-
公开(公告)号:US09686399B2
公开(公告)日:2017-06-20
申请号:US14421192
申请日:2012-09-07
申请人: Rolf Blom , Bernard Smeets
发明人: Rolf Blom , Bernard Smeets
IPC分类号: H04W12/06 , H04W12/12 , H04M1/725 , H04B1/3816
CPC分类号: H04M1/72577 , H04B1/3816 , H04W12/06 , H04W12/12
摘要: A method for protecting a wireless communications device against unauthorized use of functionality provided by the wireless communications device, the method comprising: receiving a binding command to bind the wireless communications device to a subscription identification module operationally coupled to the wireless communications device and associated with a subscription to a communications service; responsive to the received command, storing a module identifier identifying the subscription identification module; and storing a device identifier identifying the wireless communications device; obtaining an unbind code and storing the obtained unbind code; performing a module verification verifying that a subscription identification module identified by a stored module identifier is operationally coupled to the wireless communications device, performing a device verification verifying whether a wireless communications device identified by a stored device identifier is operationally coupled to the subscription identification module; and preventing operation of at least a part of said functionality unless the module verification and the device verification have been performed successfully.
-
公开(公告)号:US20110059736A1
公开(公告)日:2011-03-10
申请号:US12922314
申请日:2008-08-25
申请人: Karl Norrman , Bernard Smeets , Rolf Blom
发明人: Karl Norrman , Bernard Smeets , Rolf Blom
IPC分类号: H04W24/04
CPC分类号: H04W36/0083 , H04W12/10 , H04W12/12 , H04W36/34 , H04W88/08
摘要: A method of and arrangement for detecting a manipulated or defect base station of a communication network is disclosed, wherein a target base station, having selected one or more algorithms on the basis of a prioritized algorithm list (PAL) and a UE security capabilities (SCAP), reports UE SCAP related information to a core network node. The core network node having knowledge of the UE SCAP compares this information or parts of this information with the retrieved UE SCAP related information in order to be able to identify a manipulated or defect base station when a comparison fails to match.
摘要翻译: 公开了一种用于检测通信网络的被操纵或缺陷基站的方法和装置,其中基于优先级算法列表(PAL)和UE安全能力(SCAP)选择了一个或多个算法的目标基站 )向核心网络节点报告UE SCAP相关信息。 具有UE SCAP知识的核心网络节点将该信息或该部分信息与检索到的UE SCAP相关信息进行比较,以便能够在比较不匹配时识别被操纵或缺陷基站。
-
公开(公告)号:US08620267B2
公开(公告)日:2013-12-31
申请号:US12922314
申请日:2008-08-25
申请人: Karl Norrman , Bernard Smeets , Rolf Blom
发明人: Karl Norrman , Bernard Smeets , Rolf Blom
CPC分类号: H04W36/0083 , H04W12/10 , H04W12/12 , H04W36/34 , H04W88/08
摘要: A method of and arrangement for detecting a manipulated or defect base station of a communication network is disclosed, wherein a target base station, having selected one or more algorithms on the basis of a prioritized algorithm list (PAL) and a UE security capabilities (SCAP), reports UE SCAP related information to a core network node. The core network node having knowledge of the UE SCAP compares this information or parts of this information with the retrieved UE SCAP related information in order to be able to identify a manipulated or defect base station when a comparison fails to match.
摘要翻译: 公开了一种用于检测通信网络的被操纵或缺陷基站的方法和装置,其中基于优先级算法列表(PAL)和UE安全能力(SCAP)选择了一个或多个算法的目标基站 )向核心网络节点报告UE SCAP相关信息。 具有UE SCAP知识的核心网络节点将该信息或该部分信息与检索到的UE SCAP相关信息进行比较,以便能够在比较不匹配时识别被操纵或缺陷基站。
-
公开(公告)号:US20110296495A1
公开(公告)日:2011-12-01
申请号:US12786602
申请日:2010-05-25
申请人: Bernard Smeets
发明人: Bernard Smeets
IPC分类号: H04L29/06
摘要: A mobile communication device is configured to provide redundant credentialed access to one or more secured wireless communication networks. The mobile device obtains credentialed access to one of the secured networks by remotely using credentials stored in a credentialed communication device that is locally available (i.e., in the vicinity of the mobile device). Responsive to detecting the actual, or potential, compromise of the mobile device's credentialed access to that secured network, the mobile device switches to other credentials stored in a different credentialed device and obtains credentialed access to one of the secured networks by remotely using those other credentials. This switching occurs dynamically upon detecting the compromise of credentialed access, as well as automatically without requiring the mobile device's user to manually enter commands into the device's user interface.
摘要翻译: 移动通信设备被配置为向一个或多个安全无线通信网络提供冗余的认证访问。 移动设备通过远程使用存储在本地可用(即,在移动设备附近)的凭证通信设备中的凭证来获得对一个安全网络的凭证访问。 响应于检测移动设备对该安全网络的凭证访问的实际或潜在的妥协,移动设备切换到存储在不同的凭证设备中的其他凭证,并通过远程使用其他凭证获得对其中一个安全网络的凭证访问 。 在检测到凭据访问的折中以及自动地切换时,动态地进行切换,而不需要移动设备的用户手动地将命令输入设备的用户界面。
-
公开(公告)号:US20100180130A1
公开(公告)日:2010-07-15
申请号:US12351643
申请日:2009-01-09
申请人: Per Stahl , Chris Loreskar , Bernard Smeets
发明人: Per Stahl , Chris Loreskar , Bernard Smeets
IPC分类号: G06F12/14
CPC分类号: G06F21/10 , G06F2221/0704 , H04L9/088 , H04L9/3242 , H04L2209/80 , H04W12/08 , H04W12/10 , H04W88/02
摘要: An electronic device requires valid control keys to change any usage restriction setting. The device is provided control keys, a secret key, and a signed software object including a batch ID and a hash of the secret key. For each control key, the device generates a cryptographic footprint bound to the device and the secret key. A message authentication code (MAC) of each usage restriction setting is generated, the MAC bound to the device and a control key. To change a usage restriction, the device receives a control key, validates it against the stored footprint, changes the usage restriction settings, and generates a new usage restriction setting MAC. The control key footprints are bound to the secret key, but the device retains only a hash of the secret key.
摘要翻译: 电子设备需要有效的控制键来更改任何使用限制设置。 该设备被提供控制密钥,秘密密钥和包括密钥的批次ID和散列的签名的软件对象。 对于每个控制密钥,设备生成绑定到设备和秘密密钥的加密覆盖。 生成每个使用限制设置的消息认证码(MAC),绑定到设备的MAC和控制密钥。 为了更改使用限制,设备接收到控制密钥,根据存储的足迹进行验证,更改使用限制设置,并生成新的使用限制设置MAC。 控制键占用空间被绑定到秘密密钥,但设备仅保留秘密密钥的散列。
-
公开(公告)号:US20060101288A1
公开(公告)日:2006-05-11
申请号:US10533120
申请日:2003-10-27
IPC分类号: G06F12/14
CPC分类号: G06F21/72 , G06F21/602 , H04L9/0844 , H04L9/3234 , H04L9/3271 , H04L2209/603
摘要: The invention concerns a tamper-resistant electronic circuit configured for implementation in a device. The electronic circuit securely implements and utilizes device-specific security data during operation in the device, and is basically provided with a tamper-resistantly stored secret not accessible over an external circuit interface. The electronic circuit is also provided with functionality for performing cryptographic processing at least partly in response to the stored secret to generate an instance of device-specific security data that is internally confined within said electronic circuit during usage of the device. The electronic circuit is further configured for performing one or more security-related operations or algorithms in response to the internally confined device-specific security data. In this way, secure implementation and utilization device-specific security data for security purposes can be effectively accomplished. The security is uncompromised since the stored secret is never available outside the electronic circuit, and the device-specific security data is internally confined within the circuit during usage or operation of the device.
摘要翻译: 本发明涉及被配置为在设备中实现的防篡改电子电路。 电子电路在设备运行期间安全地实施并利用设备专用的安全数据,并且基本上设置有不能通过外部电路接口访问的防篡改存储的秘密。 电子电路还具有用于至少部分地响应所存储的秘密来执行加密处理的功能,以在设备的使用期间产生内部限制在所述电子电路内的设备专用安全数据的实例。 电子电路还被配置为响应于内部限制的设备特定安全数据执行一个或多个与安全相关的操作或算法。 以这种方式,可以有效地实现用于安全目的的安全实现和利用设备特定的安全数据。 安全性是不妥协的,因为存储的秘密在电子电路之外永远不可用,并且设备特定的安全数据在设备的使用或操作期间内部被限制在电路内。
-
公开(公告)号:US06988197B1
公开(公告)日:2006-01-17
申请号:US09632933
申请日:2000-08-04
申请人: Joakim Persson , Bernard Smeets , Tobias Melin
发明人: Joakim Persson , Bernard Smeets , Tobias Melin
IPC分类号: H04L9/00
CPC分类号: H04L9/3273 , H04L2209/80
摘要: In a communication system, an authentication ciphering offset (ACO) is generated as a function of one or more parameters, wherein at least one of the one or more parameters is derived from earlier-computed values of the ACO. This enables each device to avoid generating an ACO value that is out of synchronization with a counterpart ACO value generated in another communication device.
摘要翻译: 在通信系统中,作为一个或多个参数的函数产生认证加密偏移(ACO),其中所述一个或多个参数中的至少一个是从较早计算出的ACO值导出的。 这使得每个设备避免产生与另一通信设备中生成的对应ACO值不同步的ACO值。
-
公开(公告)号:US09432349B2
公开(公告)日:2016-08-30
申请号:US14125859
申请日:2012-06-13
申请人: Bernard Smeets , Mats Näslund
发明人: Bernard Smeets , Mats Näslund
IPC分类号: H04L29/06
CPC分类号: H04L63/08 , H04L63/0815 , H04L63/0884
摘要: An access authentication system for authenticating a subscriber of a service, the access authentication system comprising an operator access authentication system and one or more private access authentication systems, each private access authentication system being communicatively connectable with the operator access authentication system, the operator access authentication system being adapted to provide one or more authentication functions for facilitating authentication of subscribers of the service based on respective subscriber authentication data items associated with credentials of the subscriber; wherein each private access authentication system is adapted to communicate one or more subscriber authentication data items to said operator access authentication system; and wherein each private access authentication system is further adapted to communicate one or more verification data items indicative of the private access authentication system operating in at least one predetermined state.
摘要翻译: 一种用于认证服务订户的接入认证系统,所述接入认证系统包括操作者接入认证系统和一个或多个专用接入认证系统,每个专用接入认证系统与所述接入认证系统可通信地连接,所述接入认证系统 系统适于提供一个或多个认证功能,用于基于与所述订户的凭证相关联的相应订户认证数据项促进所述服务的订户的认证; 其中每个专用接入认证系统适于将一个或多个用户认证数据项传送到所述操作员接入认证系统; 并且其中每个专用接入认证系统进一步适于通信指示在至少一个预定状态下操作的私有接入认证系统的一个或多个验证数据项。
-
公开(公告)号:US09397903B2
公开(公告)日:2016-07-19
申请号:US14124000
申请日:2012-06-05
申请人: Bernard Smeets
发明人: Bernard Smeets
IPC分类号: G06F15/173 , H04L12/26 , G06F21/57 , G06F21/64
摘要: A method of determining an operational attribute of a server executed on a first execution platform and providing a service, the method comprising: performing a measurement indicative of an operational attribute of the server, wherein the measurement is performed by a platform observer system executed on said first execution platform; communicating a result of said measurement to an external observer system; wherein the communicating comprises protecting secrecy of the communicated result; verifying, by the external observer system, that the received measurement result is indicative of a measurement performed on said server.
摘要翻译: 一种确定在第一执行平台上执行并提供服务的服务器的操作属性的方法,所述方法包括:执行指示所述服务器的操作属性的测量,其中所述测量由在所述服务器上执行的平台观察器系统执行 第一执行平台; 将所述测量的结果传达给外部观察者系统; 其中所述通信包括保护所传送结果的保密性; 由外部观察者系统验证所接收的测量结果是指示在所述服务器上执行的测量。
-
公开(公告)号:US20150033004A1
公开(公告)日:2015-01-29
申请号:US13700473
申请日:2011-05-23
申请人: Bernard Smeets , Patrik Ekdahl
发明人: Bernard Smeets , Patrik Ekdahl
IPC分类号: G06F9/44
CPC分类号: G06F9/4416 , G06F21/57 , G06F2221/2137
摘要: Disclosed herein is a processing device comprising a secured execution environment comprising means for bringing the processing device into a predetermined operational state; and a timer; a communication interface for data communication between the processing device and a remote device management system external to the processing device; wherein the secured execution environment is configured, responsive to an expiry of the timer, to bring the processing device into said predetermined operational state; and responsive to a receipt, from the remote device management system via said communications interface, of a predetermined signal, to restart the timer.
摘要翻译: 本文公开了一种包括安全执行环境的处理装置,包括用于使处理装置进入预定操作状态的装置; 和定时器; 用于处理设备与处理设备外部的远程设备管理系统之间的数据通信的通信接口; 其中所述安全执行环境被配置为响应于所述定时器的期满使所述处理设备进入所述预定操作状态; 并且响应于来自所述远程设备管理系统的经由所述通信接口的预定信号的接收重新启动所述定时器。
-
-
-
-
-
-
-
-
-
搜索结果
39 条记录 (耗时 0.024 秒)
