公开(公告)号：EP3017586A4

公开(公告)日：2016-06-15

申请号：EP14820447

申请日：2014-06-27

Applicant: ERICSSON TELEFON AB L M

Inventor： LEHTOVIRTA VESA ,  NORRMAN KARL ,  OHLSSON OSCAR

IPC: H04W12/06 ,  H04L9/08 ,  H04L9/32 ,  H04L29/06

CPC classification number: H04L63/0876 ,  G06F9/4416 ,  H04L9/0869 ,  H04L9/3271 ,  H04L63/10 ,  H04L2209/80 ,  H04L2463/082 ,  H04W12/06

Abstract: It is disclosed a method and a bootstrapping client (33) for assuring that a particular user (31) is present at local user authentication. It is also disclosed a method and a network application function (36) for authenticating a generic authentication architecture, GAA, client (34) to network application function, NAF (36). In addition, the NAF (36), requiring that the presence of the authorized user should be confirmed, sends a Nonce denoted as Nonce_UI, in which UI stands for “User Involvement”. The Nonce_UI indicates explicitly that the user involvement is required.

公开(公告)号：EP2695410A4

公开(公告)日：2014-09-24

申请号：EP11862337

申请日：2011-07-06

Applicant: ERICSSON TELEFON AB L M

Inventor： OHLSSON OSCAR ,  LEHTOVIRTA VESA ,  MATTSSON JOHN ,  NORRMAN KARL

IPC: H04W12/06 ,  H04L9/32 ,  H04L29/06 ,  H04W12/04

CPC classification number: H04L63/14 ,  H04L63/1466 ,  H04L63/168 ,  H04L67/02 ,  H04L67/14 ,  H04L2463/061 ,  H04W12/04

公开(公告)号：EP2263396A4

公开(公告)日：2012-09-19

申请号：EP08873855

申请日：2008-11-05

Applicant: ERICSSON TELEFON AB L M

Inventor： NÄSLUND MATS ,  ARKKO JARI ,  BLOM ROLF ,  LEHTOVIRTA VESA ,  NORRMAN KARL ,  ROMMER STEFAN ,  SAHLIN BENGT

IPC: H04W12/06 ,  H04L29/06 ,  H04W76/02

CPC classification number: H04W12/06 ,  G06F21/30 ,  H04L63/0272 ,  H04L63/08 ,  H04L63/0892 ,  H04L63/1433 ,  H04L63/162 ,  H04L63/164 ,  H04L63/20 ,  H04W60/00 ,  H04W72/0493

Abstract: When setting up communication from a user equipment UE (1), such as for providing IP access for the UE in order to allow it to use some service, information or an indication of at least one network properly relating to a first network, e.g. the current access network (3, 3′), is sent to the UE from a node (13) in a second network such as the home network (5) of the subscriber ask UE. The information or indication can be sent in a first stage of an authentication procedure being part of the setting up of a connection from the UE. In particular, the network property can indicate whether the access network (3, 3′) is trusted or not.

公开(公告)号：BR112014010428B1

公开(公告)日：2022-04-05

申请号：BR112014010428

申请日：2012-10-30

Applicant: ERICSSON TELEFON AB L M ,  ERICSSON TELEFON AB L M

Inventor： WIFVESSON MONICA ,  HEDMAN PETER ,  LEHTOVIRTA VESA

IPC: H04W12/08

Abstract: segurança na comunicação de dados em uma rede de comunicações. trata-se de um método de segurança na comunicação de dados entre um primeiro nó (10) ligado a uma primeira rede (40-1) e um segundo nó (20/30) ligado a uma segunda rede (40-2). no segundo nó (20/30), o método compreende: receber (s1) a primeira informação (l1) sobre se a primeira rede (40-1) tem um caminho de camada de rede seguro para o primeiro nó (10) ou é conhecida por usar um caminho de camada de rede seguro para os nós ligados; receber (s2) a segunda informação (i2) sobre se o segundo nó (20/30) tem um caminho de camada de rede seguro para a segunda rede (40-2) ou é conhecida por usar um caminho de camada de rede seguro para a segunda rede (40 -2); receber (s3) a terceira informação (i3) sobre se a primeira rede (40-1) tem um caminho interno de camada de rede seguro e, quando a primeira e a segunda rede (40-1, 40-2) são diferentes, sobre se a primeira rede (40-1) tem um caminho de camada de rede seguro para a segunda rede (40-2), ou é conhecida por usar um caminho de camada de rede seguro para a segunda rede (40-2). é determinado (s5) a partir da primeira, da segunda e da terceira informação (i1, i2, i3) se o caminho inteiro entre o primeiro nó (10) e o segundo nó (20/30) é seguro no nível de camada de rede, e com base nessa determinação, é decidido se estabelecer (s6t, s7r) uma segurança da camada de aplicativo para a comunicação de dados entre o primeiro nó (10) e o segundo nó (20/30), ou se continua sem segurança de camada de aplicativo (s8t, s8r).

公开(公告)号：WO2009098130A3

公开(公告)日：2009-12-03

申请号：PCT/EP2009050829

申请日：2009-01-26

Applicant: ERICSSON TELEFON AB L M ,  SMEETS BERNARD ,  SAELLBERG KRISTER ,  LEHTOVIRTA VESA ,  BARRIGA LUIS ,  JOHANSSON MATTIAS

Inventor： SMEETS BERNARD ,  SAELLBERG KRISTER ,  LEHTOVIRTA VESA ,  BARRIGA LUIS ,  JOHANSSON MATTIAS

IPC: H04W8/22 ,  H04W12/04

CPC classification number: G06F21/445 ,  G06F2221/2129 ,  H04L9/321 ,  H04L9/3263 ,  H04L63/062 ,  H04L2209/56 ,  H04L2209/80 ,  H04W12/04

Abstract: Methods and systems taught herein allow communication device manufacturers to preconfigure communication devices to use preliminary access credentials to gain temporary network access for downloading subscription credentials, and particularly allow the network operator issuing the subscription credentials to verify that individual devices requesting credentials are trusted. In one or more embodiments, a credentialing server is owned or controlled by the network operator, and is used by the network operator to verify that subscription credentials are issued only to trusted communication devices, even though such devices may be referred to the credentialing server by an external registration server and may be provisioned by an external provisioning server. Particularly, the credentialing server interrogates requesting devices for their device certificates and submits these device certificates to an external authorization server, e.g., an independent OCSP server, for verification. A common Public Key Infrastructure (PKI) may be used for operator and device certificates.

Abstract translation: 本文教导的方法和系统允许通信设备制造商预配置通信设备以使用初步访问凭证来获得用于下载预订凭证的临时网络访问，并且特别地允许发布预订凭证的网络操作员验证请求凭证的各个设备是可信的。 在一个或多个实施例中，凭证服务器由网络运营商拥有或控制，并且由网络运营商用来验证仅向可信通信设备发行预订凭证，即使这些设备可以通过以下方式被引用到凭证服务器： 一个外部注册服务器，可以由外部配置服务器配置。 特别地，证书服务器询问请求设备的设备证书并将这些设备证书提交给外部授权服务器（例如，独立的OCSP服务器）以进行验证。 公共密钥基础设施（PKI）可用于操作员和设备证书。

公开(公告)号：WO2010114475A2

公开(公告)日：2010-10-07

申请号：PCT/SE2010050366

申请日：2010-03-31

Applicant: ERICSSON TELEFON AB L M ,  LEHTOVIRTA VESA ,  LINDHOLM FREDRIK

Inventor： LEHTOVIRTA VESA ,  LINDHOLM FREDRIK

IPC: H04L29/06

CPC classification number: H04L63/062 ,  H04L12/189 ,  H04L65/1016 ,  H04L65/4076 ,  H04W12/04 ,  H04W88/14

Abstract: A system, method, and nodes for managing shared security keys between a User Equipment, UE, an authentication node such as an SCF/NAF, and a service node such as a BM-SC or AS. The SCF/NAF allocates to each BM-SC, a different SCF/NAF identifier such as a fully qualified domain name, FQDN, from the FQDN space the SCF/NAF administers. The SCF/NAF then locally associates these allocated FQDNs with the connected BM-SCs and with different services. The network sends the correct FQDN to the UE in a service description for a desired service, and the UE is able to derive a security key using the FQDN. When the UE requests the desired service, the SCF/NAF is able to associate the service identifier with the correct FQDN and an associated BM-SC. The SCF/NAF uses the FQDN to obtain the security key from a bootstrapping server and sends it to the associated BM-SC.As a result, the UE and the associated BM-SC share a specific security key.

Abstract translation: 用于管理用户设备，UE，诸如SCF / NAF之类的认证节点与诸如BM-SC或AS之类的服务节点之间的共享安全密钥的系统，方法和节点。 SCF / NAF从SCF / NAF管理的FQDN空间向每个BM-SC分配不同的SCF / NAF标识符，例如完全合格的域名FQDN。 然后，SCF / NAF在本地将这些分配的FQDN与所连接的BM-SC和不同的服务相关联。 网络在用于期望服务的服务描述中向UE发送正确的FQDN，并且UE能够使用FQDN导出安全密钥。 当UE请求期望的服务时，SCF / NAF能够将服务标识符与正确的FQDN和相关联的BM-SC相关联。 SCF / NAF使用FQDN从自举服务器获得安全密钥并将其发送到相关联的BM-SC。结果，UE和相关联的BM-SC共享特定的安全密钥。

公开(公告)号：WO2011128183A3

公开(公告)日：2012-01-05

申请号：PCT/EP2011054303

申请日：2011-03-22

Applicant: ERICSSON TELEFON AB L M ,  NIKANDER PEKKA ,  EKDAHL PATRIK ,  LEHTOVIRTA VESA ,  NORRMAN KARL ,  WIFVESSON MONICA

Inventor： NIKANDER PEKKA ,  EKDAHL PATRIK ,  LEHTOVIRTA VESA ,  NORRMAN KARL ,  WIFVESSON MONICA

IPC: H04L29/06

CPC classification number: H04L63/0815 ,  H04L63/0853 ,  H04L63/18 ,  H04W12/06

Abstract: A method is provided for use in interworking a single sign-on authentication architecture (Open ID) and a further authentication architecture (3GPP) in a split terminal scenario. The split terminal scenario is one in which authentication under the single sign-on authentication architecture is required of a browsing agent (8) being used to access a relying party and in response an associated authentication under the further authentication architecture is performed in relation to a separate authentication agent (7). A controlling agent (4) sends (C3) a token to the authentication agent (7). The controlling agent (4) sends (C4) a request to the browsing agent (8) to return a token for comparing with the token sent to the authentication agent (7). The controlling agent (4) waits (C6) for the authentication agent (7) or a user of the authentication agent (7) to communicate (A2) the received token to the browsing agent (8). The controlling agent (4) compares (C10) the received token with the token sent to the authentication agent (7) to determine whether the authentication agent (7) is authorised to perform authentication on behalf of the browsing agent (8).

Abstract translation: 提供了一种用于在分离终端场景中互通单一登录认证架构（开放ID）和另外的认证架构（3GPP）的方法。 拆分终端场景是其中需要用于访问依赖方的浏览代理（8）的单点登录认证体系结构下的认证，并且响应于在进一步认证架构下的相关认证相对于 单独的认证代理（7）。 控制代理（4）向认证代理（7）发送（C3）令牌。 控制代理（4）向浏览代理（8）发送（C4）请求以返回与发送给认证代理（7）的令牌进行比较的令牌。 控制代理（4）等待认证代理（7）或认证代理（7）的用户（C6）将所接收的令牌通信（A2）到浏览代理（8）。 控制代理（4）将接收的令牌（C10）与发送给认证代理（7）的令牌进行比较（C10），以确定认证代理（7）是否被授权代表浏览代理（8）进行认证。

公开(公告)号：WO0064199A3

公开(公告)日：2001-02-01

申请号：PCT/EP0003367

申请日：2000-04-14

Applicant: ERICSSON TELEFON AB L M

Inventor： VILANDER HARRI ,  LEHTOVIRTA VESA ,  HUOPPILA JARI

IPC: H04W24/02 ,  H04W24/04 ,  H04Q7/38 ,  G06F11/20

CPC classification number: H04W24/04

Abstract: The present invention relates to a method of recovering from a processor fault in a mobile communication network node provided with a plurality of processors. In use, connections are established between the network node and mobile stations for packet data communication between the network node and the mobile station. The connections are classified into priority order on basis of predefined classifying parameters. Working condition of at least one of the processors of the network node is monitored, and in case of detecting a processor fault, user plane connections are relocated within the network node from the faulted processor to another processor in accordance with the classified priority order of the connections. The invention relates further to a network node.

Abstract translation: 本发明涉及从设置有多个处理器的移动通信网络节点中的处理器故障中恢复的方法。 在使用中，在网络节点和移动台之间建立连接，用于网络节点和移动台之间的分组数据通信。 根据预定义的分类参数将连接分为优先级顺序。 监视网络节点的至少一个处理器的工作条件，并且在检测到处理器故障的情况下，根据所分配的优先级顺序，将用户平面连接从故障处理器重新定位到网络节点内。 连接。 本发明进一步涉及网络节点。

公开(公告)号：DK3756326T3

公开(公告)日：2021-09-06

申请号：DK19705519

申请日：2019-02-15

Applicant: ERICSSON TELEFON AB L M

Inventor： LEHTOVIRTA VESA ,  NORRMAN KARL ,  MARTINEZ DE LA CRUZ PABLO ,  TORVINEN VESA ,  SAARINEN PASI

IPC: H04L29/06

公开(公告)号：ES2845874T3

公开(公告)日：2021-07-28

申请号：ES19196520

申请日：2018-01-29

Applicant: ERICSSON TELEFON AB L M

Inventor： LEHTOVIRTA VESA ,  WIFVESSON MONICA ,  NAKARMI PRAJWOL KUMAR

IPC: H04W12/06 ,  H04W36/00

Abstract: Un método para restablecer una conexión de control de recurso de radio, RRC, entre un equipo (1) de usuario, UE, y un NodoB (3) de destino evolucionado, eNB de destino, siendo el método realizado por el UE (1) y que comprende: recibir (S100) un mensaje de restablecimiento de conexión de RRC desde el eNB (3) de destino, incluyendo el mensaje de restablecimiento de conexión de RRC un token de autenticación de enlace descendente, DL, que ha sido generado por una entidad (4) de gestión de movilidad y ha tenido una clave de integridad de estrato sin acceso y un parámetro de actualización como entrada; y autenticar (S110) el token de autenticación DL recibido.