利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

96 条记录 (耗时 0.027 秒)

    Method and arrangement in a telecommunication system
    3.
    发明授权
    Method and arrangement in a telecommunication system 有权
    电信系统中的方法和布置

    公开(公告)号:US08660270B2

    公开(公告)日:2014-02-25

    申请号:US12677675

    申请日:2008-05-20

    申请人: Rolf Blom Gunnar Mildh Karl Norrman

    发明人: Rolf Blom Gunnar Mildh Karl Norrman

    IPC分类号: H04L9/32 H04M1/66

    CPC分类号: H04L9/083 H04L9/0816 H04L9/0869 H04L63/062 H04L2209/24 H04L2209/80 H04L2463/061 H04W8/20 H04W12/04 H04W92/10

    摘要: A security key, K_eNB, for protecting RRC/UP traffic between a User Equipment, UE, and a serving eNodeB is established by a method and an arrangement in a Mobility Management Entity, MME, and in said UE, of an Evolved Packet System, EPS. The MME and the UE derives the security key, K_eNB, from at least an NAS uplink sequence number, NAS_U_SEQ, sent from the UE to the MME, and from an Access Security Management Entity-key, K_ASME, shared between the MME and the UE.

    摘要翻译: 用于在用户设备,UE和服务eNodeB之间保护RRC / UP业务的安全密钥K_eNB通过移动性管理实体MME中的所述UE和所述UE中的演进分组系统的方法和配置来建立, EPS。 MME和UE从从UE发送到MME的至少一个NAS上行链路序列号NAS_U_SEQ以及从MME和UE之间共享的接入安全管理实体密钥K_ASME中导出安全密钥K_eNB 。

    Method and apparatus for establishing a security association
    4.
    发明授权
    Method and apparatus for establishing a security association 有权
    用于建立安全关联的方法和装置

    公开(公告)号:US08122240B2

    公开(公告)日:2012-02-21

    申请号:US11305329

    申请日:2005-12-19

    申请人: Rolf Blom Karl Norrman

    发明人: Rolf Blom Karl Norrman

    IPC分类号: H04L29/06

    CPC分类号: H04W12/04 H04L9/0841 H04L9/3271 H04L63/0435 H04L63/062 H04L67/26 H04L2209/56 H04L2209/80 H04W84/042

    摘要: A method for establishing a security association between a client and a service node for the purpose of pushing information from the service node to the client, where the client and a key server share a base secret. The method comprises sending a request for generation and provision of a service key from the service node to a key server, the request identifying the client and the service node, generating a service key at the key server using the identities of the client and the service node, the base secret, and additional information, and sending the service key to the service node together with said additional information, forwarding said additional information from the service node to the client, and at the client, generating said service key using the received additional information and the base key. A similar approach may be used to provide p2p key management.

    摘要翻译: 一种用于在客户机和服务节点之间建立安全关联以便将信息从服务节点推送到客户端的方法,其中客户端和密钥服务器共享基本秘密。 该方法包括从服务节点向密钥服务器发送生成和提供服务密钥的请求,所述请求标识客户端和服务节点,使用客户端和服务的身份在密钥服务器生成服务密钥 节点,基本秘密和附加信息,以及将服务密钥与所述附加信息一起发送到服务节点,将所述附加信息从服务节点转发到客户端,并且在客户端处,使用接收到的附加信息生成所述服务密钥 信息和基本键。 可以使用类似的方法来提供p2p密钥管理。

    Cryptographic key management in communication networks
    5.
    发明授权
    Cryptographic key management in communication networks 有权
    通信网络密码管理

    公开(公告)号:US08094817B2

    公开(公告)日:2012-01-10

    申请号:US11857621

    申请日:2007-09-19

    申请人: Rolf Blom Karl Norrman Mats Naslund

    发明人: Rolf Blom Karl Norrman Mats Naslund

    IPC分类号: H04L9/00

    CPC分类号: H04L9/321 H04L63/062 H04L63/08 H04L2209/80 H04L2463/061 H04W12/04 H04W12/06 H04W36/0038

    摘要: An authentication server and a system and method for managing cryptographic keys across different combinations of user terminals, access networks, and core networks. A Transformation Coder Entity (TCE) creates a master key (Mk), which is used to derive keys during the authentication procedure. During handover between the different access types, the Mk or a transformed Mk is passed between two nodes that hold the key in the respective access networks when a User Equipment (UE) terminal changes access. The transformation of the Mk is performed via a one-way function, and has the effect that if the Mk is somehow compromised, it is not possible to automatically obtain access to previously used master keys. The transformation is performed based on the type of authenticator node and type of UE/identity module with which the transformed key is to be utilized. The Mk is never used directly, but is only used to derive the keys that are directly used to protect the access link.

    摘要翻译: 一种认证服务器,以及用于管理跨越用户终端,接入网络和核心网络的不同组合的加密密钥的系统和方法。 转换编码器实体(TCE)创建主密钥(Mk),用于在认证过程期间导出密钥。 在不同访问类型之间的切换期间,当用户设备(UE)终端改变访问时,Mk或经变换的Mk在保持密钥的两个节点之间传递。 通过单向函数执行Mk的转换,并且具有以下效果:如果Mk以某种方式受损,则不可能自动获得对先前使用的主密钥的访问。 基于认证者节点的类型和使用变换密钥的UE /身份模块的类型进行转换。 Mk从不直接使用,但仅用于派生直接用于保护访问链接的密钥。

    Key Establishment for Relay Node in a Wireless Communication System
    6.
    发明申请
    Key Establishment for Relay Node in a Wireless Communication System 审中-公开
    无线通信系统中继节点的关键建立

    公开(公告)号:US20110305339A1

    公开(公告)日:2011-12-15

    申请号:US12964991

    申请日:2010-12-10

    申请人: Karl Norrman Rolf Blom Gunnar Mildh Ingrid Nordstrand

    发明人: Karl Norrman Rolf Blom Gunnar Mildh Ingrid Nordstrand

    IPC分类号: H04K1/00

    CPC分类号: H04W12/0013 H04L63/0272 H04L63/0442 H04L63/164 H04L63/166 H04L2463/061 H04W12/003 H04W88/08

    摘要: Techniques for providing additional security for the wireless interface between a relay node and a donor base station are based on a security association established between the relay node and the donor base station. In an example method implemented in a relay node, communications with a donor base station are established and a first cryptographic key is generated according to a radio access protocol. A security association between the relay node and the donor base station is then established, using a credential stored at the relay node, and a second cryptographic key is derived from the first cryptographic key, using the stored credential, or one or more parameters relating to the security association, or information exchanged within the security association. The second key is used to protect user plane data relayed from one or more mobile terminals to the donor base station.

    摘要翻译: 用于为中继节点和施主基站之间的无线接口提供附加安全性的技术基于在中继节点和施主基站之间建立的安全关联。 在中继节点中实现的示例性方法中,建立与施主基站的通信,并且根据无线电接入协议生成第一密码密钥。 然后使用存储在中继节点处的凭证建立中继节点和施主基站之间的安全关联,并且使用存储的凭证从第一密码密钥导出第二密码密钥,或者与 安全关联或在安全关联中交换的信息。 第二个密钥用于保护从一个或多个移动终端中继到被授权基站的用户平面数据。

    USER AUTHENTICATON
    7.
    发明申请
    USER AUTHENTICATON 有权
    用户认证

    公开(公告)号:US20110302627A1

    公开(公告)日:2011-12-08

    申请号:US13201694

    申请日:2009-02-18

    申请人: Rolf Blom Luis Barriga Karl Norrman

    发明人: Rolf Blom Luis Barriga Karl Norrman

    IPC分类号: G06F21/00 G06F7/04

    CPC分类号: H04W12/06 H04L63/0492 H04L63/18 H04L67/04

    摘要: A method of authenticating access to a service comprises: a) receiving at a mobile terminal, over a bi-directional near-field communication channel between the mobile terminal and a browser, at least part of the identifier of a service; b) comparing, at the mobile terminal, at least part of the identifier received at the mobile terminal with a set of identifiers stored in the mobile device; and c) authenticating access to the service on the basis of whether at least part of the identifier received at the mobile terminal matches an identifier in the set. The mobile terminal may stored a set of URLs, and may compare a received URL (or part URL) with the set of stored URLs. It may generate an alert to the user if at least part of the URL received at the mobile terminal does not match a stored URL. User names and keys are not required to be stored on the web-browser, so the web-browser does not need to maintain a password database. This improves security, since a password database would be vulnerable to malicious code.

    摘要翻译: 认证对服务的访问的方法包括:a)在移动终端处通过移动终端和浏览器之间的双向近场通信信道,至少部分服务的标识符进行接收; b)在移动终端处将在移动终端处接收到的标识符的至少一部分与存储在移动设备中的一组标识符进行比较; 以及c)基于在所述移动终端中接收到的所述标识符的至少一部分是否匹配所述集合中的标识符来认证对所述服务的访问。 移动终端可以存储一组URL,并且可以将接收到的URL(或部分URL)与存储的URL集合进行比较。 如果在移动终端处接收到的URL的至少一部分与存储的URL不匹配,则它可以向用户生成警报。 用户名和密钥不需要存储在Web浏览器上,因此Web浏览器不需要维护密码数据库。 这提高了安全性,因为密码数据库将容易受到恶意代码的攻击。

    METHOD AND ARRANGEMENT FOR CREATION OF ASSOCIATION BETWEEN USER EQUIPMENT AND AN ACCESS POINT
    8.
    发明申请
    METHOD AND ARRANGEMENT FOR CREATION OF ASSOCIATION BETWEEN USER EQUIPMENT AND AN ACCESS POINT 有权
    创建用户设备与访问点之间的关联的方法和布置

    公开(公告)号:US20110256850A1

    公开(公告)日:2011-10-20

    申请号:US13140818

    申请日:2008-12-19

    申请人: Göran Selander Jari Vikberg Karl Norrman Rolf Blom Mats Naslund

    发明人: Göran Selander Jari Vikberg Karl Norrman Rolf Blom Mats Naslund

    IPC分类号: H04W12/06

    CPC分类号: H04W12/08 H04L63/101 H04W84/045

    摘要: Methods, apparatus, and computer program products for creating an association between a first user equipment and at least one access point assisted by a registration server in a telecommunication network are disclosed. The registration server responds to a first contact request carried out using a first association number for the access point, provided by the first user equipment, receives a first association request for the association with the access point, provided by the first user equipment, authorizes the first association request based on a first authorization information provided by the first user equipment; registers the association between the first user equipment and the access point responsive to authorization of the first association request. The first user equipment is associated with the access point and the association is administered by the registration server.

    摘要翻译: 公开了用于在第一用户设备和由电信网络中的注册服务器辅助的至少一个接入点之间建立关联的方法,设备和计算机程序产品。 注册服务器响应由第一用户设备提供的接入点的第一关联号码执行的第一联系请求,接收由第一用户设备提供的与接入点的关联的第一关联请求,授权 基于由第一用户设备提供的第一授权信息的第一关联请求; 响应于第一关联请求的授权,注册第一用户设备和接入点之间的关联。 第一用户设备与接入点相关联,该关联由注册服务器管理。

    Method and apparatus for handling keys used for encryption and integrity
    10.
    发明申请
    Method and apparatus for handling keys used for encryption and integrity 有权
    用于处理用于加密和完整性的密钥的方法和装置

    公开(公告)号:US20070230707A1

    公开(公告)日:2007-10-04

    申请号:US11726527

    申请日:2007-03-22

    申请人: Rolf Blom Karl Norrman Mats Naslund

    发明人: Rolf Blom Karl Norrman Mats Naslund

    IPC分类号: H04L9/00

    CPC分类号: H04L63/062 H04L9/0844 H04L9/0891 H04L2209/80 H04W12/04

    摘要: A method and an arrangement for providing keys for protecting communication between a terminal (300) and service points in a communication network. A basic key (Ik) is first established with a service control node (304) when the terminal has entered the network. An initial modified key (Ik1) is then created in both the service control node and the terminal, by applying a predetermined first function (f) to at least the basic key and an initial value of a key version parameter (v). The initial modified key is sent to a first service point (302), such that it can be used to protect communication between the terminal and the first service point. When the terminal switches to a second service point (306), the first service point and the terminal both create a second modified key (Ik2) by applying a predetermined second function (g) to the initial modified key, and the first service point sends the second modified key to the second service point.

    摘要翻译: 一种用于提供用于保护终端(300)与通信网络中的服务点之间的通信的密钥的方法和装置。 当终端进入网络时,首先与服务控制节点(304)建立基本密钥(Ik)。 然后,通过将预定的第一功能(f)应用于至少基本密钥和密钥的初始值,在服务控制节点和终端两者中创建初始修改密钥(Ik1< 1>) 版本参数(v)。 初始修改的密钥被发送到第一服务点(302),使得其可以用于保护终端和第一服务点之间的通信。 当终端切换到第二服务点(306)时,第一服务点和终端都通过将预定的第二功能(g)应用于初始修改的密钥来创建第二修改密钥(Ik> 2< 密钥,第一服务点将第二修改密钥发送到第二服务点。