公开(公告)号：US08458799B2

公开(公告)日：2013-06-04

申请号：US12495071

申请日：2009-06-30

申请人： Yan Fu ,  Ari Vepsäläinen ,  Ari Antero Aarnio ,  Markku Kalevi Vimpari ,  Pekka Laitinen

发明人： Yan Fu ,  Ari Vepsäläinen ,  Ari Antero Aarnio ,  Markku Kalevi Vimpari ,  Pekka Laitinen

IPC分类号： G06F7/04

CPC分类号： H04L9/08 ,  H04L9/0822 ,  H04L2209/60 ,  H04L2209/80

摘要： An approach is provided for building a scalable service platform by initiating transmission of encrypted data from a public network cache. An access control server platform determines a first authorization key for a user and a second authorization key for a resource, and then encrypts the resource with the second authorization key, and encrypts the second authorization key with the first authorization key. The access control server platform initiates distribution of the encrypted second authorization key with the encrypted resource over a network. The access control server platform further initiates caching the encrypted second authorization key with the encrypted resource that meets a predefined threshold value (e.g., a data size, an access frequency, a modification frequency, or an auditing requirement) in a cache in the network, and initiates transmission of the cached and encrypted second authorization key with the cached and encrypted resource from the cache to at least one authorized entity.

摘要翻译： 提供了一种通过从公共网络缓存发起加密数据来构建可扩展服务平台的方法。 访问控制服务器平台确定用户的第一授权密钥和用于资源的第二授权密钥，然后用第二授权密钥对资源进行加密，并用第一授权密钥加密第二授权密钥。 访问控制服务器平台通过网络启动加密的第二授权密钥与加密的资源的分发。 访问控制服务器平台进一步发起加密的第二授权密钥与加密资源缓存，该加密的资源满足网络中的高速缓存中的预定阈值（例如，数据大小，访问频率，修改频率或审核要求） 并且启动具有缓存和加密的资源的缓存和加密的第二授权密钥从高速缓存传输到至少一个授权实体。

公开(公告)号：US20100332834A1

公开(公告)日：2010-12-30

申请号：US12495071

申请日：2009-06-30

申请人： Yan Fu ,  Ari M. Vepsalainen ,  Ari Antero Aarnio ,  Markku Kalevi Vimpari ,  Pekka Laitinen

发明人： Yan Fu ,  Ari M. Vepsalainen ,  Ari Antero Aarnio ,  Markku Kalevi Vimpari ,  Pekka Laitinen

IPC分类号： H04L9/32 ,  H04L9/08

CPC分类号： H04L9/08 ,  H04L9/0822 ,  H04L2209/60 ,  H04L2209/80

摘要： An approach is provided for building a scalable service platform by initiating transmission of encrypted data from a public network cache. An access control server platform determines a first authorization key for a user and a second authorization key for a resource, and then encrypts the resource with the second authorization key, and encrypts the second authorization key with the first authorization key. The access control server platform initiates distribution of the encrypted second authorization key with the encrypted resource over a network. The access control server platform further initiates caching the encrypted second authorization key with the encrypted resource that meets a predefined threshold value (e.g., a data size, an access frequency, a modification frequency, or an auditing requirement) in a cache in the network, and initiates transmission of the cached and encrypted second authorization key with the cached and encrypted resource from the cache to at least one authorized entity.

摘要翻译： 提供了一种通过从公共网络缓存发起加密数据来构建可扩展服务平台的方法。 访问控制服务器平台确定用户的第一授权密钥和用于资源的第二授权密钥，然后用第二授权密钥对资源进行加密，并用第一授权密钥加密第二授权密钥。 访问控制服务器平台通过网络启动加密的第二授权密钥与加密的资源的分发。 访问控制服务器平台进一步发起加密的第二授权密钥与加密资源缓存，该加密的资源满足网络中的高速缓存中的预定阈值（例如，数据大小，访问频率，修改频率或审核要求） 并且启动具有缓存和加密的资源的缓存和加密的第二授权密钥从高速缓存传输到至少一个授权实体。

公开(公告)号：US09485232B2

公开(公告)日：2016-11-01

申请号：US11819733

申请日：2007-06-28

申请人： Silke Holtmanns ,  Pekka Laitinen

发明人： Silke Holtmanns ,  Pekka Laitinen

IPC分类号： G06F15/173 ,  H04L29/06 ,  H04L9/08 ,  H04L9/32 ,  H04W12/04 ,  H04W12/06

CPC分类号： H04L63/0876 ,  H04L9/0825 ,  H04L9/3226 ,  H04L63/06 ,  H04L63/08 ,  H04L63/0823 ,  H04L63/0869 ,  H04L2209/80 ,  H04W12/04 ,  H04W12/06

摘要： A user equipment in a communications system, the user equipment comprising: a memory arranged to store at least one identifier associated with the user equipment; a transceiver arranged to communicate with a node in the communication system, wherein the transceiver is arranged to receive the at least one identifier from the node in the communications system, wherein the at least one identifier is used by the user equipment to authenticate the user equipment to at least one further node in the communications system.

摘要翻译： 一种通信系统中的用户设备，所述用户设备包括：存储器，被布置为存储与所述用户设备相关联的至少一个标识符; 布置成与所述通信系统中的节点进行通信的收发机，其中所述收发器被布置为从所述通信系统中的所述节点接收所述至少一个标识符，其中所述至少一个标识符被所述用户设备用于认证所述用户设备 到通信系统中的至少一个另外的节点。

公开(公告)号：US20070192838A1

公开(公告)日：2007-08-16

申请号：US11699469

申请日：2007-01-30

申请人： Pekka Laitinen ,  Silke Holtmanns

发明人： Pekka Laitinen ,  Silke Holtmanns

IPC分类号： H04L9/32

CPC分类号： H04L63/08 ,  H04L63/20 ,  H04W12/04031 ,  H04W12/06

摘要： A method and arrangements for managing user security data stored in a database of a communications system. In the method a user equipment transmits a request to manage the user security data, the user equipment is authenticated, after which an application entity can manage user security data in the database that associates with the user by communicating data between the application entity and the database connected to the communications system.

摘要翻译： 一种用于管理存储在通信系统的数据库中的用户安全数据的方法和装置。 在该方法中，用户设备发送管理用户安全数据的请求，认证用户设备，之后应用实体可以通过在应用实体和数据库之间传送数据来管理数据库中与用户相关联的用户安全数据 连接到通信系统。

公开(公告)号：US07251733B2

公开(公告)日：2007-07-31

申请号：US10601337

申请日：2003-06-20

申请人： Henry Haverinen ,  Pekka Laitinen ,  Nadarajah Asokan

发明人： Henry Haverinen ,  Pekka Laitinen ,  Nadarajah Asokan

IPC分类号： G06F1/24

CPC分类号： H04L29/06 ,  H04L63/10 ,  H04L63/12 ,  H04L67/04 ,  H04L69/329

摘要： A method in a system for transferring accounting information, a system for transferring accounting information, a method in a terminal, a terminal, a method in an Extensible Authentication Protocol (EAP) service authorization server, an EAP service authorization server, a computer program, an Extensible Authentication Protocol response (EAP-response) packet, wherein the method:meters data related to a service used by at least one terminal,provides the metered data as accounting information to at least one Extensible Authentication Protocol (EAP) service authorization server,sends, by means of an Extensible Authentication Protocol request (EAP-request), a service authorization request from the at least one EAP service authorization server to the at least one terminal,digitally signs accounting information, in the at least one terminal,includes, at the at least one terminal, the digitally signed accounting information in an Extensible Authentication Protocol response (EAP-response), andsends the digitally signed accounting information to an AAA-server.

摘要翻译： 用于传送会计信息的系统中的方法，用于传送会计信息的系统，终端中的方法，终端，可扩展认证协议（EAP）服务授权服务器中的方法，EAP服务授权服务器，计算机程序， 可扩展认证协议响应（EAP-响应）分组，其中所述方法：与由至少一个终端使用的服务有关的计量数据将计量数据作为计费信息提供给至少一个可扩展认证协议（EAP）服务授权服务器， 通过可扩展认证协议请求（EAP请求），从所述至少一个EAP服务授权服务器向所述至少一个终端发送对所述至少一个终端中的计费信息进行数字签名的服务授权请求， 在至少一个终端，在可扩展认证协议响应（EAP响应）中的数字签名的计费信息， 并将数字签名的计费信息发送给AAA服务器。

公开(公告)号：US20070124587A1

公开(公告)日：2007-05-31

申请号：US11533861

申请日：2006-09-21

申请人： Govindarajan Krishnamurthi ,  Tat Chan ,  Pekka Laitinen

发明人： Govindarajan Krishnamurthi ,  Tat Chan ,  Pekka Laitinen

IPC分类号： H04L9/00

CPC分类号： H04L9/3271 ,  H04L9/0844 ,  H04L9/321 ,  H04L63/061 ,  H04L63/068 ,  H04L63/162 ,  H04L2209/80 ,  H04L2463/061 ,  H04W12/04031 ,  H04W12/06

摘要： An apparatus for re-keying a mobile terminal in a foreign network includes a processor. The processor is configured to receive, at the apparatus which is physically located in the foreign network, a request for re-keying from the mobile terminal in the foreign network. The processor is also configured to translate the request for transmission to a home network of the mobile terminal and to transmit the translated request to a bootstrapping server function of the home network.

摘要翻译： 用于将外部网络中的移动终端重新键入的装置包括处理器。 处理器被配置为在物理上位于外部网络的设备处接收来自外部网络中的移动终端的重新加密的请求。 所述处理器还被配置为将所述传输请求转换到所述移动终端的归属网络，并将所转换的请求传送到所述家庭网络的引导服务器功能。

公开(公告)号：US20060230436A1

公开(公告)日：2006-10-12

申请号：US11184931

申请日：2005-07-20

申请人： Silke Holtmanns ,  Pekka Laitinen

发明人： Silke Holtmanns ,  Pekka Laitinen

IPC分类号： H04L9/32 ,  H04L9/00 ,  G06K9/00 ,  G06F15/16 ,  H04K1/00 ,  G06F17/30 ,  G06F7/04 ,  G06F7/58 ,  G06K19/00

CPC分类号： H04L63/062 ,  H04W12/04

摘要： A method and apparatus provide generic mechanism for a network application server. A receiver receives a request from a user equipment to provide authentication information to a network application function. A determining unit determines a key of a generic authentication architecture to integrate additional network application servers by extending an existing standard for user security settings. A providing unit provides the authentication information to the network application function.

公开(公告)号：US20060196931A1

公开(公告)日：2006-09-07

申请号：US11237811

申请日：2005-09-28

申请人： Silke Holtmanns ,  Pekka Laitinen

发明人： Silke Holtmanns ,  Pekka Laitinen

IPC分类号： G06K5/00

CPC分类号： G07F7/1008 ,  G06K2017/0041 ,  G06Q20/3226 ,  G06Q20/3552 ,  H04L9/083 ,  H04L9/321 ,  H04L9/3273 ,  H04L63/0435 ,  H04L63/061 ,  H04L63/0853 ,  H04L2209/56 ,  H04L2209/805 ,  H04W12/04

摘要： Methods of creating a secure channel over which credit card personalization data can be transmitted over the air (OTA) are provided. In particular, Generic Authentication Architecture (GAA) may be used to establish a secure communication channel between the user equipment (UE) and a personalization application server or bureau acting as a network application function (NAF) server. An user equipment, personalization application service (e.g., a NAF server), a system embodying a personalization application server and an user equipment, and a computer program product are also provided for creating a secure channel, such as via GAA, over which credit card personalization data can be transmitted OTA.

公开(公告)号：US20050287990A1

公开(公告)日：2005-12-29

申请号：US11060374

申请日：2005-02-17

申请人： Risto Mononen ,  Nadarajah Asokan ,  Pekka Laitinen

发明人： Risto Mononen ,  Nadarajah Asokan ,  Pekka Laitinen

IPC分类号： G06F21/33 ,  H04L9/00 ,  H04L29/06

CPC分类号： H04L63/0421 ,  G06F21/335 ,  H04L63/0815 ,  H04L63/0823 ,  H04L63/083

摘要： A method of authenticating a user seeking access to a service from a service provider in a communication network, the method comprising: allocating to a user a plurality of service-specific identities for accessing respective services; issuing a request from the user, the request identifying the service to be accessed and including a public key of the user; at a certification authority, authenticating the request and issuing a public key certificate for binding the service-specific identity with the public key in the request, and returning the public key certificate to the user.

摘要翻译： 一种认证在通信网络中从服务提供商寻求对服务的访问的用户的方法，所述方法包括：向用户分配用于访问相应服务的多个服务特定身份; 从所述用户发出请求，所述请求标识要访问的服务并且包括所述用户的公钥; 在认证机构认证请求，并发出公钥证书，用于在请求中与公钥绑定服务特定身份，并将公开密​​钥证书返回给用户。

公开(公告)号：US20050246548A1

公开(公告)日：2005-11-03

申请号：US10871701

申请日：2004-06-21

申请人： Pekka Laitinen

发明人： Pekka Laitinen

IPC分类号： H04L12/56 ,  H04L29/06 ,  H04L9/00

CPC分类号： H04L63/08 ,  H04L9/3273 ,  H04L2209/80

摘要： A method for verifying a first identity and a second identity of an entity, said method comprising: receiving first identity information at a checking entity; sending second identity information from the entity to said checking entity; verifying that the first and second identities both belong to said entity; and generating a key using one of said first and second identity information.

摘要翻译： 一种用于验证实体的第一身份和第二身份的方法，所述方法包括：在检查实体处接收第一身份信息; 从所述实体向所述检查实体发送第二身份信息; 验证第一和第二身份都属于所述实体; 以及使用所述第一和第二身份信息之一来生成密钥。