-
公开(公告)号:US07933591B2
公开(公告)日:2011-04-26
申请号:US11570186
申请日:2005-05-17
申请人: Rolf Blom , Mats Naslund
发明人: Rolf Blom , Mats Naslund
IPC分类号: H04W88/02
CPC分类号: H04L9/0838 , H04L9/3273 , H04L63/0428 , H04L63/0853 , H04L2209/80 , H04W12/04 , H04W12/06 , H04W88/06
摘要: When a mobile terminal (10), having a basic identity module (12) operative according to a first security standard, initiates a service access, the home network (30) determines whether the mobile terminal has an executable program (14) configured to interact with the basic identity module for emulating an identity module according to the second security standard. If it is concluded that the mobile terminal has such an executable program, a security algorithm is executed at the home network (30) to provide security data according to the second security standard. At least part of these security data are then transferred, transparently to a visited network (20), to the mobile terminal (10). On the mobile terminal side, the executable program (14) is executed for emulating an identity module according to the second security standard using at least part of the transferred security data as input. Preferably, the first security standard corresponds to a 2G standard, basically the GSM standard and the second security standard at least in part corresponds to a 3G standard such as the UMTS standard, and/or the IP Multimedia Sub-system (IMS) standard.
摘要翻译: 当具有根据第一安全标准操作的基本身份模块(12)的移动终端(10)启动服务访问时,家庭网络(30)确定移动终端是否具有被配置为相互作用的可执行程序(14) 具有用于根据第二安全标准模拟身份模块的基本身份模块。 如果确定移动终端具有这样的可执行程序,则在归属网络(30)处执行安全算法以根据第二安全标准提供安全数据。 这些安全数据的至少一部分然后被透明地传送到被访问网络(20)到移动终端(10)。 在移动终端侧,执行可执行程序(14),用于使用至少部分传送的安全数据作为输入来根据第二安全标准来模拟身份模块。 优选地,第一安全标准对应于2G标准,基本上GSM标准和第二安全标准至少部分地对应于诸如UMTS标准和/或IP多媒体子系统(IMS)标准的3G标准。
-
公开(公告)号:US20110004758A1
公开(公告)日:2011-01-06
申请号:US12867687
申请日:2008-02-15
IPC分类号: H04L9/32
CPC分类号: H04L63/062 , H04L12/06 , H04L63/083 , H04W12/06
摘要: An authentication method comprises providing a set of N plural number of master keys both to a user terminal (13) and to home network entity (11) and, when performing an authentication key agreement (AKA) transaction for an application, selecting one of the N number of master keys to serve as a master key for use both at the user terminal and the home network entity for deriving further keys for the application. For example, when performing an authentication key agreement (AKA) transaction for a first application, the method involves randomly selecting one of the N number of master keys to serve as a first master key for use both at the user terminal and the home network entity for deriving further keys for the first application; but when 10 performing an authentication key agreement (AKA) transaction for another application, the method involves randomly selecting another one of the N number of master keys to serve as master key for use both at the user terminal and the home network entity for deriving further keys for the another application.
摘要翻译: 认证方法包括向用户终端(13)和家庭网络实体(11)提供N个多个主密钥的集合,并且当为应用执行认证密钥协商(AKA)事务时,选择一个 N个主密钥用作用于用户终端和家庭网络实体的主密钥,用于导出用于应用的另外的密钥。 例如,当对第一应用执行认证密钥协商(AKA)事务时,该方法包括随机选择N个主密钥中的一个作为第一主密钥,用于在用户终端和家庭网络实体 用于导出用于第一应用的另外的键; 但是当10执行针对另一应用的认证密钥协议(AKA)事务时,该方法包括随机选择N个主密钥中的另一个作为主密钥,以在用户终端和归属网络实体处用于进一步导出 另一个应用程序的键。
-
23.发明申请METHOD FOR ESTABLISHING A RANDOM NUMBER FOR SECURITY AND ENCRYPTION, AND A COMMUNICATIONS APPARATUS 审中-公开建立安全和加密的随机数的方法和通信装置公开(公告)号:US20100195829A1
公开(公告)日:2010-08-05
申请号:US12598014
申请日:2008-04-26
申请人: Rolf Blom , Mats Naslund
发明人: Rolf Blom , Mats Naslund
CPC分类号: G06F7/588 , G01S19/14 , H04L9/0662 , H04L9/0872 , H04L9/0891 , H04L2209/80
摘要: A communications apparatus includes a mobile device. The apparatus includes a receiver for receiving at the mobile device a plurality of signals carrying information including received signals which provides randomly varying data related to location of the mobile device. The apparatus includes a random number generator which generates a random number as a function of the data. The apparatus includes acryptographickey generator which generates a cryptographic key using the random number. A method to establish at a mobile device a random number for cryptographic operations includes the steps of receiving at the mobile device a plurality of signals carrying information including received signals which provides randomly varying data related to location of the mobile device. There is the step of estimating signal entropy for at least one of the received signals in dependence of location where the signals are received by the mobile device. There is the step of selecting the at least one entropy estimated signal having estimated entropy—satisfying a predetermined property. There is the step of generating from the at least one entropy estimated signal the random number.
摘要翻译: 通信装置包括移动装置。 该装置包括接收机,用于在移动设备处接收携带包括接收信号的信息的多个信号,所述接收信号提供与移动设备的位置相关的随机变化的数据。 该装置包括随机数生成器,其生成作为数据的函数的随机数。 该装置包括使用随机数生成加密密钥的加密映射生成器。 在移动设备处建立用于密码操作的随机数的方法包括以下步骤:在移动设备处接收携带包括接收信号的信息的多个信号,所述接收信号提供与移动设备的位置相关的随机变化的数据。 根据移动设备接收信号的位置,估计接收到的信号中的至少一个信号熵的步骤。 选择具有估计熵的至少一个熵估计信号满足预定特性的步骤。 存在从至少一个熵估计信号产生随机数的步骤。
-
公开(公告)号:US20100150006A1
公开(公告)日:2010-06-17
申请号:US12337254
申请日:2008-12-17
IPC分类号: G06F11/30
CPC分类号: H04L63/1408 , H04L43/16 , H04L63/1441
摘要: A method for detecting a particular data traffic in a communication network having a plurality of nodes comprises: maintaining a list of detecting scans to be applied to an incoming data traffic; receiving the incoming data traffic; and applying a subset of the detecting scans in the list to the incoming data traffic. A network node for detecting a particular traffic in a communication network having a plurality of nodes comprises: a list of detecting scans to be applied to an incoming data traffic; an input for receiving the incoming data traffic; and an inspection chain, which applies a subset of detecting scans in the list to the incoming data traffic.
摘要翻译: 一种用于检测具有多个节点的通信网络中的特定数据业务的方法,包括:维护要应用于输入数据业务的检测扫描的列表; 接收传入数据流量; 以及将列表中的检测扫描的子集应用于输入数据业务。 用于检测具有多个节点的通信网络中的特定业务的网络节点包括:要应用于输入数据业务的检测扫描的列表; 用于接收输入数据流量的输入; 以及检查链,其将列表中的检测扫描的子集应用于输入数据流量。
-
公开(公告)号:US20090313466A1
公开(公告)日:2009-12-17
申请号:US12520476
申请日:2006-12-19
申请人: Mats Naslund , Jari Arkko
发明人: Mats Naslund , Jari Arkko
IPC分类号: H04L29/06
CPC分类号: H04W12/04 , H04L63/061 , H04L63/062 , H04L63/067 , H04L63/08 , H04L63/0884 , H04L63/0892 , H04L63/162 , H04W12/06 , H04W80/04
摘要: A method of operating a node for performing handover between access networks wherein a user has authenticated for network access in a first access network. The method comprises receiving from a home network a first session key and a temporary identifier allocated to the user for the duration of a communication session. The identifier is mapped to the first session key, and the mapped identifier and key are stored at the node. A second session key is derived from the first session key and the second session key is sent to an access network, and the identifier sent to a user terminal. When the user subsequently moves to a second access network, the node receives the identifier from the user terminal. The node then retrieves the first session key mapped to the received identifier, derives a third session key and sends the third session key to the second access network.
摘要翻译: 一种操作节点的方法,用于在接入网络之间执行切换,其中用户已经在第一接入网络中对网络接入进行了认证。 该方法包括:在通信会话期间,从家庭网络接收分配给用户的第一会话密钥和临时标识符。 标识符被映射到第一个会话密钥,映射的标识符和密钥存储在节点处。 从第一会话密钥导出第二会话密钥,将第二会话密钥发送到接入网络,并将该标识符发送给用户终端。 当用户随后移动到第二接入网络时,节点从用户终端接收标识符。 然后,节点检索映射到接收到的标识符的第一会话密钥,导出第三会话密钥,并将第三会话密钥发送到第二接入网络。
-
26.发明申请Method and Apparatus for Authentication Service Application Processes During Service Reallocation in High Availability Clusters 有权在高可用性集群中的业务重新分配期间认证服务应用过程的方法和装置公开(公告)号:US20090190758A1
公开(公告)日:2009-07-30
申请号:US12020185
申请日:2008-01-25
申请人: Makan Pourzandi , Frederic Rossi , Mats Naslund
发明人: Makan Pourzandi , Frederic Rossi , Mats Naslund
IPC分类号: H04L9/00
CPC分类号: G06F11/1482 , G06F9/468 , G06F11/2025 , G06F11/203
摘要: A method and communication node for providing secure communications and services in a High Availability (HA) cluster. The communication node comprises an Operating System (OS) that detects an unavailability of a first service application process and switches a second service application process from the first state to the second state, the second service application being selected for taking over service currently provided from the first service application process, the first state and the second state each being associated to a set of rights in the cluster. The OS generates a private key for the second service application process based on its second state. The set of rights associated to the second state allows the OS to replace the first service application process with the second service application process for providing secure communications between the second service application and other service application processes in the HA cluster.
摘要翻译: 一种用于在高可用性(HA)集群中提供安全通信和服务的方法和通信节点。 通信节点包括检测第一服务应用进程的不可用性的操作系统(OS),并且将第二服务应用进程从第一状态切换到第二状态,第二服务应用被选择用于接管目前从 第一服务应用进程,第一状态和第二状态各自与集群中的一组权限相关联。 操作系统基于其第二状态为第二服务应用进程生成私钥。 与第二状态相关联的一组权限允许OS用第二服务应用进程替换第一服务应用进程,以在第二服务应用和HA群集中的其他服务应用进程之间提供安全通信。
-
27.发明申请公开(公告)号:US20060072743A1
公开(公告)日:2006-04-06
申请号:US10271947
申请日:2002-10-17
申请人: Mats Naslund , Rolf Blom
发明人: Mats Naslund , Rolf Blom
IPC分类号: H04L9/28
CPC分类号: G06F7/724 , G06Q20/3829 , H04L9/0841 , H04L9/3066
摘要: A cryptographic method is described. The method comprises storing binary data representing at least a portion of a field element of an odd-characteristic finite field GF(pk) in a register, p being an odd prime number, the field element comprising k coefficients in accordance with a polynomial-basis representation, the binary data comprising plural groups of data bits, wherein each group of data bits represents an associated one of the k coefficients and processing the binary data in accordance with a cryptographic algorithm such that the plural groups of data bits are processed in parallel. An apparatus comprising a memory and a processing unit coupled to the memory to carry out the method is also described.
摘要翻译: 描述密码方法。 所述方法包括将表示奇数特性有限域GF(p k)的场元素的至少一部分的二进制数据存储在寄存器中,p是奇素数,所述场元素包括k 根据多项式基表示的系数,所述二进制数据包括多组数据位,其中每组数据位表示k个系数中的相关联的一个,并且根据密码算法处理二进制数据,使得多个组 的数据位被并行处理。 还描述了包括存储器和耦合到存储器以执行该方法的处理单元的装置。
-
公开(公告)号:US10432606B2
公开(公告)日:2019-10-01
申请号:US14370862
申请日:2012-04-27
申请人: Mats Naslund , Maurizio Iovieno , Karl Norrman
发明人: Mats Naslund , Maurizio Iovieno , Karl Norrman
摘要: A method and apparatus for providing access to an encrypted communication between a sending node and a receiving node to a Law Enforcement Agency (LEA). A Key Management Server (KMS) function stores cryptographic information used to encrypt the communication at a database. The cryptographic information is associated with an identifier used to identify the encrypted communication between the sending node and the receiving node. The KMS receives a request for Lawful Interception, the request including an identity of a Lawful Interception target. The KMS uses the target identity to determine the identifier, and retrieves the cryptographic information associated with the identifier from the database. The cryptographic information can be used to decrypt the encrypted communication. The KMS then sends either information derived from the cryptographic information or a decrypted communication towards the LEA. This allows the LEA to obtain a decrypted version of the communication.
-
29.发明授权公开(公告)号:US09252959B2
公开(公告)日:2016-02-02
申请号:US13320328
申请日:2009-05-20
IPC分类号: G06F15/16 , H04L9/32 , H04W12/06 , H04W76/02 , H04L29/06 , G06Q10/10 , G06F21/31 , H04W48/16
CPC分类号: H04L9/3271 , G06F21/31 , G06F2221/2133 , G06Q10/107 , H04L63/08 , H04L2209/805 , H04W12/06 , H04W48/16 , H04W76/10
摘要: The invention relates to a method, party challenging device (18) and computer program products for providing a challenge to a first terminal (10) intending to communicate with a second terminal (24) via two networks (N1, N2). The party challenging device receives a first electronic message (1M) concerning a transfer of media from the first terminal to the second terminal sent from the first terminal (10) and addressed to the second terminal (24), obtains communication contextual data associated with the first party or the first terminal, provides an electronic challenge message (CHM) including a challenge (CHl1) based on the obtained data and sends the challenge message to the first terminal in order to enable a decision to be made how to process the invitation message for the second terminal based on the correctness of a response (RM) including a response to the challenge.
摘要翻译: 本发明涉及一种方法,一方挑战性装置(18)和用于向第一终端(10)提供有意通过两个网络(N1,N2)与第二终端(24)进行通信的计算机程序产品。 派对挑战装置接收关于从第一终端(10)发送的媒体从第一终端到第二终端的传送并寻址到第二终端(24)的第一电子消息(1M),获得与第一终端相关联的通信上下文数据 第一方或第一终端基于获得的数据提供包括质询(CH1)的电子质询消息(CHM),并将询问消息发送到第一终端,以便能够做出如何处理邀请消息的决定 基于包括对挑战的响应的响应(RM)的正确性的第二终端。
-
30.发明申请公开(公告)号:US20130268681A1
公开(公告)日:2013-10-10
申请号:US13800129
申请日:2013-03-13
申请人: Luis Barriga , Rolf Blom , Yi Cheng , Fredrik Lindholm , Mats Naslund , Karl Norrman
发明人: Luis Barriga , Rolf Blom , Yi Cheng , Fredrik Lindholm , Mats Naslund , Karl Norrman
IPC分类号: H04W76/02
CPC分类号: H04W76/02 , H04L63/0428 , H04L65/1016 , H04L65/1069 , H04W12/02 , H04W12/04 , H04W76/10
摘要: An IMS system includes an IMS initiator user entity. The system includes an IMS responder user entity that is called by the initiator user entity. The system includes a calling side S-CSCF in communication with the caller entity which receives an INVITE having a first protection offer and parameters for key establishment from the caller entity, removes the first protection offer from the INVITE and forwards the INVITE without the first protection offer. The system includes a receiving end S-CSCF in communication with the responder user entity and the calling side S-CSCF which receives the INVITE without the first protection offer and checks that the responder user entity supports the protection, inserts a second protection offer into the INVITE and forwards the INVITE to the responder user entity, wherein the responder user entity accepts the INVITE including the second protection offer and answers with an acknowledgment having a first protection accept. A method for supporting a call by a telecommunications node.
摘要翻译: IMS系统包括IMS发起者用户实体。 该系统包括由发起者用户实体调用的IMS应答器用户实体。 该系统包括与主叫实体进行通信的主叫侧S-CSCF,其从呼叫方实体接收具有第一保护报价的INVITE和用于密钥建立的参数,从INVITE中移除第一保护报价并转发INVITE而没有第一保护 提供。 该系统包括与响应者用户实体通信的接收端S-CSCF,以及在没有第一保护提供的情况下接收INVITE的主叫侧S-CSCF,并检查响应者用户实体是否支持保护,将第二保护请求插入到 INVITE并将INVITE转发到响应者用户实体,其中响应者用户实体接受包括第二保护请求的INVITE和具有第一保护接受的确认的应答。 一种用于支持电信节点的呼叫的方法。
-
-
-
-
-
-
-
-
-
搜索结果
80 条记录 (耗时 0.022 秒)
