate status information is stored in a CSIP proxy device memory. If the certificate status information is not stored in the CSIP proxy device memory, creating a CSIP request based on the certificate identity information and sending the CSIP request, including the certificate identity information, to a CSIP responder computer outside the local network domain. If the certificate status information is stored in the CSIP proxy device memory, sending the certificate status information to the first device. Also, a system and method are disclosed for using a CSIP responder computer.
摘要翻译: 公开了用于提供关于证书的证书状态信息的系统和方法,包括在证书状态信息协议(CSIP)代理设备处接收关于第二设备的证书的证书身份信息。 然后,使用CSIP代理设备确定证书状态信息是否存储在CSIP代理设备存储器中。 如果证书状态信息未存储在CSIP代理设备存储器中,则根据证书身份信息创建CSIP请求,并将CSIP请求(包括证书身份信息)发送到本地网络域之外的CSIP响应者计算机。 如果证书状态信息存储在CSIP代理设备存储器中,则将证书状态信息发送到第一设备。 此外,公开了一种用于使用CSIP应答计算机的系统和方法。
-
公开(公告)号:US20110119739A1
公开(公告)日:2011-05-19
申请号:US12622016
申请日:2009-11-19
IPC分类号: H04L29/06
CPC分类号: H04L63/108 , H04L63/0823 , H04L67/04 , H04W12/04 , H04W12/06
摘要: A method is provided for operating a consumer programming device that provisions consumer electronic devices. The method includes receiving over a communication link a first enable message that authorizes the consumer programming device to make available one or more resources which enable it to provide services to consumer electronic devices. Services are provided to consumer electronic devices up until all the resources have been exhausted. Additional consumer electronic devices are provided with services only if a second enable message is received over the communication link.
摘要翻译: 提供了一种用于操作为消费者电子设备提供消费者编程设备的方法。 该方法包括通过通信链路接收授权消费者编程设备使可用的一个或多个资源使其能够向消费者电子设备提供服务的第一启用消息。 向消费电子设备提供服务,直到所有资源耗尽。 仅当通过通信链路接收到第二启用消息时,附加消费者电子设备才被提供有服务。
-
7.发明申请DYNAMIC CRYPTOGRAPHIC SUBSCRIBER-DEVICE IDENTITY BINDING FOR SUBSCRIBER MOBILITY 有权用于订阅者移动的动态CRYPTOGRAPHIC订阅者设备身份绑定公开(公告)号:US20110213969A1
公开(公告)日:2011-09-01
申请号:US13036139
申请日:2011-02-28
CPC分类号: H04L63/126 , H04L9/0861 , H04L9/3213 , H04L9/3263 , H04L63/061 , H04L63/08 , H04L63/0892 , H04L63/162 , H04L2209/603 , H04L2463/061 , H04L2463/082
摘要: A method of authentication and authorization over a communication system is provided. The method performs a first authentication of a device based on a set of device identity and credentials. The first authentication includes creation of a first set of keying material. The method also includes performing a second authentication of a subscriber based on a set of subscriber identity and credentials. The second authentication includes creation of a second set of keying material. A set of compound key material is created with a key derivation mechanism that uses the first set of keying material and the second set of keying material. A binding token is created by cryptographically signing at least the device identity authenticated in the first authentication and the subscriber identity authenticated in the second authentication using the set of compound keying material. The signed binding token is exchanged for verification with an authenticating and authorizing party.
摘要翻译: 提供了一种通信系统的认证和授权方法。 该方法基于一组设备身份和凭证来执行设备的第一认证。 第一认证包括创建第一组密钥材料。 该方法还包括基于一组订户身份和凭证来执行订户的第二认证。 第二认证包括创建第二组密钥材料。 使用密钥导出机制创建一组复合密钥材料,该机制使用第一组密钥材料和第二组密钥材料。 绑定令牌是通过使用该组复合密钥材料至少加密地签名在第一认证中认证的设备身份和在第二认证中认证的用户身份来创建的。 签署的绑定令牌与认证和授权方交换验证。
-
8.发明授权Dynamic cryptographic subscriber-device identity binding for subscriber mobility 有权动态加密用户设备身份绑定用于用户移动性公开(公告)号:US08555361B2
公开(公告)日:2013-10-08
申请号:US13036139
申请日:2011-02-28
IPC分类号: G06F21/00
CPC分类号: H04L63/126 , H04L9/0861 , H04L9/3213 , H04L9/3263 , H04L63/061 , H04L63/08 , H04L63/0892 , H04L63/162 , H04L2209/603 , H04L2463/061 , H04L2463/082
摘要: A method of authentication and authorization over a communication system is provided. The method performs a first authentication of a device based on a set of device identity and credentials. The first authentication includes creation of a first set of keying material. The method also includes performing a second authentication of a subscriber based on a set of subscriber identity and credentials. The second authentication includes creation of a second set of keying material. A set of compound key material is created with a key derivation mechanism that uses the first set of keying material and the second set of keying material. A binding token is created by cryptographically signing at least the device identity authenticated in the first authentication and the subscriber identity authenticated in the second authentication using the set of compound keying material. The signed binding token is exchanged for verification with an authenticating and authorizing party.
摘要翻译: 提供了一种通信系统的认证和授权方法。 该方法基于一组设备身份和凭证来执行设备的第一认证。 第一认证包括创建第一组密钥材料。 该方法还包括基于一组订户身份和凭证来执行订户的第二认证。 第二认证包括创建第二组密钥材料。 使用密钥导出机制创建一组复合密钥材料,该机制使用第一组密钥材料和第二组密钥材料。 绑定令牌是通过使用该组复合密钥材料至少加密地签名在第一认证中认证的设备身份和在第二认证中认证的用户身份来创建的。 签署的绑定令牌与认证和授权方交换验证。
-
公开(公告)号:US20100071040A1
公开(公告)日:2010-03-18
申请号:US12233279
申请日:2008-09-18
CPC分类号: H04L63/20 , G06F21/33 , H04L63/0823
摘要: A method, a network element, and a client device for creating a trusted connection with a network are disclosed. A client device 104 may attempt to access a sub-network 106. The client device 104 may determine that a certificate of the sub-network 106 is issued by a certification authority absent from a device certificate trust list. The client device 104 may receive via the sub-network 106 a certificate trust list update 400 from a certificate trust list provider 108.
摘要翻译: 公开了一种用于创建与网络的可信连接的方法,网络元件和客户端设备。 客户端设备104可以尝试访问子网络106.客户端设备104可以确定子网络106的证书是由设备证书信任列表中不存在的证书颁发机构颁发的。 客户端设备104可以经由子网络106从证书信任列表提供者108接收证书信任列表更新400。
-
公开(公告)号:US08887310B2
公开(公告)日:2014-11-11
申请号:US12622016
申请日:2009-11-19
CPC分类号: H04L63/108 , H04L63/0823 , H04L67/04 , H04W12/04 , H04W12/06
摘要: A method is provided for operating a consumer programming device that provisions consumer electronic devices. The method includes receiving over a communication link a first enable message that authorizes the consumer programming device to make available one or more resources which enable it to provide services to consumer electronic devices. Services are provided to consumer electronic devices up until all the resources have been exhausted. Additional consumer electronic devices are provided with services only if a second enable message is received over the communication link.
摘要翻译: 提供了一种用于操作为消费者电子设备提供消费者编程设备的方法。 该方法包括通过通信链路接收授权消费者编程设备使可用的一个或多个资源使其能够向消费者电子设备提供服务的第一启用消息。 向消费电子设备提供服务,直到所有资源耗尽。 仅当通过通信链路接收到第二启用消息时,附加消费者电子设备才被提供有服务。
-
-
-
-
-
-
-
-
-
搜索结果
28 条记录 (耗时 0.018 秒)
