Methods for secure and bandwidth efficient cryptographic synchronization
    1.
    发明授权
    Methods for secure and bandwidth efficient cryptographic synchronization 有权
    安全和带宽有效的加密同步方法

    公开(公告)号:US07725709B2

    公开(公告)日:2010-05-25

    申请号:US11470554

    申请日:2006-09-06

    IPC分类号: H04L29/06

    CPC分类号: H04L9/12 H04L9/0861 H04L9/16

    摘要: Methods for cryptographic synchronization of data packets. A roll-over counter (ROC) value is periodically appended to and transmitted with a data packet when a function of the packet sequence number equals a predetermined value. The ROC effectively synchronizes the cryptographic transformation of the data packets. Although the disclosed methods are generally applicable to many transmission protocols, they are particularly adaptable for use in systems wherein the data packets are transmitted to a receiver using the Secure Real-Time Transport Protocol (SRTP) as defined in Internet Engineering Task Force (IETF) Request for Comments (RFC) 3711.

    摘要翻译: 数据包的密码同步方法。 当分组序列号的功能等于预定值时,翻转计数器(ROC)值周期性地附加到数据分组并与数据分组一起发送。 ROC有效地同步数据包的加密转换。 虽然所公开的方法通常适用于许多传输协议,但是它们特别适用于在使用因特网工程任务组(IETF)中定义的安全实时传输协议(SRTP)将数据分组发送到接收机的系统中, 请求注释(RFC)3711。

    Enhanced key management for SRNS relocation
    2.
    发明授权
    Enhanced key management for SRNS relocation 有权
    增强SRNS搬迁的密钥管理

    公开(公告)号:US08929543B2

    公开(公告)日:2015-01-06

    申请号:US13634920

    申请日:2011-03-16

    IPC分类号: H04L9/00 H04W36/00 H04W12/04

    摘要: A method comprises maintaining, in a first node serving a mobile terminal over a connection protected by at least one first key, said first key and information about the key management capabilities of the mobile terminal. Upon relocation of the mobile terminal to a second node the method includes: if, and only if, said key management capabilities indicate an enhanced key management capability supported by the mobile terminal, modifying, by said first node, the first key, thereby creating a second key, sending, from the first node to the second node, the second key, and transmitting to the second node the information about the key management capabilities of the mobile terminal.

    摘要翻译: 一种方法包括在通过由至少一个第一密钥保护的连接上为移动终端服务的第一节点中保留所述第一密钥和关于移动终端的密钥管理能力的信息。 在将移动终端重新定位到第二节点时,该方法包括:如果并且仅当所述密钥管理能力指示由移动终端支持的增强密钥管理能力时,由所述第一节点修改第一密钥,从而创建 第二密钥,从第一节点向第二节点发送第二密钥,并向第二节点发送关于移动终端的密钥管理能力的信息。

    Robust and flexible digital rights management involving a tamper-resistant identity module
    3.
    发明申请
    Robust and flexible digital rights management involving a tamper-resistant identity module 有权
    强大而灵活的数字版权管理涉及防篡改身份模块

    公开(公告)号:US20050278787A1

    公开(公告)日:2005-12-15

    申请号:US10524583

    申请日:2002-12-19

    摘要: The invention relates to digital rights management, and proposes the implementation of a DRM agent (125) into a tamper-resistant identity module (120) adapted for engagement with a client system (100), such as a mobile phone or a computer system. The DRM agent (125) is generally implemented with functionality for enabling usage, such as rendering or execution of protected digital content provided to the client system from a content provider In general, the DRM agent (125) includes functionality for cryptographic processing of DRM metadata associated with the digital content to be rendered. In a particularly advantageous realization, the DRM agent is implemented as an application in the application environment of the identity module. The DRM application can be preprogrammed into the application environment, or securely downloaded from a trusted party associated with the identity module. The invention also relates to a distributed DRM module, with communication between distributed DRM agents (125, 135) based on usage-device specific key information.

    摘要翻译: 本发明涉及数字版权管理,并且提出将DRM代理(125)实现到适用于与例如移动电话或计算机系统的客户端系统(100)接合的防篡改身份模块(120)中。 DRM代理(125)通常由具有用于启用使用的功能来实现,例如从内容提供商呈现或执行提供给客户端系统的受保护数字内容通常,DRM代理(125)包括用于DRM​​元数据的密码处理的功能 与要呈现的数字内容相关联。 在特别有利的实现中,DRM代理被实现为身份模块的应用环境中的应用。 DRM应用可以被预编程到应用环境中,或者从与身份模块相关联的可信方安全地下载。 本发明还涉及一种基于使用设备特定密钥信息的分布式DRM代理(125,135)之间的通信的分布式DRM模块。

    Lawful interception of encrypted communications

    公开(公告)号:US10432606B2

    公开(公告)日:2019-10-01

    申请号:US14370862

    申请日:2012-04-27

    IPC分类号: H04L29/06 H04L9/32

    摘要: A method and apparatus for providing access to an encrypted communication between a sending node and a receiving node to a Law Enforcement Agency (LEA). A Key Management Server (KMS) function stores cryptographic information used to encrypt the communication at a database. The cryptographic information is associated with an identifier used to identify the encrypted communication between the sending node and the receiving node. The KMS receives a request for Lawful Interception, the request including an identity of a Lawful Interception target. The KMS uses the target identity to determine the identifier, and retrieves the cryptographic information associated with the identifier from the database. The cryptographic information can be used to decrypt the encrypted communication. The KMS then sends either information derived from the cryptographic information or a decrypted communication towards the LEA. This allows the LEA to obtain a decrypted version of the communication.

    Method and Apparatuses for End-to-Edge Media Protection in ANIMS System
    5.
    发明申请
    Method and Apparatuses for End-to-Edge Media Protection in ANIMS System 有权
    ANIMS系统中端到端媒体保护的方法与设备

    公开(公告)号:US20130268681A1

    公开(公告)日:2013-10-10

    申请号:US13800129

    申请日:2013-03-13

    IPC分类号: H04W76/02

    摘要: An IMS system includes an IMS initiator user entity. The system includes an IMS responder user entity that is called by the initiator user entity. The system includes a calling side S-CSCF in communication with the caller entity which receives an INVITE having a first protection offer and parameters for key establishment from the caller entity, removes the first protection offer from the INVITE and forwards the INVITE without the first protection offer. The system includes a receiving end S-CSCF in communication with the responder user entity and the calling side S-CSCF which receives the INVITE without the first protection offer and checks that the responder user entity supports the protection, inserts a second protection offer into the INVITE and forwards the INVITE to the responder user entity, wherein the responder user entity accepts the INVITE including the second protection offer and answers with an acknowledgment having a first protection accept. A method for supporting a call by a telecommunications node.

    摘要翻译: IMS系统包括IMS发起者用户实体。 该系统包括由发起者用户实体调用的IMS应答器用户实体。 该系统包括与主叫实体进行通信的主叫侧S-CSCF,其从呼叫方实体接收具有第一保护报价的INVITE和用于密钥建立的参数,从INVITE中移除第一保护报价并转发INVITE而没有第一保护 提供。 该系统包括与响应者用户实体通信的接收端S-CSCF,以及在没有第一保护提供的情况下接收INVITE的主叫侧S-CSCF,并检查响应者用户实体是否支持保护,将第二保护请求插入到 INVITE并将INVITE转发到响应者用户实体,其中响应者用户实体接受包括第二保护请求的INVITE和具有第一保护接受的确认的应答。 一种用于支持电信节点的呼叫的方法。

    Method and apparatuses for end-to-edge media protection in an IMS system

    公开(公告)号:US08429737B2

    公开(公告)日:2013-04-23

    申请号:US12744720

    申请日:2008-12-01

    IPC分类号: H04L29/06 G06F15/16

    摘要: An IMS system includes an IMS initiator user entity. The system includes an IMS responder user entity that is called by the initiator user entity. The system includes a calling side S-CSCF in communication with the caller entity which receives an INVITE having a first protection offer and parameters for key establishment from the caller entity, removes the first protection offer from the INVITE and forwards the INVITE without the first protection offer. The system includes a receiving end S-CSCF in communication with the responder user entity and the calling side S-CSCF which receives the INVITE without the first protection offer and checks that the responder user entity supports the protection, inserts a second protection offer into the INVITE and forwards the INVITE to the responder user entity, wherein the responder user entity accepts the INVITE including the second protection offer and answers with an acknowledgment having a first protection accept. A method for supporting a call by a telecommunications node.

    Cryptographic key generation
    7.
    发明授权
    Cryptographic key generation 有权
    加密密钥生成

    公开(公告)号:US08340288B2

    公开(公告)日:2012-12-25

    申请号:US12996214

    申请日:2008-07-21

    IPC分类号: H04L29/06

    摘要: A technique for generating a cryptographic key (120) is provided. The technique is particularly useful for protecting the communication between two entities (202, 302; 204, 304) cooperatively running a distributed security operation. The technique comprises providing at least two parameters (106, 108), the first parameter (106) comprising or deriving from some cryptographic keys (110, 112) which have been computed by the first entity (202, 302) by running the security operation; and the second parameter (108) comprising or deriving from a token (116) having a different value each time the security (114) operation is initiated by the second entity (204, 304) for the first entity (202, 302). A key derivation function is applied to the provided parameters (106, 108) to generate the desired cryptographic key (120).

    摘要翻译: 提供了一种用于生成加密密钥(120)的技术。 该技术对于保护协作地运行分布式安全操作的两个实体(202,302; 204,304)之间的通信特别有用。 所述技术包括提供至少两个参数(106,108),所述第一参数(106)包括由所述第一实体(202,302)通过运行所述安全操作来计算的一些加密密钥(110,112) ; 并且所述第二参数(108)包括每个所述第一实体(202,302)由所述第二实体(204,304)发起所述安全性(114)操作)具有不同值的令牌(116)。 密钥导出函数被应用于所提供的参数(106,108)以生成期望的密码密钥(120)。

    Key Management in a Communication Network
    8.
    发明申请
    Key Management in a Communication Network 有权
    通信网络中的密钥管理

    公开(公告)号:US20110206206A1

    公开(公告)日:2011-08-25

    申请号:US13063997

    申请日:2009-03-13

    IPC分类号: H04L9/08

    摘要: A method and apparatus for key management in a communication network. A Key Management Terminal KMS Terminal Server (KMS) receives from a first device a request for a token associated with a user identity, the user identity being associated with a second device. The KMS then sends the requested token and a user key associated with the user to the first device. The KMS subsequently receives the token from the second device. A second device key is generated using the user key and a modifying parameter associated with the second device. The modifying parameter is available to the first device for generating the second device key. The second device key is then sent from the KMS to the second device. The second device key can be used by the second device to authenticate itself to the first device, or for the first device to secure communications to the second device.

    摘要翻译: 一种用于通信网络中密钥管理的方法和装置。 密钥管理服务器(KMS)从第一设备接收与用户身份相关联的令牌的请求,所述用户身份与第二设备相关联。 然后,KMS将所请求的令牌和与用户相关联的用户密钥发送到第一设备。 KMS随后从第二个设备接收令牌。 使用用户密钥和与第二设备相关联的修改参数来生成第二设备密钥。 修改参数可用于第一设备用于生成第二设备密钥。 然后,第二个设备密钥从KMS发送到第二个设备。 第二设备密钥可以由第二设备用于向第一设备或第一设备认证自身以确保与第二设备的通信。

    KEY MANAGEMENT FOR SECURE COMMUNICATION
    9.
    发明申请
    KEY MANAGEMENT FOR SECURE COMMUNICATION 有权
    安全通信的关键管理

    公开(公告)号:US20100268937A1

    公开(公告)日:2010-10-21

    申请号:US12744986

    申请日:2007-11-30

    IPC分类号: H04L9/32 H04L29/06 H04L9/08

    摘要: A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary.

    摘要翻译: 公开了一种用于管理用于通信网络中的第一和第二用户设备之间的安全通信的会话密钥的方法和装置。 该方法的特征在于独立于每个用户设备为安全操作实现什么类型的凭证。 第一用户从第一密钥管理服务器接收密钥信息和凭证并生成第一会话密钥。 该凭证被转发到至少一个响应用户设备,在来自与第一密钥管理服务器通信的第二密钥管理服务器的支持下,解决凭证并确定第二会话密钥。 此后,第一和第二会话密钥用于安全通信。 在一个实施例中,通信遍及中间体,由此第一和第二会话密钥保护与相应的腿到中间的通信。

    Robust and flexible digital rights management involving a tamper-resistant identity module
    10.
    发明授权
    Robust and flexible digital rights management involving a tamper-resistant identity module 有权
    强大而灵活的数字版权管理涉及防篡改身份模块

    公开(公告)号:US07568234B2

    公开(公告)日:2009-07-28

    申请号:US10524583

    申请日:2002-12-19

    IPC分类号: H04L9/00

    摘要: The invention relates to digital rights management, and proposes the implementation of a DRM agent (125) into a tamper-resistant identity module (120) adapted for engagement with a client system (100), such as a mobile phone or a computer system. The DRM agent (125) is generally implemented with functionality for enabling usage, such as rendering or execution of protected digital content provided to the client system from a content provider. In general, the DRM agent (125) includes functionality for cryptographic processing of DRM metadata associated with the digital content to be rendered. In a particularly advantageous realization, the DRM agent is implemented as an application in the application environment of the identity module. The DRM application can be preprogrammed into the application environment, or securely downloaded from a trusted party associated with the identity module. The invention also relates to a distributed DRM module, with communication between distributed DRM agents (125, 135) based on usage-device specific key information.

    摘要翻译: 本发明涉及数字版权管理,并且提出将DRM代理(125)实现到适用于与例如移动电话或计算机系统的客户端系统(100)接合的防篡改身份模块(120)中。 DRM代理(125)通常用功能来实现,用于实现使用,例如从内容提供商呈现或执行提供给客户端系统的受保护的数字内容。 通常,DRM代理(125)包括用于与要呈现的数字内容相关联的DRM元数据的密码处理的功能。 在特别有利的实现中,DRM代理被实现为身份模块的应用环境中的应用。 DRM应用可以被预编程到应用环境中,或者从与身份模块相关联的可信方安全地下载。 本发明还涉及一种基于使用设备特定密钥信息的分布式DRM代理(125,135)之间的通信的分布式DRM模块。