-
公开(公告)号:US20130080769A1
公开(公告)日:2013-03-28
申请号:US13428836
申请日:2012-03-23
IPC分类号: H04L9/32
CPC分类号: H04L9/0819 , G06F21/335 , G06F21/42 , G06F21/53 , G06F21/575 , G06F2221/2107 , G06F2221/2149 , H04L9/3271 , H04L63/0272 , H04L63/062 , H04L63/0869 , H04L63/168 , H04L67/02 , H04L67/42 , H04W12/02 , H04W12/04 , H04W12/06
摘要: Secure communications may be established amongst network entities for performing authentication and/or verification of the network entities. For example, a user equipment (UE) may establish a secure channel with an identity provider, capable of issuing user identities for authentication of the user/UE. The UE may also establish a secure channel with a service provider, capable of providing services to the UE via a network. The identity provider may even establish a secure channel with the service provider for performing secure communications. The establishment of each of these secure channels may enable each network entity to authenticate to the other network entities. The secure channels may also enable the UE to verify that the service provider with which it has established the secure channel is an intended service provider for accessing services.
摘要翻译: 可以在用于执行网络实体的认证和/或验证的网络实体之间建立安全通信。 例如,用户设备(UE)可以建立具有身份提供商的安全信道,能够发出用户/ UE用户身份。 UE还可以与服务提供商建立安全信道,能够经由网络向UE提供服务。 身份提供商甚至可以与服务提供商建立用于执行安全通信的安全信道。 这些安全信道中的每一个的建立可以使每个网络实体能够对其他网络实体进行认证。 安全信道还可以使得UE能够验证其已建立安全信道的服务提供商是用于接入服务的预期服务提供商。
-
公开(公告)号:US20120047551A1
公开(公告)日:2012-02-23
申请号:US12979874
申请日:2010-12-28
申请人: Sudhir B. Pattar , Inhyok Cha , Andreas Schmidt , Andreas Leicher , Yogendra C. Shah , Prabhakar R. Chitrapu , Lawrence Case
发明人: Sudhir B. Pattar , Inhyok Cha , Andreas Schmidt , Andreas Leicher , Yogendra C. Shah , Prabhakar R. Chitrapu , Lawrence Case
摘要: Systems, methods, and instrumentalities are disclosed that provide for a gateway outside of a network domain to provide services to a plurality of devices. For example, the gateway may act as a management entity or as a proxy for the network domain. As a management entity, the gateway may perform a security function relating to each of the plurality of devices. The gateway may perform the security function without the network domain participating or having knowledge of the particular devices. As a proxy for the network, the gateway may receive a command from the network domain to perform a security function relating to each of a plurality of devices. The network may know the identity of each of the plurality of devices. The gateway may perform the security function for each of the plurality of devices and aggregate related information before sending the information to the network domain.
摘要翻译: 公开了提供网络外部的网关以向多个设备提供服务的系统,方法和工具。 例如,网关可以充当管理实体或作为网络域的代理。 作为管理实体,网关可以执行与多个设备中的每一个相关的安全功能。 网关可以在没有参与网络域或具有特定设备的知识的情况下执行安全功能。 作为网络的代理,网关可以从网络域接收命令以执行与多个设备中的每一个相关的安全功能。 网络可以知道多个设备中的每一个的身份。 网关可以在向网络域发送信息之前对多个设备中的每一个执行安全功能并聚合相关信息。
-
公开(公告)号:US20110302638A1
公开(公告)日:2011-12-08
申请号:US13084840
申请日:2011-04-12
申请人: Inhyok Cha , Yogendra C. Shah , Lawrence Case
发明人: Inhyok Cha , Yogendra C. Shah , Lawrence Case
IPC分类号: G06F21/20
CPC分类号: G06F21/57 , G06F21/86 , H04L9/0861 , H04L63/08 , H04W12/10 , H04W84/045
摘要: Integrity validation of a network device may be performed. A network device comprising a secure hardware module, may receive a root key. The secure hardware module may also receive a first code measurement. The secure hardware module may provide a first key based on the root key and the first code measurement. The secure hardware module may receive a second code measurement and provide a second key based on the first key and the second code measurement. The release of keys based on code measurements may provide authentication in stages.
摘要翻译: 可以执行网络设备的完整性验证。 包括安全硬件模块的网络设备可以接收根密钥。 安全硬件模块还可以接收第一代码测量。 安全硬件模块可以基于根密钥和第一代码测量来提供第一密钥。 安全硬件模块可以接收第二代码测量,并且基于第一密钥和第二代码测量提供第二密钥。 基于代码测量的键的释放可以分阶段地进行认证。
-
24.发明申请公开(公告)号:US20110099361A1
公开(公告)日:2011-04-28
申请号:US12760690
申请日:2010-04-15
CPC分类号: H04W12/10 , H04L63/123
摘要: A device may include a trusted component. The trusted component may be verified by a trusted third party and may have a certificate of verification stored therein based on the verification by the trusted third party. The trusted component may include a root of trust that may provide secure code and data storage and secure application execution. The root of trust may also be configured to verify an integrity of the trusted component via a secure boot and to prevent access to the certain information in the device if the integrity of the trusted component may not be verified.
摘要翻译: 设备可以包括可信组件。 受信任的组件可以由受信任的第三方验证,并且可以基于可信赖的第三方的验证来存储其中的验证证书。 受信任的组件可以包括可以提供安全代码和数据存储以及安全应用执行的信任根。 还可以配置信任根以通过安全引导来验证可信组件的完整性,并且如果可信组件的完整性可能未被验证,则阻止访问设备中的某些信息。
-
公开(公告)号:US20110010543A1
公开(公告)日:2011-01-13
申请号:US12718480
申请日:2010-03-05
申请人: Andreas U. Schmidt , Andreas Leicher , Inhyok Cha , Yogendra C. Shah , Sudhir B. Pattar , Dolores F. Howry , David G. Greiner , Lawrence Case , Michael V. Meyerstein , Louis J. Guccione
发明人: Andreas U. Schmidt , Andreas Leicher , Inhyok Cha , Yogendra C. Shah , Sudhir B. Pattar , Dolores F. Howry , David G. Greiner , Lawrence Case , Michael V. Meyerstein , Louis J. Guccione
IPC分类号: H04L9/32
CPC分类号: H04W12/10 , G06F21/44 , G06F21/57 , H04L63/123 , H04W12/0023 , H04W12/00502 , H04W12/00512 , H04W12/06 , H04W12/08
摘要: Methods, components and apparatus for implementing platform validation and management (PVM) are disclosed. PVM provides the functionality and operations of a platform validation entity with remote management of devices by device management components and systems such as a home node-B management system or component. Example PVM operations bring devices into a secure target state before allowing connectivity and access to a core network.
摘要翻译: 公开了实现平台验证和管理(PVM)的方法,组件和设备。 PVM通过设备管理组件和系统(如家庭节点B管理系统或组件)提供对设备进行远程管理的平台验证实体的功能和操作。 示例PVM操作在允许连接和访问核心网络之前将设备置于安全目标状态。
-
公开(公告)号:US20100153727A1
公开(公告)日:2010-06-17
申请号:US12639293
申请日:2009-12-16
申请人: Alexander Reznik , Yogendra C. Shah
发明人: Alexander Reznik , Yogendra C. Shah
IPC分类号: H04L9/32
CPC分类号: H04W12/04 , H04L9/0822 , H04L9/0841 , H04L9/321 , H04L63/162 , H04L2209/80 , H04W12/08 , H04W76/14
摘要: A method for secure direct link communications between multiple wireless transmit/receive units (WTRUs). The WTRUs exchange nonces that are used for generating a common nonce. A group identification information element (GIIE) is generated from at least the common nonce and is forwarded to an authentication server. The authentication server generates a group direct link master key (GDLMK) from the GIIE to match WTRUs as part of a key agreement group. Group key encryption key (GKEK) and a group key confirmation key (GKCK) are also generated based on the common nonce and are used to encrypt and sign the GDLMK so that base stations do not have access to the GDLMK. Also disclosed is a method for selecting a key management suite (KMS) to generate temporal keys. A KMS index (KMSI) may be set according to a selected KMS, transmitted to another WTRU and used to establish a direct link.
摘要翻译: 一种用于多个无线发射/接收单元(WTRU)之间的安全直接链路通信的方法。 WTRU交换用于生成公共随机数的随机数。 从至少公共随机数生成组标识信息元素(GIIE),并将其转发给认证服务器。 认证服务器从GIIE生成组直接链路主密钥(GDLMK),作为密钥协商组的一部分匹配WTRU。 组密钥加密密钥(GKEK)和组密钥确认密钥(GKCK)也是基于通用随机数生成的,用于对GDLMK进行加密和签名,以使基站无法访问GDLMK。 还公开了一种用于选择密钥管理套件(KMS)以生成时间密钥的方法。 可以根据所选择的KMS设置KMS索引(KMSI),发送到另一个WTRU并用于建立直接链路。
-
公开(公告)号:US20080267114A1
公开(公告)日:2008-10-30
申请号:US12111259
申请日:2008-04-29
申请人: Rajat P. Mukherjee , Shankar Somasudaram , Ulises Olvera-Hernandez , Yogendra C. Shah , Prabhakar R. Chitrapu , Inhyok Cha
发明人: Rajat P. Mukherjee , Shankar Somasudaram , Ulises Olvera-Hernandez , Yogendra C. Shah , Prabhakar R. Chitrapu , Inhyok Cha
CPC分类号: H04L63/20 , H04L63/107 , H04W12/08 , H04W12/10 , H04W48/04 , H04W64/003
摘要: A wireless communication device is configured as an in-home node-B (H(e)NB). The H(e)NB is configured to perform a locking function to control modification of carrier and user controlled parameters, and also configured to detect a change in location.
摘要翻译: 无线通信设备被配置为家庭内节点-B(H(e)NB)。 H(e)NB被配置为执行锁定功能以控制载波和用户控制的参数的修改,并且还被配置为检测位置的变化。
-
公开(公告)号:US20080181163A1
公开(公告)日:2008-07-31
申请号:US11971161
申请日:2008-01-08
IPC分类号: H04H20/71
CPC分类号: H04L1/1628 , H04L1/1819 , H04L1/1845 , H04L1/1874 , H04L12/1868 , H04L47/10 , H04L47/14 , H04L47/15 , H04L2001/0093
摘要: A method for multicasting a packet begins by providing a buffer for each of two user equipments (UEs) in communication with a base station. A determination is made whether there is a previously unsent packet at the base station. A second determination is made whether both UE buffers are non-empty. A non-empty buffer is flushed if there is no previously unsent packet and if one of the buffers is non-empty. A packet is selected to be transmitted if there is a previously unsent packet or if both buffers are non-empty. The buffers are updated based on feedback received from the UEs.
摘要翻译: 通过为与基站通信的两个用户设备(UE)中的每一个提供缓冲器,开始组播分组的方法。 确定在基站是否存在先前未发送的分组。 第二确定是否两个UE缓冲器都是非空的。 如果没有先前未发送的数据包,并且其中一个缓冲区不为空,则将刷新非空缓冲区。 如果存在先前未发送的分组或者两个缓冲区都不为空,则选择发送分组。 基于从UE接收的反馈来更新缓冲器。
-
公开(公告)号:US08914674B2
公开(公告)日:2014-12-16
申请号:US13289154
申请日:2011-11-04
申请人: Yogendra C. Shah , Lawrence Case , Dolores F. Howry , Inhyok Cha , Andreas Leicher , Andreas Schmidt
发明人: Yogendra C. Shah , Lawrence Case , Dolores F. Howry , Inhyok Cha , Andreas Leicher , Andreas Schmidt
CPC分类号: G06F11/0709 , G06F11/0751 , G06F11/079 , G06F11/0793 , G06F11/08 , G06F21/10 , G06F21/575 , G06F2221/2103 , G06F2221/2111 , H04L63/123 , H04M1/24 , H04W8/22 , H04W12/10 , H04W24/02
摘要: A wireless communications device may be configured to perform integrity checking and interrogation with a network entity to isolate a portion of a failed component on the wireless network device for remediation. Once an integrity failure is determined on a component of the device, the device may identify a functionality associated with the component and indicate the failed functionality to the network entity. Both the wireless network device and the network entity may identify the failed functionality and/or failed component using a component-to-functionality map. After receiving an indication of an integrity failure at the device, the network entity may determine that one or more additional iterations of integrity checking may be performed at the device to narrow the scope of the integrity failure on the failed component. Once the integrity failure is isolated, the network entity may remediate a portion of the failed component on the wireless communications device.
摘要翻译: 无线通信设备可以被配置为执行与网络实体的完整性检查和询问,以隔离无线网络设备上的故障组件的一部分以进行修复。 一旦在设备的组件上确定完整性故障,则设备可以识别与组件相关联的功能并且向网络实体指示失败的功能。 无线网络设备和网络实体都可以使用组件到功能映射来识别故障功能和/或故障组件。 在接收到设备上的完整性故障的指示之后,网络实体可以确定可以在设备处执行完整性检查的一个或多个附加迭代以缩小故障组件上的完整性故障的范围。 一旦完整性故障被隔离,则网络实体可以修复无线通信设备上的故障组件的一部分。
-
30.发明申请公开(公告)号:US20140226562A1
公开(公告)日:2014-08-14
申请号:US14125024
申请日:2012-06-12
CPC分类号: H04W76/25 , H04L67/145 , H04W4/00 , H04W68/00 , H04W88/182
摘要: A method and apparatus are described for maintaining communications connectivity for client applications that send keep-alive messages and network applications that send client-alive (i.e., “are you there?”) messages. The client applications may register with a client proxy provided in an operating system (OS) of a wireless transmit/receive unit (WTRU) and indicate a respective keep-alive message signaling rate. The network applications may register with a network proxy provided in an OS of a network node and indicate a respective client-alive message signaling rate. The client proxy and/or the network proxy may, respectively, register and prioritize keep-alive and/or client-alive message requirements, determine an optimal signaling rate based on the respective keep-alive and/or client-alive message signaling rates, and generate proxy messages, (i.e., an application layer proxy keep-alive message and/or a network layer proxy client-alive message), associated with the keep-alive and/or client-alive messages. The proxy messages may be transmitted at the optimal signaling rate.
摘要翻译: 描述了一种方法和装置,用于维护发送保持活动消息的客户端应用程序和发送客户端活动的网络应用程序(即“您在那里?”)消息的通信连接。 客户端应用可以向无线发射/接收单元(WTRU)的操作系统(OS)中提供的客户端代理注册,并指示相应的保持活动消息信令速率。 网络应用可以向网络节点的OS中提供的网络代理注册,并指示相应的客户端活动消息信令速率。 客户端代理和/或网络代理可以分别注册和优先保持活动和/或客户端活动消息需求,基于相应的保持活动和/或客户端活动消息信令速率来确定最佳信令速率, 并且生成与保持活动和/或客户端活动消息相关联的代理消息(即,应用层代理保持活动消息和/或网络层代理客户端活动消息)。 代理消息可以以最佳信令速率发送。
-
-
-
-
-
-
-
-
-
搜索结果
85 条记录 (耗时 0.029 秒)
