Patent application number | Description | Published |
20090307748 | METHOD AND ARRANGEMENT FOR USER FRIENDLY DEVICE AUTHENTICATION - The present invention relates to fraud prevention and authentication of a device to a user. The method of authenticating a personal device according to the invention comprises a set up sequence, wherein at least a first preferred output format is selected by the user, and a device configuration verification sequence. In the device configuration verification sequence a checksum is calculated and converted to a user friendly output format based on the user selected preferred output format. In addition the checksum may be calculated based on variable, and user selectable, keying material. The personal device, after being authenticated according to the above, may be used to authenticate a second device. | 12-10-2009 |
20100031044 | PREFIX REACHABILITY DETECTION IN A COMMUNICATION - There is disclosed a method, and a communication system, and a communication node for implementing the claimed method, for attempting to enhance legitimacy assessment and thwart a man-in-the middle or similar false-location attack by evaluating the topology of a communication-session requesting node relative to the proposed communication path through a network between the requesting node and the requested node. Upon receiving the request, a PRD (Prefix Reachability Detection) protocol is initiated, either after or during a secure key exchange, if any, which if performed preferably includes an ART (address reachability text). The PRD is executed by sending a message to the communication node challenging the location-authenticity of the requesting device. The communication node, which may be for example an access router through which the requesting node accesses the network, determines if the requesting node is positioned behind the communication node topologically, and reports the result to the requested node. The requested node may then make a decision on whether to permit the communication. If so, the PRD may be repeated one or more times while the communication session is in progress. | 02-04-2010 |
20100064135 | Secure Negotiation of Authentication Capabilities - A network ( | 03-11-2010 |
20100325412 | APPARATUS FOR RECONFIGURATION OF A TECHNICAL SYSTEM BASED ON SECURITY ANALYSIS AND A CORRESPONDING TECHNICAL DECISION SUPPORT SYSTEM AND COMPUTER PROGRAM PRODUCT - The invention relates to an apparatus for analyzing and reconfiguring a technical system ( | 12-23-2010 |
20110004754 | Method And Apparatuses For Authentication And Reauthentication Of A User With First And Second Authentication Procedures - A method of authenticating a user to a network, the user being in possession of first and second authentication credentials associated respectively with first and second authentication procedures. The method comprises sending a challenge from the network to the user according to said second authentication procedure, receiving the challenge at the user and computing a response using said first credential or keying material obtained during an earlier running of said first authentication procedure, and said second credential, sending the response from the user to the network, and receiving the response within the network and using the response to authenticate the user according to said second authentication procedure. | 01-06-2011 |
20110093609 | Sending Secure Media Streams - A method and apparatus for sending a first secured media stream having a payload via an intermediate node. The intermediate node receives from a sender the first secured media stream. An end-to-end context identifier and a hop-by-hop context identifier are determined for the first secured media stream, where the hop-by-hop context identifier relates to the intermediate node and the end-to-end identifier relates to the sender. A second secured media stream is generated, which includes at least the payload of the first secured media stream and the context identifiers to identify the first secured media stream. The second secured media stream is sent to a receiving node, and the context identifiers are also sent to the receiving node. The context identifiers are usable by the receiving node to recover the first secured media stream. | 04-21-2011 |
20110093919 | Method and Apparatus for Determining an Authentication Procedure - A server for managing the authentication of clients that are subscribers of a home domain within which the server is located, the server comprising means for determining whether a client that is attached to a visited domain is to be authenticated by the home domain or by said visited domain, and for signalling the result to said visited domain. | 04-21-2011 |
20110211693 | METHOD AND AN APPARATUS FOR KEY MANAGEMENT IN A COMMUNICATION NETWORK - The present invention relates to a method of key management and to an apparatus ( | 09-01-2011 |
20110296489 | SELECTION OF SUCCESSIVE AUTHENTICATION METHODS - A method of authenticating a user who is a subscriber of a home network, authenticated in a first network, for accessing a service in a second network. This method includes: authenticating the user in the first network with a first authentication method selected in an authentication server; reserving resources for the service towards a rules enforcement device; requesting control rules for the resources towards a control rules server; submitting towards the control rules server information about the first authentication method; determining at the control rules server whether a further authentication of the user with a further authentication method is required; and instructing from the control rules server towards the authentication server to force the further authentication of the user with the further authentication method. | 12-01-2011 |
20120190343 | SECURITY FEATURE NEGOTIATION BETWEEN NETWORK AND USER TERMINAL - A Mobile Station (MS), a Base Station System (BSS) and a Mobile Switching Centre (MSC) of a cellular network, such as GSM, are disclosed. According to one embodiment, the MS is arranged to carry out one or more security features in its communication with the network. For example, the MS may be arranged to: by means of information received in a signalling message ( | 07-26-2012 |
20120198527 | IP Multimedia Security - A method of establishing keys for at least partially securing media plane data exchanged between first and second end users via respective first and second media plane network nodes. The method comprises sending session set-up signalling from said first end point towards said second end point, said session set-up signalling including a session key generated by said first end point. The set-up signalling is intercepted at a first signalling plane network node and a determination made as to whether or not a signalling plane key has already been established for securing the signalling plane between said first end point and said first signalling plane network node. If a signalling plane key has already been established, then a media plane key is derived from that signalling plane key, and the media plane key sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node. If a signalling plane key has not already been established, then an alternative media plane key is derived from said session key and sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node. | 08-02-2012 |
20120246480 | Method and Arrangement for Enabling Play-Out of Media - Methods and arrangements for enabling the use of a first device ( | 09-27-2012 |
20120287934 | Packet Routing in a Network by Modifying In-Packet Bloom Filter - A network node (NB | 11-15-2012 |
20130084854 | Methods and Arrangements for Direct Mode Communication - A method in a first user equipment (UE | 04-04-2013 |
20130097296 | SECURE CLOUD-BASED VIRTUAL MACHINE MIGRATION - A virtual machine (VM) system is provided. The system includes a target physical server (PS) that has a resource configuration. The system includes a source PS that runs a virtual machine (VM). The source PS is in communication with the target PS. The source PS includes a memory that stores a migration policy file. The migration policy file includes at least one trust criteria in which the at least one trust criteria indicates a minimum resource configuration. The source PS includes a receiver that receives target PS resource configuration and a processor in communication with the memory and receiver. The processor determines whether the target PS resource configuration meets the at least one trust criteria. The processor initiates VM migration to the target PS based at least in part on whether the target PS resource configuration meets the at least one trust criteria. | 04-18-2013 |
20130124757 | Methods and Apparatus for Secure Routing of Data Packets - Methods and arrangements for supporting a forwarding process in routers when routing data packets through a packet-switched network, by employing hierarchical parameters in which the hops of a predetermined transmission path between a sender and a receiver are encoded. A name server generates and distributes router-associated keys to routers in the network which keys are used for computing the hierarchical parameters. | 05-16-2013 |
20130203454 | METHOD AND ARRANGEMENT FOR RESOURCE ALLOCATION IN RADIO COMMUNICATION - A method and arrangement in a first mobile terminal ( | 08-08-2013 |
20130291071 | Method and Apparatus for Authenticating a Communication Device - According to an aspect of the present invention there is provided a method of operating a communication device, the communication device being part of a group comprising two or more communication devices that share a subscription to a communication network. The method comprises receiving a group authentication challenge from the network, at least part of the group authentication challenge having been generated using group authentication information that is associated with the shared subscription. The device then generates a device specific response to the group authentication challenge using the group authentication information and device specific authentication information and sends the device specific response to the network. The device is for example a member of a machine-type communication device group. | 10-31-2013 |