公开(公告)号：EP2534809A4

公开(公告)日：2016-11-09

申请号：EP10845885

申请日：2010-02-12

Applicant: ERICSSON TELEFON AB L M

Inventor： HADDAD WASSIM ,  BLOM ROLF ,  NÄSLUND MATS

IPC: H04L29/06 ,  H04W12/06

CPC classification number: H04W12/06 ,  H04L63/08 ,  H04L63/0823

Abstract: A method and apparatus to establish trust between two nodes in a communications network. A first node receives from a network node authentication data unique to the first node, which can be used to derive a compact representation of verification data for the first node. The first node also receives a certified compact representation of verification data of all nodes in the network. The first node derives trust information from the authentication data for the node, and sends to a second node a message that includes the trust information and part of the authentication data. The second node has its own copy of the certified compact representation of verification data of all nodes in the network, and verifies the authenticity of the message from the first node using the compact representation of verification data of all nodes in the network and the received trust information and authentication data.

Abstract translation: 一种在通信网络中的两个节点之间建立信任的方法和装置。 第一节点从网络节点接收对第一节点唯一的认证数据，其可以用于导出用于第一节点的验证数据的紧凑表示。 第一个节点还接收网络中所有节点的验证数据的认证紧凑表示。 第一节点从节点的认证数据中导出信任信息，并向第二节点发送包含信任信息和认证数据的一部分的消息。 第二节点具有网络中所有节点的验证数据的认证紧凑表示的自己的副本，并使用网络中所有节点的验证数据的紧密表示和接收到的信任来验证来自第一节点的消息的真实性 信息和认证数据。

公开(公告)号：EP2135426A4

公开(公告)日：2016-04-27

申请号：EP08712837

申请日：2008-02-26

Applicant: ERICSSON TELEFON AB L M

Inventor： HADDAD WASSIM ,  NÄSLUND MATS

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  H04L9/30 ,  H04L63/061 ,  H04L63/123 ,  H04L63/1466 ,  H04L2209/24

公开(公告)号：EP2253120A4

公开(公告)日：2012-05-30

申请号：EP08724217

申请日：2008-03-12

Applicant: ERICSSON TELEFON AB L M

Inventor： HADDAD WASSIM

IPC: H04W12/02 ,  H04L29/06 ,  H04W12/04 ,  H04W12/12 ,  H04W80/04

CPC classification number: H04L63/0414 ,  H04L63/0435 ,  H04L63/0442 ,  H04L63/061 ,  H04L63/1441 ,  H04L63/1466 ,  H04W8/082 ,  H04W8/16 ,  H04W12/02 ,  H04W12/04 ,  H04W12/12 ,  H04W36/0011 ,  H04W76/041 ,  H04W80/04

Abstract: A system for re-establishing a session between first and second hosts attached to respective first and second access routers. A connection request is sent from the first host to the first access router, the request containing an IP address claimed by the second host, a new care-of-address for the first host, and a session identifier. Upon receipt of the connection request, the first router obtains a verified IP address for the second access router and sends an on link presence request to the second access router, the request containing at least an Interface Identifier part of the second host's claimed IP address, the cue-of-address. and the session identifier. The second access router confirms that the second host is attached to the second access router. The second access router then reports the presence status to the first access router.

公开(公告)号：WO2006111938A3

公开(公告)日：2007-03-29

申请号：PCT/IB2006051233

申请日：2006-04-20

Applicant: ERICSSON TELEFON AB L M ,  HADDAD WASSIM ,  KRISHNAN SURESH

Inventor： HADDAD WASSIM ,  KRISHNAN SURESH

IPC: H04L29/06 ,  H04L12/22 ,  H04W8/26 ,  H04W12/02 ,  H04W12/06 ,  H04W80/04

CPC classification number: H04W12/02 ,  H04L63/0407 ,  H04L63/0414 ,  H04L63/0421 ,  H04L63/0823 ,  H04L63/083 ,  H04L63/126 ,  H04W8/26 ,  H04W12/06 ,  H04W80/04

Abstract: A method, a correspondent node and a mobile node provideanonymity and unlinkability to a mobile node in a session with a correspondent node. Sequence values, calculated based on secret data, are added to updates sent from the mobile node towards the correspondent node and are used by the correspondent node to authenticate updates from the mobile node.A home address of the mobile node is not explicitly disclosed. An expected care-of address is calculated at the correspondent node and used by the correspondent node to send data packets to the mobile node.

Abstract translation: 方法，对应节点和移动节点提供与通信节点的会话中的移动节点的匿名性和不可链接性。 基于秘密数据计算的序列值被添加到从移动节点向对应节点发送的更新，并由通信节点用于对来自移动节点的更新进行认证。移动节点的归属地址没有明确公开。 在对端节点处计算预期转交地址，并由通信节点用于向移动节点发送数据分组。

公开(公告)号：WO2014122560A3

公开(公告)日：2014-11-27

申请号：PCT/IB2014058645

申请日：2014-01-29

Applicant: ERICSSON TELEFON AB L M

Inventor： HADDAD WASSIM ,  HALPERN JOEL

IPC: H04W8/08 ,  H04L12/24 ,  H04W40/20 ,  H04W76/02

CPC classification number: H04W40/02 ,  H04L41/12 ,  H04L45/00 ,  H04L45/22 ,  H04L61/2076 ,  H04L61/6059 ,  H04W40/12 ,  H04W40/20 ,  H04W76/022

Abstract: Embodiments of the present disclosure include methods and apparatuses for enabling data path selection. In an EPG, ILNP mobility signaling is received. The ILNP signaling may include a destination locator for a BNG. A signaling message is sent to the BNG in response to the received ILNP signaling. An acknowledgement is received from the BNG. Traffic is tunneled between a mobile device and a RGW over a LTE interface. In a BNG, a signaling message is received. A message is sent to a SDN controller. A notification is received from the SDN controller that configuration of a RGW to tunnel traffic over a LTE interface is complete. An acknowledgement is sent to an EPG. In a RGW, a message is received from a SDN controller. Traffic is tunneled between a NAS and an EPG over a LTE interface based on the message received from the SDN controller.

Abstract translation: 本公开的实施例包括用于启用数据路径选择的方法和装置。 在EPG中，接收ILNP移动性信令。 ILNP信令可以包括BNG的目的地定位符。 响应于所接收的ILNP信令，将信令消息发送到BNG。 BNG收到确认。 流量通过LTE接口在移动设备和RGW之间传输。 在BNG中，收到信令消息。 消息被发送到SDN控制器。 接收到来自SDN控制器的通知，即通过LTE接口隧道流量的RGW配置已完成。 确认被发送给EPG。 在RGW中，从SDN控制器接收消息。 基于从SDN控制器接收到的消息，流量通过LTE接口在NAS和EPG之间隧道传输。

公开(公告)号：WO2009060363A3

公开(公告)日：2009-09-11

申请号：PCT/IB2008054548

申请日：2008-10-31

Applicant: ERICSSON TELEFON AB L M ,  KRISHNAN SURESH ,  HADDAD WASSIM

Inventor： KRISHNAN SURESH ,  HADDAD WASSIM

IPC: H04L12/58 ,  H04W8/08 ,  H04W8/26 ,  H04W12/02 ,  H04W12/06 ,  H04W36/00 ,  H04W80/04 ,  H04W88/18

CPC classification number: H04L63/0892 ,  H04L63/08 ,  H04W8/26 ,  H04W12/06 ,  H04W36/0011 ,  H04W80/04 ,  H04W88/182

Abstract: Methods, Mobile Node and Mobility Access gateway for enabling vertical handoff of the Mobile Node between a first interface of the Mobile Node bearing an address A@ to which a prefix is associated and second interface of the Mobile Node used to connect towards the Mobility Access Gateway, the method comprising the steps of : - in the Mobility Access Gateway, generating a network pfB' in relation to the prefix pfA; - generating a Pad Translator (PaT) used to change between the address B@ and the address A@; and sending from the Mobility Access gateway the pfB' towards the Mobile Node over the Mobile Node's second interface.

Abstract translation: 方法，移动节点和移动接入网关，用于实现移动节点在携带前缀所关联的地址A @的移动节点的第一接口与用于连接到移动接入网关的移动节点的第二接口之间的垂直切换 所述方法包括以下步骤： - 在所述移动性接入网关中，相对于所述前缀pfA生成网络pfB'; - 生成用于在地址B @和地址A @之间切换的Pad翻译器（PaT）; 并且通过移动节点的第二接口从移动接入网关向移动节点发送pfB'。

公开(公告)号：WO2006111937A3

公开(公告)日：2007-09-13

申请号：PCT/IB2006051232

申请日：2006-04-20

Applicant: ERICSSON TELEFON AB L M ,  HADDAD WASSIM

Inventor： HADDAD WASSIM

IPC: H04L29/06 ,  H04W8/06 ,  H04W80/04

CPC classification number: H04W8/065 ,  H04L29/12207 ,  H04L61/20 ,  H04L63/0442 ,  H04L63/0823 ,  H04L63/083 ,  H04L69/18 ,  H04W80/04

Abstract: A method, a correspondent node and a mobile node are provided for allowing setup of a session between the mobile node and the correspondent node using a new unique indicator in lieu of the home address to enable the correspondent node to uniquely identify the mobile node. The correspondent node uses the new unique indicator to identify the session within its Binding Cache Entry table.The mobile node may change its selection of a home address without impacting its ongoing session. Change of a home address may occur when the mobile node selects a new home agent to serve an ongoing session, or when the mobile node selects a new access interface during an ongoing session.

Abstract translation: 提供了一种方法，对应节点和移动节点，用于允许使用新的唯一指示符来替代家庭地址来建立移动节点和通信节点之间的会话，以使通信节点唯一地标识移动节点。 通信节点使用新的唯一指示符来识别其绑定缓存条目表中的会话。移动节点可以改变其对家庭地址的选择而不影响其正在进行的会话。 当移动节点选择新的归属代理来服务正在进行的会话时，或当移动节点在正在进行的会话期间选择新的访问接口时，可能会发生家庭地址的改变。

公开(公告)号：WO2009060362A3

公开(公告)日：2009-09-03

申请号：PCT/IB2008054546

申请日：2008-10-31

Applicant: ERICSSON TELEFON AB L M ,  KRISHNAN SURESH ,  HADDAD WASSIM

Inventor： KRISHNAN SURESH ,  HADDAD WASSIM

IPC: H04L29/12 ,  H04L29/06 ,  H04W12/02

CPC classification number: H04W12/02 ,  H04L63/0414 ,  H04L63/06 ,  H04L63/0892 ,  H04L2463/061 ,  H04W12/06 ,  H04W80/04

Abstract: A Mobile Node, A Network Node and a method performed in a visited network of a telecommunications network. The Mobile Node has a home address (HoA) valid in a Mobile Node's home network of the telecommunications network or knows how to generate one. The HoA is used in the visited network. A Pad Translator Generator module generates a Pad Translator (PaT) from at least one protection parameter by applying at least one exclusive-or (XOR) thereon and a Pad Translator Applicator module applies the PaT on at least a portion of a header of a packet using an exclusive-or (XOR) function thereby enabling protection of at least a portion of the HoA in the visited network.

Abstract translation: 移动节点，网络节点和在电信网络的拜访网络中执行的方法。 移动节点具有在移动节点的电信网络的家庭网络中有效的家庭地址（HoA），或知道如何生成电话。 HoA用于访问网络。 Pad转换器生成器模块通过在其上施加至少一个异或（XOR）从至少一个保护参数生成Pad转换器（PaT），并且Pad Translator Applicator模块将PaT应用于分组的报头的至少一部分 使用异或（XOR）功能，从而能够保护访问网络中HoA的至少一部分。

公开(公告)号：WO2009065923A3

公开(公告)日：2009-07-09

申请号：PCT/EP2008065967

申请日：2008-11-21

Applicant: ERICSSON TELEFON AB L M ,  HADDAD WASSIM ,  NAESLUND MATS

Inventor： HADDAD WASSIM ,  NAESLUND MATS

IPC: H04W12/04 ,  H04W80/04 ,  H04W88/02

CPC classification number: H04W12/04 ,  H04L9/3239 ,  H04L63/0823 ,  H04L2209/80 ,  H04L2463/081 ,  H04W8/082 ,  H04W12/06 ,  H04W80/04 ,  H04W88/02 ,  H04W88/182

Abstract: A method and apparatus for establishing a cryptographic relationship between a first node (102) and a second node (101) in a communications network. The first node receives at least part of a cryptographic attribute of the second node, uses the received at least part of the cryptographic attribute to generate an identifier for the first node. The cryptographic attribute may a public key belonging to the second node, and the identifier may be a Cryptographically Generated IP address. The cryptographic relationship allows the second node to establish with a third node that is entitled to act on behalf of the first node.

Abstract translation: 一种用于在通信网络中建立第一节点（102）和第二节点（101）之间的密码关系的方法和装置。 第一节点接收第二节点的加密属性的至少一部分，使用所接收的至少部分密码属性来生成第一节点的标识符。 加密属性可以是属于第二节点的公共密钥，并且该标识符可以是加密生成的IP地址。 密码关系允许第二节点建立一个有权代表第一个节点行动的第三个节点。

公开(公告)号：WO2008007233A3

公开(公告)日：2008-05-08

申请号：PCT/IB2007052091

申请日：2007-06-04

Applicant: ERICSSON TELEFON AB L M ,  HADDAD WASSIM ,  KRISHNAN SURESH

Inventor： HADDAD WASSIM ,  KRISHNAN SURESH

IPC: H04L29/06 ,  H04W8/26 ,  H04W24/00 ,  H04W28/06 ,  H04W40/36 ,  H04W80/04 ,  H04W92/24

CPC classification number: H04L45/00 ,  H04L29/06 ,  H04W8/26 ,  H04W24/00 ,  H04W28/06 ,  H04W40/36 ,  H04W80/04 ,  H04W84/12 ,  H04W92/24

Abstract: Systems and methods are described which delegate reachability testing for mobility signaling in communication networks. A mobile node transmits a mobility signaling package to other network nodes, which can use the information contained therein to perform the delegated reachability testing.

Abstract translation: 描述了委托通信网络中的移动性信令的可达性测试的系统和方法。 移动节点将移动性信令包发送到其他网络节点，其可以使用其中包含的信息来执行委托可达性测试。