-
公开(公告)号:US20120047551A1
公开(公告)日:2012-02-23
申请号:US12979874
申请日:2010-12-28
申请人: Sudhir B. Pattar , Inhyok Cha , Andreas Schmidt , Andreas Leicher , Yogendra C. Shah , Prabhakar R. Chitrapu , Lawrence Case
发明人: Sudhir B. Pattar , Inhyok Cha , Andreas Schmidt , Andreas Leicher , Yogendra C. Shah , Prabhakar R. Chitrapu , Lawrence Case
摘要: Systems, methods, and instrumentalities are disclosed that provide for a gateway outside of a network domain to provide services to a plurality of devices. For example, the gateway may act as a management entity or as a proxy for the network domain. As a management entity, the gateway may perform a security function relating to each of the plurality of devices. The gateway may perform the security function without the network domain participating or having knowledge of the particular devices. As a proxy for the network, the gateway may receive a command from the network domain to perform a security function relating to each of a plurality of devices. The network may know the identity of each of the plurality of devices. The gateway may perform the security function for each of the plurality of devices and aggregate related information before sending the information to the network domain.
摘要翻译: 公开了提供网络外部的网关以向多个设备提供服务的系统,方法和工具。 例如,网关可以充当管理实体或作为网络域的代理。 作为管理实体,网关可以执行与多个设备中的每一个相关的安全功能。 网关可以在没有参与网络域或具有特定设备的知识的情况下执行安全功能。 作为网络的代理,网关可以从网络域接收命令以执行与多个设备中的每一个相关的安全功能。 网络可以知道多个设备中的每一个的身份。 网关可以在向网络域发送信息之前对多个设备中的每一个执行安全功能并聚合相关信息。
-
公开(公告)号:US08949997B2
公开(公告)日:2015-02-03
申请号:US13582867
申请日:2011-03-04
CPC分类号: G06F21/57 , G06F17/30327 , G06F21/53 , G06F21/64 , G06F2221/034 , H04L9/3234 , H04L9/3265 , H04L63/02 , H04L63/123 , H04L63/126 , H04L2209/30 , H04L2209/805 , H04W4/70 , H04W12/08 , H04W12/10
摘要: Systems, methods, and apparatus are provided for generating verification data that may be used for validation of a wireless transmit-receive unit (WTRU). The verification data may be generated using a tree structure having protected registers, represented as root nodes, and component measurements, represented as leaf nodes. The verification data may be used to validate the WTRU. The validation may be performed using split-validation, which is a form of validation described that distributes validation tasks between two or more network entities. Subtree certification is also described, wherein a subtree of the tree structure may be certified by a third party.
摘要翻译: 提供了系统,方法和装置,用于产生可用于验证无线发射 - 接收单元(WTRU)的验证数据。 验证数据可以使用具有表示为叶节点的根节点和组件测量的受保护寄存器的树结构来生成。 验证数据可以用于验证WTRU。 可以使用拆分验证来执行验证,分裂验证是描述的验证形式,其在两个或多个网络实体之间分发验证任务。 还描述了子树认证,其中树结构的子树可以由第三方认证。
-
公开(公告)号:US08914636B2
公开(公告)日:2014-12-16
申请号:US13535563
申请日:2012-06-28
申请人: Inhyok Cha , Andreas Leicher , Andreas Schmidt , Louis J. Guccione , Yogendra C. Shah , Yousif Targali
发明人: Inhyok Cha , Andreas Leicher , Andreas Schmidt , Louis J. Guccione , Yogendra C. Shah , Yousif Targali
CPC分类号: H04L63/08 , H04L9/0816 , H04L9/32 , H04L12/2856 , H04L63/0815 , H04L63/102 , H04L63/205 , H04W12/06
摘要: Wireless telecommunications networks may implement various forms of authentication. There are a variety of different user and device authentication protocols that follow a similar network architecture, involving various network entities such as a user equipment (UE), a service provider (SP), and an authentication endpoint (AEP). To select an acceptable authentication protocol or credential for authenticating a user or UE, authentication protocol negotiations may take place between various network entities. For example, negotiations may take place in networks implementing a single-sign on (SSO) architecture and/or networks implementing a Generic Bootstrapping Architecture (GBA).
摘要翻译: 无线电信网络可以实现各种形式的认证。 存在各种不同的用户和设备认证协议,其遵循类似的网络架构,涉及诸如用户设备(UE),服务提供商(SP)和认证端点(AEP)的各种网络实体。 为了选择用于验证用户或UE的可接受的认证协议或凭证,认证协议协商可以在各种网络实体之间进行。 例如,可以在实现单点登录(SSO)架构和/或实现通用引导架构(GBA)的网络的网络中进行协商。
-
公开(公告)号:US08850545B2
公开(公告)日:2014-09-30
申请号:US13428836
申请日:2012-03-23
CPC分类号: H04L9/0819 , G06F21/335 , G06F21/42 , G06F21/53 , G06F21/575 , G06F2221/2107 , G06F2221/2149 , H04L9/3271 , H04L63/0272 , H04L63/062 , H04L63/0869 , H04L63/168 , H04L67/02 , H04L67/42 , H04W12/02 , H04W12/04 , H04W12/06
摘要: Secure communications may be established amongst network entities for performing authentication and/or verification of the network entities. For example, a user equipment (UE) may establish a secure channel with an identity provider, capable of issuing user identities for authentication of the user/UE. The UE may also establish a secure channel with a service provider, capable of providing services to the UE via a network. The identity provider may even establish a secure channel with the service provider for performing secure communications. The establishment of each of these secure channels may enable each network entity to authenticate to the other network entities. The secure channels may also enable the UE to verify that the service provider with which it has established the secure channel is an intended service provider for accessing services.
摘要翻译: 可以在用于执行网络实体的认证和/或验证的网络实体之间建立安全通信。 例如,用户设备(UE)可以建立具有身份提供商的安全信道,能够发出用户/ UE用户身份。 UE还可以与服务提供商建立安全信道,能够经由网络向UE提供服务。 身份提供商甚至可以与服务提供商建立用于执行安全通信的安全信道。 这些安全信道中的每一个的建立可以使每个网络实体能够对其他网络实体进行认证。 安全信道还可以使得UE能够验证其已建立安全信道的服务提供商是用于接入服务的预期服务提供商。
-
公开(公告)号:US20130198838A1
公开(公告)日:2013-08-01
申请号:US13582867
申请日:2011-03-04
IPC分类号: H04W12/10
CPC分类号: G06F21/57 , G06F17/30327 , G06F21/53 , G06F21/64 , G06F2221/034 , H04L9/3234 , H04L9/3265 , H04L63/02 , H04L63/123 , H04L63/126 , H04L2209/30 , H04L2209/805 , H04W4/70 , H04W12/08 , H04W12/10
摘要: Systems, methods, and apparatus are provided for generating verification data that may be used for validation of a wireless transmit-receive unit (WTRU). The verification data may be generated using a tree structure having protected registers, represented as root nodes, and component measurements, represented as leaf nodes. The verification data may be used to validate the WTRU. The validation may be performed using split-validation, which is a form of validation described that distributes validation tasks between two or more network entities. Subtree certification is also described, wherein a subtree of the tree structure may be certified by a third party.
摘要翻译: 提供了系统,方法和装置,用于产生可用于验证无线发射 - 接收单元(WTRU)的验证数据。 验证数据可以使用具有表示为叶节点的根节点和组件测量的受保护寄存器的树结构来生成。 验证数据可以用于验证WTRU。 可以使用拆分验证来执行验证,分裂验证是描述的验证形式,其在两个或多个网络实体之间分发验证任务。 还描述了子树认证,其中树结构的子树可以由第三方认证。
-
公开(公告)号:US20120072979A1
公开(公告)日:2012-03-22
申请号:US13023985
申请日:2011-02-09
申请人: Inhyok Cha , Andreas Schmidt , Andreas Leicher , Yogendra C. Shah , Louis J. Guccione , Dolores F. Howry
发明人: Inhyok Cha , Andreas Schmidt , Andreas Leicher , Yogendra C. Shah , Louis J. Guccione , Dolores F. Howry
CPC分类号: H04L63/0815 , G06F21/34 , G06F21/35 , G06F2221/2115 , H04L63/0853 , H04W12/06
摘要: A trusted computing environment, such as a smartcard, UICC, Java card, global platform, or the like may be used as a local host trust center and a proxy for a single-sign on (SSO) provider. This may be referred to as a local SSO provider (OP). This may be done, for example, to keep authentication traffic local and to prevent over the air communications, which may burden an operator network. To establish the OP proxy in the trusted environment, the trusted environment may bind to the SSO provider in a number of ways. For example, the SSO provider may interoperate with UICC-based UE authentication or GBA. In this way, user equipment may leverage the trusted environment in order to provide increased security and reduce over the air communications and authentication burden on the OP or operator network.
摘要翻译: 可以使用诸如智能卡,UICC,Java卡,全球平台等的可信计算环境作为本地主机信任中心和用于单点登录(SSO)提供商的代理。 这可以被称为本地SSO提供商(OP)。 这可以被实现,例如,保持认证流量本地并且防止空中通信,这可能会对运营商网络造成负担。 要在受信任的环境中建立OP代理,可信环境可以通过多种方式绑定到SSO提供者。 例如,SSO提供商可以与基于UICC的UE认证或GBA进行互操作。 以这种方式,用户设备可以利用可信环境来提供增加的安全性并减少OP或运营商网络上的空中通信和认证负担。
-
17.发明授权公开(公告)号:US09009801B2
公开(公告)日:2015-04-14
申请号:US13341670
申请日:2011-12-30
申请人: Yogendra C. Shah , Inhyok Cha , Andreas Schmidt , Louis J. Guccione , Lawrence Case , Andreas Leicher , Yousif Targali
发明人: Yogendra C. Shah , Inhyok Cha , Andreas Schmidt , Louis J. Guccione , Lawrence Case , Andreas Leicher , Yousif Targali
CPC分类号: H04L63/08 , H04L63/0209 , H04L63/0815 , H04L63/0892 , H04L63/10 , H04L63/18 , H04W12/04 , H04W12/06 , H04W12/08 , H04W36/0038
摘要: Persistent communication layer credentials generated on a persistent communication layer at one network may be leveraged to perform authentication on another. For example, the persistent communication layer credentials may include application-layer credentials derived on an application layer. The application-layer credentials may be used to establish authentication credentials for authenticating a mobile device for access to services at a network server. The authentication credentials may be derived from the application-layer credentials of another network to enable a seamless handoff from one network to another. The authentication credentials may be derived from the application-layer credentials using reverse bootstrapping or other key derivation functions. The mobile device and/or network entity to which the mobile device is being authenticated may enable communication of authentication information between the communication layers to enable authentication of a device using multiple communication layers.
摘要翻译: 可以利用在一个网络上的持久通信层上生成的持久通信层凭证来执行对另一个网络的认证。 例如,持久通信层凭证可以包括在应用层上导出的应用层凭证。 应用层凭证可以用于建立认证凭证,用于认证移动设备以访问网络服务器处的服务。 认证证书可以从另一网络的应用层凭证导出,以实现从一个网络到另一个网络的无缝切换。 认证证书可以使用反向引导或其他密钥导出功能从应用层凭证中导出。 移动设备和/或网络实体对移动设备进行身份验证可以实现通信层之间的认证信息的通信,从而能够使用多个通信层对设备进行认证。
-
公开(公告)号:US20130125226A1
公开(公告)日:2013-05-16
申请号:US13458422
申请日:2012-04-27
IPC分类号: H04W12/06
摘要: Users desire useable security or a seamless means for accessing internet services whereby user interaction in the provisioning of credentials may be kept to a minimum or even eliminated entirely. The Single Sign-On (SSO) identity management (IdM) concept may be a means by which a user may be provided with such ease of use, while enabling user-assisted and network-assisted authentication for access to desired services. To enable seamless authentication services to users, a unified framework and a protocol layer interface for managing multiple authentication methods may be used.
摘要翻译: 用户希望可用的安全性或用于访问互联网服务的无缝手段,从而可以将凭证提供中的用户交互保持最小或甚至完全消除。 单点登录(SSO)身份管理(IdM)概念可以是为用户提供这种易用性的手段,同时允许用户辅助和网络辅助认证来访问期望的服务。 为了实现对用户的无缝认证服务,可以使用用于管理多种认证方法的统一框架和协议层接口。
-
公开(公告)号:US20120290870A1
公开(公告)日:2012-11-15
申请号:US13289154
申请日:2011-11-04
申请人: Yogendra C. Shah , Lawrence Case , Dolores F. Howry , Inhyok Cha , Andreas Leicher , Andreas Schmidt
发明人: Yogendra C. Shah , Lawrence Case , Dolores F. Howry , Inhyok Cha , Andreas Leicher , Andreas Schmidt
CPC分类号: G06F11/0709 , G06F11/0751 , G06F11/079 , G06F11/0793 , G06F11/08 , G06F21/10 , G06F21/575 , G06F2221/2103 , G06F2221/2111 , H04L63/123 , H04M1/24 , H04W8/22 , H04W12/10 , H04W24/02
摘要: A wireless communications device may be configured to perform integrity checking and interrogation with a network entity to isolate a portion of a failed component on the wireless network device for remediation. Once an integrity failure is determined on a component of the device, the device may identify a functionality associated with the component and indicate the failed functionality to the network entity. Both the wireless network device and the network entity may identify the failed functionality and/or failed component using a component-to-functionality map. After receiving an indication of an integrity failure at the device, the network entity may determine that one or more additional iterations of integrity checking may be performed at the device to narrow the scope of the integrity failure on the failed component. Once the integrity failure is isolated, the network entity may remediate a portion of the failed component on the wireless communications device.
摘要翻译: 无线通信设备可以被配置为执行与网络实体的完整性检查和询问,以隔离无线网络设备上的故障组件的一部分以进行修复。 一旦在设备的组件上确定完整性故障,则设备可以识别与组件相关联的功能并且向网络实体指示失败的功能。 无线网络设备和网络实体都可以使用组件到功能映射来识别故障功能和/或故障组件。 在接收到设备上的完整性故障的指示之后,网络实体可以确定可以在设备处执行完整性检查的一个或多个附加迭代以缩小故障组件上的完整性故障的范围。 一旦完整性故障被隔离,则网络实体可以修复无线通信设备上的故障组件的一部分。
-
20.发明申请公开(公告)号:US20110041003A1
公开(公告)日:2011-02-17
申请号:US12718572
申请日:2010-03-05
申请人: Sudhir B. Pattar , Inhyok Cha , Andreas U. Schmidt , Andreas Leicher , Yogendra C. Shah , Dolores F. Howry , David G. Greiner , Lawrence L. Case , Michael V. Meyerstein , Louis J. Guccione
发明人: Sudhir B. Pattar , Inhyok Cha , Andreas U. Schmidt , Andreas Leicher , Yogendra C. Shah , Dolores F. Howry , David G. Greiner , Lawrence L. Case , Michael V. Meyerstein , Louis J. Guccione
CPC分类号: H04L41/0869 , H04L41/0654 , H04L41/0681 , H04L63/123 , H04L63/166 , H04W12/10 , H04W84/045
摘要: An apparatus and method for providing home evolved node-B (H(e)NB) integrity verification and validation using autonomous validation and semi-autonomous validation is disclosed herein.
摘要翻译: 本文公开了一种使用自主验证和半自主验证来提供家庭演进节点B(H(e)NB)完整性验证和验证的装置和方法。
-
-
-
-
-
-
-
-
-
搜索结果
80 条记录 (耗时 0.041 秒)
