-
公开(公告)号:US09300641B2
公开(公告)日:2016-03-29
申请号:US11352058
申请日:2006-02-10
CPC分类号: H04L63/0892 , G06F9/4416 , H04L9/0844 , H04L63/06 , H04L63/061 , H04L63/0807 , H04L63/083 , H04L63/0876 , H04L63/12 , H04L63/123 , H04L63/166 , H04L2209/80 , H04W12/04 , H04W12/06
摘要: An approach is provided for performing authentication in a communication system. In one embodiment, a key is established with a terminal in a communication network according to a key agreement protocol. The agreed key is tied to an authentication procedure to provide a security association that supports reuse of the key. A master key is generated based on the agreed key. In another embodiment, digest authentication is combined with key exchange parameters (e.g., Diffie-Hellman parameters) in the payload of the digest message, in which a key (e.g., SMEKEY or MN-AAA) is utilized as a password. In yet another embodiment, an authentication algorithm (e.g., Cellular Authentication and Voice Encryption (CAVE)) is employed with a key agreement protocol with conversion functions to support bootstrapping.
-
2.发明申请Method and apparatus for providing bootstrapping procedures in a communication network 有权在通信网络中提供自举程序的方法和装置公开(公告)号:US20060182280A1
公开(公告)日:2006-08-17
申请号:US11352058
申请日:2006-02-10
IPC分类号: H04K1/00
CPC分类号: H04L63/0892 , G06F9/4416 , H04L9/0844 , H04L63/06 , H04L63/061 , H04L63/0807 , H04L63/083 , H04L63/0876 , H04L63/12 , H04L63/123 , H04L63/166 , H04L2209/80 , H04W12/04 , H04W12/06
摘要: An approach is provided for performing authentication in a communication system. In one embodiment, a key is established with a terminal in a communication network according to a key agreement protocol. The agreed key is tied to an authentication procedure to provide a security association that supports reuse of the key. A master key is generated based on the agreed key. In another embodiment, digest authentication is combined with key exchange parameters (e.g., Diffie-Hellman parameters) in the payload of the digest message, in which a key (e.g., SMEKEY or MN-AAA) is utilized as a password. In yet another embodiment, an authentication algorithm (e.g., Cellular Authentication and Voice Encryption (CAVE)) is employed with a key agreement protocol with conversion functions to support bootstrapping.
摘要翻译: 提供了一种用于在通信系统中执行认证的方法。 在一个实施例中,根据密钥协议协议在通信网络中与终端建立密钥。 约定的密钥与认证过程相关联,以提供支持密钥重用的安全关联。 基于约定的密钥生成主密钥。 在另一个实施例中,摘要认证与摘要消息的有效载荷中的密钥交换参数(例如,Diffie-Hellman参数)组合,其中密钥(例如,SMEKEY或MN-AAA)被用作密码。 在另一个实施例中,使用具有转换功能的密钥协商协议的认证算法(例如,蜂窝认证和语音加密(CAVE))来支持自举。
-
公开(公告)号:US07251733B2
公开(公告)日:2007-07-31
申请号:US10601337
申请日:2003-06-20
IPC分类号: G06F1/24
CPC分类号: H04L29/06 , H04L63/10 , H04L63/12 , H04L67/04 , H04L69/329
摘要: A method in a system for transferring accounting information, a system for transferring accounting information, a method in a terminal, a terminal, a method in an Extensible Authentication Protocol (EAP) service authorization server, an EAP service authorization server, a computer program, an Extensible Authentication Protocol response (EAP-response) packet, wherein the method:meters data related to a service used by at least one terminal,provides the metered data as accounting information to at least one Extensible Authentication Protocol (EAP) service authorization server,sends, by means of an Extensible Authentication Protocol request (EAP-request), a service authorization request from the at least one EAP service authorization server to the at least one terminal,digitally signs accounting information, in the at least one terminal,includes, at the at least one terminal, the digitally signed accounting information in an Extensible Authentication Protocol response (EAP-response), andsends the digitally signed accounting information to an AAA-server.
摘要翻译: 用于传送会计信息的系统中的方法,用于传送会计信息的系统,终端中的方法,终端,可扩展认证协议(EAP)服务授权服务器中的方法,EAP服务授权服务器,计算机程序, 可扩展认证协议响应(EAP-响应)分组,其中所述方法:与由至少一个终端使用的服务有关的计量数据将计量数据作为计费信息提供给至少一个可扩展认证协议(EAP)服务授权服务器, 通过可扩展认证协议请求(EAP请求),从所述至少一个EAP服务授权服务器向所述至少一个终端发送对所述至少一个终端中的计费信息进行数字签名的服务授权请求, 在至少一个终端,在可扩展认证协议响应(EAP响应)中的数字签名的计费信息, 并将数字签名的计费信息发送给AAA服务器。
-
公开(公告)号:US07788493B2
公开(公告)日:2010-08-31
申请号:US11060374
申请日:2005-02-17
申请人: Risto Mononen , Nadarajah Asokan , Pekka Laitinen
发明人: Risto Mononen , Nadarajah Asokan , Pekka Laitinen
IPC分类号: H04L9/32
CPC分类号: H04L63/0421 , G06F21/335 , H04L63/0815 , H04L63/0823 , H04L63/083
摘要: A method of authenticating a user seeking access to a service from a service provider in a communication network, the method comprising: allocating to a user a plurality of service-specific identities for accessing respective services; issuing a request from the user, the request identifying the service to be accessed and including a public key of the user; at a certification authority, authenticating the request and issuing a public key certificate for binding the service-specific identity with the public key in the request, and returning the public key certificate to the user.
摘要翻译: 一种认证在通信网络中从服务提供商寻求对服务的访问的用户的方法,所述方法包括:向用户分配用于访问相应服务的多个服务特定身份; 从所述用户发出请求,所述请求标识要访问的服务并且包括所述用户的公钥; 在认证机构认证请求,并发出公钥证书,用于在请求中与公钥绑定服务特定身份,并将公开密钥证书返回给用户。
-
公开(公告)号:US20050287990A1
公开(公告)日:2005-12-29
申请号:US11060374
申请日:2005-02-17
申请人: Risto Mononen , Nadarajah Asokan , Pekka Laitinen
发明人: Risto Mononen , Nadarajah Asokan , Pekka Laitinen
CPC分类号: H04L63/0421 , G06F21/335 , H04L63/0815 , H04L63/0823 , H04L63/083
摘要: A method of authenticating a user seeking access to a service from a service provider in a communication network, the method comprising: allocating to a user a plurality of service-specific identities for accessing respective services; issuing a request from the user, the request identifying the service to be accessed and including a public key of the user; at a certification authority, authenticating the request and issuing a public key certificate for binding the service-specific identity with the public key in the request, and returning the public key certificate to the user.
摘要翻译: 一种认证在通信网络中从服务提供商寻求对服务的访问的用户的方法,所述方法包括:向用户分配用于访问相应服务的多个服务特定身份; 从所述用户发出请求,所述请求标识要访问的服务并且包括所述用户的公钥; 在认证机构认证请求,并发出公钥证书,用于在请求中与公钥绑定服务特定身份,并将公开密钥证书返回给用户。
-
6.发明申请Method and apparatus for reducing the use of signalling plane in certificate provisioning procedures 审中-公开用于在证书供应程序中减少信令平面使用的方法和装置公开(公告)号:US20050216740A1
公开(公告)日:2005-09-29
申请号:US10505256
申请日:2002-02-22
申请人: Pekka Laitinen , Nadarajah Asokan , Risto Kuusela
发明人: Pekka Laitinen , Nadarajah Asokan , Risto Kuusela
CPC分类号: G06Q20/3674 , H04L9/3263 , H04L9/3271 , H04L63/0823 , H04L63/18 , H04L2209/56 , H04L2209/80 , H04W12/06
摘要: Method and apparatus for dealing with digital certificate requests in a mobile telecommunications network. A request for a digital certificate is sent from a subscriber to a network element via the network, the request including a first part and a second part. The first part is sent via an authenticated communication channel of the network and the second part is sent via an unprotected communication channel of the network.
摘要翻译: 用于在移动电信网络中处理数字证书请求的方法和装置。 数字证书的请求经由网络从订户发送到网元,该请求包括第一部分和第二部分。 第一部分经由网络的认证通信信道发送,第二部分经由网络的无保护通信信道发送。
-
公开(公告)号:US20050102501A1
公开(公告)日:2005-05-12
申请号:US10760533
申请日:2004-01-21
申请人: Tao Haukka , Pekka Laitinen , Nadarajah Asokan
发明人: Tao Haukka , Pekka Laitinen , Nadarajah Asokan
CPC分类号: H04W12/06 , H04L29/06 , H04L63/061 , H04L63/08 , H04L63/0815 , H04L67/34 , H04W12/04031 , H04W88/02 , H04W88/08
摘要: A communication system including at least one user equipment and at least one network application functional entity is disclosed. The system further includes a bootstrapping functional entity. The user equipment includes means to transmit a request to push authentication information to at least one network application function. The bootstrapping functional entity includes receiving means for receiving the request from the user equipment, and transmitting means for transmitting the authentication information to the at least one network application function entity. The at least one network application function includes means adapted to receive unsolicited bootstrapping information from the bootstrapping functional entity.
摘要翻译: 公开了包括至少一个用户设备和至少一个网络应用功能实体的通信系统。 系统还包括自举功能实体。 用户设备包括用于发送将认证信息推送到至少一个网络应用功能的请求的装置。 引导功能实体包括用于从用户设备接收请求的接收装置和用于将认证信息发送到至少一个网络应用功能实体的发送装置。 所述至少一个网络应用功能包括适于从所述引导功能实体接收未经请求的引导信息的装置。
-
公开(公告)号:US20050278420A1
公开(公告)日:2005-12-15
申请号:US11114216
申请日:2005-04-26
申请人: Auvo Hartikainen , Kalle Tammi , Toni Miettinen , Lauri Laitinen , Philip Ginzboorg , Pekka Laitinen
发明人: Auvo Hartikainen , Kalle Tammi , Toni Miettinen , Lauri Laitinen , Philip Ginzboorg , Pekka Laitinen
CPC分类号: H04L63/08 , H04L29/06027 , H04L63/102 , H04L65/1016 , H04L65/602
摘要: There is disclosed a method for verifying a first identity and a second identity of an entity, said method comprising: receiving a first and second identity of said entity at a checking entity; sending information relating to at least one of the first and second identities to a home subscriber entity; and verifying that said first and second identities both belong to the entity from which said first and second identities have been received.
摘要翻译: 公开了一种用于验证实体的第一身份和第二身份的方法,所述方法包括:在检查实体处接收所述实体的第一和第二身份; 将与所述第一和第二身份中的至少一个相关的信息发送到归属订户实体; 以及验证所述第一和第二身份都属于已经从其接收到所述第一和第二身份的实体。
-
公开(公告)号:US08213901B2
公开(公告)日:2012-07-03
申请号:US11114216
申请日:2005-04-26
申请人: Auvo Hartikainen , Kalle Tammi , Toni Miettinen , Lauri Laitinen , Philip Ginzboorg , Pekka Laitinen
发明人: Auvo Hartikainen , Kalle Tammi , Toni Miettinen , Lauri Laitinen , Philip Ginzboorg , Pekka Laitinen
CPC分类号: H04L63/08 , H04L29/06027 , H04L63/102 , H04L65/1016 , H04L65/602
摘要: There is disclosed a method for verifying a first identity and a second identity of an entity, said method comprising: receiving a first and second identity of said entity at a checking entity; sending information relating to at least one of the first and second identities to a home subscriber entity; and verifying that said first and second identities both belong to the entity from which said first and second identities have been received.
摘要翻译: 公开了一种用于验证实体的第一身份和第二身份的方法,所述方法包括:在检查实体处接收所述实体的第一和第二身份; 将与所述第一和第二身份中的至少一个相关的信息发送到归属订户实体; 以及验证所述第一和第二身份都属于已经从其接收到所述第一和第二身份的实体。
-
公开(公告)号:US20060271785A1
公开(公告)日:2006-11-30
申请号:US11227235
申请日:2005-09-16
IPC分类号: H04L9/00
CPC分类号: H04L63/06 , H04L9/0844 , H04L9/0861 , H04L63/061 , H04L63/083 , H04L2209/80 , H04W12/06 , H04W84/10
摘要: This invention relates to security procedures in a communication system, specifically to production of key material. The invention provides a method for producing key material in a highly secure way for use in communication with a local network of a company. The method uses authentication information obtained from the communication system and information exchanged locally between a mobile station and the authentication systems of the company to produce a communication key for use in authentication procedures or e.g. for signing and/or encrypting data.
摘要翻译: 本发明涉及通信系统中的安全程序,具体涉及关键材料的生产。 本发明提供了一种以高度安全的方式生产关键材料的方法,用于与公司的本地网络通信。 该方法使用从通信系统获得的认证信息和在移动站和公司的认证系统之间本地交换的信息,以产生用于认证过程或例如认证过程的通信密钥。 用于签名和/或加密数据。
-
-
-
-
-
-
-
-
-
搜索结果
49 条记录 (耗时 0.019 秒)
