公开(公告)号：US20140359278A1

公开(公告)日：2014-12-04

申请号：US14460444

申请日：2014-08-15

Applicant: InterDigital Patent Holdings, Inc.

Inventor： Michael V. Meyerstein ,  Yogendra C. Shah ,  Inhyok Cha ,  Andreas Leicher ,  Andreas Schmidt

IPC: H04W12/06 ,  H04W12/04

CPC classification number: H04W12/06 ,  H04L63/0428 ,  H04L63/0869 ,  H04W4/70 ,  H04W8/265 ,  H04W12/04 ,  H04W88/18

Abstract: A method and apparatus are disclosed for performing secure remote subscription management. Secure remote subscription management may include providing the Wireless Transmit/Receive Unit (WTRU) with a connectivity identifier, such as a Provisional Connectivity Identifier (PCID), which may be used to establish an initial network connection to an Initial Connectivity Operator (ICO) for initial secure remote registration, provisioning, and activation. A connection to the ICO may be used to remotely provision the WTRU with credentials associated with the Selected Home Operator (SHO). A credential, such as a cryptographic keyset, which may be included in the Trusted Physical Unit (TPU), may be allocated to the SHO and may be activated. The WTRU may establish a network connection to the SHO and may receive services using the remotely managed credentials. Secure remote subscription management may be repeated to associate the WTRU with another SHO.

Abstract translation: 公开了用于执行安全远程订阅管理的方法和装置。 安全远程订阅管理可以包括为无线发射/接收单元（WTRU）提供诸如临时连接标识符（PCID）的连接标识符，其可以用于建立到初始连接性运营商（ICO）的初始网络连接，用于 初始安全远程注册，配置和激活。 可以使用到ICO的连接来远程地提供与选择家庭运营商（SHO）相关联的凭证的WTRU。 可以包括在可信物理单元（TPU）中的诸如加密密钥集的证书可以被分配给SHO并且可以被激活。 WTRU可以建立到SHO的网络连接，并且可以使用远程管理的凭证来接收服务。 可以重复安全的远程订阅管理以将WTRU与另一个SHO相关联。

公开(公告)号：US20140179271A1

公开(公告)日：2014-06-26

申请号：US13991530

申请日：2011-12-06

Applicant: INTERDIGITAL PATENT HOLDINGS, INC.

Inventor： Louis J. Guccione ,  Michael V. Meyerstein ,  Inhyok Cha ,  Andreas Schmidt ,  Andreas Leicher ,  Yogendra C. Shah

IPC: H04W12/12

CPC classification number: G06F21/604 ,  G06F21/10 ,  G06F21/6218 ,  H04L63/00 ,  H04L63/205 ,  H04W12/08 ,  H04W12/10 ,  H04W12/12

Abstract: Methods and instrumentalities are disclosed that enable one or more domains on one or more devices to be owned or controlled by one or more different local or remote owners, while providing a level of system-wide management of those domains. Each domain may have a different owner, and each owner may specify policies for operation of its domain and for operation of its domain in relation to the platform on which the domain resides, and other domains. A system-wide domain manager may be resident on one of the domains. The system-wide domain manager may enforce the policies of the domain on which it is resident, and it may coordinate the enforcement of the other domains by their respective policies in relation to the domain in which the system-wide domain manager resides. Additionally, the system-wide domain manager may coordinate interaction among the other domains in accordance with their respective policies. A domain application may be resident on one of the domains. The domain application may be ported to the platform based on a relationship between at least one domain owner and at least one other domain owner of the one or more domains.

Abstract translation: 公开了使一个或多个设备上的一个或多个域由一个或多个不同的本地或远程所有者拥有或控制的方法和手段，同时提供这些域的系统级管理级别。 每个域可以具有不同的所有者，并且每个所有者可以指定用于其域的操作的策略以及关于域所在的平台以及其他域的其域的操作。 系统范围的域管理员可能驻留在其中一个域上。 全系统域管理员可以强制执行其驻留的域的策略，并且可以通过其相关于与全系统域管理员所在的域相关的策略来协调其他域的强制。 另外，系统范围的域管理器可以根据各自的策略协调其他域之间的交互。 域应用可能驻留在其中一个域上。 域应用可以基于至少一个域所有者与一个或多个域的至少一个其他域所有者之间的关系移植到该平台。

公开(公告)号：US09681296B2

公开(公告)日：2017-06-13

申请号：US14460444

申请日：2014-08-15

Applicant: InterDigital Patent Holdings, Inc.

Inventor： Michael V Meyerstein ,  Yogendra C. Shah ,  Inhyok Cha ,  Andreas Leicher ,  Andreas Schmidt

IPC: H04L29/06 ,  H04W12/06 ,  H04W8/26 ,  H04W12/04 ,  H04W88/18 ,  H04W4/00

CPC classification number: H04W12/06 ,  H04L63/0428 ,  H04L63/0869 ,  H04W4/70 ,  H04W8/265 ,  H04W12/04 ,  H04W88/18

Abstract: A method and apparatus are disclosed for performing secure remote subscription management. Secure remote subscription management may include providing the Wireless Transmit/Receive Unit (WTRU) with a connectivity identifier, such as a Provisional Connectivity Identifier (PCID), which may be used to establish an initial network connection to an Initial Connectivity Operator (ICO) for initial secure remote registration, provisioning, and activation. A connection to the ICO may be used to remotely provision the WTRU with credentials associated with the Selected Home Operator (SHO). A credential, such as a cryptographic keyset, which may be included in the Trusted Physical Unit (TPU), may be allocated to the SHO and may be activated. The WTRU may establish a network connection to the SHO and may receive services using the remotely managed credentials. Secure remote subscription management may be repeated to associate the WTRU with another SHO.

公开(公告)号：US20150326561A1

公开(公告)日：2015-11-12

申请号：US14684906

申请日：2015-04-13

Applicant: InterDigital Patent Holdings, Inc.

Inventor： Yogendra C. Shah ,  Inhyok Cha ,  Andreas Schmidt ,  Louis J. Guccione ,  Lawrence Case ,  Andreas Leicher ,  Yousif Targali

IPC: H04L29/06 ,  H04W12/08 ,  H04W12/06

CPC classification number: H04L63/08 ,  H04L63/0209 ,  H04L63/0815 ,  H04L63/0892 ,  H04L63/10 ,  H04L63/18 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08 ,  H04W36/0038

Abstract: Persistent communication layer credentials generated on a persistent communication layer at one network may be leveraged to perform authentication on another. For example, the persistent communication layer credentials may include application-layer credentials derived on an application layer. The application-layer credentials may be used to establish authentication credentials for authenticating a mobile device for access to services at a network server. The authentication credentials may be derived from the application-layer credentials of another network to enable a seamless handoff from one network to another. The authentication credentials may be derived from the application-layer credentials using reverse bootstrapping or other key derivation functions. The mobile device and/or network entity to which the mobile device is being authenticated may enable communication of authentication information between the communication layers to enable authentication of a device using multiple communication layers.

Abstract translation: 可以利用在一个网络上的持久通信层上生成的持久通信层凭证来执行对另一个网络的认证。 例如，持久通信层凭证可以包括在应用层上导出的应用层凭证。 应用层凭证可以用于建立认证凭证，用于认证移动设备以访问网络服务器处的服务。 认证证书可以从另一网络的应用层凭证导出，以实现从一个网络到另一个网络的无缝切换。 认证证书可以使用反向引导或其他密钥导出功能从应用层凭证中导出。 移动设备和/或网络实体对移动设备进行身份验证可以实现通信层之间的认证信息的通信，从而能够使用多个通信层对设备进行认证。

公开(公告)号：US20150099510A1

公开(公告)日：2015-04-09

申请号：US14570301

申请日：2014-12-15

Applicant: InterDigital Patent Holdings, Inc.

Inventor： Yogendra C. Shah ,  Lawrence Case ,  Dolores F. Howry ,  Inhyok Cha ,  Andreas Leicher ,  Andreas Schmidt

IPC: H04W24/02 ,  H04M1/24 ,  H04W8/22

CPC classification number: G06F11/0709 ,  G06F11/0751 ,  G06F11/079 ,  G06F11/0793 ,  G06F11/08 ,  G06F21/10 ,  G06F21/575 ,  G06F2221/2103 ,  G06F2221/2111 ,  H04L63/123 ,  H04M1/24 ,  H04W8/22 ,  H04W12/10 ,  H04W24/02

Abstract: A wireless communications device may be configured to perform integrity checking and interrogation with a network entity to isolate a portion of a failed component on the wireless network device for remediation. Once an integrity failure is determined on a component of the device, the device may identify a functionality associated with the component and indicate the failed functionality to the network entity. Both the wireless network device and the network entity may identify the failed functionality and/or failed component using a component-to-functionality map. After receiving an indication of an integrity failure at the device, the network entity may determine that one or more additional iterations of integrity checking may be performed at the device to narrow the scope of the integrity failure on the failed component. Once the integrity failure is isolated, the network entity may remediate a portion of the failed component on the wireless communications device.

Abstract translation: 无线通信设备可以被配置为执行与网络实体的完整性检查和询问以隔离无线网络设备上的故障组件的一部分以进行修复。 一旦在设备的组件上确定完整性故障，则设备可以识别与组件相关联的功能并且向网络实体指示失败的功能。 无线网络设备和网络实体都可以使用组件到功能映射来识别故障功能和/或故障组件。 在接收到设备上的完整性故障的指示之后，网络实体可以确定可以在设备处执行完整性检查的一个或多个附加迭代以缩小故障组件上的完整性故障的范围。 一旦完整性故障被隔离，则网络实体可以修复无线通信设备上的故障组件的一部分。

公开(公告)号：US20130298209A1

公开(公告)日：2013-11-07

申请号：US13834643

申请日：2013-03-15

Applicant: INTERDIGITAL PATENT HOLDINGS, INC.

Inventor： Yousif Targali ,  Vinod K. Choyi ,  Yogendra C. Shah ,  Aamer Sattar Chaudry ,  Andreas Schmidt ,  Andreas Leicher

IPC: H04L29/06

CPC classification number: H04L63/0815 ,  H04L63/162 ,  H04W12/00516 ,  H04W12/04031 ,  H04W12/06 ,  H04W84/12 ,  H04W88/08

Abstract: Systems, methods, and apparatus embodiments are described herein for enabling one-round trip (ORT) seamless user/device authentication for secure network access. For example, pre-established security associations and/or credentials may be leveraged between a user/device and a network entity (e.g., application server) on a network to perform an optimized fast authentication and/or to complete security layer authentication and secure tunnel setup in an on-demand and seamless fashion on the same or another network.

Abstract translation: 本文描述了用于实现用于安全网络访问的一次性（ORT）无缝用户/设备认证的系统，方法和装置实施例。 例如，可以在网络上的用户/设备和网络实体（例如，应用服务器）之间利用预先建立的安全关联和/或凭证来执行优化的快速认证和/或完成安全层认证和安全隧道 在相同或另一个网络上以按需和无缝的方式进行设置。