-
公开(公告)号:US20080095361A1
公开(公告)日:2008-04-24
申请号:US11862834
申请日:2007-09-27
IPC分类号: H04L9/28
CPC分类号: H04L9/0841 , H04L2209/80 , H04W12/04031
摘要: A unique identifier of a remote device is not sent in clear text on a local interlace between the remote device and a device that can communicate with a wireless network, but a procedure for establishing an encryption key in both devices is still based on the unique identifier. Thus, secure binding between the established key and the identifier is achieved. Moreover, the identifier of the remote device is not exposed even to the device that can communicate with a wireless network.
摘要翻译: 远程设备的唯一标识符不会在远程设备与可与无线网络通信的设备之间的本地交错上以明文形式发送,但是在两个设备中建立加密密钥的过程仍然基于唯一标识符 。 因此,实现了建立的密钥和标识符之间的安全绑定。 此外,远程设备的标识符甚至不暴露于可以与无线网络通信的设备。
-
公开(公告)号:US09900347B2
公开(公告)日:2018-02-20
申请号:US11898718
申请日:2007-09-14
申请人: Fredrik Lindholm , Peter Hedman , Monica Wifvesson
发明人: Fredrik Lindholm , Peter Hedman , Monica Wifvesson
IPC分类号: H04L29/06
CPC分类号: H04L63/20 , H04L65/1006 , H04L65/1016 , H04L65/1079
摘要: A method and apparatus for handling trust in an IP Multimedia Subsystem network. A node in the IP Multimedia Subsystem network receives a Session Initiation Protocol message from a remote node. The message includes an indicator indicating the level of trust of a communication sent from the remote node to the IP Multimedia Subsystem node. The node can then apply a security policy to the message, the security policy being determined by the indicator.
-
3.发明授权Method and means for redistribution of subscriber information in UMTS networks where the nodes are arranged in pools 有权在UMTS网络中重新分配用户信息的方法和装置,其中节点被布置在池中公开(公告)号:US07054629B2
公开(公告)日:2006-05-30
申请号:US10487377
申请日:2001-08-24
申请人: Klaus Turina , Martin Kaibel , Monica Wifvesson , Åke Arvidsson , Mikael Willgert , Hakan Niska , Kyosti Toivanen
发明人: Klaus Turina , Martin Kaibel , Monica Wifvesson , Åke Arvidsson , Mikael Willgert , Hakan Niska , Kyosti Toivanen
IPC分类号: H04Q7/20
CPC分类号: H04W24/02
摘要: The present invention relates to method and means for a system initiated subscriber information redistribution in order to achieve a load redistribution within a pool of core network nodes. The subscribers, that are affected by the redistribution, are determined by the bit values in their TMSI's. These specific TMSI's are then arranged to be treated as invalid by the cellular system. Messages etc. from subscribers with invalid TMSI's will be “trapped” in the cellular system and the subscriber information that belongs to these subscribers will be redistributed to new core network nodes.
摘要翻译: 本发明涉及用于系统发起的用户信息重新分配的方法和装置,以便实现核心网络节点池内的负载再分配。 受重新分配影响的用户由TMSI的位值确定。 然后将这些特定的TMSI布置为被蜂窝系统视为无效。 来自具有无效TMSI的用户的消息等将被“捕获”在蜂窝系统中,并且属于这些用户的订户信息将被重新分配到新的核心网络节点。
-
公开(公告)号:US09467433B2
公开(公告)日:2016-10-11
申请号:US14130166
申请日:2012-06-14
CPC分类号: H04L63/08 , H04L63/123 , H04W4/90 , H04W12/10
摘要: There is described herein a device (101) for communicating with a network. The device (101) comprises a communications unit for receiving data, a notification device for providing a notification to a user, and a control unit for controlling the operation of the communications unit and notification unit. The communications unit is configured to receive an information message (110, 112, 115), and to receive security authentication data (110, 112, 115) associated with the information message if such security authentication data is available. The control unit is configured to operate in a first or second configuration. In the first configuration it ignores the security authentication data, (111, 113), and instructs the notification unit to convey the notification to the user. In the second configuration, it verifies the information message (116) on the basis of the security authentication data and instructs the notification unit to convey the notification to the user if the verification is successful. The communications unit is configured to receive a configuration message (114) indicating the configuration in which the control unit should operate, and the control unit is configured to change configuration if the indicated configuration is different to the current configuration.
摘要翻译: 这里描述了用于与网络通信的设备(101)。 设备(101)包括用于接收数据的通信单元,用于向用户提供通知的通知装置,以及用于控制通信单元和通知单元的操作的控制单元。 通信单元被配置为接收信息消息(110,112,115),并且如果这种安全认证数据可用,则接收与该信息消息相关联的安全认证数据(110,112,115)。 控制单元被配置为以第一或第二配置操作。 在第一配置中,它忽略安全认证数据(111,113),并指示通知单元向用户传达通知。 在第二配置中,它根据安全认证数据来验证信息消息(116),并且如果验证成功则指示通知单元向用户传达该通知。 通信单元被配置为接收指示控制单元应该运行的配置的配置消息(114),并且如果所指示的配置与当前配置不同,则配置控制单元来改变配置。
-
公开(公告)号:US20090013381A1
公开(公告)日:2009-01-08
申请号:US11883158
申请日:2005-01-28
CPC分类号: H04L9/321 , H04L9/0838 , H04L9/3273 , H04L63/08 , H04L2209/80 , H04W12/04 , H04W12/06
摘要: A method of authenticating a client to two or more servers coupled together via a communications network, wherein the client and a first server possess a shared secret. The method comprises authenticating the client to a first server using said shared secret, signalling associated with this authentication process being sent between the client and said first server via a second server, generating a session key at the client and at the first server, and providing the session key to said second server, and using the session key to authenticate the client to the second server.
摘要翻译: 一种将客户端认证到通过通信网络耦合在一起的两个或多个服务器的方法,其中客户机和第一服务器拥有共享密钥。 该方法包括使用所述共享密钥将客户端认证给第一服务器,经由第二服务器在客户端和所述第一服务器之间发送与该认证过程相关联的信令,在客户端和第一服务器处生成会话密钥,并提供 所述会话密钥到所述第二服务器,并且使用所述会话密钥将所述客户端认证到所述第二服务器。
-
公开(公告)号:US20090077616A1
公开(公告)日:2009-03-19
申请号:US11898718
申请日:2007-09-14
申请人: Fredrik Lindholm , Peter Hedman , Monica Wifvesson
发明人: Fredrik Lindholm , Peter Hedman , Monica Wifvesson
IPC分类号: G06F21/00
CPC分类号: H04L63/20 , H04L65/1006 , H04L65/1016 , H04L65/1079
摘要: A method and apparatus for handling trust in an IP Multimedia Subsystem network. A node in the IP Multimedia Subsystem network receives a Session Initiation Protocol message from a remote node. The message includes an indicator indicating the level of trust of a communication sent from the remote node to the IP Multimedia Subsystem node. The node can then apply a security policy to the message, the security policy being determined by the indicator.
摘要翻译: 一种用于处理IP多媒体子系统网络中的信任的方法和装置。 IP多媒体子系统网络中的节点从远程节点接收会话发起协议消息。 消息包括指示从远程节点发送到IP多媒体子系统节点的通信的信任级别的指示符。 然后,该节点可以向该消息应用安全策略,该安全策略由该指示器确定。
-
公开(公告)号:US09681292B2
公开(公告)日:2017-06-13
申请号:US13388890
申请日:2010-08-17
CPC分类号: H04W12/04 , H04L2463/061 , H04W12/02
摘要: Techniques for handling ciphering keys in a mobile station comprising a mobile equipment (ME) and a Universal Subscriber Identity Module (USIM) are disclosed. An example method includes obtaining a UMTS cipher key (CK), integrity key (IK), and ciphering key sequence number (CKSN) from the USIM, deriving a 128-bit ciphering key (Kc-128) from the CK and the IK, and storing the Kc-128 and the CKSN on the mobile equipment, separate from the USIM. The stored CKSN is associated with the stored Kc-128, so that the Kc-128's correspondence to the most current UMTS security context can be tracked. This example method applies to the generation and storage of a 128-bit ciphering key for either the packet-switched or circuit-switched domains. A corresponding user equipment apparatus is also disclosed.
-
公开(公告)号:US08555345B2
公开(公告)日:2013-10-08
申请号:US11883158
申请日:2005-01-28
IPC分类号: H04L29/06
CPC分类号: H04L9/321 , H04L9/0838 , H04L9/3273 , H04L63/08 , H04L2209/80 , H04W12/04 , H04W12/06
摘要: A method of authenticating a client to two or more servers coupled together via a communications network, wherein the client and a first server possess a shared secret. The method comprises authenticating the client to a first server using said shared secret, signalling associated with this authentication process being sent between the client and said first server via a second server, generating a session key at the client and at the first server, and providing the session key to said second server, and using the session key to authenticate the client to the second server.
摘要翻译: 一种将客户端认证到通过通信网络耦合在一起的两个或多个服务器的方法,其中客户机和第一服务器拥有共享密钥。 该方法包括使用所述共享密钥将客户端认证给第一服务器,经由第二服务器在客户端和所述第一服务器之间发送与该认证过程相关联的信令,在客户端和第一服务器处生成会话密钥,并提供 所述会话密钥到所述第二服务器,并且使用所述会话密钥将所述客户端认证到所述第二服务器。
-
公开(公告)号:US20120163601A1
公开(公告)日:2012-06-28
申请号:US13388890
申请日:2010-08-17
IPC分类号: H04K1/00
CPC分类号: H04W12/04 , H04L2463/061 , H04W12/02
摘要: Techniques for handling ciphering keys in a mobile station comprising a mobile equipment (ME) and a Universal Subscriber Identity Module (USIM) are disclosed. An example method includes obtaining a UMTS cipher key (CK), integrity key (IK), and ciphering key sequence number (CKSN) from the USIM, deriving a 128-bit ciphering key (Kc-128) from the CK and the IK, and storing the Kc-128 and the CKSN on the mobile equipment, separate from the USIM. The stored CKSN is associated with the stored Kc-128, so that the Kc-128's correspondence to the most current UMTS security context can be tracked. This example method applies to the generation and storage of a 128-bit ciphering key for either the packet-switched or circuit-switched domains. A corresponding user equipment apparatus is also disclosed.
摘要翻译: 公开了一种用于处理包括移动设备(ME)和通用用户识别模块(USIM)的移动台中的加密密钥的技术。 示例性方法包括从USIM获得UMTS密码密钥(CK),完整性密钥(IK)和加密密钥序列号(CKSN),从CK和IK导出128位加密密钥(Kc-128) 并将Kc-128和CKSN存储在与USIM分离的移动设备上。 所存储的CKSN与所存储的Kc-128相关联,从而可跟踪Kc-128与最新UMTS安全环境的对应关系。 该示例方法适用于分组交换或电路交换域的128位加密密钥的生成和存储。 还公开了相应的用户设备装置。
-
公开(公告)号:US20070005730A1
公开(公告)日:2007-01-04
申请号:US10595016
申请日:2004-06-24
申请人: Vesa Torvinen , Monica Wifvesson , Alfredo Plaza
发明人: Vesa Torvinen , Monica Wifvesson , Alfredo Plaza
IPC分类号: G06F15/16
CPC分类号: H04L63/083 , H04L63/0428 , H04L63/0853 , H04L63/12 , H04W12/06
摘要: A method of generating a password for use by an end-user device (UE) (101) to access a remote server (103) comprises sending a request for access from the UE to the remote server, and sending to an authentication node (105) in the UE's home network (104) details of the request for access and the identity of the remote server. A HTTP Digest challenge is generated at the authentication node or the remote server using an algorithm capable of generating end-user passwords. The challenge includes details of the identity of the remote server and the identity of the UE. A password is generated and stored at the UE (101) based on the HTTP Digest challenge, the password being associated with the identity of the remote server (103) and the identity of the UE (101).
摘要翻译: 生成由终端用户设备(UE)(101)使用以访问远程服务器(103)的密码的方法包括:从UE向远程服务器发送访问请求,以及向认证节点(105)发送 )在UE的归属网络(104)中的请求的详细信息和远程服务器的身份。 使用能够生成最终用户密码的算法在认证节点或远程服务器上生成HTTP摘要挑战。 挑战包括远程服务器的身份和UE的身份的细节。 基于HTTP Digest挑战,密码与远程服务器(103)的身份和UE(101)的身份相关联的密码被生成并存储在UE(101)处。
-
-
-
-
-
-
-
-
-
搜索结果
10 条记录 (耗时 0.017 秒)
