公开(公告)号：WO2009158019A1

公开(公告)日：2009-12-30

申请号：PCT/US2009/003815

申请日：2009-06-26

Applicant: ALIBABA GROUP HOLDING LIMITED

Inventor： CEN, Wenchu ,  WANG, Lin ,  ZHAO, Jin ,  ZHENG, Seshu ,  ZENG, Yi

IPC: G06F15/177

CPC classification number: G06F21/44 ,  G06F21/30 ,  G06F21/62 ,  H04L63/08 ,  H04L63/0884 ,  H04L63/105 ,  H04L63/12 ,  H04L63/205 ,  H04L67/16 ,  H04L69/28

Abstract: A service integration platform for providing Internet services includes an interface configured to receive a service request message that is initiated by a user of an application provided by an Independent Software Vendor, the service request message implemented in an API interface and including a plurality of platform-level parameters conforming to the API type The system includes one or more processors coupled to the interface, configured to locate a set of API-appropriate authentication checks, perform authentication of the service request according to the set of authentication checks, and route the service request to a service address of the Internet Service Provider (ISP) in the event that the service request is authenticated

Abstract translation: 用于提供因特网服务的服务集成平台包括被配置为接收由独立软件供应商提供的应用的用户发起的服务请求消息的接口，在API接口中实现的服务请求消息，并且包括多个平台 - 符合API类型的级别参数系统包括耦合到接口的一个或多个处理器，被配置为定位一组适合于API的认证检查，根据认证检查集进行服务请求的认证，并且路由服务请求 在服务请求被认证的情况下，到因特网服务提供商（ISP）的服务地址

公开(公告)号：WO2009133441A1

公开(公告)日：2009-11-05

申请号：PCT/IB2009/005379

申请日：2009-04-24

Applicant: NOKIA CORPORATION ,  FORSBERG, Dan, Lars, Anders ,  NIEMI, Pentti, Valtteri

Inventor： FORSBERG, Dan, Lars, Anders ,  NIEMI, Pentti, Valtteri

IPC: H04W36/14 ,  H04W12/10 ,  H04L29/06

CPC classification number: H04W12/04 ,  H04L63/123 ,  H04L63/205 ,  H04W12/10 ,  H04W36/0038

Abstract: A method and apparatus for intersystem mobility security context handling between different radio access networks which can include a receiver configured to receive a tracking area update message from a user terminal. The message can include a first key identifier configured to identify a mapped security context and a second key identifier configured to identify a cached security context. A verifier can be configured to verify the tracking area update message with a key identified by the first or second key identifier.

Abstract translation: 一种用于不同无线电接入网络之间的系统间移动性安全上下文处理的方法和装置，其可以包括被配置为从用户终端接收跟踪区域更新消息的接收机。 消息可以包括被配置为识别映射的安全上下文的第一密钥标识符和被配置为标识缓存的安全上下文的第二密钥标识符。 验证者可以被配置为使用由第一或第二密钥标识符标识的密钥来验证跟踪区域更新消息。

公开(公告)号：WO2009092315A1

公开(公告)日：2009-07-30

申请号：PCT/CN2009/070138

申请日：2009-01-14

Applicant: 西安西电捷通无线网络通信有限公司 ,  肖跃雷 ,  曹军 ,  赖晓龙 ,  黄振海 ,  张变玲 ,  秦志强 ,  宋起柱

Inventor： 肖跃雷 ,  曹军 ,  赖晓龙 ,  黄振海 ,  张变玲 ,  秦志强 ,  宋起柱

IPC: H04W48/16

CPC classification number: H04W12/04 ,  H04L63/205 ,  H04W12/06

Abstract: A wireless personal area network accessing method is provide, the method includes that: a coordinator broadcasts a beacon frame, the beacon frame includes the information about whether the coordinator sends an authentication requirement, the beacon frame also includes the authentication supported by the coordinator and key management package when a device receipts the authentication requirement; the device receives the beacon frame, the authentication between the coordinator and the device is made by using a authentication method corresponding to the authentication supported by the coordinator and key management package, when the device determines that the coordinator sends the authentication requirement, then an association between the coordinator and the device is directly made according to the authentication result, or the association between the coordinator and the device is made after making session key negotiation.

公开(公告)号：WO2009050583A3

公开(公告)日：2009-07-23

申请号：PCT/IB2008003017

申请日：2008-08-28

Applicant: YOUTILITY SOFTWARE INC ,  CLARK DAVID M ,  TAYLOR CHRISTOPHER J ,  HELYAR KRISTINN V

Inventor： CLARK DAVID M ,  TAYLOR CHRISTOPHER J ,  HELYAR KRISTINN V

IPC: G06Q20/00

CPC classification number: H04L63/083 ,  G06Q20/10 ,  G06Q20/3223 ,  G06Q20/382 ,  H04L63/0884 ,  H04L63/205

Abstract: An application server enables a secure network interaction. The application server receives a request for the secure network interaction from a third-party server. In response, the application server determines a security procedure, such as an authentication procedure, and a client corresponding to the secure network interaction. The client includes a secure desktop agent (SDA). The application server sends a message to the client that activates the SDA. The SDA establishes a secure connection with the application server. The SDA receives user credentials in a secure desktop environment and transmits them to the application server over the secure connection. The application verifies the user credentials and sends a digitally-signed authenticated response to the third-party server.

Abstract translation: 应用服务器实现安全网络交互。 应用服务器从第三方服务器接收安全网络交互的请求。 作为响应，应用服务器确定诸如认证过程的安全过程以及对应于安全网络交互的客户端。 客户端包括一个安全的桌面代理（SDA）。 应用程序服务器向客户端发送一个激活SDA的消息。 SDA建立与应用服务器的安全连接。 SDA在安全的桌面环境中接收用户凭证，并通过安全连接将它们发送到应用服务器。 应用程序验证用户凭据，并向第三方服务器发送经数字签名的身份验证响应。

公开(公告)号：WO2009043278A1

公开(公告)日：2009-04-09

申请号：PCT/CN2008/072486

申请日：2008-09-24

Applicant: 华为技术有限公司 ,  何承东

Inventor： 何承东

IPC: H04L9/08 ,  H04L29/06

CPC classification number: H04W12/08 ,  H04L63/06 ,  H04L63/083 ,  H04L63/107 ,  H04L63/205 ,  H04M1/66 ,  H04W8/02 ,  H04W8/22 ,  H04W12/04 ,  H04W12/06 ,  H04W60/04 ,  H04W80/02 ,  H04W88/12

Abstract: A method for negotiating about safety ability while a terminal is moving is disclosed in the present invention. The method comprises the steps of: receiving a router area updating request of an UE by a target network side entity; acquiring an authority vector associated key derived from the root key, and sending a selected safety algorithm to the UE; deriving the authority vector associated key by the UE from its own root key. A system, SGSN and MME for negotiating about safety ability while a terminal is moving are also provided in the present invention. The present invention is suitable to realize the negotiation of the UE with the network side about safety ability.

公开(公告)号：WO2009032097A1

公开(公告)日：2009-03-12

申请号：PCT/US2008/010080

申请日：2008-08-25

Applicant: ROHATI SYSTEMS, INC. ,  BAGEPALLI, Nagaraj ,  GANDHI, Prashant ,  PATRA, Abhijit ,  PRABHU, Kirti ,  THAKAR, Anant

Inventor： BAGEPALLI, Nagaraj ,  GANDHI, Prashant ,  PATRA, Abhijit ,  PRABHU, Kirti ,  THAKAR, Anant

IPC: G06F15/16

CPC classification number: H04L63/205 ,  H04L9/3242 ,  H04L47/20 ,  H04L63/02 ,  H04L63/0428 ,  H04L63/166 ,  H04L69/16 ,  H04L69/161 ,  H04L69/321 ,  Y10T70/5827

Abstract: A highly scalable application network appliance is described herein. According to one embodiment, a network element includes a switch fabric, a first service module coupled to the switch fabric, and a second service module coupled to the first service module over the switch fabric. In response to packets of a. network transaction received from a client over a first network to access a server of a data center having multiple servers over a second network, the first service module is configured to perform a first portion of OSI (open system interconnection) compatible layers of network processes on the packets while the second service module is configured to perform a second portion of the OSI compatible layers of network processes on the packets. The first portion includes at least one OSI compatible layer that is not included in the second portion. Other methods and apparatuses are also described.

Abstract translation: 这里描述了高度可扩展的应用网络设备。 根据一个实施例，网络元件包括交换结构，耦合到交换结构的第一服务模块以及通过交换结构耦合到第一服务模块的第二服务模块。 响应一个数据包。 通过第一网络从客户端接收的网络交易，以通过第二网络访问具有多个服务器的数据中心的服务器，所述第一服务模块被配置为执行网络进程的OSI（开放系统互连）兼容层的第一部分， 所述分组，而所述第二服务模块被配置为执行所述分组上的所述OSI兼容的网络进程层的第二部分。 第一部分包括不包括在第二部分中的至少一个OSI兼容层。 还描述了其它方法和装置。

公开(公告)号：WO2008110997A3

公开(公告)日：2008-11-06

申请号：PCT/IB2008050901

申请日：2008-03-12

Applicant: NOKIA CORP ,  SREEMANTHULA SRINIVAS ,  BAJKO GABOR

Inventor： SREEMANTHULA SRINIVAS ,  BAJKO GABOR

IPC: H04L29/06

CPC classification number: H04W12/08 ,  H04L63/08 ,  H04L63/162 ,  H04L63/205 ,  H04W4/22 ,  H04W12/06 ,  H04W76/007 ,  H04W76/02

Abstract: A method of authenticating a user device includes transmitting a request, the request including a query for information, and receiving an identifier, the identifier being associated with one or more authentication mechanisms for obtaining access to emergency services.

Abstract translation: 一种认证用户设备的方法包括发送请求，所述请求包括对信息的查询以及接收标识符，所述标识符与用于获得对紧急服务的访问的一个或多个认证机制相关联。

公开(公告)号：WO2008089699A1

公开(公告)日：2008-07-31

申请号：PCT/CN2008/070149

申请日：2008-01-21

Applicant: 华为技术有限公司 ,  何承东

Inventor： 何承东

IPC: H04Q7/38

CPC classification number: H04W12/06 ,  H04L63/205 ,  H04L65/1016 ,  H04L65/1073 ,  H04L67/14 ,  H04L67/147

Abstract: A method and a system for authenticating a user terminal in an IMS network, the method comprises: receiving a REGISTER message of user terminal UE; determining an authentication mode according to the Authentication head domain and/or private access network information P-Access-Network-Info head domain in the REGISTER message, performing an authentication processing according to the determined authentication mode.

公开(公告)号：WO2008077794A1

公开(公告)日：2008-07-03

申请号：PCT/EP2007/063822

申请日：2007-12-12

Applicant: NOKIA CORPORATION ,  LEINONEN, Anu ,  TAMMI, Kalle

Inventor： LEINONEN, Anu ,  TAMMI, Kalle

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/08 ,  H04L63/205 ,  H04L65/1016 ,  H04W12/06

Abstract: There is presented an authentication type selection for user authentication in a communication system supporting multiple authentication mechanisms. The authentication type selection may comprise a determination of an authentication scheme to be used for authenticating a user equipment based on information in a request from said user equipment, an indication about the authentication scheme to be used, and a determination of a type of an authentication scheme to be used for authenticating said user equipment based on a mapping between private and public user identities and usable authentication types.

Abstract translation: 在支持多种认证机制的通信系统中，呈现用户认证的认证类型选择。 认证类型选择可以包括根据来自所述用户设备的请求中的信息来确定用于认证用户设备的认证方案，关于要使用的认证方案的指示以及认证类型的确定 用于基于私有和公共用户身份与可用认证类型之间的映射来认证所述用户设备的方案。

公开(公告)号：WO2008036694A2

公开(公告)日：2008-03-27

申请号：PCT/US2007/078808

申请日：2007-09-18

Applicant: INTEL CORPORATION ,  WALKER, Jesse ,  ZHAO, Meiyuan

Inventor： WALKER, Jesse ,  ZHAO, Meiyuan

CPC classification number: H04L63/205 ,  H04L63/12 ,  H04L63/20 ,  H04W8/26 ,  H04W12/04 ,  H04W28/18 ,  H04W76/10

Abstract: Techniques to overlay ciphersuite negotiation on top of the mesh link establishment protocol without sacrificing security. Two cryptographic primitives may be utilized: (1) a message integrity code, which is denoted as m K , where K is an authentication key (m K may be utilized to detect forged messages); and (2) a cryptographic random number generator, which will be denoted as rng. The techniques may use rng to produce values that cannot be predicted by any polynomial time algorithm.

Abstract translation: 在网络链路建立协议之上覆盖密码协商的技术，而不牺牲安全性。 可以使用两个加密原语：（1）表示为mK的消息完整性代码，其中K是认证密钥（可以用于检测伪造的消息）; 和（2）密码随机数生成器，其将被表示为rng。 这些技术可以使用rng来产生不能被任何多项式时间算法预测的值。