公开(公告)号：WO2009053818A3

公开(公告)日：2009-07-09

申请号：PCT/IB2008002822

申请日：2008-10-22

Applicant: ERICSSON TELEFON AB L M ,  CHENG YI ,  HARTUNG FRANK ,  MITRA NILO ,  MAS IVARS IGNACIO

Inventor： CHENG YI ,  HARTUNG FRANK ,  MITRA NILO ,  MAS IVARS IGNACIO

IPC: H04L29/06

CPC classification number: H04L63/0853 ,  H04L63/0823 ,  H04L63/30 ,  H04L2463/101 ,  H04L2463/103 ,  H04W12/04

Abstract: Disclosed is a DRM device and method for providing secure linking to a user identity. A first request is sent to a subscriber identity module. A message is received from the subscriber identity module via a secure authenticated channel. The message comprises at least a a master key identifier, a random number, and a derived key. In response to the message, a second request is sent to a DRM server. The second request comprises at least a master key identifier, the device identifier, and a random number. Also disclosed is a DRM server and method for providing secure linking to a user identity. A first request is received from a DRM device. The first request comprises at least master key identifier, a device identifier, and a random number. The DRM device is authenticated. A second request for an application specific key is sent to a trusted key management server. The second request comprises at least a master key identifier. At least a key is received from the trusted key management server. A derived key is determined from the key received from the trusted key management server based at least on the device identifier and the random number. A challenge/response scheme is used to determine whether the derived key of the DRM server matches a derived key of the DRM device.

Abstract translation: 公开了一种用于提供到用户身份的安全链接的DRM设备和方法。 第一个请求被发送到用户身份模块。 通过安全认证信道从订户身份模块接收消息。 该消息至少包括主密钥标识符，随机数和派生密钥。 响应该消息，第二请求被发送到DRM服务器。 第二请求至少包括主密钥标识符，设备标识符和随机数。 还公开了用于提供到用户身份的安全链接的DRM服务器和方法。 从DRM设备接收到第一请求。 第一请求至少包括主密钥标识符，设备标识符和随机数。 DRM设备已通过身份验证。 对特定于应用程序的密钥的第二次请求被发送到可信密钥管理服务器。 第二请求至少包括主密钥标识符。 至少从可信密钥管理服务器接收密钥。 根据从可信密钥管理服务器接收的密钥至少基于设备标识符和随机数确定派生密钥。 质询/响应方案用于确定DRM服务器的派生密钥是否与DRM设备的派生密钥相匹配。

公开(公告)号：NZ585054A

公开(公告)日：2013-08-30

申请号：NZ58505407

申请日：2007-11-30

Applicant: ERICSSON TELEFON AB L M

Inventor： CHENG YI ,  NORRMAN KARL ,  LINDHOLM FREDRIK ,  BLOM ROLF ,  NASLUND MATS ,  MATTSSON JOHN

IPC: H04L9/08 ,  H04L29/06

Abstract: 585054 Disclosed is a method for establishing secure communication between communication devices in a communications network. A first communication device transmits a request to a first key management server (KMS) apparatus and in response to the request, the first KMS apparatus transmits keying information and a voucher with an identifier for retrieving the keying information. The first communication device receives this keying information and creates a session with a second communication device which is separate from the first KMS apparatus. Creating the session with the second communication device includes transmitting a session invitation message that comprises the voucher.

公开(公告)号：AU772601B2

公开(公告)日：2004-05-06

申请号：AU2954300

申请日：2000-02-08

Applicant: ERICSSON TELEFON AB L M

Inventor： NOREFORS ARNE ,  CHENG YI ,  ALMEHAG LORENS ,  JERRESTAM DAN

IPC: H04L29/06 ,  H04W12/06 ,  H04W36/08 ,  H04Q7/38

Abstract: In a mobile, wireless telecommunications network, communications relating to a mobile terminal can be protected during a handover of the mobile terminal from a first access point to a second access point. This may be accomplished by transmitting a security token from the first access point to the mobile terminal, and then from the mobile terminal to the second access point, over the radio interface. Thereafter, the security token is transmitted from the first access point to the second access point through the fixed network to which both the first and the second access points are connected. The communications link between the mobile terminal and the second access point needed to achieve secure handover is then established only if the second access point determines that the security token received from the mobile terminal matches the security token received from the first access point.

公开(公告)号：CA2706335C

公开(公告)日：2017-06-20

申请号：CA2706335

申请日：2008-12-01

Applicant: ERICSSON TELEFON AB L M

Inventor： BARRIGA LUIS ,  BLOM ROLF ,  CHENG YI ,  NASLUND MATS ,  NORRMAN KARL ,  LINDHOLM FREDRIK

IPC: H04W12/02

Abstract: Internet Protocol Multimedia Subsystem (IMS) system includes IMS initiator user entity. The system includes IMS responder user entity that is called by the initiator user entity. The system includes calling side Serving- Call State Control Function (S-CSCF) in communication with the caller entity which receives INVITE having first protection offer and parameters for key establishment from the caller entity, removes the first protection offer from the INVITE and forwards the INVITE without the first protection offer. The system includes receiving end S-CSCF in communication with the responder user entity and the calling side S-CSCF which receives the INVITE without the first protection offer and checks that the responder user entity supports the protection, inserts second protection offer into the INVITE and forwards the INVITE to the responder user entity, wherein the responder user entity accepts the INVITE including the second protection offer and answers with acknowledgment having first protection accept.

公开(公告)号：ES2589112T3

公开(公告)日：2016-11-10

申请号：ES07852199

申请日：2007-11-30

Applicant: ERICSSON TELEFON AB L M (PUBL)

Inventor： BLOM ROLF ,  CHENG YI ,  LINDHOLM FREDRIK ,  MATTSSON JOHN ,  NÄSLUND MATS ,  NORRMAN KARL

IPC: H04L9/08 ,  H04L29/06

Abstract: Un método para establecer una comunicación segura entre partes de una red de comunicación, en el que cada parte es capaz de realizar un procedimiento de arranque en función de credenciales locales, donde el arranque crea una clave compartida entre cada parte y una función de arranque asociada caracterizada por las etapas de: - recibir en la parte iniciadora la primera información de clave, en función de dicho procedimiento de arranque, y un asiento como respuesta a la solicitud de sesión enviada a una primera funcionalidad de gestión de claves; - almacenar dicha primera información de clave en dicha primera funcionalidad de gestión de clave, en donde se hace referencia a dicha información de clave con un identificador incluido en dicho asiento; - generar, a partir de la primera información de clave, una primera clave de sesión; - enviar el asiento a al menos una parte respondedora; - reenviar de la al menos una parte respondedora el asiento o partes del mismo a una segunda funcionalidad de gestión de claves; comunicar a la segunda funcionalidad de gestión de claves con dicha primera funcionalidad de gestión de claves para resolver el asiento en la segunda información de clave, en donde dicha comunicación incluye recuperar, en la primera funcionalidad de gestión de clave, la primera información de clave mediante el uso del identificador, y proporcionar a la segunda funcionalidad de gestión de claves información basada en la primera información de clave; - recibir en la al menos una parte respondedora, la segunda funcionalidad de gestión de claves, dicha segunda información de clave, y generar a partir de esta una segunda clave de sesión; el uso, de la parte emisora y al menos una parte respondedora, de la primera y segunda claves de sesión para una comunicación segura.

公开(公告)号：BRPI0621350A2

公开(公告)日：2012-10-09

申请号：BRPI0621350

申请日：2006-02-24

Applicant: ERICSSON TELEFON AB L M

Inventor： ASTROM BO ,  IVARS IGNACIO MAS ,  CARLSSON HANS ,  CHENG YI ,  NORRMAN KARL

IPC: H04L29/06

Abstract: An IMS-enabled control channel for an IPTV service is provided by receiving at a Serving Call/State Control Function (S-CSCF) a Session Initiation Protocol (SIP) REGISTER message, the SIP REGISTER message identifying the originating user, receiving at the originating user a response from the S-CSCF indicating that the originating user has been authorized, and sending a SIP INVITE message from the S-CSCF to establish an open channel connection with a selected IPTV Application Server (AS). This open channel connection can then be used for the transmission of control messages, such as for starting play, starting recording, stopping play, etc., between the STB and the IPTV applications server, as well as for the delivery of personalized content, such as advertisements, voting responses, personalized voting triggers and targeted interactive events. By maintaining an open control channel with the IPTV AS, this offers a substantial reduction in the setup delay times for different applications.

公开(公告)号：PT1987647E

公开(公告)日：2011-01-04

申请号：PT06708519

申请日：2006-02-24

Applicant: ERICSSON TELEFON AB L M

Inventor： AASTROEM BO ,  IVARS IGNACIO MAS ,  CARLSSON HANS ,  CHENG YI ,  NORRMAN KARL

IPC: H04L29/06

公开(公告)号：DE112008002860T5

公开(公告)日：2010-12-09

申请号：DE112008002860

申请日：2008-10-22

Applicant: ERICSSON TELEFON AB L M

Inventor： CHENG YI ,  HARTUNG FRANK ,  MAS IVARS IGNACIO ,  MITRA NILO

IPC: H04L29/06

公开(公告)号：AT487314T

公开(公告)日：2010-11-15

申请号：AT06708519

申请日：2006-02-24

Applicant: ERICSSON TELEFON AB L M

Inventor： ASTROEM BO ,  IVARS IGNACIO MAS ,  CARLSSON HANS ,  CHENG YI ,  NORRMAN KARL

IPC: H04L29/06

Abstract: An IMS-enabled control channel for an IPTV service is provided by receiving at a Serving Call/State Control Function (S-CSCF) a Session Initiation Protocol (SIP) REGISTER message, the SIP REGISTER message identifying the originating user, receiving at the originating user a response from the S-CSCF indicating that the originating user has been authorized, and sending a SIP INVITE message from the S-CSCF to establish an open channel connection with a selected IPTV Application Server (AS). This open channel connection can then be used for the transmission of control messages, such as for starting play, starting recording, stopping play, etc., between the STB and the IPTV applications server, as well as for the delivery of personalized content, such as advertisements, voting responses, personalized voting triggers and targeted interactive events. By maintaining an open control channel with the IPTV AS, this offers a substantial reduction in the setup delay times for different applications.

公开(公告)号：DE60027701T2

公开(公告)日：2007-04-05

申请号：DE60027701

申请日：2000-02-08

Applicant: ERICSSON TELEFON AB L M

Inventor： NOREFORS ARNE ,  CHENG YI ,  ALMEHAG LORENS ,  JERRESTAM DAN

IPC: H04L29/06 ,  H04W12/06 ,  H04W36/08

Abstract: In a mobile, wireless telecommunications network, communications relating to a mobile terminal can be protected during a handover of the mobile terminal from a first access point to a second access point. This may be accomplished by transmitting a security token from the first access point to the mobile terminal, and then from the mobile terminal to the second access point, over the radio interface. Thereafter, the security token is transmitted from the first access point to the second access point through the fixed network to which both the first and the second access points are connected. The communications link between the mobile terminal and the second access point needed to achieve secure handover is then established only if the second access point determines that the security token received from the mobile terminal matches the security token received from the first access point.