公开(公告)号：US09526009B1

公开(公告)日：2016-12-20

申请号：US14725464

申请日：2015-05-29

Applicant: QUALCOMM Incorporated

Inventor： Michele Berionne ,  Anand Palanigounder

IPC: H04L9/08 ,  H04L9/32 ,  H04W12/04 ,  H04W12/08 ,  H04B1/3816

CPC classification number: H04W12/08 ,  H04B1/3816 ,  H04W12/06

Abstract: A method for protecting data on a mobile communication device, comprising: reading existing security data from a universal integrated circuit card (UICC) during a current (second) power cycle; and utilizing the existing security data to decrypt data stored to a mobile communication device during a previous (first) power cycle.

Abstract translation: 一种用于保护移动通信设备上的数据的方法，包括：在当前（第二）功率循环期间从通用集成电路卡（UICC）读取现有的安全数据; 并且利用现有的安全数据在先前（第一）功率循环期间解密存储到移动通信设备的数据。

公开(公告)号：US09497102B2

公开(公告)日：2016-11-15

申请号：US13691347

申请日：2012-11-30

Applicant: Qualcomm Incorporated

Inventor： George Cherian ,  Jun Wang ,  Anand Palanigounder ,  John Wallace Nasielski

IPC: H04W76/00 ,  H04W76/02 ,  H04W76/04 ,  H04L12/701 ,  H04W4/00

CPC classification number: H04W4/70 ,  H04L45/00 ,  H04W76/11

Abstract: Systems and methods for control and triggering of machine to machine (M2M) devices (e.g., smart meters). More specifically how to allow an M2M service provider (e.g., utility company) to use an operator's network to communicate with the M2M device connected with a UE/GW associated with the operator's network. The M2M service provider may receive identification of the UE/GW, but not for the M2M device. By transmitting an identifier for the M2M device along with an identifier for the UE/GW, the network operator may define establish and maintain a communication path specific to M2M devices. Similar techniques may be incorporated to allow the M2M service provider to locate and trigger the M2M device.

Abstract translation: 用于机器对机器（M2M）设备（例如，智能电表）的控制和触发的系统和方法。 更具体地，如何允许M2M服务提供商（例如，公用事业公司）使用运营商的网络与与与运营商的网络相关联的UE / GW连接的M2M设备进行通信。 M2M服务提供商可以接收UE / GW的标识，但不能接收M2M设备的标识。 通过发送用于M2M设备的标识符以及UE / GW的标识符，网络运营商可以定义建立和维护专用于M2M设备的通信路径。 可并入类似技术以允许M2M服务提供商定位和触发M2M设备。

公开(公告)号：US20160277927A1

公开(公告)日：2016-09-22

申请号：US14829432

申请日：2015-08-18

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Anand Palanigounder ,  Gavin Bernard Horn

IPC: H04W12/06 ,  H04W60/00 ,  H04W4/20 ,  H04W76/02

CPC classification number: H04W12/06 ,  H04L63/126 ,  H04L67/16 ,  H04W4/20 ,  H04W60/00 ,  H04W76/11

Abstract: At least one feature pertains to a method operational at a user device. The method includes receiving and storing a shared key from an application service provider, and determining that a wireless communication network provides application-specific access to an application service provided by the application service provider. The method further includes transmitting a registration request that includes a device identifier and an application identifier associated with the application service to the wireless communication network. The registration request is transmitted to the application service provider using a data connection through a packet data network. The method further includes receiving authentication information derived at the application service provider that is based on the shared key, and performing authentication and key agreement with the network based on the authentication information and the stored shared key. The user device may then communicate with the application service after authentication and key agreement is successfully performed.

Abstract translation: 至少一个特征涉及在用户设备上操作的方法。 该方法包括从应用服务提供商接收和存储共享密钥，以及确定无线通信网络向由应用服务提供商提供的应用服务提供针对特定应用的访问。 该方法还包括向无线通信网络发送包括设备标识符和与应用服务相关联的应用标识符的注册请求。 注册请求通过分组数据网络使用数据连接传输到应用服务提供商。 该方法还包括接收基于所述共享密钥在所述应用服务提供商处导出的认证信息，并且基于所述认证信息和所存储的共享密钥来执行与所述网络的认证和密钥协商。 然后，用户设备可以在验证之后与应用服务通信，并且密钥协商成功执行。

公开(公告)号：US20160242137A1

公开(公告)日：2016-08-18

申请号：US15139797

申请日：2016-04-27

Applicant: QUALCOMM Incorporated

Inventor： Olivier Jean Benoit ,  Peerapol Tinnakornsrisuphap ,  Etan Gur Cohen ,  Anand Palanigounder

IPC: H04W60/00 ,  G06K19/06 ,  H04L12/24

CPC classification number: H04W60/00 ,  G06K19/06037 ,  H04L12/2809 ,  H04L29/06551 ,  H04L29/06782 ,  H04L41/0806 ,  H04L41/0809 ,  H04L41/28 ,  H04L63/08 ,  H04L63/083 ,  H04L63/10 ,  H04W12/06 ,  H04W84/18

Abstract: A new enrollee device is configured for a communication network using an electronic device and a network registrar. The new enrollee device is a headless device that lacks a first user interface for configuring the new enrollee device for the communication network. The electronic device obtains, at a sensor, sensor information that is indicative of a device key associated with the new enrollee device. The electronic device determines the device key based on the sensor information. The device key is provided to the network registrar to cause the network registrar to configure the new enrollee device for the communication network.

Abstract translation: 新的登记器设备被配置为使用电子设备和网络注册器的通信网络。 新的注册设备是无头设备，其缺少用于为通信网络配置新的登记器设备的第一用户界面。 电子设备在传感器处获取指示与新的登记者设备相关联的设备密钥的传感器信息。 电子设备基于传感器信息确定设备密钥。 设备密钥被提供给网络注册器以使网络注册器配置用于通信网络的新的登记者设备。

公开(公告)号：US20160241516A1

公开(公告)日：2016-08-18

申请号：US15140211

申请日：2016-04-27

Applicant: QUALCOMM Incorporated

Inventor： Peerapol Tinnakornsrisuphap ,  Anand Palanigounder ,  Ranjith Jayaram ,  Lakshminath Reddy Dondeti ,  Jun Wang

IPC: H04L29/06 ,  H04L29/12 ,  H04L12/66 ,  H04L12/46

CPC classification number: H04L63/029 ,  G06F1/3209 ,  G06F3/1454 ,  H04L12/2803 ,  H04L12/2838 ,  H04L12/4633 ,  H04L12/66 ,  H04L61/1511 ,  H04L63/0272 ,  H04L63/08 ,  H04L63/164 ,  H04L67/025 ,  H04L67/08 ,  H04L67/125 ,  H04L2012/285 ,  H04W76/12 ,  H04W84/045 ,  H04W84/105 ,  H04W88/08 ,  H04W88/16 ,  H04W92/02

Abstract: Multiple protocol tunnels (e.g., IPsec tunnels) are deployed to enable an access terminal that is connected to a network to access a local network associated with a femto access point. A first protocol tunnel is established between a security gateway and the femto access point. A second protocol tunnel is then established in either of two ways. In some implementations the second protocol tunnel is established between the access terminal and the security gateway. In other implementations the second protocol tunnel is established between the access terminal and the femto access point, whereby a portion of the tunnel is routed through the first tunnel.

Abstract translation: 多个协议隧道（例如，IPsec隧道）被部署以使得连接到网络的接入终端能够访问与毫微微接入点相关联的本地网络。 在安全网关和毫微微接入点之间建立第一协议隧道。 然后以两种方式之一建立第二协议隧道。 在一些实现中，在接入终端和安全网关之间建立第二协议隧道。 在其他实现中，在接入终端和毫微微接入点之间建立第二协议隧道，由此隧道的一部分被路由穿过第一隧道。

公开(公告)号：US09407754B1

公开(公告)日：2016-08-02

申请号：US14622742

申请日：2015-02-13

Applicant: QUALCOMM Incorporated

Inventor： Olivier Jean Benoit ,  Rishab Nithyanand ,  Rosario Cammarota ,  Anand Palanigounder

IPC: H04M1/66 ,  H04M1/725 ,  H04W12/06 ,  H04L29/06 ,  H04W12/12

CPC classification number: H04M1/72577 ,  H04L63/1425 ,  H04W12/06 ,  H04W12/12

Abstract: Techniques for authenticating a user of a mobile device at a computing platform are provided. A method according to these techniques includes generating a first profile and second profile of user behavior for the user of the mobile device, the first profile comprising a first type of profile having at least a first duration and the second profile comprising a second type of profile having a second duration that is shorter than the first duration, monitoring user behavior to generate usage behavior data, comparing the usage behavior data to the first profile and the second profile, performing a first type of authentication action responsive to the usage behavior data deviating from the first profile, and performing a second type of authentication action responsive to the usage behavior data deviating from the second profile.

Abstract translation: 提供了用于在计算平台上认证移动设备的用户的技术。 根据这些技术的方法包括为移动设备的用户生成用户行为的第一简档和第二简档，第一简档包括具有至少第一持续时间的第一类型的简档，并且第二简档包括第二类型的简档 具有比第一持续时间短的第二持续时间，监视用户行为以生成使用行为数据，将使用行为数据与第一配置文件和第二配置文件进行比较，响应于偏离的使用行为数据执行第一类型的认证动作 所述第一简档，以及响应于偏离所述第二简档的所述使用行为数据执行第二类型的认证动作。

公开(公告)号：US09357385B2

公开(公告)日：2016-05-31

申请号：US13659689

申请日：2012-10-24

Applicant: QUALCOMM Incorporated

Inventor： Olivier Jean Benoit ,  Peerapol Tinnakornsrisuphap ,  Etan Gur Cohen ,  Anand Palanigounder

IPC: H04W12/06 ,  H04L12/28 ,  H04L12/24 ,  H04L29/06 ,  H04W84/18

CPC classification number: H04W60/00 ,  G06K19/06037 ,  H04L12/2809 ,  H04L29/06551 ,  H04L29/06782 ,  H04L41/0806 ,  H04L41/0809 ,  H04L41/28 ,  H04L63/08 ,  H04L63/083 ,  H04L63/10 ,  H04W12/06 ,  H04W84/18

Abstract: An electronic device obtains a device password associated with the new enrollee device to be configured for a communication network. The device password is provided to a network registrar to cause the network registrar to configure the new enrollee device for the communication network. The network registrar performs an enrollment process based upon the device password and provides feedback to the electronic device to indicate whether or not the new enrollee device was successfully added to the communication network. Alternatively, when an electronic device detects the presence of a new enrollee device to be configured for the communication network, the electronic device generates a device password for the new enrollee device and provides the device password to the new enrollee device and to the network registrar, thereby causing the network registrar to initiate an enrollment process for the new enrollee device based upon the device password.

Abstract translation: 电子设备获得与要配置用于通信网络的新登记器设备相关联的设备密码。 将设备密码提供给网络注册器，以使网络注册商配置通信网络的新注册设备。 网络注册器基于设备密码执行注册过程，并向电子设备提供反馈，以指示新的登记器设备是否已成功添加到通信网络。 或者，当电子设备检测到要为通信网络配置的新的登记器设备的存在时，电子设备生成新的登记者设备的设备密码，并将设备密码提供给新的登记者设备和网络注册器， 从而使得网络注册商基于设备密码启动新的登记者设备的注册过程。

公开(公告)号：US09344891B2

公开(公告)日：2016-05-17

申请号：US14557315

申请日：2014-12-01

Applicant: QUALCOMM Incorporated

Inventor： Anand Palanigounder ,  Jun Wang ,  Xiaoxia Zhang ,  Gordon Kent Walker

IPC: H04M1/66 ,  H04W12/06 ,  H04L12/18 ,  H04L29/06 ,  H04W4/06 ,  H04W12/04 ,  H04L9/32

CPC classification number: H04W12/06 ,  H04L9/3242 ,  H04L12/1868 ,  H04L63/0823 ,  H04L63/168 ,  H04W4/06 ,  H04W12/04

Abstract: In a first configuration, a UE receives, from a service provider, a certificate authority list. The certificate authority list is at least one of integrity protected or encrypted based on a credential known by the UE and the service provider and stored on a smartcard in the UE. The UE authenticates a server using the received certificate authority list. In a second configuration, the UE receives a user service discovery/announcement including a reception report configuration and an address of a server. The UE sends a protected reception report to the server based on the reception report configuration. In a third configuration, the UE receives a protected broadcast announcement and communicates based on the broadcast announcement. The broadcast announcement is at least one of integrity protected or encrypted based on a credential known by the UE and stored on a smartcard in the UE.

公开(公告)号：US09344553B1

公开(公告)日：2016-05-17

申请号：US14622742

申请日：2015-02-13

Applicant: QUALCOMM Incorporated

Inventor： Olivier Jean Benoit ,  Rishab Nithyanand ,  Rosario Cammarota ,  Anand Palanigounder

IPC: H04M1/66 ,  H04M1/725 ,  H04W12/06

Abstract: Techniques for authenticating a user of a mobile device at a computing platform are provided. A method according to these techniques includes generating a first profile and second profile of user behavior for the user of the mobile device, the first profile comprising a first type of profile having at least a first duration and the second profile comprising a second type of profile having a second duration that is shorter than the first duration, monitoring user behavior to generate usage behavior data, comparing the usage behavior data to the first profile and the second profile, performing a first type of authentication action responsive to the usage behavior data deviating from the first profile, and performing a second type of authentication action responsive to the usage behavior data deviating from the second profile.

公开(公告)号：US20160135045A1

公开(公告)日：2016-05-12

申请号：US14539275

申请日：2014-11-12

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Abhishek Pramod Patil ,  George Cherian ,  Santosh Paul Abraham ,  Anand Palanigounder

IPC: H04W12/06 ,  H04L29/06

CPC classification number: H04W12/06 ,  H04L9/08 ,  H04L9/0833 ,  H04L63/065 ,  H04L63/08 ,  H04L63/0807 ,  H04L2463/121 ,  H04W12/04

Abstract: Methods, systems, apparatuses, and devices are described for authenticating in a network. A mobile device may establish a group account with an authentication server associated with the group. Upon successfully completing group account establishment, the mobile device receives a group authentication token that includes information associated with the authentication server, the group, the mobile device, a group key, versioning information, etc. The mobile device may use the group authentication token to authenticate with another mobile device that is a member of the same group. The versioning information may support backwards-compatibility between the group authentication tokens having different versions.

Abstract translation: 描述了用于在网络中认证的方法，系统，设备和设备。 移动设备可以与与该组相关联的认证服务器建立组帐户。 在成功完成组帐户建立之后，移动设备接收包括与认证服务器，组，移动设备，组密钥，版本信息等相关联的信息的组认证令牌。移动设备可以使用组认证令牌 与作为同一组成员的另一个移动设备进行身份验证。 版本信息可能支持具有不同版本的组认证令牌之间的向后兼容性。