Sending Secure Media Streams
    1.
    发明申请
    Sending Secure Media Streams 有权
    发送安全媒体流

    公开(公告)号:US20110093609A1

    公开(公告)日:2011-04-21

    申请号:US12999178

    申请日:2009-02-20

    IPC分类号: G06F15/16

    摘要: A method and apparatus for sending a first secured media stream having a payload via an intermediate node. The intermediate node receives from a sender the first secured media stream. An end-to-end context identifier and a hop-by-hop context identifier are determined for the first secured media stream, where the hop-by-hop context identifier relates to the intermediate node and the end-to-end identifier relates to the sender. A second secured media stream is generated, which includes at least the payload of the first secured media stream and the context identifiers to identify the first secured media stream. The second secured media stream is sent to a receiving node, and the context identifiers are also sent to the receiving node. The context identifiers are usable by the receiving node to recover the first secured media stream.

    摘要翻译: 一种用于经由中间节点发送具有有效载荷的第一安全媒体流的方法和装置。 中间节点从发送器接收第一安全媒体流。 针对第一安全媒体流确定端到端上下文标识符和逐跳上下文标识符,其中逐跳上下文标识符与中间节点相关,并且端到端标识符与 发件人。 生成第二安全媒体流,其包括至少第一安全媒体流的有效载荷和上下文标识符以识别第一安全媒体流。 第二安全媒体流被发送到接收节点,并且上下文标识符也被发送到接收节点。 上下文标识符可由接收节点使用以恢复第一安全媒体流。

    Key management for secure communication
    2.
    发明授权
    Key management for secure communication 有权
    安全通信的密钥管理

    公开(公告)号:US09178696B2

    公开(公告)日:2015-11-03

    申请号:US12744986

    申请日:2007-11-30

    IPC分类号: H04L9/08 H04L29/06

    摘要: A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary.

    摘要翻译: 公开了一种用于管理用于通信网络中的第一和第二用户设备之间的安全通信的会话密钥的方法和装置。 该方法的特征在于独立于每个用户设备为安全操作实现什么类型的凭证。 第一用户从第一密钥管理服务器接收密钥信息和凭证并生成第一会话密钥。 该凭证被转发到至少一个响应用户设备,在来自与第一密钥管理服务器通信的第二密钥管理服务器的支持下,解决凭证并确定第二会话密钥。 此后,第一和第二会话密钥用于安全通信。 在一个实施例中,通信遍及中间体,由此第一和第二会话密钥保护与相应的腿到中间的通信。

    Sending secure media streams
    3.
    发明授权
    Sending secure media streams 有权
    发送安全媒体流

    公开(公告)号:US08966105B2

    公开(公告)日:2015-02-24

    申请号:US12999178

    申请日:2009-02-20

    IPC分类号: G06F15/16 H04L29/06

    摘要: A method and apparatus for sending a first secured media stream having a payload via an intermediate node. The intermediate node receives from a sender the first secured media stream. An end-to-end context identifier and a hop-by-hop context identifier are determined for the first secured media stream, where the hop-by-hop context identifier relates to the intermediate node and the end-to-end identifier relates to the sender. A second secured media stream is generated, which includes at least the payload of the first secured media stream and the context identifiers to identify the first secured media stream. The second secured media stream is sent to a receiving node, and the context identifiers are also sent to the receiving node. The context identifiers are usable by the receiving node to recover the first secured media stream.

    摘要翻译: 一种用于经由中间节点发送具有有效载荷的第一安全媒体流的方法和装置。 中间节点从发送器接收第一安全媒体流。 针对第一安全媒体流确定端到端上下文标识符和逐跳上下文标识符,其中逐跳上下文标识符与中间节点相关,并且端到端标识符与 发件人。 生成第二安全媒体流,其包括至少第一安全媒体流的有效载荷和上下文标识符以识别第一安全媒体流。 第二安全媒体流被发送到接收节点,并且上下文标识符也被发送到接收节点。 上下文标识符可由接收节点使用以恢复第一安全媒体流。

    KEY MANAGEMENT FOR SECURE COMMUNICATION
    4.
    发明申请
    KEY MANAGEMENT FOR SECURE COMMUNICATION 有权
    安全通信的关键管理

    公开(公告)号:US20100268937A1

    公开(公告)日:2010-10-21

    申请号:US12744986

    申请日:2007-11-30

    IPC分类号: H04L9/32 H04L29/06 H04L9/08

    摘要: A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary.

    摘要翻译: 公开了一种用于管理用于通信网络中的第一和第二用户设备之间的安全通信的会话密钥的方法和装置。 该方法的特征在于独立于每个用户设备为安全操作实现什么类型的凭证。 第一用户从第一密钥管理服务器接收密钥信息和凭证并生成第一会话密钥。 该凭证被转发到至少一个响应用户设备,在来自与第一密钥管理服务器通信的第二密钥管理服务器的支持下,解决凭证并确定第二会话密钥。 此后,第一和第二会话密钥用于安全通信。 在一个实施例中,通信遍及中间体,由此第一和第二会话密钥保护与相应的腿到中间的通信。

    Sending media data via an intermediate node
    5.
    发明授权
    Sending media data via an intermediate node 有权
    通过中间节点发送媒体数据

    公开(公告)号:US08645680B2

    公开(公告)日:2014-02-04

    申请号:US12997913

    申请日:2009-05-06

    IPC分类号: H04L29/06

    摘要: A method and apparatus for sending protected media data from a data source node to a client node via an intermediate node. The data source node establishes a first hop-by-hop key to be shared with the intermediate node and an end-to-end key to be shared with the client node. A single security protocol instance is configured and used to trans-protocol form data from a media stream into transformed data using the keys. The transformed data is then sent to the intermediate node. The intermediate node uses the first hop-by-hop key to apply a security processing to the transformed data, and establishes a second hop-by-hop key with the client node. A second transformation is performed on the transformed data using the second hop-by-hop key to produce further transformed media data, which is then sent to the client node. At the client node a single security protocol instance is configured with the second hop-by-hop key and the end-to-end key, which are used to apply further security processing to the transformed media data.

    摘要翻译: 一种用于经由中间节点将受保护媒体数据从数据源节点发送到客户端节点的方法和装置。 数据源节点建立与中间节点共享的第一个逐跳密钥和要与客户机节点共享的端对端密钥。 单个安全协议实例被配置并用于使用密钥将媒体流中的数据转换为变换数据。 然后将变换的数据发送到中间节点。 中间节点使用第一个逐跳密钥对转换的数据应用安全处理,并与客户端节点建立第二个逐跳密钥。 使用第二逐跳密钥对经变换的数据执行第二变换以产生进一步转换的媒体数据,然后将其转发到客户端节点。 在客户端节点,单个安全协议实例配置有第二个逐跳密钥和端对端密钥,用于对转换的媒体数据应用进一步的安全处理。

    SENDING MEDIA DATA VIA AN INTERMEDIATE NODE
    6.
    发明申请
    SENDING MEDIA DATA VIA AN INTERMEDIATE NODE 有权
    发送媒体数据通过中间节点

    公开(公告)号:US20110093698A1

    公开(公告)日:2011-04-21

    申请号:US12997913

    申请日:2009-05-06

    IPC分类号: H04L9/12

    摘要: A method and apparatus for sending protected media data from a data source node to a client node via an intermediate node. The data source node establishes a first hop-by-hop key to be shared with the intermediate node and an end-to-end key to be shared with the client node. A single security protocol instance is configured and used to trans-protocol form data from a media stream into transformed data using the keys. The transformed data is then sent to the intermediate node. The intermediate node uses the first hop-by-hop key to apply a security processing to the transformed data, and establishes a second hop-by-hop key with the client node. A second transformation is performed on the transformed data using the second hop-by-hop key to produce further transformed media data, which is then sent to the client node. At the client node a single security protocol instance is configured with the second hop-by-hop key and the end-to-end key, which are used to apply further security processing to the transformed media data.

    摘要翻译: 一种用于经由中间节点将受保护媒体数据从数据源节点发送到客户端节点的方法和装置。 数据源节点建立与中间节点共享的第一个逐跳密钥和要与客户机节点共享的端对端密钥。 单个安全协议实例被配置并用于使用密钥将媒体流中的数据转换为变换数据。 然后将变换的数据发送到中间节点。 中间节点使用第一个逐跳密钥对转换的数据应用安全处理,并与客户端节点建立第二个逐跳密钥。 使用第二逐跳密钥对经变换的数据执行第二变换以产生进一步转换的媒体数据,然后将其转发到客户端节点。 在客户端节点,单个安全协议实例配置有第二个逐跳密钥和端对端密钥,用于对转换的媒体数据应用进一步的安全处理。

    METHODS AND APPARATUSES FOR AVOIDING DAMAGE IN NETWORK ATTACKS
    7.
    发明申请
    METHODS AND APPARATUSES FOR AVOIDING DAMAGE IN NETWORK ATTACKS 有权
    避免网络攻击造成的损害的方法和设备

    公开(公告)号:US20120254997A1

    公开(公告)日:2012-10-04

    申请号:US13177385

    申请日:2011-07-06

    IPC分类号: G06F12/14

    摘要: Methods and apparatuses in a client terminal (400) and a web server (402) for enabling safe communication between said terminal and server. When the terminal obtains a web page from the server in a session, the terminal creates a context-specific key, Ks_NAF′, based on one or more context parameters, P1, . . . Pn, pertaining to said session and/or web page. The terminal then indicates the context-specific key in a login request to the server, and the server determines a context-specific key, Ks_NAF′, in the same manner to verify the client if the context-specific key determined in the web server matches the context-specific key received from the client terminal. The context-specific key is thus bound to and valid for the present context or session only and cannot be used in other contexts or sessions.

    摘要翻译: 客户终端(400)和网络服务器(402)中的方法和装置,用于使所述终端和服务器之间能够进行安全通信。 当终端在会话中从服务器获得网页时,终端基于一个或多个上下文参数P1创建上下文特定密钥Ks_NAF'。 。 。 Pn,涉及所述会话和/或网页。 终端然后在向服务器的登录请求中指示上下文特定密钥,并且服务器以相同的方式确定上下文特定密钥Ks_NAF',以验证客户端,如果在web服务器中确定的上下文特定密钥匹配 从客户终端接收到的上下文相关密钥。 因此,上下文特定的密钥被绑定到并且仅对于当前上下文或会话有效,并且不能在其他上下文或会话中使用。

    Sending protected data in a communication network
    8.
    发明授权
    Sending protected data in a communication network 有权
    在通信网络中发送受保护的数据

    公开(公告)号:US08990563B2

    公开(公告)日:2015-03-24

    申请号:US13155822

    申请日:2011-06-08

    摘要: A method and apparatus for sending protected data from a sender unit to a receiver unit via an intermediate unit. A Transfer Init message that contains a ticket associated with the receiver unit is sent from the intermediate unit to the sender unit. The intermediate unit then receives a transfer response message from the sender unit, and also data which has been protected using at least one security key associated with the ticket and obtained from a Key Management Server. A message is sent to the receiver unit, the message including information required for security processing of the protected data. The protected data is then sent to the receiver unit, allowing the receiver unit to access the protected data.

    摘要翻译: 一种用于经由中间单元将保护的数据从发送器单元发送到接收器单元的方法和装置。 包含与接收器单元相关联的票据的传送初始化消息从中间单元发送到发送器单元。 中间单元然后从发送者单元接收传输响应消息,以及使用至少一个与该票相关联并从密钥管理服务器获得的安全密钥进行保护的数据。 将消息发送到接收器单元,该消息包括对受保护数据进行安全处理所需的信息。 然后将受保护的数据发送到接收器单元,允许接收器单元访问受保护的数据。

    Authentication of warning messages in a network
    9.
    发明授权
    Authentication of warning messages in a network 有权
    认证网络中的警告消息

    公开(公告)号:US09467433B2

    公开(公告)日:2016-10-11

    申请号:US14130166

    申请日:2012-06-14

    IPC分类号: H04L29/06 H04W12/10 H04W4/22

    摘要: There is described herein a device (101) for communicating with a network. The device (101) comprises a communications unit for receiving data, a notification device for providing a notification to a user, and a control unit for controlling the operation of the communications unit and notification unit. The communications unit is configured to receive an information message (110, 112, 115), and to receive security authentication data (110, 112, 115) associated with the information message if such security authentication data is available. The control unit is configured to operate in a first or second configuration. In the first configuration it ignores the security authentication data, (111, 113), and instructs the notification unit to convey the notification to the user. In the second configuration, it verifies the information message (116) on the basis of the security authentication data and instructs the notification unit to convey the notification to the user if the verification is successful. The communications unit is configured to receive a configuration message (114) indicating the configuration in which the control unit should operate, and the control unit is configured to change configuration if the indicated configuration is different to the current configuration.

    摘要翻译: 这里描述了用于与网络通信的设备(101)。 设备(101)包括用于接收数据的通信单元,用于向用户提供通知的通知装置,以及用于控制通信单元和通知单元的操作的控制单元。 通信单元被配置为接收信息消息(110,112,115),并且如果这种安全认证数据可用,则接收与该信息消息相关联的安全认证数据(110,112,115)。 控制单元被配置为以第一或第二配置操作。 在第一配置中,它忽略安全认证数据(111,113),并指示通知单元向用户传达通知。 在第二配置中,它根据安全认证数据来验证信息消息(116),并且如果验证成功则指示通知单元向用户传达该通知。 通信单元被配置为接收指示控制单元应该运行的配置的配置消息(114),并且如果所指示的配置与当前配置不同,则配置控制单元来改变配置。

    Methods and apparatuses for avoiding damage in network attacks
    10.
    发明授权
    Methods and apparatuses for avoiding damage in network attacks 有权
    避免网络攻击造成的破坏的方法和设备

    公开(公告)号:US08903095B2

    公开(公告)日:2014-12-02

    申请号:US13177385

    申请日:2011-07-06

    IPC分类号: H04L29/06 H04W12/04 H04L29/08

    摘要: Methods and apparatuses in a client terminal (400) and a web server (402) for enabling safe communication between said terminal and server. When the terminal obtains a web page from the server in a session, the terminal creates a context-specific key, Ks_NAF′, based on one or more context parameters, P1, . . . Pn, pertaining to said session and/or web page. The terminal then indicates the context-specific key in a login request to the server, and the server determines a context-specific key, Ks_NAF′, in the same manner to verify the client if the context-specific key determined in the web server matches the context-specific key received from the client terminal. The context-specific key is thus bound to and valid for the present context or session only and cannot be used in other contexts or sessions.

    摘要翻译: 客户终端(400)和网络服务器(402)中的方法和装置,用于使所述终端和服务器之间能够进行安全通信。 当终端在会话中从服务器获得网页时,终端基于一个或多个上下文参数P1创建上下文特定密钥Ks_NAF'。 。 。 Pn,涉及所述会话和/或网页。 终端然后在向服务器的登录请求中指示上下文特定密钥,并且服务器以相同的方式确定上下文特定密钥Ks_NAF',以验证客户端,如果在web服务器中确定的上下文特定密钥匹配 从客户终端接收到的上下文相关密钥。 因此,上下文特定的密钥被绑定到并且仅对于当前上下文或会话有效,并且不能在其他上下文或会话中使用。