公开(公告)号：EP2798867A4

公开(公告)日：2015-10-14

申请号：EP11878755

申请日：2011-12-30

Applicant: ERICSSON TELEFON AB L M

Inventor： ZHAO SKY ,  SMEETS BERNARD

IPC: H04W8/02 ,  H04W4/00 ,  H04W8/08 ,  H04W8/26 ,  H04W12/06

CPC classification number: H04W12/06 ,  H04W4/003 ,  H04W8/18 ,  H04W8/20 ,  H04W8/265 ,  H04W12/04

Abstract: A method of obtaining a virtual SIM for a mobile device comprises sending, to a TTA for authentication, a request for a virtual SIM for a mobile device associated with the TTA. The authenticated request is sent from the mobile device to an NRS application (or to a combined NRS/PCSS application). The mobile device subsequently receives information identifying a PCSS application (or a combined NRS/PCSS application) in a computing environment that provides a virtual SIM for the mobile device.

公开(公告)号：WO02069269A3

公开(公告)日：2002-11-28

申请号：PCT/EP0201601

申请日：2002-02-15

Applicant: ERICSSON TELEFON AB L M ,  SMEETS BERNARD ,  AABERG JAN

Inventor： SMEETS BERNARD ,  AABERG JAN

IPC: G06T9/00 ,  H03M7/30

CPC classification number: H03M7/30 ,  G06T9/00

Abstract: Method and apparatus for compressing data representing a set of symbols such that each symbol (12) of the set can be separately accessed and decompressed. Each symbol of the set of symbols is encoded (63) in the form of a two-part code wherein a first part of the code is common for all encoded symbols and a second part of the code encodes the data representing a symbol. An identifier is given for each symbol for permitting each encoded symbol to be separately accessed and decompressed. The invention is particularly useful for storing large fonts such as a Chinese or Japanese character set.

Abstract translation: 用于压缩表示一组符号的数据的方法和装置，使得该集合的每个符号（12）可以被单独访问和解压缩。 符号集合中的每个符号以两部分代码的形式被编码（63），其中代码的第一部分对于所有编码符号是公共的，并且代码的第二部分对表示符号的数据进行编码。 给出每个符号的标识符，以允许每个编码符号被单独访问和解压缩。 本发明对于存储诸如中文或日文字符集的大字体特别有用。

公开(公告)号：WO02087269A3

公开(公告)日：2003-05-01

申请号：PCT/EP0203816

申请日：2002-04-05

Applicant: ERICSSON TELEFON AB L M ,  SMEETS BERNARD ,  OSTHOFF HARRO ,  SVEDENMARK RICKARD

Inventor： SMEETS BERNARD ,  OSTHOFF HARRO ,  SVEDENMARK RICKARD

IPC: G06F21/00 ,  H04W88/02 ,  H04Q7/32

CPC classification number: G06F21/71 ,  H04W88/02

Abstract: A system and method for securing information in the memory of an electronic device. A terminal identifier that identifies the device is stored in memory in the device. Also stored in memory of the device is a cryptographic hash algorithm and a hash value that is calculated from the application of the hash algorithm against the terminal identifier. The terminal identifier, the hash algorithm, and the hash value are all stored in protected memory within the electronic device with the protected memory being read only memory or one time programmable memory. In response to the occurrence of an event on the electronic device, such as at time of device power up, the hash algorithm is applied against the stored terminal identifier, with the resultant hash value being compared against the stored hash value. If the two hash values fail to match, normal operation of the device is disabled.

Abstract translation: 一种用于将信息保护在电子设备的存储器中的系统和方法。 识别设备的终端标识符存储在设备的存储器中。 还存储在设备的存储器中的是加密散列算法和从哈希算法应用于终端标识符的应用计算的散列值。 终端标识符，散列算法和哈希值都存储在电子设备内的受保护的存储器中，其中受保护的存储器是只读存储器或一次可编程存储器。 响应于电子设备上的事件的发生，例如在设备上电时，针对所存储的终端标识符应用散列算法，将所得到的散列值与存储的散列值进行比较。 如果两个哈希值不匹配，则设备的正常运行被禁用。

公开(公告)号：WO2009098130A3

公开(公告)日：2009-12-03

申请号：PCT/EP2009050829

申请日：2009-01-26

Applicant: ERICSSON TELEFON AB L M ,  SMEETS BERNARD ,  SAELLBERG KRISTER ,  LEHTOVIRTA VESA ,  BARRIGA LUIS ,  JOHANSSON MATTIAS

Inventor： SMEETS BERNARD ,  SAELLBERG KRISTER ,  LEHTOVIRTA VESA ,  BARRIGA LUIS ,  JOHANSSON MATTIAS

IPC: H04W8/22 ,  H04W12/04

CPC classification number: G06F21/445 ,  G06F2221/2129 ,  H04L9/321 ,  H04L9/3263 ,  H04L63/062 ,  H04L2209/56 ,  H04L2209/80 ,  H04W12/04

Abstract: Methods and systems taught herein allow communication device manufacturers to preconfigure communication devices to use preliminary access credentials to gain temporary network access for downloading subscription credentials, and particularly allow the network operator issuing the subscription credentials to verify that individual devices requesting credentials are trusted. In one or more embodiments, a credentialing server is owned or controlled by the network operator, and is used by the network operator to verify that subscription credentials are issued only to trusted communication devices, even though such devices may be referred to the credentialing server by an external registration server and may be provisioned by an external provisioning server. Particularly, the credentialing server interrogates requesting devices for their device certificates and submits these device certificates to an external authorization server, e.g., an independent OCSP server, for verification. A common Public Key Infrastructure (PKI) may be used for operator and device certificates.

Abstract translation: 本文教导的方法和系统允许通信设备制造商预配置通信设备以使用初步访问凭证来获得用于下载预订凭证的临时网络访问，并且特别地允许发布预订凭证的网络操作员验证请求凭证的各个设备是可信的。 在一个或多个实施例中，凭证服务器由网络运营商拥有或控制，并且由网络运营商用来验证仅向可信通信设备发行预订凭证，即使这些设备可以通过以下方式被引用到凭证服务器： 一个外部注册服务器，可以由外部配置服务器配置。 特别地，证书服务器询问请求设备的设备证书并将这些设备证书提交给外部授权服务器（例如，独立的OCSP服务器）以进行验证。 公共密钥基础设施（PKI）可用于操作员和设备证书。

公开(公告)号：WO2004105309A3

公开(公告)日：2005-02-17

申请号：PCT/EP2004005522

申请日：2004-05-21

Applicant: ERICSSON TELEFON AB L M ,  BJARME JENS ,  SKOOG MICHAEL ,  SCHALIN PATRIK ,  SMEETS BERNARD

Inventor： BJARME JENS ,  SKOOG MICHAEL ,  SCHALIN PATRIK ,  SMEETS BERNARD

IPC: H04L9/08 ,  H04L9/32 ,  H04L29/06

CPC classification number: H04L63/0442 ,  H04L63/061 ,  H04L63/067 ,  H04L63/08

Abstract: A method of authenticating a client for a service on a network, wherein the client is authenticated by a service provider and granted permissions for the service if the client can read a service provider session secret, calculate a client session secret and upon comparison of the service provider and client session secrets grant permissions.

Abstract translation: 一种用于对网络上的服务进行认证的方法，其中如果客户端可以读取服务提供者会话秘密，则客户端被服务提供商认证并且授予服务的许可，计算客户会话秘密，并且在服务的比较 提供者和客户端会话秘密授予权限。

公开(公告)号：WO03069922A2

公开(公告)日：2003-08-21

申请号：PCT/EP0301373

申请日：2003-02-12

Applicant: ERICSSON TELEFON AB L M ,  MOELLER BERND ,  ESSWEIN MATTHIAS ,  SVEDENMARK RICKARD ,  KIRCHNER ELMAR ,  SMEETS BERNARD ,  BOCK MICHAEL

Inventor： MOELLER BERND ,  ESSWEIN MATTHIAS ,  SVEDENMARK RICKARD ,  KIRCHNER ELMAR ,  SMEETS BERNARD ,  BOCK MICHAEL

IPC: G06K19/07 ,  G06F1/00 ,  G06F21/22 ,  G06K19/06 ,  H04B7/26 ,  H04Q7/00

CPC classification number: G06Q20/3563

Abstract: A smart card and a smart card and security function system for a mobile terminal for a wireless telecommunications system. The smart card includes a software services component in which software is organized in at least one functional software unit and in a plurality of software layers arranged in order from software layers providing higher level services to software layers providing lower level services, and at least one software module in each software layer. The smart card further includes means for providing access to information and services provided by the smart card.

Abstract translation: 用于无线电信系统的移动终端的智能卡和智能卡和安全功能系统。 智能卡包括软件服务组件，其中软件被组织在至少一个功能软件单元中以及在从提供较高级别服务的软件层顺序排列的多个软件层中组织，所述软件层提供提供较低级服务的软件层，以及至少一个软件 模块在每个软件层。 智能卡还包括用于提供对由智能卡提供的信息和服务的访问的装置。

公开(公告)号：WO0141358A3

公开(公告)日：2001-11-08

申请号：PCT/EP0011780

申请日：2000-11-27

Applicant: ERICSSON TELEFON AB L M

Inventor： PERSSON JOAKIM ,  SMEETS BERNARD ,  MELIN TOBIAS

IPC: H04L9/08 ,  H04L9/32 ,  H04L9/12

CPC classification number: H04L9/3273 ,  H04L2209/80

Abstract: In a communication system, an authentication ciphering offset (ACO) is generated as a function of one or more parameters, wherein at least one of the one or more parameters is derived from earlier-computed values of the ACO. This enables each device to avoid generating an ACO value that is out of synchronization with a counterpart ACO value generated in another communication device.

Abstract translation: 在通信系统中，根据一个或多个参数生成认证加密偏移量（ACO），其中，所述一个或多个参数中的至少一个参数是从早先计算的ACO值导出的。 这使得每个设备能够避免产生与在另一个通信设备中产生的对应ACO值不同步的ACO值。

公开(公告)号：WO2010092138A3

公开(公告)日：2011-02-24

申请号：PCT/EP2010051754

申请日：2010-02-12

Applicant: ERICSSON TELEFON AB L M ,  JOHANSSON BJOERN ,  SMEETS BERNARD ,  PERSSON JAN PATRIK

Inventor： JOHANSSON BJOERN ,  SMEETS BERNARD ,  PERSSON JAN PATRIK

IPC: G06F21/00 ,  H04L29/06

CPC classification number: H04L63/123 ,  G06F21/51 ,  G06F21/64 ,  G06F2221/2115 ,  H04W12/10

Abstract: A mobile terminal (20) receives trustworthiness information for a software application (66) by receiving a voucher (64) that indicates the trustworthiness of that application as represented by a third party (14). To ensure the integrity of this information, the mobile terminal authenticates the voucher and verifies that the software application is the one having its trustworthiness indicated by the voucher. Given such indications of trustworthiness, a user of the mobile terminal may decide whether to install and run it. If decided in the affirmative, the user may form his or her own basis for the trustworthiness of the software application. Accordingly, the mobile terminal may also create a new voucher that indicates the trustworthiness of the software application as represented by the user. With third parties representing the trustworthiness of software applications in this manner, their development is not hindered by the imposition of security requirements on application developers.

Abstract translation: 移动终端（20）通过接收指示由第三方（14）表示的该应用的可信赖性的凭单（64）来接收软件应用程序（66）的可信赖信息。 为了确保该信息的完整性，移动终端对凭证进行认证，并验证该软件应用程序是否具有凭证所示的可信赖性。 给定这种可信度的指示，移动终端的用户可以决定是否安装并运行它。 如果确定为肯定，用户可以形成自己的软件应用程序的可信赖性的基础。 因此，移动终端还可以创建指示用户表示的软件应用的可信赖性的新凭证。 第三方以这种方式代表软件应用程序的可信赖性，对应用程序开发人员施加安全要求并不妨碍其开发。

公开(公告)号：WO2009115394A2

公开(公告)日：2009-09-24

申请号：PCT/EP2009052104

申请日：2009-02-23

Applicant: ERICSSON TELEFON AB L M ,  SMEETS BERNARD

Inventor： SMEETS BERNARD

IPC: H04L29/06

CPC classification number: H04L63/06 ,  H04L63/0823 ,  H04L63/123 ,  H04W12/04 ,  H04W12/06

Abstract: According to teachings presented herein, communication devices are conveniently provisioned with network subscription credentials after purchasing, without device manufacturer or network operators having to preload temporary subscription credentials or to otherwise make provisions for supporting direct over-the-air provisioning of the devices. Such devices may be, for example, cellular telephones or other mobile devices. Broadly, a user communicatively couples a communication device to be provisioned to an intermediate data device that has existing communication capabilities, e.g., a PC or already-provisioned mobile telephone. A subscription server or other entity then uses a communication link with the intermediate data device to provide subscription credentials to the communication device, subject to trusted-device and owner identity verifications.

Abstract translation: 根据本文给出的教导，通信设备在购买之后方便地提供网络订阅凭证，而没有设备制造商或网络运营商必须预加载临时订阅凭证，或以其他方式提供用于支持设备的直接空中供应。 这样的设备可以是例如蜂窝电话或其他移动设备。 广泛地，用户通信地将要提供的通信设备连接到具有现有通信能力的中间数据设备，例如PC或已经提供的移动电话。 订阅服务器或其他实体然后使用与中间数据设备的通信链路来向通信设备提供订阅凭证，受到受信任设备和所有者身份验证的约束。

公开(公告)号：WO2004040397A3

公开(公告)日：2004-07-29

申请号：PCT/SE0301660

申请日：2003-10-27

Applicant: ERICSSON TELEFON AB L M ,  SMEETS BERNARD ,  SELANDER GOERAN ,  NERBRANT PER-OLOF

Inventor： SMEETS BERNARD ,  SELANDER GOERAN ,  NERBRANT PER-OLOF

IPC: G06F21/00 ,  H04L9/32 ,  H04L9/08 ,  G06F1/00

CPC classification number: G06F21/72 ,  G06F21/602 ,  H04L9/0844 ,  H04L9/3234 ,  H04L9/3271 ,  H04L2209/603

Abstract: The invention concerns a tamper-resistant electronic circuit (10) configured for implementation in a device (100). The electronic circuit (10) securely implements and utilizes device-specific security data during operation in the device (100), and is basically provided with a tamper-resistantly stored secret (C) not accessible over an external circuit interface. The electronic circuit (10) is also provided with functionality (13) for performing cryptographic processing at least partly in response to the stored secret to generate an instance of device-specific security data that is internally confined within said electronic circuit (10) during usage of the device (100). The electronic circuit (10) is further configured for performing one or more security-related operations or algorithms (14) in response to the internally confined device-specific security data. In this way, secure implementation and utilization device-specific security data for security purposes can be effectively accomplished. The security is uncompromised since the stored secret (C) is never available outside the electronic circuit, and the device-specific security data is internally confined within the circuit during usage or operation of the device.

Abstract translation: 本发明涉及被配置为在设备（100）中实现的防篡改电子电路（10）。 电子电路（10）在设备（100）的操作期间安全地实施并利用设备特定的安全数据，并且基本上具有不能通过外部电路接口访问的防篡改存储的秘密（C）。 电子电路（10）还具有用于至少部分地响应于所存储的秘密进行密码处理的功能（13），以在使用期间产生内部限制在所述电子电路（10）内的设备专用安全数据的实例 的设备（100）。 电子电路（10）还被配置为响应于内部限制的设备特定安全数据执行一个或多个安全相关操作或算法（14）。 以这种方式，可以有效地实现用于安全目的的安全实现和利用设备特定的安全数据。 安全性是不妥协的，因为存储的秘密（C）在电子电路之外永远不可用，并且设备特定的安全数据在设备的使用或操作期间内部被限制在电路内。