-
公开(公告)号:US20120198527A1
公开(公告)日:2012-08-02
申请号:US13254013
申请日:2009-03-04
申请人: Mats Näslund , Rolf Blom , Yi Cheng , Fredrik Lindholm , Karl Norrman
发明人: Mats Näslund , Rolf Blom , Yi Cheng , Fredrik Lindholm , Karl Norrman
IPC分类号: G06F21/20
CPC分类号: H04L63/06 , H04L9/0844 , H04L2209/80 , H04W12/04
摘要: A method of establishing keys for at least partially securing media plane data exchanged between first and second end users via respective first and second media plane network nodes. The method comprises sending session set-up signalling from said first end point towards said second end point, said session set-up signalling including a session key generated by said first end point. The set-up signalling is intercepted at a first signalling plane network node and a determination made as to whether or not a signalling plane key has already been established for securing the signalling plane between said first end point and said first signalling plane network node. If a signalling plane key has already been established, then a media plane key is derived from that signalling plane key, and the media plane key sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node. If a signalling plane key has not already been established, then an alternative media plane key is derived from said session key and sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node.
摘要翻译: 一种建立用于经由相应的第一和第二媒体平面网络节点至少部分地保护在第一和第二终端用户之间交换的媒体平面数据的密钥的方法。 该方法包括从所述第一端点向所述第二端点发送会话建立信令,所述会话建立信令包括由所述第一端点产生的会话密钥。 建立信令在第一信令平面网络节点被拦截,并且确定信令平面密钥是否已被建立用于在所述第一终端和所述第一信令平面网络节点之间保护信令平面。 如果已经建立了信令平面密钥,则从该信令平面密钥导出媒体平面密钥,并且将媒体平面密钥发送到所述第一媒体平面网络节点,以将介质平面固定在所述第一终端用户和所述第一媒体之间 平面网络节点。 如果还没有建立信令平面密钥,则从所述会话密钥导出替代媒体平面密钥,并将其发送到所述第一媒体平面网络节点,以便在所述第一终端用户和所述第一媒体平面网络节点之间保护媒体平面。
-
公开(公告)号:US08539564B2
公开(公告)日:2013-09-17
申请号:US13254013
申请日:2009-03-04
申请人: Mats Näslund , Rolf Blom , Yi Cheng , Fredrik Lindholm , Karl Norrman
发明人: Mats Näslund , Rolf Blom , Yi Cheng , Fredrik Lindholm , Karl Norrman
IPC分类号: G06F7/04
CPC分类号: H04L63/06 , H04L9/0844 , H04L2209/80 , H04W12/04
摘要: A method of establishing keys for at least partially securing media plane data exchanged between first and second end users via respective first and second media plane network nodes. The method comprises sending session set-up signalling from said first end point towards said second end point, said session set-up signalling including a session key generated by said first end point. The set-up signalling is intercepted at a first signalling plane network node and a determination made as to whether or not a signalling plane key has already been established for securing the signalling plane between said first end point and said first signalling plane network node. If a signalling plane key has already been established, then a media plane key is derived from that signalling plane key, and the media plane key sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node. If a signalling plane key has not already been established, then an alternative media plane key is derived from said session key and sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node.
摘要翻译: 一种建立用于经由相应的第一和第二媒体平面网络节点至少部分地保护在第一和第二终端用户之间交换的媒体平面数据的密钥的方法。 该方法包括从所述第一端点向所述第二端点发送会话建立信令,所述会话建立信令包括由所述第一端点产生的会话密钥。 建立信令在第一信令平面网络节点被拦截,并且确定信令平面密钥是否已被建立用于在所述第一终端和所述第一信令平面网络节点之间保护信令平面。 如果已经建立了信令平面密钥,则从该信令平面密钥导出媒体平面密钥,并且将媒体平面密钥发送到所述第一媒体平面网络节点,以将介质平面固定在所述第一终端用户和所述第一媒体之间 平面网络节点。 如果还没有建立信令平面密钥,则从所述会话密钥导出替代媒体平面密钥,并将其发送到所述第一媒体平面网络节点,以便在所述第一终端用户和所述第一媒体平面网络节点之间保护媒体平面。
-
公开(公告)号:US07917946B2
公开(公告)日:2011-03-29
申请号:US10472526
申请日:2002-04-10
申请人: Fredrik Lindholm , Rolf Blom , Karl Norrman , Göran Selander , Mats Näslund
发明人: Fredrik Lindholm , Rolf Blom , Karl Norrman , Göran Selander , Mats Näslund
IPC分类号: G06F17/00 , G06F17/30 , G06F12/14 , G06F15/16 , G06F15/173 , H04N7/16 , H04N7/167 , H04L29/06 , H04L9/32 , H04L9/08 , H04L9/00 , H04K1/00
CPC分类号: H04L63/0442 , G06F21/10 , G06F2221/0737 , G06F2221/0797 , H04L29/06027 , H04L63/0807 , H04L65/4084 , H04L65/607 , H04L65/608 , H04L67/14
摘要: In a procedure for delivering streaming media, a Client first requests the media from an Order Server. The Order Server authenticates the Client and sends a ticket to the Client. Then, the Client sends the ticket to a Streaming Server. The Streaming Server checks the ticket for validity and if found valid encrypts the streaming data using a standardized real-time protocol such as the SRTP and transmits the encrypted data to the Client. The Client receives the data and decrypts them. Copyrighted material adapted to streaming can be securely delivered to the Client. The robust protocol used is very well suited for in particular wireless clients and similar devices having a low capacity such as cellular telephones and PDAs.
摘要翻译: 在提供流媒体的过程中,客户端首先从订单服务器请求媒体。 订单服务器对客户端进行身份验证,并向客户端发送故障单。 然后,客户端将票证发送到流服务器。 流服务器检查故障单的有效性,如果发现有效,则使用标准化的实时协议(如SRTP)对流数据进行加密,并将加密的数据发送到客户端。 客户端接收数据并对其进行解密。 适用于流媒体的版权材料可以安全地传递给客户端。 所使用的鲁棒协议非常适合于具有低容量的特定无线客户端和类似设备,例如蜂窝电话和PDA。
-
公开(公告)号:US08196194B2
公开(公告)日:2012-06-05
申请号:US12895242
申请日:2010-09-30
申请人: Fredrik Lindholm , Rolf Blom , Karl Norrman , Göran Selander , Mats Näslund
发明人: Fredrik Lindholm , Rolf Blom , Karl Norrman , Göran Selander , Mats Näslund
IPC分类号: G06F17/00 , G06F17/30 , G06F12/14 , G06F15/16 , G06F15/173 , H04N7/16 , H04N7/167 , H04L29/06 , H04L9/32 , H04L9/08 , H04L9/00 , H04K1/00
CPC分类号: H04L63/0442 , G06F21/10 , G06F2221/0737 , G06F2221/0797 , H04L29/06027 , H04L63/0807 , H04L65/4084 , H04L65/607 , H04L65/608 , H04L67/14
摘要: In a procedure for delivering streaming media, a Client first requests the media from an Order Server. The Order Server authenticates the Client and sends a ticket to the Client. Then, the Client sends the ticket to a Streaming Server. The Streaming Server checks the ticket for validity and if found valid encrypts the streaming data using a standardized real-time protocol such as the SRTP and transmits the encrypted data to the Client. The Client receives the data and decrypts them. Copyrighted material adapted to streaming can be securely delivered to the Client. The robust protocol used is very well suited for in particular wireless clients and similar devices having a low capacity such as cellular telephones and PDAs.
摘要翻译: 在提供流媒体的过程中,客户端首先从订单服务器请求媒体。 订单服务器对客户端进行身份验证,并向客户端发送故障单。 然后,客户端将票证发送到流服务器。 流服务器检查故障单的有效性,并且如果发现有效使用诸如SRTP的标准化实时协议对流数据进行加密,并将加密的数据发送到客户端。 客户端接收数据并对其进行解密。 适用于流媒体的版权材料可以安全地传递给客户端。 所使用的鲁棒协议非常适合于具有低容量的特定无线客户端和类似设备,例如蜂窝电话和PDA。
-
5.发明申请公开(公告)号:US20130268681A1
公开(公告)日:2013-10-10
申请号:US13800129
申请日:2013-03-13
申请人: Luis Barriga , Rolf Blom , Yi Cheng , Fredrik Lindholm , Mats Naslund , Karl Norrman
发明人: Luis Barriga , Rolf Blom , Yi Cheng , Fredrik Lindholm , Mats Naslund , Karl Norrman
IPC分类号: H04W76/02
CPC分类号: H04W76/02 , H04L63/0428 , H04L65/1016 , H04L65/1069 , H04W12/02 , H04W12/04 , H04W76/10
摘要: An IMS system includes an IMS initiator user entity. The system includes an IMS responder user entity that is called by the initiator user entity. The system includes a calling side S-CSCF in communication with the caller entity which receives an INVITE having a first protection offer and parameters for key establishment from the caller entity, removes the first protection offer from the INVITE and forwards the INVITE without the first protection offer. The system includes a receiving end S-CSCF in communication with the responder user entity and the calling side S-CSCF which receives the INVITE without the first protection offer and checks that the responder user entity supports the protection, inserts a second protection offer into the INVITE and forwards the INVITE to the responder user entity, wherein the responder user entity accepts the INVITE including the second protection offer and answers with an acknowledgment having a first protection accept. A method for supporting a call by a telecommunications node.
摘要翻译: IMS系统包括IMS发起者用户实体。 该系统包括由发起者用户实体调用的IMS应答器用户实体。 该系统包括与主叫实体进行通信的主叫侧S-CSCF,其从呼叫方实体接收具有第一保护报价的INVITE和用于密钥建立的参数,从INVITE中移除第一保护报价并转发INVITE而没有第一保护 提供。 该系统包括与响应者用户实体通信的接收端S-CSCF,以及在没有第一保护提供的情况下接收INVITE的主叫侧S-CSCF,并检查响应者用户实体是否支持保护,将第二保护请求插入到 INVITE并将INVITE转发到响应者用户实体,其中响应者用户实体接受包括第二保护请求的INVITE和具有第一保护接受的确认的应答。 一种用于支持电信节点的呼叫的方法。
-
公开(公告)号:US08429737B2
公开(公告)日:2013-04-23
申请号:US12744720
申请日:2008-12-01
申请人: Luis Barriga , Rolf Blom , Yi Cheng , Fredrik Lindholm , Mats Naslund , Karl Norrman
发明人: Luis Barriga , Rolf Blom , Yi Cheng , Fredrik Lindholm , Mats Naslund , Karl Norrman
摘要: An IMS system includes an IMS initiator user entity. The system includes an IMS responder user entity that is called by the initiator user entity. The system includes a calling side S-CSCF in communication with the caller entity which receives an INVITE having a first protection offer and parameters for key establishment from the caller entity, removes the first protection offer from the INVITE and forwards the INVITE without the first protection offer. The system includes a receiving end S-CSCF in communication with the responder user entity and the calling side S-CSCF which receives the INVITE without the first protection offer and checks that the responder user entity supports the protection, inserts a second protection offer into the INVITE and forwards the INVITE to the responder user entity, wherein the responder user entity accepts the INVITE including the second protection offer and answers with an acknowledgment having a first protection accept. A method for supporting a call by a telecommunications node.
-
公开(公告)号:US20100268937A1
公开(公告)日:2010-10-21
申请号:US12744986
申请日:2007-11-30
申请人: Rolf Blom , Yi Cheng , Fredrik Lindholm , John Mattsson , Mats Naslund , Karl Norrman
发明人: Rolf Blom , Yi Cheng , Fredrik Lindholm , John Mattsson , Mats Naslund , Karl Norrman
CPC分类号: H04L9/0838 , H04L9/083 , H04L9/0861 , H04L63/061 , H04L63/062 , H04L63/0884 , H04L65/1016
摘要: A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary.
摘要翻译: 公开了一种用于管理用于通信网络中的第一和第二用户设备之间的安全通信的会话密钥的方法和装置。 该方法的特征在于独立于每个用户设备为安全操作实现什么类型的凭证。 第一用户从第一密钥管理服务器接收密钥信息和凭证并生成第一会话密钥。 该凭证被转发到至少一个响应用户设备,在来自与第一密钥管理服务器通信的第二密钥管理服务器的支持下,解决凭证并确定第二会话密钥。 此后,第一和第二会话密钥用于安全通信。 在一个实施例中,通信遍及中间体,由此第一和第二会话密钥保护与相应的腿到中间的通信。
-
公开(公告)号:US09178696B2
公开(公告)日:2015-11-03
申请号:US12744986
申请日:2007-11-30
申请人: Rolf Blom , Yi Cheng , Fredrik Lindholm , John Mattsson , Mats Naslund , Karl Norrman
发明人: Rolf Blom , Yi Cheng , Fredrik Lindholm , John Mattsson , Mats Naslund , Karl Norrman
CPC分类号: H04L9/0838 , H04L9/083 , H04L9/0861 , H04L63/061 , H04L63/062 , H04L63/0884 , H04L65/1016
摘要: A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary.
摘要翻译: 公开了一种用于管理用于通信网络中的第一和第二用户设备之间的安全通信的会话密钥的方法和装置。 该方法的特征在于独立于每个用户设备为安全操作实现什么类型的凭证。 第一用户从第一密钥管理服务器接收密钥信息和凭证并生成第一会话密钥。 该凭证被转发到至少一个响应用户设备,在来自与第一密钥管理服务器通信的第二密钥管理服务器的支持下,解决凭证并确定第二会话密钥。 此后,第一和第二会话密钥用于安全通信。 在一个实施例中,通信遍及中间体,由此第一和第二会话密钥保护与相应的腿到中间的通信。
-
9.发明授权公开(公告)号:US08549615B2
公开(公告)日:2013-10-01
申请号:US12744720
申请日:2008-12-01
申请人: Luis Barriga , Rolf Blom , Yi Cheng , Fredrik Lindholm , Mats Naslund , Karl Norrman
发明人: Luis Barriga , Rolf Blom , Yi Cheng , Fredrik Lindholm , Mats Naslund , Karl Norrman
CPC分类号: H04W76/02 , H04L63/0428 , H04L65/1016 , H04L65/1069 , H04W12/02 , H04W12/04 , H04W76/10
摘要: An IMS system includes an IMS initiator user entity. The system includes an IMS responder user entity that is called by the initiator user entity. The system includes a calling side S-CSCF in communication with the caller entity which receives an INVITE having a first protection offer and parameters for key establishment from the caller entity, removes the first protection offer from the INVITE and forwards the INVITE without the first protection offer. The system includes a receiving end S-CSCF in communication with the responder user entity and the calling side S-CSCF which receives the INVITE without the first protection offer and checks that the responder user entity supports the protection, inserts a second protection offer into the INVITE and forwards the INVITE to the responder user entity, wherein the responder user entity accepts the INVITE including the second protection offer and answers with an acknowledgment having a first protection accept. A method for supporting a call by a telecommunications node.
摘要翻译: IMS系统包括IMS发起者用户实体。 该系统包括由发起者用户实体调用的IMS应答器用户实体。 该系统包括与主叫实体进行通信的主叫侧S-CSCF,其从呼叫方实体接收具有第一保护报价的INVITE和用于密钥建立的参数,从INVITE中移除第一保护报价并转发INVITE而没有第一保护 提供。 该系统包括与响应者用户实体通信的接收端S-CSCF,以及在没有第一保护提供的情况下接收INVITE的主叫侧S-CSCF,并检查响应者用户实体是否支持保护,将第二保护请求插入到 INVITE并将INVITE转发到响应者用户实体,其中响应者用户实体接受包括第二保护请求的INVITE和具有第一保护接受的确认的应答。 一种用于支持电信节点的呼叫的方法。
-
10.发明授权公开(公告)号:US08832821B2
公开(公告)日:2014-09-09
申请号:US13800129
申请日:2013-03-13
申请人: Luis Barriga , Rolf Blom , Yi Cheng , Fredrik Lindholm , Mats Naslund , Karl Norrman
发明人: Luis Barriga , Rolf Blom , Yi Cheng , Fredrik Lindholm , Mats Naslund , Karl Norrman
CPC分类号: H04W76/02 , H04L63/0428 , H04L65/1016 , H04L65/1069 , H04W12/02 , H04W12/04 , H04W76/10
摘要: An IMS system includes an IMS initiator user entity. The system includes an IMS responder user entity that is called by the initiator user entity. The system includes a calling side S-CSCF in communication with the caller entity which receives an INVITE having a first protection offer and parameters for key establishment from the caller entity, removes the first protection offer from the INVITE and forwards the INVITE without the first protection offer. The system includes a receiving end S-CSCF in communication with the responder user entity and the calling side S-CSCF which receives the INVITE without the first protection offer and checks that the responder user entity supports the protection, inserts a second protection offer into the INVITE and forwards the INVITE to the responder user entity, wherein the responder user entity accepts the INVITE including the second protection offer and answers with an acknowledgment having a first protection accept. A method for supporting a call by a telecommunications node.
摘要翻译: IMS系统包括IMS发起者用户实体。 该系统包括由发起者用户实体调用的IMS应答器用户实体。 该系统包括与主叫实体进行通信的主叫侧S-CSCF,其从呼叫方实体接收具有第一保护报价的INVITE和用于密钥建立的参数,从INVITE中移除第一保护报价并转发INVITE而没有第一保护 提供。 该系统包括与响应者用户实体通信的接收端S-CSCF,以及在没有第一保护提供的情况下接收INVITE的主叫侧S-CSCF,并检查响应者用户实体是否支持保护,将第二保护请求插入到 INVITE并将INVITE转发到响应者用户实体,其中响应者用户实体接受包括第二保护请求的INVITE和具有第一保护接受的确认的应答。 一种用于支持电信节点的呼叫的方法。
-
-
-
-
-
-
-
-
-
搜索结果
138 条记录 (耗时 0.025 秒)
