公开(公告)号：EP2918057A4

公开(公告)日：2015-11-18

申请号：EP12888012

申请日：2012-11-12

Applicant: ERICSSON TELEFON AB L M

Inventor： HUANG VINCENT ,  CHENG YI ,  NÄSLUND MATS ,  MÉHES ANDRÁS

IPC: H04L29/06 ,  G06F21/64 ,  H04L9/32

CPC classification number: H04L63/126 ,  G06F21/64 ,  H04L9/3236 ,  H04L63/08 ,  H04L63/123 ,  H04L2209/38

公开(公告)号：EP2702724A4

公开(公告)日：2014-11-05

申请号：EP11864525

申请日：2011-04-26

Applicant: ERICSSON TELEFON AB L M

Inventor： GEHRMANN CHRISTIAN ,  MÉHES ANDRÁS

IPC: H04L9/32 ,  G06F9/455 ,  G06F21/53 ,  G06F21/57

CPC classification number: H04L9/006 ,  G06F21/53 ,  G06F21/57 ,  G06F2009/45587 ,  G06F2221/2149 ,  G06F2221/2153 ,  H04L9/08 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/3247 ,  H04L63/0442 ,  H04L63/0876 ,  H04L2209/127

Abstract: A device and method in a provisioning unit of secure provisioning of a virtual machine on a target platform having a specific configuration is provided. The method comprising: receiving (404) a public binding key from the target platform (107), the public binding key being bound to the specific configuration, encrypting (410) a virtual machine provisioning command using the public binding key, and sending (412) the encrypted virtual machine provisioning command, to the target platform (107). By the provided device and method secure provisioning of a virtual machine on a target platform is enabled.

Abstract translation: 提供了在具有特定配置的目标平台上的虚拟机的安全供应的供应单元中的设备和方法。 该方法包括：从目标平台（107）接收（404）公钥绑定密钥，所述公钥绑定密钥被绑定到所述特定配置，使用所述公有绑定密钥加密（410）虚拟机配置命令，以及发送（412 ）所述加密的虚拟机配置命令发送到所述目标平台（107）。 通过所提供的设备和方法，能够在目标平台上安全地提供虚拟机。

公开(公告)号：EP2792178A4

公开(公告)日：2015-09-02

申请号：EP12857467

申请日：2012-04-02

Applicant: ERICSSON TELEFON AB L M

Inventor： LILJENSTAM MICHAEL ,  MÉHES ANDRÁS ,  SALMELA PATRICK

IPC: H04W12/12 ,  G06F21/56 ,  H04L12/26 ,  H04L29/06

CPC classification number: H04L63/1441 ,  G06F21/56 ,  H04L43/16 ,  H04L63/1425 ,  H04L63/145 ,  H04W12/12

Abstract: The present invention relates to methods and devices for detecting persistency of a first network node (12). In a first aspect of the invention, a method is provided comprising the steps of monitoring (S101), during a specified observation period, whether the first network node has established a connection to a second network node (13), and determining (S102) a total number of sessions of connectivity occurring during said specified observation period in which the first network node connects to the second network node. Further, the method comprises the steps of determining (S103), from the total number of sessions, a number of sessions comprising at least one communication flow between the first network node and the second network node, and determining (S104) inter-session persistence of the first network node on the basis of the total number of sessions and the number of sessions comprising at least one communication flow.

公开(公告)号：IN9465DEN2014A

公开(公告)日：2015-07-17

申请号：IN9465DEN2014

申请日：2014-11-11

Applicant: ERICSSON TELEFON AB L M

Inventor： MORENIUS FREDRIC ,  MÉHES ANDRÁS ,  GEHRMANN CHRISTIAN

IPC: G06F21/57

Abstract: In a method of provisioning a virtual machine (VM) to a computing network (401), a VM manager or provisioner (403, 408) encrypts a virtual machine using a key bound to at least one security profile indicative of one or more security requirements that a computing resource (402) of the computing network (401) must satisfy in order to be able to decrypt the VM. A key for use in decrypting the VM has previously been sealed into multiple (and preferably into all) computing resources (402) in the network into which the VM is to be provisioned, and has been sealed such that a computing resource can obtain the key only if it is in a state that satisfies the security profile, or at least one security, profile to which the key is bound The VM manager or provisioner (403, 408) creates a VM launch package that includes the encrypted VM and that also includes a key that may be used in decrypting the encrypted VM. When the VM launch package is received at a computing resource (402), the computing resource will not be able to recover the key for use in decrypting the VM- and hence will be unable to decrypt the VM- unless the computing resource satisfies the security requirements indicated by the security profile. The VM manager or provisioner can thus be sure that the VM will not be launched on a computing resource that does not meet the desired security profile. Alternatively the VM manager or provisioner (403 , 408) may send a token corresponding to a desired security profile with an encrypted VM. A computing resource uses the token to obtain a key to decrypt the VM but the computing resource will not be able to recover the key unless the computing resource satisfies the security requirements indicated by the token.