-
1.发明申请
公开(公告)号:WO2023089438A1
公开(公告)日:2023-05-25
申请号:PCT/IB2022/060607
申请日:2022-11-03
摘要: A method, network node and non-transitory computer readable media having stored thereon instructions for correlating a remote attestation quote with a virtualized network function (VNF) resource allocation event. The method comprises obtaining a set of VNF components (VNFCs) that require remote attestation. The method comprises obtaining an attestation quote for each VNFC of the set of VNFCs, the attestation quote ensuring that instances of each VNFC are used in a legitimate context. The method comprises correlating each attestation quote with the VNF resource allocation event.
-
公开(公告)号:WO2021144608A1
公开(公告)日:2021-07-22
申请号:PCT/IB2020/050275
申请日:2020-01-14
IPC分类号: G06F21/53 , G06F21/62 , G06F21/74 , H04L29/06 , H04W12/02 , G06F21/6254 , H04L2209/42 , H04L63/0407 , H04L63/061
摘要: A security management system including a first TEE and a common TEE is provided. The first TEE is a secured environment for data associated with a first entity. The common TEE is a secured environment for data associated with any one of a plurality of entities. First anonymization parameters are shared between the first TEE and the common TEE. The first anonymization parameters are based at least in part on at least one privacy requirement of the first entity and at least one utility requirement of the security management system. The security management system includes processing circuitry configured to: anonymize first data associated with the first entity based at least in part on the first anonymization parameters, analyze at least the anonymized first data for performing data investigation, and generate analysis results based at least in part on the analysis of at least the anonymized first data.
-
公开(公告)号:WO2021110270A1
公开(公告)日:2021-06-10
申请号:PCT/EP2019/083823
申请日:2019-12-05
IPC分类号: G06F21/64
摘要: There are provided methods and corresponding systems for supporting protected collection of measurement data, representative of usage of network capabilities within a communication network, related to at least two logical and/or physical entities or nodes, also referred to as managed entities, managed by a management system associated with the communication network. By way of example, there is provided a method comprising the step of combining (S1) measurement data related to a set of at least two of the managed entities according to a controllable and/or detectable pattern. The controllable pattern is defining at least the order of managed entities in which the combining of measurement data is to be performed. The method also comprises enabling (S2) the combined measurement data to be collected for validation of existence of the controllable pattern in the combined measurement data.
-
公开(公告)号:WO2021104630A1
公开(公告)日:2021-06-03
申请号:PCT/EP2019/082879
申请日:2019-11-28
发明人: SMEETS, Bernard , STÅHL, Per , LI, Qiang
摘要: A system (200) is disclosed for managing a communication network subscription identifier associated with a device. The system comprises a Core Network node (210) configured to provide a subscription identifier for the device to a Device Management node with management responsibility for the device. The system further comprises a Verification node (230) configured to receive from the Device Management node the subscription identifier and a characteristic of the device, and to bind the subscription identifier to the characteristic such that the subscription identifier is uniquely associated with the characteristic. The system further comprises a Network Access node configured to obtain the subscription identifier from the device. The Verification node (230), Network Access node (220) and Core Network node (210) are configured to cooperate to verify that the device from which the Network Access node obtained the subscription identifier is in possession of the characteristic that is bound to the subscription identifier.
-
公开(公告)号:WO2020088783A1
公开(公告)日:2020-05-07
申请号:PCT/EP2018/080056
申请日:2018-11-02
发明人: ENGLUND, Håkan , SMEETS, Bernard
摘要: There is provided mechanisms for authenticating an OEM entity as manufacturer of a communication device comprising an identification module. A method is performed by a network entity. The method comprises providing, towards the identification module, a challenge of a challenge- response authentication procedure. The method comprises obtaining, from the identification module, a first response of the challenge-response authentication procedure. The method comprises providing, towards the OEM entity and upon having obtained the response, the challenge. The method comprises obtaining, from the OEM entity, a second response of the challenge-response authentication procedure. The method comprises authenticating the OEM entity as the manufacturer of the communication device only when the second response matches the first response.
-
公开(公告)号:WO2019096423A1
公开(公告)日:2019-05-23
申请号:PCT/EP2017/079775
申请日:2017-11-20
CPC分类号: G06F21/606 , G06F21/53
摘要: There is provided mechanisms for deployment of components of a distributed application on destination runtime environments. A method is performed by a source runtime environment. The method comprises providing, with the components residing on the source runtime environment, public key fingerprints between the components, such that each component has its own public key and its own private key and is provided with a public key fingerprint of at least one other of the components. The method comprises providing migrating each of the components from the source runtime environment to its destination runtime environment for deployment of each component on its destination runtime environment.
-
公开(公告)号:WO2018054466A1
公开(公告)日:2018-03-29
申请号:PCT/EP2016/072496
申请日:2016-09-22
IPC分类号: G06F21/57
CPC分类号: G06F21/575
摘要: A method, performed by a virtualization platform of a node having a virtual trusted platform module, vTPM, for booting a virtual machine, VM in a trusted state, comprises measuring (S11) by the vTPM or a dedicated component of the virtualization platform an initial executable code (IEC) prior to a boot sequence of the VM and processing (S12) the initial measurement; measuring (S13) by the initial executable code, a second executable code during the boot sequence of the VM to provide (S14) a second measurement associated with the second executable code of the VM to the vTPM; and subsequently extending (S15) by the vTPM the processed initial measurement with the second measurement to obtain a first extended measurement.
摘要翻译: 由具有虚拟可信平台模块vTPM的节点的虚拟化平台执行的用于引导虚拟机处于可信状态的VM的方法包括由vTPM或者由vTPM测量(S11) 在VM的引导序列之前,虚拟化平台的专用组件是初始可执行代码(IEC),并且处理(S12)初始测量; 在所述VM的引导序列期间由所述初始可执行代码测量(S13)第二可执行代码以向所述vTPM提供(S14)与所述VM的所述第二可执行代码相关联的第二测量; 并随后用vTPM将处理后的初始测量值与第二测量值进行比较(S15),以获得第一扩展测量值。
-
公开(公告)号:WO2016195552A1
公开(公告)日:2016-12-08
申请号:PCT/SE2015/050638
申请日:2015-06-02
CPC分类号: H04L9/0618 , H04L9/008 , H04L9/0869 , H04L9/302 , H04L63/0428 , H04L2209/08
摘要: A method and encryption node (300) for providing encryption of a message m according to a selected encryption scheme. A noise computation engine (300a) in the encryption node (300) computes (3:1 ) a noise factor F as a function of a predefined integer parameter n of the selected encryption scheme and a random number r. When the message m is received (3:3) from a client (302) for encryption, an encryption engine (300b) in the encryption node (300), encrypts (3:4) the message m by computing a cipher text c as e = g m · F mod n 2 , where g is another predefined integer parameter of the selected encryption scheme. The cipher text c is then delivered (3:5) as an encryption of the message m, e.g. to the client (302) or to a cloud of processing resources (304).
摘要翻译: 一种用于根据所选择的加密方案提供消息m的加密的方法和加密节点(300)。 加密节点(300)中的噪声计算引擎(300a)根据所选择的加密方案的预定整数参数n和随机数r来计算(3:1)噪声系数F。 当从客户端(302)接收到消息m(3:3)进行加密时,加密节点(300)中的加密引擎(300b)通过计算密文c来加密(3:4)消息m e = gm·F mod n2,其中g是所选加密方案的另一个预定义的整数参数。 密文C然后被传送(3:5)作为消息m的加密,例如。 到客户端(302)或处理资源云(304)。
-
9.发明申请METHODS OF PROVING VALIDITY AND DETERMINING VALIDITY, ELECTRONIC DEVICE, SERVER AND COMPUTER PROGRAMS 审中-公开提供有效性和确定有效性的方法,电子设备,服务器和计算机程序
公开(公告)号:WO2016131577A1
公开(公告)日:2016-08-25
申请号:PCT/EP2016/050860
申请日:2016-01-18
CPC分类号: H04L9/3218 , H04L9/006 , H04L9/3236 , H04L9/3239 , H04L9/3242 , H04L9/3247 , H04L9/3263 , H04L9/3297 , H04L2209/38 , H04L2209/76 , H04L2209/80
摘要: There is provided a method of an electronic device for providing a one-time proof of knowledge about a one-time signing key to a server without revealing the one- time signing key. The method comprises computing a hash as a hash function from the one-time signing key, and transmitting, to the server, the computed hash, an identity associated with the electronic device and a hash path of the hash. There is also provided a method of a server of a signing authority for issuing a time stamp signature. The method comprises receiving a message from an electronic device, the message including a hash, an identity associated with the electronic device and a hash path of the hash, checking whether the hash corresponds to a one-time signing key for a root hash included in a public certificate associated with the identity, checking whether an index corresponding to the hash path from the one-time signing key to the root hash corresponds to a correct time slot, and determining it to be proven that the electronic device is in possession of the correct one-time signing key when the checks are fulfilled. Electronic devices, servers, and computer programs are also disclosed.
摘要翻译: 提供了一种电子设备的方法,用于向服务器提供关于一次签名密钥的知识的一次证明,而不暴露一次性签名密钥。 该方法包括从一次性签名密钥计算散列作为散列函数,并向服务器发送所计算的散列,与电子设备相关联的标识和散列的散列路径。 还提供了一种用于签发时间戳签名的签名机构的服务器的方法。 该方法包括从电子设备接收消息,所述消息包括散列,与电子设备相关联的身份以及散列的散列路径,检查散列是否对应于包含在 与身份相关联的公共证书,检查与从一次签名密钥到根哈希哈希路径相对应的索引是否对应于正确的时隙,并且确定其被证明该电子设备拥有 检查完成后,正确的一次性签名密钥。 还公开了电子设备,服务器和计算机程序。
-
公开(公告)号:WO2022191746A1
公开(公告)日:2022-09-15
申请号:PCT/SE2021/050212
申请日:2021-03-11
摘要: It is provided a method for adapting a communication device, the method is performed in a network and comprises the steps of: determining, based on acquired data, associated with the first communication device (100), that an adaptation of the first communication device (100) is required; comparing the required adaptation to a determined trust level of the first communication device (100); determining a suggested adaptation, based on the comparison; notifying the user of the device of the suggested adaptation; receiving a response to the notification from the user; and executing an adaptation based on the suggested adaptation and the received response.
-
-
-
-
-
-
-
-
-
搜索结果
53 条记录 (耗时 0.026 秒)
