-
1.发明申请Method and apparatus for reducing the use of signalling plane in certificate provisioning procedures 审中-公开用于在证书供应程序中减少信令平面使用的方法和装置公开(公告)号:US20050216740A1
公开(公告)日:2005-09-29
申请号:US10505256
申请日:2002-02-22
申请人: Pekka Laitinen , Nadarajah Asokan , Risto Kuusela
发明人: Pekka Laitinen , Nadarajah Asokan , Risto Kuusela
CPC分类号: G06Q20/3674 , H04L9/3263 , H04L9/3271 , H04L63/0823 , H04L63/18 , H04L2209/56 , H04L2209/80 , H04W12/06
摘要: Method and apparatus for dealing with digital certificate requests in a mobile telecommunications network. A request for a digital certificate is sent from a subscriber to a network element via the network, the request including a first part and a second part. The first part is sent via an authenticated communication channel of the network and the second part is sent via an unprotected communication channel of the network.
摘要翻译: 用于在移动电信网络中处理数字证书请求的方法和装置。 数字证书的请求经由网络从订户发送到网元,该请求包括第一部分和第二部分。 第一部分经由网络的认证通信信道发送,第二部分经由网络的无保护通信信道发送。
-
公开(公告)号:US07251733B2
公开(公告)日:2007-07-31
申请号:US10601337
申请日:2003-06-20
IPC分类号: G06F1/24
CPC分类号: H04L29/06 , H04L63/10 , H04L63/12 , H04L67/04 , H04L69/329
摘要: A method in a system for transferring accounting information, a system for transferring accounting information, a method in a terminal, a terminal, a method in an Extensible Authentication Protocol (EAP) service authorization server, an EAP service authorization server, a computer program, an Extensible Authentication Protocol response (EAP-response) packet, wherein the method:meters data related to a service used by at least one terminal,provides the metered data as accounting information to at least one Extensible Authentication Protocol (EAP) service authorization server,sends, by means of an Extensible Authentication Protocol request (EAP-request), a service authorization request from the at least one EAP service authorization server to the at least one terminal,digitally signs accounting information, in the at least one terminal,includes, at the at least one terminal, the digitally signed accounting information in an Extensible Authentication Protocol response (EAP-response), andsends the digitally signed accounting information to an AAA-server.
摘要翻译: 用于传送会计信息的系统中的方法,用于传送会计信息的系统,终端中的方法,终端,可扩展认证协议(EAP)服务授权服务器中的方法,EAP服务授权服务器,计算机程序, 可扩展认证协议响应(EAP-响应)分组,其中所述方法:与由至少一个终端使用的服务有关的计量数据将计量数据作为计费信息提供给至少一个可扩展认证协议(EAP)服务授权服务器, 通过可扩展认证协议请求(EAP请求),从所述至少一个EAP服务授权服务器向所述至少一个终端发送对所述至少一个终端中的计费信息进行数字签名的服务授权请求, 在至少一个终端,在可扩展认证协议响应(EAP响应)中的数字签名的计费信息, 并将数字签名的计费信息发送给AAA服务器。
-
公开(公告)号:US07788493B2
公开(公告)日:2010-08-31
申请号:US11060374
申请日:2005-02-17
申请人: Risto Mononen , Nadarajah Asokan , Pekka Laitinen
发明人: Risto Mononen , Nadarajah Asokan , Pekka Laitinen
IPC分类号: H04L9/32
CPC分类号: H04L63/0421 , G06F21/335 , H04L63/0815 , H04L63/0823 , H04L63/083
摘要: A method of authenticating a user seeking access to a service from a service provider in a communication network, the method comprising: allocating to a user a plurality of service-specific identities for accessing respective services; issuing a request from the user, the request identifying the service to be accessed and including a public key of the user; at a certification authority, authenticating the request and issuing a public key certificate for binding the service-specific identity with the public key in the request, and returning the public key certificate to the user.
摘要翻译: 一种认证在通信网络中从服务提供商寻求对服务的访问的用户的方法,所述方法包括:向用户分配用于访问相应服务的多个服务特定身份; 从所述用户发出请求,所述请求标识要访问的服务并且包括所述用户的公钥; 在认证机构认证请求,并发出公钥证书,用于在请求中与公钥绑定服务特定身份,并将公开密钥证书返回给用户。
-
4.发明申请Method and apparatus for providing bootstrapping procedures in a communication network 有权在通信网络中提供自举程序的方法和装置公开(公告)号:US20060182280A1
公开(公告)日:2006-08-17
申请号:US11352058
申请日:2006-02-10
IPC分类号: H04K1/00
CPC分类号: H04L63/0892 , G06F9/4416 , H04L9/0844 , H04L63/06 , H04L63/061 , H04L63/0807 , H04L63/083 , H04L63/0876 , H04L63/12 , H04L63/123 , H04L63/166 , H04L2209/80 , H04W12/04 , H04W12/06
摘要: An approach is provided for performing authentication in a communication system. In one embodiment, a key is established with a terminal in a communication network according to a key agreement protocol. The agreed key is tied to an authentication procedure to provide a security association that supports reuse of the key. A master key is generated based on the agreed key. In another embodiment, digest authentication is combined with key exchange parameters (e.g., Diffie-Hellman parameters) in the payload of the digest message, in which a key (e.g., SMEKEY or MN-AAA) is utilized as a password. In yet another embodiment, an authentication algorithm (e.g., Cellular Authentication and Voice Encryption (CAVE)) is employed with a key agreement protocol with conversion functions to support bootstrapping.
摘要翻译: 提供了一种用于在通信系统中执行认证的方法。 在一个实施例中,根据密钥协议协议在通信网络中与终端建立密钥。 约定的密钥与认证过程相关联,以提供支持密钥重用的安全关联。 基于约定的密钥生成主密钥。 在另一个实施例中,摘要认证与摘要消息的有效载荷中的密钥交换参数(例如,Diffie-Hellman参数)组合,其中密钥(例如,SMEKEY或MN-AAA)被用作密码。 在另一个实施例中,使用具有转换功能的密钥协商协议的认证算法(例如,蜂窝认证和语音加密(CAVE))来支持自举。
-
公开(公告)号:US09300641B2
公开(公告)日:2016-03-29
申请号:US11352058
申请日:2006-02-10
CPC分类号: H04L63/0892 , G06F9/4416 , H04L9/0844 , H04L63/06 , H04L63/061 , H04L63/0807 , H04L63/083 , H04L63/0876 , H04L63/12 , H04L63/123 , H04L63/166 , H04L2209/80 , H04W12/04 , H04W12/06
摘要: An approach is provided for performing authentication in a communication system. In one embodiment, a key is established with a terminal in a communication network according to a key agreement protocol. The agreed key is tied to an authentication procedure to provide a security association that supports reuse of the key. A master key is generated based on the agreed key. In another embodiment, digest authentication is combined with key exchange parameters (e.g., Diffie-Hellman parameters) in the payload of the digest message, in which a key (e.g., SMEKEY or MN-AAA) is utilized as a password. In yet another embodiment, an authentication algorithm (e.g., Cellular Authentication and Voice Encryption (CAVE)) is employed with a key agreement protocol with conversion functions to support bootstrapping.
-
公开(公告)号:US20050287990A1
公开(公告)日:2005-12-29
申请号:US11060374
申请日:2005-02-17
申请人: Risto Mononen , Nadarajah Asokan , Pekka Laitinen
发明人: Risto Mononen , Nadarajah Asokan , Pekka Laitinen
CPC分类号: H04L63/0421 , G06F21/335 , H04L63/0815 , H04L63/0823 , H04L63/083
摘要: A method of authenticating a user seeking access to a service from a service provider in a communication network, the method comprising: allocating to a user a plurality of service-specific identities for accessing respective services; issuing a request from the user, the request identifying the service to be accessed and including a public key of the user; at a certification authority, authenticating the request and issuing a public key certificate for binding the service-specific identity with the public key in the request, and returning the public key certificate to the user.
摘要翻译: 一种认证在通信网络中从服务提供商寻求对服务的访问的用户的方法,所述方法包括:向用户分配用于访问相应服务的多个服务特定身份; 从所述用户发出请求,所述请求标识要访问的服务并且包括所述用户的公钥; 在认证机构认证请求,并发出公钥证书,用于在请求中与公钥绑定服务特定身份,并将公开密钥证书返回给用户。
-
公开(公告)号:US20050102501A1
公开(公告)日:2005-05-12
申请号:US10760533
申请日:2004-01-21
申请人: Tao Haukka , Pekka Laitinen , Nadarajah Asokan
发明人: Tao Haukka , Pekka Laitinen , Nadarajah Asokan
CPC分类号: H04W12/06 , H04L29/06 , H04L63/061 , H04L63/08 , H04L63/0815 , H04L67/34 , H04W12/04031 , H04W88/02 , H04W88/08
摘要: A communication system including at least one user equipment and at least one network application functional entity is disclosed. The system further includes a bootstrapping functional entity. The user equipment includes means to transmit a request to push authentication information to at least one network application function. The bootstrapping functional entity includes receiving means for receiving the request from the user equipment, and transmitting means for transmitting the authentication information to the at least one network application function entity. The at least one network application function includes means adapted to receive unsolicited bootstrapping information from the bootstrapping functional entity.
摘要翻译: 公开了包括至少一个用户设备和至少一个网络应用功能实体的通信系统。 系统还包括自举功能实体。 用户设备包括用于发送将认证信息推送到至少一个网络应用功能的请求的装置。 引导功能实体包括用于从用户设备接收请求的接收装置和用于将认证信息发送到至少一个网络应用功能实体的发送装置。 所述至少一个网络应用功能包括适于从所述引导功能实体接收未经请求的引导信息的装置。
-
公开(公告)号:US09485232B2
公开(公告)日:2016-11-01
申请号:US11819733
申请日:2007-06-28
申请人: Silke Holtmanns , Pekka Laitinen
发明人: Silke Holtmanns , Pekka Laitinen
CPC分类号: H04L63/0876 , H04L9/0825 , H04L9/3226 , H04L63/06 , H04L63/08 , H04L63/0823 , H04L63/0869 , H04L2209/80 , H04W12/04 , H04W12/06
摘要: A user equipment in a communications system, the user equipment comprising: a memory arranged to store at least one identifier associated with the user equipment; a transceiver arranged to communicate with a node in the communication system, wherein the transceiver is arranged to receive the at least one identifier from the node in the communications system, wherein the at least one identifier is used by the user equipment to authenticate the user equipment to at least one further node in the communications system.
摘要翻译: 一种通信系统中的用户设备,所述用户设备包括:存储器,被布置为存储与所述用户设备相关联的至少一个标识符; 布置成与所述通信系统中的节点进行通信的收发机,其中所述收发器被布置为从所述通信系统中的所述节点接收所述至少一个标识符,其中所述至少一个标识符被所述用户设备用于认证所述用户设备 到通信系统中的至少一个另外的节点。
-
9.发明授权Method and apparatus for providing a scalable service platform using a network cache 有权用于使用网络缓存提供可扩展服务平台的方法和装置公开(公告)号:US08458799B2
公开(公告)日:2013-06-04
申请号:US12495071
申请日:2009-06-30
IPC分类号: G06F7/04
CPC分类号: H04L9/08 , H04L9/0822 , H04L2209/60 , H04L2209/80
摘要: An approach is provided for building a scalable service platform by initiating transmission of encrypted data from a public network cache. An access control server platform determines a first authorization key for a user and a second authorization key for a resource, and then encrypts the resource with the second authorization key, and encrypts the second authorization key with the first authorization key. The access control server platform initiates distribution of the encrypted second authorization key with the encrypted resource over a network. The access control server platform further initiates caching the encrypted second authorization key with the encrypted resource that meets a predefined threshold value (e.g., a data size, an access frequency, a modification frequency, or an auditing requirement) in a cache in the network, and initiates transmission of the cached and encrypted second authorization key with the cached and encrypted resource from the cache to at least one authorized entity.
摘要翻译: 提供了一种通过从公共网络缓存发起加密数据来构建可扩展服务平台的方法。 访问控制服务器平台确定用户的第一授权密钥和用于资源的第二授权密钥,然后用第二授权密钥对资源进行加密,并用第一授权密钥加密第二授权密钥。 访问控制服务器平台通过网络启动加密的第二授权密钥与加密的资源的分发。 访问控制服务器平台进一步发起加密的第二授权密钥与加密资源缓存,该加密的资源满足网络中的高速缓存中的预定阈值(例如,数据大小,访问频率,修改频率或审核要求) 并且启动具有缓存和加密的资源的缓存和加密的第二授权密钥从高速缓存传输到至少一个授权实体。
-
公开(公告)号:US20070192838A1
公开(公告)日:2007-08-16
申请号:US11699469
申请日:2007-01-30
申请人: Pekka Laitinen , Silke Holtmanns
发明人: Pekka Laitinen , Silke Holtmanns
IPC分类号: H04L9/32
CPC分类号: H04L63/08 , H04L63/20 , H04W12/04031 , H04W12/06
摘要: A method and arrangements for managing user security data stored in a database of a communications system. In the method a user equipment transmits a request to manage the user security data, the user equipment is authenticated, after which an application entity can manage user security data in the database that associates with the user by communicating data between the application entity and the database connected to the communications system.
摘要翻译: 一种用于管理存储在通信系统的数据库中的用户安全数据的方法和装置。 在该方法中,用户设备发送管理用户安全数据的请求,认证用户设备,之后应用实体可以通过在应用实体和数据库之间传送数据来管理数据库中与用户相关联的用户安全数据 连接到通信系统。
-
-
-
-
-
-
-
-
-
搜索结果
49 条记录 (耗时 0.016 秒)
