-
公开(公告)号:US09204295B2
公开(公告)日:2015-12-01
申请号:US12259479
申请日:2008-10-28
申请人: Marc Blommaert , Dan Forsberg , Frank Mademann , Valtteri Niemi
发明人: Marc Blommaert , Dan Forsberg , Frank Mademann , Valtteri Niemi
摘要: The user equipment (UE) and the Mobility Management Entity (MME) in an evolved 3GPP system generate authentication material that can be carried inside a packet switched network temporary mobile station identifier (P-TMSI) signature field of a Universal Mobile Telecommunications System (UMTS) signaling message from the UE to a UMTS/GPRS serving GPRS support node (SGSN) in a UMTS or GPRS Terrestrial Radio Access Network (UTRAN) or in a GSM/Edge Radio Access Network (GERAN), as well as from the SGSN to the MME of the evolved 3GPP system. The MME authenticates a context transfer request from the UTRAN/GERAN system based on the transferred authentication material and knowledge of how to create or to verify the authentication material. Additionally, the MME and the UE derive or verify authentication material, based on at least one user-specific key, for embedding in the P-TMSI signature field in legacy 3GPP signalling.
摘要翻译: 演进的3GPP系统中的用户设备(UE)和移动性管理实体(MME)生成可以在通用移动电信系统(UMTS)的分组交换网络临时移动站标识符(P-TMSI)签名字段内携带的认证资料 )信令消息到UMTS或GPRS陆地无线电接入网络(UTRAN)或GSM /边缘无线电接入网络(GERAN)中的UMTS / GPRS服务GPRS支持节点(SGSN),以及从SGSN到 演进的3GPP系统的MME。 MME基于所传送的认证资料以及如何创建或验证认证资料的知识来认证来自UTRAN / GERAN系统的上下文传送请求。 另外,MME和UE基于至少一个用户专用密钥来导出或验证认证资料,以嵌入在传统3GPP信令中的P-TMSI签名字段中。
-
公开(公告)号:US20090111428A1
公开(公告)日:2009-04-30
申请号:US12259479
申请日:2008-10-28
申请人: Marc Blommaert , Dan Forsberg , Frank Mademann , Valtteri Niemi
发明人: Marc Blommaert , Dan Forsberg , Frank Mademann , Valtteri Niemi
摘要: The user equipment (UE) and the Mobility Management Entity (MME) in an evolved 3GPP system generate authentication material that can be carried inside a packet switched network temporary mobile station identifier (P-TMSI) signature field of a Universal Mobile Telecommunications System (UMTS) signaling message from the UE to a UMTS/GPRS serving GPRS support node (SGSN) in a UMTS or GPRS Terrestrial Radio Access Network (UTRAN) or in a GSM/Edge Radio Access Network (GERAN), as well as from the SGSN to the MME of the evolved 3GPP system. The MME authenticates a context transfer request from the UTRAN/GERAN system based on the transferred authentication material and knowledge of how to create or to verify the authentication material. Additionally, the MME and the UE derive or verify authentication material, based on at least one user-specific key, for embedding in the P-TMSI signature field in legacy 3GPP signalling.
摘要翻译: 演进的3GPP系统中的用户设备(UE)和移动性管理实体(MME)生成可以在通用移动电信系统(UMTS)的分组交换网络临时移动站标识符(P-TMSI)签名字段内携带的认证资料 )信令消息到UMTS或GPRS陆地无线电接入网络(UTRAN)或GSM /边缘无线电接入网络(GERAN)中的UMTS / GPRS服务GPRS支持节点(SGSN),以及从SGSN到 演进的3GPP系统的MME。 MME基于所传送的认证资料以及如何创建或验证认证资料的知识来认证来自UTRAN / GERAN系统的上下文传送请求。 另外,MME和UE基于至少一个用户专用密钥来导出或验证认证资料,以嵌入在传统3GPP信令中的P-TMSI签名字段中。
-
3.发明申请METHODS, APPARATUSES AND COMPUTER PROGRAM PRODUCTS FOR PROVIDING MULTI-HOP CRYPTOGRAPHIC SEPARATION FOR HANDOVERS 审中-公开方法,设备和计算机程序产品,用于提供切换器的多层结构分离公开(公告)号:US20110116629A1
公开(公告)日:2011-05-19
申请号:US12936332
申请日:2009-03-30
IPC分类号: H04L9/00
CPC分类号: H04W12/04 , H04L9/083 , H04L9/0866 , H04L63/062 , H04L2209/80 , H04L2463/061 , H04W36/08
摘要: A method, apparatus and computer program product are provided to provide cryptographical key separation for handovers. A method is provided which includes calculating a key based at least in part upon a previously stored first intermediary value. The method also includes calculating a second intermediary value based at least in part upon the calculated key. The method additionally includes sending a path switch acknowledgement including the second intermediary value to a target access point. The method may further include receiving a path switch message including an indication of a cell identification and calculating the encryption key based upon the indication of the cell identification. The method may further include storing the second intermediary value. The calculation of the key may further comprise calculating the key following a radio link handover. Corresponding apparatuses and computer program products are also provided.
摘要翻译: 提供了一种方法,装置和计算机程序产品来提供用于切换的密码分离。 提供了一种方法,其包括至少部分地基于先前存储的第一中间值来计算密钥。 该方法还包括至少部分地基于所计算的密钥来计算第二中间值。 该方法另外包括将包括第二中间值的路径切换确认发送到目标接入点。 该方法还可以包括接收包括小区标识的指示的路径切换消息,并且基于小区标识的指示来计算加密密钥。 该方法还可以包括存储第二中间值。 密钥的计算还可以包括在无线电链路切换之后计算密钥。 还提供了相应的设备和计算机程序产品。
-
4.发明申请INTEGRATION OF PRE REL-8 HOME LOCATION REGISTERS IN EVOLVED PACKET SYSTEM 审中-公开集成了先进的包装系统中的8位家居位置寄存器公开(公告)号:US20110191576A1
公开(公告)日:2011-08-04
申请号:US12810983
申请日:2008-09-24
申请人: Dan Forsberg , Günther Horn , Marc Blommaert
发明人: Dan Forsberg , Günther Horn , Marc Blommaert
IPC分类号: H04L9/00
CPC分类号: H04W12/06 , H04L63/0853 , H04W12/04031
摘要: Cryptographic network separation functionality is provided on a user device. An option to store information about a type of database where a user is homed is provided in an indicator on a storage medium. An interface is provided between the user device and the storage medium for accessing the indicator. In case the information about the type of database cannot be obtained from the storage medium, it is determined not to enforce the cryptographic network separation functionality on the user device.
摘要翻译: 在用户设备上提供加密网络分离功能。 在存储介质上的指示符中提供存储关于用户归属的数据库类型的信息的选项。 在用户设备和存储介质之间提供用于访问指示符的接口。 在不能从存储介质获取关于数据库类型的信息的情况下,确定不在用户设备上强制加密网络分离功能。
-
5.发明授权公开(公告)号:US09526003B2
公开(公告)日:2016-12-20
申请号:US12918856
申请日:2008-02-25
申请人: Marc Blommaert , Guenther Horn
发明人: Marc Blommaert , Guenther Horn
CPC分类号: H04L9/0819 , H04L9/0863 , H04L9/0869 , H04L63/083 , H04L63/12 , H04L63/168 , H04L67/02 , H04W12/06
摘要: The present invention is related to a method, apparatus, and computer program product, in which a password-based digest access authentication procedure is used for performing authentication between a client and a server, wherein the authentication procedure is secured by at least one of modifying a digest-response parameter with a user password and generating a bootstrapped key based on the user password and at least one fresh parameter not used in a previous protocol run between the client and the server.
摘要翻译: 本发明涉及一种方法,装置和计算机程序产品,其中使用基于密码的摘要访问认证过程来在客户机和服务器之间执行认证,其中认证过程通过修改 具有用户密码的摘要响应参数,并且基于用户密码生成引导密钥,以及在客户端和服务器之间的先前协议中不使用的至少一个新鲜参数。
-
6.发明申请Method for agreeing between at least one first and one second communication subscriber to security key for securing communication link 有权用于在至少一个第一和第二通信用户之间同意用于保护通信链路的安全密钥的方法公开(公告)号:US20090132806A1
公开(公告)日:2009-05-21
申请号:US11921870
申请日:2006-04-10
申请人: Marc Blommaert , Gunther Horn
发明人: Marc Blommaert , Gunther Horn
IPC分类号: H04L9/32
CPC分类号: H04W12/02 , H04L9/0844 , H04L63/061 , H04L63/0853 , H04L2209/80 , H04W8/205 , H04W12/04 , H04W12/06
摘要: The use of suitable measures in a method for agreeing on a security key between at least one first and one second communication station to secure a communication link is improved so that the security level for the communication is increased and the improved method can be combined with already available methods. A first parameter is determined from an authentication and key derivation protocol. In addition, an additional parameter is sent securely from the second to the first communications station. A security key is then determined from the first parameter and the additional parameter.
摘要翻译: 提高了在用于同意至少一个第一和第二通信站之间的安全密钥以保护通信链路的方法中的适当措施的使用,使得增加了通信的安全级别,并且改进的方法可以与已经相结合 可用的方法。 从认证和密钥导出协议确定第一参数。 此外,从第二通信站安全地发送附加参数。 然后根据第一参数和附加参数确定安全密钥。
-
7.发明授权Methods, apparatuses, and computer program products for providing fresh security context during intersystem mobility 有权用于在系统间移动性期间提供新的安全上下文的方法,装置和计算机程序产品公开(公告)号:US08798632B2
公开(公告)日:2014-08-05
申请号:US12997793
申请日:2008-06-13
CPC分类号: H04W36/30 , H04L63/06 , H04L2463/061 , H04W12/04 , H04W36/0033 , H04W36/0038 , H04W36/04 , H04W36/12 , H04W36/14 , H04W36/18 , H04W92/10
摘要: A method, apparatus and computer program product are provided to provide fresh security context during intersystem mobility. A method is provided which includes receiving an indication of handover of a remote device from a source system to a target system. The target system may implement a communications standard different from that of the source system. The method also includes determining a current sequence number value of a security context maintained in the source system. The method additionally includes deriving a fresh mapped security context for the target system based at least in part upon the determined sequence number value. The method further includes providing the derived fresh mapped security context to the target system.
摘要翻译: 提供了一种方法,装置和计算机程序产品,以在系统间移动性期间提供新的安全上下文。 提供了一种方法,其包括从源系统向目标系统接收远程设备切换的指示。 目标系统可以实现与源系统不同的通信标准。 该方法还包括确定源系统中维护的安全上下文的当前序列号值。 该方法还包括至少部分地基于所确定的序列号值为目标系统导出新的映射的安全上下文。 该方法还包括将派生的新鲜映射的安全上下文提供给目标系统。
-
公开(公告)号:US08756624B2
公开(公告)日:2014-06-17
申请号:US12440539
申请日:2007-09-06
申请人: Marc Blommaert , Qi Guan
发明人: Marc Blommaert , Qi Guan
CPC分类号: H04N7/17309 , H04L63/0815 , H04L67/303 , H04N7/165 , H04N21/25816
摘要: When the set-top box (STB) has been switched on, registration and authentication with the provider (IDP) are carried out (1, 2, 3). Following successful authentication, a piece of authentication information is then sent (4) to the set-top box (STB), which the set-top box (STB) sends (5) to a service provider (SP1) for registration. The service provider (SP1) then sets up (6) a connection to the provider (IDP) of the registration and authentication function in order to verify the authentication information and to request guidelines for charging, and the provider (IDP) of the registration and authentication function sends (7) confirmation to the service provider.
摘要翻译: 当机顶盒(STB)已被接通时,进行与提供商(IDP)的注册和认证(1,2,3)。 在成功认证之后,然后将一条认证信息(4)发送到机顶盒(STB),机顶盒(STB)向机顶盒(STB)发送(5)到服务提供商(SP1)进行注册。 服务提供商(SP1)然后设置(6)与注册和认证功能的提供商(IDP)的连接,以便验证认证信息并请求收费指导,以及注册的提供者(IDP)和 认证功能向服务提供商发送(7)确认。
-
9.发明授权Method for agreeing between at least one first and one second communication subscriber to security key for securing communication link 有权用于在至少一个第一和第二通信用户之间同意用于保护通信链路的安全密钥的方法公开(公告)号:US08291222B2
公开(公告)日:2012-10-16
申请号:US11921870
申请日:2006-04-10
申请人: Marc Blommaert , Günther Horn
发明人: Marc Blommaert , Günther Horn
IPC分类号: H04L29/06
CPC分类号: H04W12/02 , H04L9/0844 , H04L63/061 , H04L63/0853 , H04L2209/80 , H04W8/205 , H04W12/04 , H04W12/06
摘要: The use of suitable measures in a method for agreeing on a security key between at least one first and one second communication station to secure a communication link is improved so that the security level for the communication is increased and the improved method can be combined with already available methods. A first parameter is determined from an authentication and key derivation protocol. In addition, an additional parameter is sent securely from the second to the first communications station. A security key is then determined from the first parameter and the additional parameter.
摘要翻译: 提高了在用于同意至少一个第一和第二通信站之间的安全密钥以保护通信链路的方法中的适当措施的使用,使得增加了通信的安全级别,并且改进的方法可以与已经相结合 可用的方法。 从认证和密钥导出协议确定第一参数。 此外,从第二通信站安全地发送附加参数。 然后从第一参数和附加参数确定安全密钥。
-
10.发明申请公开(公告)号:US20110145575A1
公开(公告)日:2011-06-16
申请号:US12918856
申请日:2008-02-25
申请人: Marc Blommaert , Guenther Horn
发明人: Marc Blommaert , Guenther Horn
IPC分类号: H04L9/32
CPC分类号: H04L9/0819 , H04L9/0863 , H04L9/0869 , H04L63/083 , H04L63/12 , H04L63/168 , H04L67/02 , H04W12/06
摘要: The present invention is related to a method, apparatus, and computer program product, in which a password-based digest access authentication procedure is used for performing authentication between a client and a server, wherein the authentication procedure is secured by at least one of modifying a digest-response parameter with a user password and generating a bootstrapped key based on the user password and at least one fresh parameter not used in a previous protocol run between the client and the server.
摘要翻译: 本发明涉及一种方法,装置和计算机程序产品,其中使用基于密码的摘要访问认证过程来在客户机和服务器之间执行认证,其中认证过程通过修改 具有用户密码的摘要响应参数,并且基于用户密码生成引导密钥,以及在客户端和服务器之间的先前协议中不使用的至少一个新鲜参数。
-
-
-
-
-
-
-
-
-
搜索结果
12 条记录 (耗时 0.019 秒)
