公开(公告)号：US20160269175A1

公开(公告)日：2016-09-15

申请号：US14642591

申请日：2015-03-09

Applicant: QUALCOMM Incorporated

Inventor： Rosario Cammarota ,  Olivier Jean Benoit ,  Anand Palanigounder

IPC: H04L9/06

CPC classification number: H04L9/0631 ,  G09C1/00 ,  H04L9/002 ,  H04L2209/043 ,  H04L2209/24 ,  H04L2209/34

Abstract: Various features pertain to cryptographic ciphers such as Advanced Encryption Standard (AES) block ciphers. In some examples described herein, a modified masked AES SubBytes procedure uses a static lookup table that is its own inverse in GF(22). The static lookup table facilitates computation of the multiplicative inverse during nonlinear substitution operations in GF(22) In an AES encryption example, the AES device combines plaintext with a round key to obtain combined data, then routes the combined data through an AES SubBytes substitution stage that employs the static lookup table and a dynamic table to perform a masked multiplicative inverse in GF(22) to obtain substituted data. The substituted data is then routed through additional cryptographic AES stages to generate ciphertext. The additional stages may include further SubBytes stages that also exploit the static and dynamic tables. Other examples employ either a static lookup table or a dynamic lookup table but not both.

Abstract translation: 各种特征涉及加密密码，例如高级加密标准（AES）块密码。 在本文描述的一些示例中，经修改的掩蔽AES子字节过程使用在GF（22）中其自身的逆的静态查找表。 静态查找表有助于在GF（22）中的非线性替换操作期间计算乘法逆。在AES加密示例中，AES设备将明文与循环密钥相结合以获得组合数据，然后通过AES子字符替换阶段路由组合数据 其使用静态查找表和动态表来在GF（22）中执行掩蔽乘法逆，以获得替代数据。 然后，经替代数据通过附加密码AES阶段路由生成密文。 附加阶段可能还包括进一步利用静态和动态表的SubBytes阶段。 其他示例使用静态查找表或动态查找表，但不使用两者。

公开(公告)号：US20150092701A1

公开(公告)日：2015-04-02

申请号：US14489234

申请日：2014-09-17

Applicant: QUALCOMM Incorporated

Inventor： Gavin Bernard Horn ,  Anand Palanigounder ,  Olivier Jean Benoit

IPC: H04W76/02 ,  H04W4/00 ,  H04W84/12

CPC classification number: H04W76/11 ,  H04W4/50 ,  H04W8/18 ,  H04W12/04 ,  H04W84/12

Abstract: Methods, systems, and devices are described for provisioning of devices, such as UEs, for service at a wireless network. One or more device parameters may be identified for use in provisioning the device on the wireless network, which may be provided to a network element. The network element may use the provided parameters to access a subscription server. The subscription server may provide verification and/or subscription parameters of the device that may then be used by the device to verify that the device is authorized to access the wireless network.

Abstract translation: 描述了用于为无线网络服务的诸如UE之类的设备的供应的方法，系统和设备。 可以识别一个或多个设备参数，以用于在可以提供给网络元件的无线网络上提供设备。 网元可以使用所提供的参数来访问订阅服务器。 订阅服务器可以提供设备的验证和/或订阅参数，然后设备可以使用该参数来验证设备是否被授权接入无线网络。

公开(公告)号：US20140372701A1

公开(公告)日：2014-12-18

申请号：US14473736

申请日：2014-08-29

Applicant: QUALCOMM Incorporated

Inventor： Daniel KOMAROMY ,  Alexander Gantman ,  Brian Rosenberg ,  Arun Balakrishnan ,  Renwei Ge ,  Gregory Rose ,  Anand Palanigounder

IPC: G06F12/08

CPC classification number: G06F21/52 ,  G06F11/3037 ,  G06F11/3466 ,  G06F12/0811 ,  G06F12/0848 ,  G06F12/0875 ,  G06F12/14 ,  G06F21/554 ,  G06F21/566 ,  G06F2212/452

Abstract: Methods, devices, and systems for detecting return-oriented programming (ROP) exploits are disclosed. A system includes a processor, a main memory, and a cache memory. A cache monitor develops an instruction loading profile by monitoring accesses to cached instructions found in the cache memory and misses to instructions not currently in the cache memory. A remedial action unit terminates execution of one or more of the valid code sequences if the instruction loading profile is indicative of execution of an ROP exploit involving one or more valid code sequences. The instruction loading profile may be a hit/miss ratio derived from monitoring cache hits relative to cache misses. The ROP exploits may include code snippets that each include an executable instruction and a return instruction from valid code sequences.

Abstract translation: 公开了用于检测返回式编程（ROP）漏洞的方法，设备和系统。 系统包括处理器，主存储器和高速缓冲存储器。 高速缓存监视器通过监视对高速缓冲存储器中发现的高速缓存指令的访问来开发指令加载简档，并且错过当前不在高速缓冲存储器中的指令。 如果指令加载简档指示涉及一个或多个有效代码序列的ROP利用的执行，补救动作单元终止一个或多个有效代码序列的执行。 指令加载简档可以是相对于高速缓存未命中从监视高速缓存命中得到的命中/未命中比率。 ROP利用可能包括代码段，每个代码片段都包含可执行指令和来自有效代码序列的返回指令。

公开(公告)号：US08875265B2

公开(公告)日：2014-10-28

申请号：US13750816

申请日：2013-01-25

Applicant: Qualcomm Incorporated

Inventor： Anand Palanigounder

IPC: H04W12/06 ,  H04L29/06 ,  H04W8/20 ,  H04W12/04 ,  H04W4/00

CPC classification number: H04W12/06 ,  H04L63/062 ,  H04L63/0876 ,  H04W4/70 ,  H04W8/205 ,  H04W12/04

Abstract: The present application relates generally to wireless communication systems and more specifically to systems, methods, and devices for remote credentials management within wireless communication systems. In one aspect, a method of obtaining provisioning information via a service provider network, such as a cellular network, for a device is provided. The method includes transmitting an attach request via the service provider network for provisioning service, the attach request including device vendor information which includes a unique identifier for the device. The method further includes receiving provisioning information from the service provider upon authentication of the device vendor information. In other aspects, systems and methods for providing provisioning information are described.

Abstract translation: 本申请一般涉及无线通信系统，更具体地涉及用于无线通信系统内的远程凭证管理的系统，方法和设备。 在一个方面，提供了一种通过诸如蜂窝网络的服务提供商网络为设备获取供应信息的方法。 该方法包括经由服务提供商网络发送用于供应服务的附着请求，附加请求包括包括设备的唯一标识符的设备供应商信息。 该方法还包括：在认证设备供应商信息时从服务提供商接收供应信息。 在其他方面，描述用于提供供应信息的系统和方法。

公开(公告)号：US08868038B2

公开(公告)日：2014-10-21

申请号：US13627943

申请日：2012-09-26

Applicant: Qualcomm Incorporated

Inventor： George Cherian ,  Anand Palanigounder

IPC: H04M1/66 ,  G06F21/44 ,  H04L12/24 ,  H04L29/06 ,  G06F15/177 ,  H04W48/16 ,  H04W12/04

CPC classification number: H04W48/14 ,  G06F15/177 ,  G06F21/44 ,  H04L41/08 ,  H04L41/0886 ,  H04L63/062 ,  H04L63/18 ,  H04L65/1066 ,  H04W4/70 ,  H04W12/04 ,  H04W48/16

Abstract: A particular method includes transmitting a message from a first device to a second device. The message includes first information associated with identification of the first device. The first information enables the second device to obtain access data. The method also includes establishing a first communication link between the first device and the second device based on the access data. The method further includes receiving, via the first communication link, second information associated with establishment of a second communication link between the first device and a third device. The method also includes configuring the first device to establish the second communication link between the first device and the third device based on the second information.

Abstract translation: 一种特定方法包括将消息从第一设备发送到第二设备。 该消息包括与第一设备的标识相关联的第一信息。 第一信息使得第二设备能够获得访问数据。 该方法还包括基于访问数据在第一设备和第二设备之间建立第一通信链路。 该方法还包括经由第一通信链路接收与第一设备和第三设备之间的第二通信链路的建立相关联的第二信息。 该方法还包括基于第二信息配置第一设备以建立第一设备和第三设备之间的第二通信链路。

公开(公告)号：US20130281060A1

公开(公告)日：2013-10-24

申请号：US13917381

申请日：2013-06-13

Applicant: QUALCOMM Incorporated

Inventor： Adrian ESCOTT ,  Anand Palanigounder ,  Brian M. Rosenberg

IPC: H04W12/06

CPC classification number: H04W12/06 ,  H04L63/0823 ,  H04L63/0869 ,  H04W48/02 ,  H04W76/10 ,  H04W88/02

Abstract: A method and apparatus are provided for a subsidizing service provider entity to personalize a subscriber device to ensure the subscriber device cannot be used in a network of a different service provider entity. As the service provider entity subsidizes the subscriber device, it desires to ensure that subscriber device is personalized such that the subscriber device may operate only in its network and not a network of a different service provider entity. The subscriber device is pre-configured with a plurality of provider-specific and/or unassociated root certificates by the manufacturer of the subscriber device. A communication service is established between the service provider entity and the subscriber device allowing for the mutual authentication of the subscriber device and the service provider entity. After mutual authentication, the service provider entity sends a command to the subscriber device to disable/delete some/all root certificates that are unassociated with the service provider entity.

Abstract translation: 提供了一种用于补贴服务提供商实体个人化用户设备以确保订户设备不能在不同服务提供商实体的网络中使用的方法和装置。 当服务提供商实体补贴用户设备时，它希望确保订户设备被个性化，使得订户设备可以仅在其网络中操作，而不是不同于不同服务提供商实体的网络。 用户设备由用户设备的制造商预先配置有多个提供者特定和/或未相关的根证书。 在服务提供商实体和用户设备之间建立通信服务，允许用户设备和服务提供商实体的相互认证。 在相互认证之后，服务提供商实体向用户设备发送命令以禁用/删除与服务提供商实体不相关的一些/所有根证书。

公开(公告)号：US12058520B2

公开(公告)日：2024-08-06

申请号：US17648349

申请日：2022-01-19

Applicant: QUALCOMM Incorporated

Inventor： Hongil Kim ,  Soo Bum Lee ,  Adrian Edward Escott ,  Anand Palanigounder

IPC: H04W12/06 ,  H04W12/041 ,  H04W60/00 ,  H04W76/11 ,  H04W88/04

CPC classification number: H04W12/06 ,  H04W12/041 ,  H04W60/00 ,  H04W76/11 ,  H04W88/04

Abstract: Various aspects of the present disclosure generally relate to wireless communication. In some aspects, a user equipment (UE) may transmit, to a relay UE, a first message comprising a first freshness parameter, an identity of the UE, and authentication information, where the authentication information is used by a network node to authenticate the UE with security context information of the UE. The UE may derive a relay key for security establishment between the UE and the relay UE based on the first freshness parameter, a set of key generation parameters, and a shared key with the network node. The UE may derive a relay session key for security establishment between the UE and the relay UE based on the relay key, a first nonce of the UE, and a second nonce of the relay UE. Numerous other aspects are described.

公开(公告)号：US12052611B2

公开(公告)日：2024-07-30

申请号：US18299543

申请日：2023-04-12

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Adrian Edward Escott ,  Cogol Tina ,  Anand Palanigounder

IPC: H04W36/00 ,  H04W8/08 ,  H04W36/32 ,  H04W48/16 ,  H04W76/25

CPC classification number: H04W36/0022 ,  H04W8/08 ,  H04W36/0038 ,  H04W36/32 ,  H04W48/16 ,  H04W76/25

Abstract: In an aspect, the present disclosure includes a method, apparatus, and computer readable medium for wireless communications for configuring of a NAS COUNT value of a mapped EPS security context associated with an intersystem change of a UE from a 5G system to an EPS. The aspect includes generating, by a UE, a mapped EPS security context associated with an intersystem change of the UE from a 5G system to an EPS, wherein the mapped EPS security context comprises security parameters created based a 5G security context used for the 5G system, the security parameters enabling security-related communications between the UE and a network entity; determining an UL NAS COUNT value and the DL NAS COUNT value for the mapped EPS security context; and transmitting, by the UE, a NAS message to the network entity, the NAS message including the UL NAS COUNT value of the mapped EPS security context.

公开(公告)号：US12010107B2

公开(公告)日：2024-06-11

申请号：US17736044

申请日：2022-05-03

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Gavin Bernard Horn ,  Anand Palanigounder

IPC: H04L9/40 ,  H04W12/03 ,  H04L67/01 ,  H04W4/70 ,  H04W12/02 ,  H04W12/10

CPC classification number: H04L63/08 ,  H04L63/0428 ,  H04L63/06 ,  H04W12/03 ,  H04L67/01 ,  H04L2463/061 ,  H04W4/70 ,  H04W12/02 ,  H04W12/10

Abstract: In an aspect, a network supporting client devices includes one or more network nodes implementing network functions. Such network functions enable a client device to apply a security context to communications with the network when the client device is not in a connected mode. The client device obtains a user plane key shared with a user plane network function implemented at a first network node and/or a control plane key shared with a control plane network function implemented at a second network node. The client device protects a data packet with the user plane key or a control packet with the control plane key. The data packet includes first destination information indicating the first network node and the control packet includes second destination information indicating the second network node. The client device transmits the data packet or control packet.

公开(公告)号：US11831655B2

公开(公告)日：2023-11-28

申请号：US16146709

申请日：2018-09-28

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Adrian Edward Escott ,  Anand Palanigounder

IPC: H04L29/06 ,  H04L9/40 ,  H04W76/10 ,  H04W12/04 ,  H04W12/10

CPC classification number: H04L63/123 ,  H04L63/062 ,  H04L63/20 ,  H04W12/04 ,  H04W12/10 ,  H04W76/10 ,  H04L63/1466

Abstract: The present disclosure provides techniques that may be applied, for example, for providing network policy information in a secure manner. In some cases, a UE may receive a first message for establishing a secure connection with a network, wherein the first message comprises network policy information, generate a first key based in part on the network policy information, and use the first key to verify the network policy information.