公开(公告)号：CA2724665C

公开(公告)日：2014-05-06

申请号：CA2724665

申请日：2009-06-08

Applicant: QUALCOMM INC

Inventor： ROSE GREGORY GORDON ,  JULIAN DAVID JONATHAN ,  XIAO LU

IPC: H04L29/06

Abstract: Disclosed is a method for verifying data packet integrity in a streaming-data channel. In the method, data packets are received from the streaming--data channel. Each data packet includes a data payload and a corresponding message integrity code. The received data packets are processed in a first processing mode, wherein the received data packets are forwarded to an ap-plication module before checking the integrity of the data packets using the respective message integrity codes. An integrity-check-failure measurement is generated for monitoring an integrity-check-failure rate in the first pro-cessing mode. If the integrity-check-failure measurement exceeds an integrity-check threshold, then the method transitions to a second processing mode. A received data packet is forwarded to the application module in the sec-ond processing mode only after passing the integrity check.

公开(公告)号：CA2597475C

公开(公告)日：2012-09-18

申请号：CA2597475

申请日：2006-02-03

Applicant: QUALCOMM INC

Inventor： ROSE GREGORY GORDON ,  SEMPLE JAMES ,  NASIELSKI JOHN WALLACE

IPC: H04W12/06

Abstract: A mutual authentication method is provided for securely agreeing application-security keys with mobile terminals supporting legacy Subscriber Identity Modules (e.g., GSM SIM and CDMA2000 R-UIM, which do not support 3G AKA mechanisms). A challenge-response key exchange is implemented between a bootstrapping server function (BSF) and mobile terminal (MT). The BSF generates an authentication challenge and sends it to the MT under a server-authenticated public key mechanism. The MT receives the challenge and determines whether it originates from the BSF based on a bootstrapping server certificate. The MT formulates a response to the authentication challenge based on keys derived from the authentication challenge and a pre-shared secret key. The BSF receives the authentication response and verifies whether it originates from the MT. Once verified, the BSF and MT independently calculate an application security key that the BSF sends to a requesting network application function to establish secure communications with the MT.

公开(公告)号：PL1854263T3

公开(公告)日：2011-10-31

申请号：PL06720264

申请日：2006-02-03

Applicant: QUALCOMM INC

Inventor： ROSE GREGORY GORDON ,  SEMPLE JAMES ,  NASIELSKI JOHN WALLACE

IPC: H04L29/06 ,  H04W12/06

公开(公告)号：DE602007013795D1

公开(公告)日：2011-05-19

申请号：DE602007013795

申请日：2007-10-25

Applicant: QUALCOMM INC

Inventor： PADDON MICHAEL ,  ESCOTT ADRIAN ,  ROSE GREGORY GORDON ,  HAWKES PHILIP M

IPC: H04W4/00 ,  H04L29/06 ,  H04W12/10

公开(公告)号：NZ560464A

公开(公告)日：2010-10-29

申请号：NZ56046406

申请日：2006-02-03

Applicant: QUALCOMM INC

Inventor： ROSE GREGORY GORDON ,  SEMPLE JAMES ,  NASIELSKI JOHN WALLACE

IPC: H04L29/06 ,  H04L12/56 ,  H04W12/06 ,  H04W88/02 ,  H04W92/04

Abstract: A method for authenticating a legacy mobile terminal to communicate with a network application function is disclosed. The method comprises: - generating an authentication challenge at a bootstrapping server function, including a first random number as a first parameter, a public key based at least in part on the first random number, and a signature based at least in part on the first random number, the public key and a private key; - sending the authentication challenge to the legacy mobile terminal which can verify the origin of the authentication challenge based on a previously obtained bootstrapping server digital certificate associated with the bootstrapping server function; - receiving an authentication response at the bootstrapping server function that includes a second random number and a second parameter computed with a copy of the private key generated at the legacy mobile terminal based at least in part on the first random number and a pre-shared secret key stored in a subscriber identification module in the legacy mobile terminal; - verifying whether the authentication response originated from the legacy mobile terminal by re-computing the first parameter at the bootstrapping server function based on a second key provided to the bootstrapping server function; and - generating a mutually authenticated key at the bootstrapping server function based at least in part on the first random number the second random number and the private key. A method for authenticating a network application function to communicate with a legacy mobile terminal is also disclosed. The method comprises: - receiving an authentication challenge at the legacy mobile terminal, including a first random number as a first parameter, a public key based at least in part on the first random number, and a signature based at least in part on the first random number, the public key and a private key; - generating a mutually authenticated key at the legacy mobile terminal based at least in part on the first random number, a second random number and the private key; - verifying whether the authentication challenge originates at a bootstrapping server function based on a previously obtained bootstrapping server digital certificate associated with the bootstrapping server function; and - sending an authentication response to the bootstrapping server function that includes the second random number and a second parameter computed with a copy of the private key generated at the legacy mobile terminal based at least in part on the first random number and a pre-shared secret key stored in a subscriber identification module in the legacy mobile terminal.

公开(公告)号：BRPI0607359A2

公开(公告)日：2009-09-01

申请号：BRPI0607359

申请日：2006-02-03

Applicant: QUALCOMM INC

Inventor： ROSE GREGORY GORDON ,  SEMPLE JAMES ,  NASIELSKI JOHN WALLACE

IPC: H04L29/06 ,  H04W12/06

Abstract: A mutual authentication method is provided for securely agreeing application-security keys with mobile terminals supporting legacy Subscriber Identity Modules (e.g., GSM SIM and CDMA2000 R-UIM, which do not support 3G AKA mechanisms). A challenge-response key exchange is implemented between a bootstrapping server function (BSF) and mobile terminal (MT). The BSF generates an authentication challenge and sends it to the MT under a server-authenticated public key mechanism. The MT receives the challenge and determines whether it originates from the BSF based on a bootstrapping server certificate. The MT formulates a response to the authentication challenge based on keys derived from the authentication challenge and a pre-shared secret key. The BSF receives the authentication response and verifies whether it originates from the MT. Once verified, the BSF and MT independently calculate an application security key that the BSF sends to a requesting network application function to establish secure communications with the MT.

公开(公告)号：AU2005223962B2

公开(公告)日：2009-03-05

申请号：AU2005223962

申请日：2005-03-17

Applicant: QUALCOMM INC

Inventor： HSU RAYMOND TAH-SHENG ,  ROSE GREGORY GORDON

IPC: H04L9/08 ,  H04L9/00 ,  H04L9/32 ,  H04L29/06

Abstract: Efficient transmission of cryptographic information in secure real time protocol. A transmitting terminal may be used to encrypt data with a session key derived from a bit-stream. The bit-stream may be sent with header information to the receiving terminal. To conserve bandwidth, the information may be divided into portions, and each portion transmitted with an encrypted data packet. The receiving terminal may be used to recover the bit-stream from the information portions in the packet headers, and use the bit-stream to derive the session key. The session key may be used to decrypt the data.

公开(公告)号：CA2597763A1

公开(公告)日：2006-08-17

申请号：CA2597763

申请日：2006-02-10

Applicant: QUALCOMM INC

Inventor： HAWKES PHILIP MICHAEL ,  SEMPLE JAMES ,  ROSE GREGORY GORDON ,  PADDON MICHAEL

IPC: H04L9/08 ,  H04L9/00

Abstract: In a communication system in which two communication entities seek to have a private or confidential communication session, a trust relationship needs first be established. The trust relationship is based on the determination of a shared secret which in turn is generated from contextual information. The contextual information can be derived from the circumstances surrounding the communication session. For example, the contextual information can include topological information, time-based information, and transactional information. The shared secret may be self-generated or received from a third party. In either event, the shared secret may be used as key material for any cryptographic protocol used between the communication entities.

公开(公告)号：CA2591933A1

公开(公告)日：2006-06-29

申请号：CA2591933

申请日：2005-12-21

Applicant: QUALCOMM INC

Inventor： ROSE GREGORY GORDON ,  HAWKES PHILIP MICHAEL ,  PADDON MICHAEL

IPC: H04L29/06

Abstract: Embodiments describe techniques in connection with configuring a firewall and/or reducing network traffic. According to an embodiment is a method for configuring a firewall to reduce unwanted network traffic. The method includes executing a web-server and detecting a passive socket has been created. The method also includes establishing contact with a firewall and requesting the firewall to permit flows directed to the passive socket. According to some embodiments, the method can include closing the web-server and destroying the passive socket. The firewall can be contacted with the destroyed passive socket information and can be sent a request to deny flows directed to the destroyed passive socket. If the passive socket is closed, the method can automatically revoke the request to the firewall to permit flows directed to the passive socket.

公开(公告)号：BRPI0914963A2

公开(公告)日：2015-10-20

申请号：BRPI0914963

申请日：2009-06-08

Applicant: QUALCOMM INC

Inventor： JULIAN DAVID JONATHAN ,  ROSE GREGORY GORDON ,  XIAO LU

IPC: H04L29/06