-
公开(公告)号:US20110093609A1
公开(公告)日:2011-04-21
申请号:US12999178
申请日:2009-02-20
申请人: Rolf Blom , Yi Cheng , John Mattsson , Mats Näslund , Karl Norrman
发明人: Rolf Blom , Yi Cheng , John Mattsson , Mats Näslund , Karl Norrman
IPC分类号: G06F15/16
CPC分类号: H04L65/605 , H04L63/0428 , H04L65/608
摘要: A method and apparatus for sending a first secured media stream having a payload via an intermediate node. The intermediate node receives from a sender the first secured media stream. An end-to-end context identifier and a hop-by-hop context identifier are determined for the first secured media stream, where the hop-by-hop context identifier relates to the intermediate node and the end-to-end identifier relates to the sender. A second secured media stream is generated, which includes at least the payload of the first secured media stream and the context identifiers to identify the first secured media stream. The second secured media stream is sent to a receiving node, and the context identifiers are also sent to the receiving node. The context identifiers are usable by the receiving node to recover the first secured media stream.
摘要翻译: 一种用于经由中间节点发送具有有效载荷的第一安全媒体流的方法和装置。 中间节点从发送器接收第一安全媒体流。 针对第一安全媒体流确定端到端上下文标识符和逐跳上下文标识符,其中逐跳上下文标识符与中间节点相关,并且端到端标识符与 发件人。 生成第二安全媒体流,其包括至少第一安全媒体流的有效载荷和上下文标识符以识别第一安全媒体流。 第二安全媒体流被发送到接收节点,并且上下文标识符也被发送到接收节点。 上下文标识符可由接收节点使用以恢复第一安全媒体流。
-
公开(公告)号:US09178696B2
公开(公告)日:2015-11-03
申请号:US12744986
申请日:2007-11-30
申请人: Rolf Blom , Yi Cheng , Fredrik Lindholm , John Mattsson , Mats Naslund , Karl Norrman
发明人: Rolf Blom , Yi Cheng , Fredrik Lindholm , John Mattsson , Mats Naslund , Karl Norrman
CPC分类号: H04L9/0838 , H04L9/083 , H04L9/0861 , H04L63/061 , H04L63/062 , H04L63/0884 , H04L65/1016
摘要: A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary.
摘要翻译: 公开了一种用于管理用于通信网络中的第一和第二用户设备之间的安全通信的会话密钥的方法和装置。 该方法的特征在于独立于每个用户设备为安全操作实现什么类型的凭证。 第一用户从第一密钥管理服务器接收密钥信息和凭证并生成第一会话密钥。 该凭证被转发到至少一个响应用户设备,在来自与第一密钥管理服务器通信的第二密钥管理服务器的支持下,解决凭证并确定第二会话密钥。 此后,第一和第二会话密钥用于安全通信。 在一个实施例中,通信遍及中间体,由此第一和第二会话密钥保护与相应的腿到中间的通信。
-
公开(公告)号:US08966105B2
公开(公告)日:2015-02-24
申请号:US12999178
申请日:2009-02-20
申请人: Rolf Blom , Yi Cheng , John Mattsson , Mats Nåslund , Karl Norrman
发明人: Rolf Blom , Yi Cheng , John Mattsson , Mats Nåslund , Karl Norrman
CPC分类号: H04L65/605 , H04L63/0428 , H04L65/608
摘要: A method and apparatus for sending a first secured media stream having a payload via an intermediate node. The intermediate node receives from a sender the first secured media stream. An end-to-end context identifier and a hop-by-hop context identifier are determined for the first secured media stream, where the hop-by-hop context identifier relates to the intermediate node and the end-to-end identifier relates to the sender. A second secured media stream is generated, which includes at least the payload of the first secured media stream and the context identifiers to identify the first secured media stream. The second secured media stream is sent to a receiving node, and the context identifiers are also sent to the receiving node. The context identifiers are usable by the receiving node to recover the first secured media stream.
摘要翻译: 一种用于经由中间节点发送具有有效载荷的第一安全媒体流的方法和装置。 中间节点从发送器接收第一安全媒体流。 针对第一安全媒体流确定端到端上下文标识符和逐跳上下文标识符,其中逐跳上下文标识符与中间节点相关,并且端到端标识符与 发件人。 生成第二安全媒体流,其包括至少第一安全媒体流的有效载荷和上下文标识符以识别第一安全媒体流。 第二安全媒体流被发送到接收节点,并且上下文标识符也被发送到接收节点。 上下文标识符可由接收节点使用以恢复第一安全媒体流。
-
公开(公告)号:US20100268937A1
公开(公告)日:2010-10-21
申请号:US12744986
申请日:2007-11-30
申请人: Rolf Blom , Yi Cheng , Fredrik Lindholm , John Mattsson , Mats Naslund , Karl Norrman
发明人: Rolf Blom , Yi Cheng , Fredrik Lindholm , John Mattsson , Mats Naslund , Karl Norrman
CPC分类号: H04L9/0838 , H04L9/083 , H04L9/0861 , H04L63/061 , H04L63/062 , H04L63/0884 , H04L65/1016
摘要: A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary.
摘要翻译: 公开了一种用于管理用于通信网络中的第一和第二用户设备之间的安全通信的会话密钥的方法和装置。 该方法的特征在于独立于每个用户设备为安全操作实现什么类型的凭证。 第一用户从第一密钥管理服务器接收密钥信息和凭证并生成第一会话密钥。 该凭证被转发到至少一个响应用户设备,在来自与第一密钥管理服务器通信的第二密钥管理服务器的支持下,解决凭证并确定第二会话密钥。 此后,第一和第二会话密钥用于安全通信。 在一个实施例中,通信遍及中间体,由此第一和第二会话密钥保护与相应的腿到中间的通信。
-
公开(公告)号:US08645680B2
公开(公告)日:2014-02-04
申请号:US12997913
申请日:2009-05-06
申请人: Rolf Blom , Yi Cheng , John Mattsson , Mats Naslund , Karl Norrman
发明人: Rolf Blom , Yi Cheng , John Mattsson , Mats Naslund , Karl Norrman
IPC分类号: H04L29/06
CPC分类号: H04L65/601 , H04L63/0464 , H04L63/0478 , H04L63/06 , H04L63/123
摘要: A method and apparatus for sending protected media data from a data source node to a client node via an intermediate node. The data source node establishes a first hop-by-hop key to be shared with the intermediate node and an end-to-end key to be shared with the client node. A single security protocol instance is configured and used to trans-protocol form data from a media stream into transformed data using the keys. The transformed data is then sent to the intermediate node. The intermediate node uses the first hop-by-hop key to apply a security processing to the transformed data, and establishes a second hop-by-hop key with the client node. A second transformation is performed on the transformed data using the second hop-by-hop key to produce further transformed media data, which is then sent to the client node. At the client node a single security protocol instance is configured with the second hop-by-hop key and the end-to-end key, which are used to apply further security processing to the transformed media data.
摘要翻译: 一种用于经由中间节点将受保护媒体数据从数据源节点发送到客户端节点的方法和装置。 数据源节点建立与中间节点共享的第一个逐跳密钥和要与客户机节点共享的端对端密钥。 单个安全协议实例被配置并用于使用密钥将媒体流中的数据转换为变换数据。 然后将变换的数据发送到中间节点。 中间节点使用第一个逐跳密钥对转换的数据应用安全处理,并与客户端节点建立第二个逐跳密钥。 使用第二逐跳密钥对经变换的数据执行第二变换以产生进一步转换的媒体数据,然后将其转发到客户端节点。 在客户端节点,单个安全协议实例配置有第二个逐跳密钥和端对端密钥,用于对转换的媒体数据应用进一步的安全处理。
-
公开(公告)号:US20110093698A1
公开(公告)日:2011-04-21
申请号:US12997913
申请日:2009-05-06
申请人: Rolf Blom , Yi Cheng , John Mattsson , Mats Naslund , Karl Norrman
发明人: Rolf Blom , Yi Cheng , John Mattsson , Mats Naslund , Karl Norrman
IPC分类号: H04L9/12
CPC分类号: H04L65/601 , H04L63/0464 , H04L63/0478 , H04L63/06 , H04L63/123
摘要: A method and apparatus for sending protected media data from a data source node to a client node via an intermediate node. The data source node establishes a first hop-by-hop key to be shared with the intermediate node and an end-to-end key to be shared with the client node. A single security protocol instance is configured and used to trans-protocol form data from a media stream into transformed data using the keys. The transformed data is then sent to the intermediate node. The intermediate node uses the first hop-by-hop key to apply a security processing to the transformed data, and establishes a second hop-by-hop key with the client node. A second transformation is performed on the transformed data using the second hop-by-hop key to produce further transformed media data, which is then sent to the client node. At the client node a single security protocol instance is configured with the second hop-by-hop key and the end-to-end key, which are used to apply further security processing to the transformed media data.
摘要翻译: 一种用于经由中间节点将受保护媒体数据从数据源节点发送到客户端节点的方法和装置。 数据源节点建立与中间节点共享的第一个逐跳密钥和要与客户机节点共享的端对端密钥。 单个安全协议实例被配置并用于使用密钥将媒体流中的数据转换为变换数据。 然后将变换的数据发送到中间节点。 中间节点使用第一个逐跳密钥对转换的数据应用安全处理,并与客户端节点建立第二个逐跳密钥。 使用第二逐跳密钥对经变换的数据执行第二变换以产生进一步转换的媒体数据,然后将其转发到客户端节点。 在客户端节点,单个安全协议实例配置有第二个逐跳密钥和端对端密钥,用于对转换的媒体数据应用进一步的安全处理。
-
公开(公告)号:US20120254997A1
公开(公告)日:2012-10-04
申请号:US13177385
申请日:2011-07-06
IPC分类号: G06F12/14
CPC分类号: H04L63/14 , H04L63/1466 , H04L63/168 , H04L67/02 , H04L67/14 , H04L2463/061 , H04W12/04
摘要: Methods and apparatuses in a client terminal (400) and a web server (402) for enabling safe communication between said terminal and server. When the terminal obtains a web page from the server in a session, the terminal creates a context-specific key, Ks_NAF′, based on one or more context parameters, P1, . . . Pn, pertaining to said session and/or web page. The terminal then indicates the context-specific key in a login request to the server, and the server determines a context-specific key, Ks_NAF′, in the same manner to verify the client if the context-specific key determined in the web server matches the context-specific key received from the client terminal. The context-specific key is thus bound to and valid for the present context or session only and cannot be used in other contexts or sessions.
摘要翻译: 客户终端(400)和网络服务器(402)中的方法和装置,用于使所述终端和服务器之间能够进行安全通信。 当终端在会话中从服务器获得网页时,终端基于一个或多个上下文参数P1创建上下文特定密钥Ks_NAF'。 。 。 Pn,涉及所述会话和/或网页。 终端然后在向服务器的登录请求中指示上下文特定密钥,并且服务器以相同的方式确定上下文特定密钥Ks_NAF',以验证客户端,如果在web服务器中确定的上下文特定密钥匹配 从客户终端接收到的上下文相关密钥。 因此,上下文特定的密钥被绑定到并且仅对于当前上下文或会话有效,并且不能在其他上下文或会话中使用。
-
公开(公告)号:US08990563B2
公开(公告)日:2015-03-24
申请号:US13155822
申请日:2011-06-08
申请人: Rolf Blom , John Mattsson , Oscar Ohlsson
发明人: Rolf Blom , John Mattsson , Oscar Ohlsson
CPC分类号: H04L63/062 , H04L9/0827 , H04L9/083 , H04L9/3213 , H04L63/0807 , H04W12/04 , H04W12/06
摘要: A method and apparatus for sending protected data from a sender unit to a receiver unit via an intermediate unit. A Transfer Init message that contains a ticket associated with the receiver unit is sent from the intermediate unit to the sender unit. The intermediate unit then receives a transfer response message from the sender unit, and also data which has been protected using at least one security key associated with the ticket and obtained from a Key Management Server. A message is sent to the receiver unit, the message including information required for security processing of the protected data. The protected data is then sent to the receiver unit, allowing the receiver unit to access the protected data.
摘要翻译: 一种用于经由中间单元将保护的数据从发送器单元发送到接收器单元的方法和装置。 包含与接收器单元相关联的票据的传送初始化消息从中间单元发送到发送器单元。 中间单元然后从发送者单元接收传输响应消息,以及使用至少一个与该票相关联并从密钥管理服务器获得的安全密钥进行保护的数据。 将消息发送到接收器单元,该消息包括对受保护数据进行安全处理所需的信息。 然后将受保护的数据发送到接收器单元,允许接收器单元访问受保护的数据。
-
公开(公告)号:US09467433B2
公开(公告)日:2016-10-11
申请号:US14130166
申请日:2012-06-14
CPC分类号: H04L63/08 , H04L63/123 , H04W4/90 , H04W12/10
摘要: There is described herein a device (101) for communicating with a network. The device (101) comprises a communications unit for receiving data, a notification device for providing a notification to a user, and a control unit for controlling the operation of the communications unit and notification unit. The communications unit is configured to receive an information message (110, 112, 115), and to receive security authentication data (110, 112, 115) associated with the information message if such security authentication data is available. The control unit is configured to operate in a first or second configuration. In the first configuration it ignores the security authentication data, (111, 113), and instructs the notification unit to convey the notification to the user. In the second configuration, it verifies the information message (116) on the basis of the security authentication data and instructs the notification unit to convey the notification to the user if the verification is successful. The communications unit is configured to receive a configuration message (114) indicating the configuration in which the control unit should operate, and the control unit is configured to change configuration if the indicated configuration is different to the current configuration.
摘要翻译: 这里描述了用于与网络通信的设备(101)。 设备(101)包括用于接收数据的通信单元,用于向用户提供通知的通知装置,以及用于控制通信单元和通知单元的操作的控制单元。 通信单元被配置为接收信息消息(110,112,115),并且如果这种安全认证数据可用,则接收与该信息消息相关联的安全认证数据(110,112,115)。 控制单元被配置为以第一或第二配置操作。 在第一配置中,它忽略安全认证数据(111,113),并指示通知单元向用户传达通知。 在第二配置中,它根据安全认证数据来验证信息消息(116),并且如果验证成功则指示通知单元向用户传达该通知。 通信单元被配置为接收指示控制单元应该运行的配置的配置消息(114),并且如果所指示的配置与当前配置不同,则配置控制单元来改变配置。
-
公开(公告)号:US08903095B2
公开(公告)日:2014-12-02
申请号:US13177385
申请日:2011-07-06
CPC分类号: H04L63/14 , H04L63/1466 , H04L63/168 , H04L67/02 , H04L67/14 , H04L2463/061 , H04W12/04
摘要: Methods and apparatuses in a client terminal (400) and a web server (402) for enabling safe communication between said terminal and server. When the terminal obtains a web page from the server in a session, the terminal creates a context-specific key, Ks_NAF′, based on one or more context parameters, P1, . . . Pn, pertaining to said session and/or web page. The terminal then indicates the context-specific key in a login request to the server, and the server determines a context-specific key, Ks_NAF′, in the same manner to verify the client if the context-specific key determined in the web server matches the context-specific key received from the client terminal. The context-specific key is thus bound to and valid for the present context or session only and cannot be used in other contexts or sessions.
摘要翻译: 客户终端(400)和网络服务器(402)中的方法和装置,用于使所述终端和服务器之间能够进行安全通信。 当终端在会话中从服务器获得网页时,终端基于一个或多个上下文参数P1创建上下文特定密钥Ks_NAF'。 。 。 Pn,涉及所述会话和/或网页。 终端然后在向服务器的登录请求中指示上下文特定密钥,并且服务器以相同的方式确定上下文特定密钥Ks_NAF',以验证客户端,如果在web服务器中确定的上下文特定密钥匹配 从客户终端接收到的上下文相关密钥。 因此,上下文特定的密钥被绑定到并且仅对于当前上下文或会话有效,并且不能在其他上下文或会话中使用。
-
-
-
-
-
-
-
-
-