-
公开(公告)号:US08990563B2
公开(公告)日:2015-03-24
申请号:US13155822
申请日:2011-06-08
申请人: Rolf Blom , John Mattsson , Oscar Ohlsson
发明人: Rolf Blom , John Mattsson , Oscar Ohlsson
CPC分类号: H04L63/062 , H04L9/0827 , H04L9/083 , H04L9/3213 , H04L63/0807 , H04W12/04 , H04W12/06
摘要: A method and apparatus for sending protected data from a sender unit to a receiver unit via an intermediate unit. A Transfer Init message that contains a ticket associated with the receiver unit is sent from the intermediate unit to the sender unit. The intermediate unit then receives a transfer response message from the sender unit, and also data which has been protected using at least one security key associated with the ticket and obtained from a Key Management Server. A message is sent to the receiver unit, the message including information required for security processing of the protected data. The protected data is then sent to the receiver unit, allowing the receiver unit to access the protected data.
摘要翻译: 一种用于经由中间单元将保护的数据从发送器单元发送到接收器单元的方法和装置。 包含与接收器单元相关联的票据的传送初始化消息从中间单元发送到发送器单元。 中间单元然后从发送者单元接收传输响应消息,以及使用至少一个与该票相关联并从密钥管理服务器获得的安全密钥进行保护的数据。 将消息发送到接收器单元,该消息包括对受保护数据进行安全处理所需的信息。 然后将受保护的数据发送到接收器单元,允许接收器单元访问受保护的数据。
-
公开(公告)号:US08966105B2
公开(公告)日:2015-02-24
申请号:US12999178
申请日:2009-02-20
申请人: Rolf Blom , Yi Cheng , John Mattsson , Mats Nåslund , Karl Norrman
发明人: Rolf Blom , Yi Cheng , John Mattsson , Mats Nåslund , Karl Norrman
CPC分类号: H04L65/605 , H04L63/0428 , H04L65/608
摘要: A method and apparatus for sending a first secured media stream having a payload via an intermediate node. The intermediate node receives from a sender the first secured media stream. An end-to-end context identifier and a hop-by-hop context identifier are determined for the first secured media stream, where the hop-by-hop context identifier relates to the intermediate node and the end-to-end identifier relates to the sender. A second secured media stream is generated, which includes at least the payload of the first secured media stream and the context identifiers to identify the first secured media stream. The second secured media stream is sent to a receiving node, and the context identifiers are also sent to the receiving node. The context identifiers are usable by the receiving node to recover the first secured media stream.
摘要翻译: 一种用于经由中间节点发送具有有效载荷的第一安全媒体流的方法和装置。 中间节点从发送器接收第一安全媒体流。 针对第一安全媒体流确定端到端上下文标识符和逐跳上下文标识符,其中逐跳上下文标识符与中间节点相关,并且端到端标识符与 发件人。 生成第二安全媒体流,其包括至少第一安全媒体流的有效载荷和上下文标识符以识别第一安全媒体流。 第二安全媒体流被发送到接收节点,并且上下文标识符也被发送到接收节点。 上下文标识符可由接收节点使用以恢复第一安全媒体流。
-
公开(公告)号:US20110093609A1
公开(公告)日:2011-04-21
申请号:US12999178
申请日:2009-02-20
申请人: Rolf Blom , Yi Cheng , John Mattsson , Mats Näslund , Karl Norrman
发明人: Rolf Blom , Yi Cheng , John Mattsson , Mats Näslund , Karl Norrman
IPC分类号: G06F15/16
CPC分类号: H04L65/605 , H04L63/0428 , H04L65/608
摘要: A method and apparatus for sending a first secured media stream having a payload via an intermediate node. The intermediate node receives from a sender the first secured media stream. An end-to-end context identifier and a hop-by-hop context identifier are determined for the first secured media stream, where the hop-by-hop context identifier relates to the intermediate node and the end-to-end identifier relates to the sender. A second secured media stream is generated, which includes at least the payload of the first secured media stream and the context identifiers to identify the first secured media stream. The second secured media stream is sent to a receiving node, and the context identifiers are also sent to the receiving node. The context identifiers are usable by the receiving node to recover the first secured media stream.
摘要翻译: 一种用于经由中间节点发送具有有效载荷的第一安全媒体流的方法和装置。 中间节点从发送器接收第一安全媒体流。 针对第一安全媒体流确定端到端上下文标识符和逐跳上下文标识符,其中逐跳上下文标识符与中间节点相关,并且端到端标识符与 发件人。 生成第二安全媒体流,其包括至少第一安全媒体流的有效载荷和上下文标识符以识别第一安全媒体流。 第二安全媒体流被发送到接收节点,并且上下文标识符也被发送到接收节点。 上下文标识符可由接收节点使用以恢复第一安全媒体流。
-
公开(公告)号:US20120191970A1
公开(公告)日:2012-07-26
申请号:US13498970
申请日:2009-10-01
申请人: Rolf Blom , Fredrik Lindholm , John Mattsson
发明人: Rolf Blom , Fredrik Lindholm , John Mattsson
IPC分类号: H04L29/06
CPC分类号: H04L9/0841 , H04L9/3249 , H04L9/3263 , H04L63/04 , H04L63/06 , H04L63/0823 , H04L65/1006 , H04L65/1016 , H04L65/4076 , H04L65/608 , H04L2209/34
摘要: A method of sending protected data from a sender unit to a receiver unit via an intermediate unit. The intermediate unit stores information associated with a certificate belonging to the receiver unit, and information associated with a certificate belonging to the intermediate unit, which has previously been signed by the receiver unit. The intermediate unit receives a request from the sender unit to send protected data to the receiver unit, and so it sends a response to the sender unit. The response includes the information associated with the certificate belonging to the receiver unit, which allows the sender unit to verify that the intermediate unit is authorised to receive data on behalf of the receiver unit. The intermediate unit then receives data from the sender unit that is protected using the information associated with the certificate belonging to the receiver unit for subsequent forwarding to the receiver unit. Having the receiver unit sign the intermediate unit's certificate allows the exchange of credentials to allow a sender unit to send protected data to a receiver unit via an intermediate unit.
摘要翻译: 一种通过中间单元将保护的数据从发送器单元发送到接收器单元的方法。 中间单元存储与属于接收器单元的证书相关联的信息,以及与属于中间单元的证书相关联的信息,该信息先前已被接收器单元签名。 中间单元接收来自发送器单元的请求以将受保护的数据发送到接收器单元,并且因此向发送器单元发送响应。 响应包括与属于接收器单元的证书相关联的信息,其允许发送器单元验证中间单元是否被授权代表接收器单元接收数据。 然后中间单元从使用与属于接收机单元的证书相关联的信息来保护的来自发送器单元的数据接收用于随后转发到接收器单元的数据。 使接收器单元签署中间单元的证书允许交换凭证以允许发送器单元经由中间单元将保护的数据发送到接收器单元。
-
公开(公告)号:US20100268937A1
公开(公告)日:2010-10-21
申请号:US12744986
申请日:2007-11-30
申请人: Rolf Blom , Yi Cheng , Fredrik Lindholm , John Mattsson , Mats Naslund , Karl Norrman
发明人: Rolf Blom , Yi Cheng , Fredrik Lindholm , John Mattsson , Mats Naslund , Karl Norrman
CPC分类号: H04L9/0838 , H04L9/083 , H04L9/0861 , H04L63/061 , H04L63/062 , H04L63/0884 , H04L65/1016
摘要: A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary.
摘要翻译: 公开了一种用于管理用于通信网络中的第一和第二用户设备之间的安全通信的会话密钥的方法和装置。 该方法的特征在于独立于每个用户设备为安全操作实现什么类型的凭证。 第一用户从第一密钥管理服务器接收密钥信息和凭证并生成第一会话密钥。 该凭证被转发到至少一个响应用户设备,在来自与第一密钥管理服务器通信的第二密钥管理服务器的支持下,解决凭证并确定第二会话密钥。 此后,第一和第二会话密钥用于安全通信。 在一个实施例中,通信遍及中间体,由此第一和第二会话密钥保护与相应的腿到中间的通信。
-
公开(公告)号:US09178696B2
公开(公告)日:2015-11-03
申请号:US12744986
申请日:2007-11-30
申请人: Rolf Blom , Yi Cheng , Fredrik Lindholm , John Mattsson , Mats Naslund , Karl Norrman
发明人: Rolf Blom , Yi Cheng , Fredrik Lindholm , John Mattsson , Mats Naslund , Karl Norrman
CPC分类号: H04L9/0838 , H04L9/083 , H04L9/0861 , H04L63/061 , H04L63/062 , H04L63/0884 , H04L65/1016
摘要: A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary.
摘要翻译: 公开了一种用于管理用于通信网络中的第一和第二用户设备之间的安全通信的会话密钥的方法和装置。 该方法的特征在于独立于每个用户设备为安全操作实现什么类型的凭证。 第一用户从第一密钥管理服务器接收密钥信息和凭证并生成第一会话密钥。 该凭证被转发到至少一个响应用户设备,在来自与第一密钥管理服务器通信的第二密钥管理服务器的支持下,解决凭证并确定第二会话密钥。 此后,第一和第二会话密钥用于安全通信。 在一个实施例中,通信遍及中间体,由此第一和第二会话密钥保护与相应的腿到中间的通信。
-
公开(公告)号:US08745374B2
公开(公告)日:2014-06-03
申请号:US13498970
申请日:2009-10-01
申请人: Rolf Blom , Fredrik Lindholm , John Mattsson
发明人: Rolf Blom , Fredrik Lindholm , John Mattsson
IPC分类号: H04L29/06
CPC分类号: H04L9/0841 , H04L9/3249 , H04L9/3263 , H04L63/04 , H04L63/06 , H04L63/0823 , H04L65/1006 , H04L65/1016 , H04L65/4076 , H04L65/608 , H04L2209/34
摘要: A method of sending protected data from a sender unit to a receiver unit via an intermediate unit. The intermediate unit stores information associated with a certificate belonging to the receiver unit, and information associated with a certificate belonging to the intermediate unit, which has previously been signed by the receiver unit. The intermediate unit receives a request from the sender unit to send protected data to the receiver unit, and so it sends a response to the sender unit. The response includes the information associated with the certificate belonging to the receiver unit, which allows the sender unit to verify that the intermediate unit is authorized to receive data on behalf of the receiver unit. The intermediate unit then receives data from the sender unit that is protected using the information associated with the certificate belonging to the receiver unit for subsequent forwarding to the receiver unit. Having the receiver unit sign the intermediate unit's certificate allows the exchange of credentials to allow a sender unit to send protected data to a receiver unit via an intermediate unit.
摘要翻译: 一种通过中间单元将保护的数据从发送器单元发送到接收器单元的方法。 中间单元存储与属于接收器单元的证书相关联的信息,以及与属于中间单元的证书相关联的信息,该信息先前已被接收器单元签名。 中间单元接收来自发送器单元的请求以将受保护的数据发送到接收器单元,并且因此向发送器单元发送响应。 响应包括与属于接收器单元的证书相关联的信息,其允许发送器单元验证中间单元是否被授权代表接收器单元接收数据。 然后中间单元从使用与属于接收机单元的证书相关联的信息来保护的来自发送器单元的数据接收用于随后转发到接收器单元的数据。 使接收器单元签署中间单元的证书允许交换凭证以允许发送器单元经由中间单元将保护的数据发送到接收器单元。
-
公开(公告)号:US08645680B2
公开(公告)日:2014-02-04
申请号:US12997913
申请日:2009-05-06
申请人: Rolf Blom , Yi Cheng , John Mattsson , Mats Naslund , Karl Norrman
发明人: Rolf Blom , Yi Cheng , John Mattsson , Mats Naslund , Karl Norrman
IPC分类号: H04L29/06
CPC分类号: H04L65/601 , H04L63/0464 , H04L63/0478 , H04L63/06 , H04L63/123
摘要: A method and apparatus for sending protected media data from a data source node to a client node via an intermediate node. The data source node establishes a first hop-by-hop key to be shared with the intermediate node and an end-to-end key to be shared with the client node. A single security protocol instance is configured and used to trans-protocol form data from a media stream into transformed data using the keys. The transformed data is then sent to the intermediate node. The intermediate node uses the first hop-by-hop key to apply a security processing to the transformed data, and establishes a second hop-by-hop key with the client node. A second transformation is performed on the transformed data using the second hop-by-hop key to produce further transformed media data, which is then sent to the client node. At the client node a single security protocol instance is configured with the second hop-by-hop key and the end-to-end key, which are used to apply further security processing to the transformed media data.
摘要翻译: 一种用于经由中间节点将受保护媒体数据从数据源节点发送到客户端节点的方法和装置。 数据源节点建立与中间节点共享的第一个逐跳密钥和要与客户机节点共享的端对端密钥。 单个安全协议实例被配置并用于使用密钥将媒体流中的数据转换为变换数据。 然后将变换的数据发送到中间节点。 中间节点使用第一个逐跳密钥对转换的数据应用安全处理,并与客户端节点建立第二个逐跳密钥。 使用第二逐跳密钥对经变换的数据执行第二变换以产生进一步转换的媒体数据,然后将其转发到客户端节点。 在客户端节点,单个安全协议实例配置有第二个逐跳密钥和端对端密钥,用于对转换的媒体数据应用进一步的安全处理。
-
公开(公告)号:US20110093698A1
公开(公告)日:2011-04-21
申请号:US12997913
申请日:2009-05-06
申请人: Rolf Blom , Yi Cheng , John Mattsson , Mats Naslund , Karl Norrman
发明人: Rolf Blom , Yi Cheng , John Mattsson , Mats Naslund , Karl Norrman
IPC分类号: H04L9/12
CPC分类号: H04L65/601 , H04L63/0464 , H04L63/0478 , H04L63/06 , H04L63/123
摘要: A method and apparatus for sending protected media data from a data source node to a client node via an intermediate node. The data source node establishes a first hop-by-hop key to be shared with the intermediate node and an end-to-end key to be shared with the client node. A single security protocol instance is configured and used to trans-protocol form data from a media stream into transformed data using the keys. The transformed data is then sent to the intermediate node. The intermediate node uses the first hop-by-hop key to apply a security processing to the transformed data, and establishes a second hop-by-hop key with the client node. A second transformation is performed on the transformed data using the second hop-by-hop key to produce further transformed media data, which is then sent to the client node. At the client node a single security protocol instance is configured with the second hop-by-hop key and the end-to-end key, which are used to apply further security processing to the transformed media data.
摘要翻译: 一种用于经由中间节点将受保护媒体数据从数据源节点发送到客户端节点的方法和装置。 数据源节点建立与中间节点共享的第一个逐跳密钥和要与客户机节点共享的端对端密钥。 单个安全协议实例被配置并用于使用密钥将媒体流中的数据转换为变换数据。 然后将变换的数据发送到中间节点。 中间节点使用第一个逐跳密钥对转换的数据应用安全处理,并与客户端节点建立第二个逐跳密钥。 使用第二逐跳密钥对经变换的数据执行第二变换以产生进一步转换的媒体数据,然后将其转发到客户端节点。 在客户端节点,单个安全协议实例配置有第二个逐跳密钥和端对端密钥,用于对转换的媒体数据应用进一步的安全处理。
-
公开(公告)号:US09407616B2
公开(公告)日:2016-08-02
申请号:US14113047
申请日:2011-04-27
申请人: Karl Norrman , Rolf Blom , Mats Näslund
发明人: Karl Norrman , Rolf Blom , Mats Näslund
CPC分类号: H04L63/08 , H04L63/062 , H04L63/0876 , H04L63/20 , H04W12/04 , H04W12/06
摘要: There is disclosed a system for authentication of a device in a network by establishing a second security context between the device and a serving network node when a first security context has previously been established, assisted by an authentication server, based on a random value and a secret shared between an identity module associated with the device and the authentication server. First re-use information from the establishment of the first security context is stored at the authentication server and at the device, the first re-use information enabling secure generation of the second security context from the random value and the secret. Second re-use information may be generated or stored at the device. A context regeneration request is generated at the device, the context regeneration request authenticated at least partly based on the secret. The context regeneration request is sent to the serving network node. The context regeneration request is sent from the serving network node to the authentication server. The context regeneration request is verified at the authentication server. The second security context is generated at the authentication server based on at least the secret, the random value, and the first and second re-use information. The second security context is communicated from the authentication server to the serving network node.
摘要翻译: 公开了一种用于通过基于随机值和由认证服务器辅助的先前建立第一安全上下文而在设备和服务网络节点之间建立第二安全上下文的网络中的设备的认证系统。 在与设备相关联的身份模块和认证服务器之间共享秘密。 来自建立第一安全上下文的第一重新使用信息被存储在认证服务器和设备处,第一重用信息使得能够从随机值和秘密安全地生成第二安全上下文。 可以在设备处生成或存储第二重用信息。 在设备上生成上下文再生请求,上下文再生请求至少部分地基于秘密进行认证。 上下文再生请求被发送到服务网络节点。 上下文再生请求从服务网络节点发送到认证服务器。 认证服务器验证上下文再生请求。 至少基于秘密,随机值以及第一和第二再利用信息,在认证服务器产生第二安全上下文。 第二安全上下文从认证服务器传送到服务网络节点。
-
-
-
-
-
-
-
-
-
搜索结果
96 条记录 (耗时 0.021 秒)
