-
公开(公告)号:US08850545B2
公开(公告)日:2014-09-30
申请号:US13428836
申请日:2012-03-23
CPC分类号: H04L9/0819 , G06F21/335 , G06F21/42 , G06F21/53 , G06F21/575 , G06F2221/2107 , G06F2221/2149 , H04L9/3271 , H04L63/0272 , H04L63/062 , H04L63/0869 , H04L63/168 , H04L67/02 , H04L67/42 , H04W12/02 , H04W12/04 , H04W12/06
摘要: Secure communications may be established amongst network entities for performing authentication and/or verification of the network entities. For example, a user equipment (UE) may establish a secure channel with an identity provider, capable of issuing user identities for authentication of the user/UE. The UE may also establish a secure channel with a service provider, capable of providing services to the UE via a network. The identity provider may even establish a secure channel with the service provider for performing secure communications. The establishment of each of these secure channels may enable each network entity to authenticate to the other network entities. The secure channels may also enable the UE to verify that the service provider with which it has established the secure channel is an intended service provider for accessing services.
摘要翻译: 可以在用于执行网络实体的认证和/或验证的网络实体之间建立安全通信。 例如,用户设备(UE)可以建立具有身份提供商的安全信道,能够发出用户/ UE用户身份。 UE还可以与服务提供商建立安全信道,能够经由网络向UE提供服务。 身份提供商甚至可以与服务提供商建立用于执行安全通信的安全信道。 这些安全信道中的每一个的建立可以使每个网络实体能够对其他网络实体进行认证。 安全信道还可以使得UE能够验证其已建立安全信道的服务提供商是用于接入服务的预期服务提供商。
-
公开(公告)号:US20120072979A1
公开(公告)日:2012-03-22
申请号:US13023985
申请日:2011-02-09
申请人: Inhyok Cha , Andreas Schmidt , Andreas Leicher , Yogendra C. Shah , Louis J. Guccione , Dolores F. Howry
发明人: Inhyok Cha , Andreas Schmidt , Andreas Leicher , Yogendra C. Shah , Louis J. Guccione , Dolores F. Howry
CPC分类号: H04L63/0815 , G06F21/34 , G06F21/35 , G06F2221/2115 , H04L63/0853 , H04W12/06
摘要: A trusted computing environment, such as a smartcard, UICC, Java card, global platform, or the like may be used as a local host trust center and a proxy for a single-sign on (SSO) provider. This may be referred to as a local SSO provider (OP). This may be done, for example, to keep authentication traffic local and to prevent over the air communications, which may burden an operator network. To establish the OP proxy in the trusted environment, the trusted environment may bind to the SSO provider in a number of ways. For example, the SSO provider may interoperate with UICC-based UE authentication or GBA. In this way, user equipment may leverage the trusted environment in order to provide increased security and reduce over the air communications and authentication burden on the OP or operator network.
摘要翻译: 可以使用诸如智能卡,UICC,Java卡,全球平台等的可信计算环境作为本地主机信任中心和用于单点登录(SSO)提供商的代理。 这可以被称为本地SSO提供商(OP)。 这可以被实现,例如,保持认证流量本地并且防止空中通信,这可能会对运营商网络造成负担。 要在受信任的环境中建立OP代理,可信环境可以通过多种方式绑定到SSO提供者。 例如,SSO提供商可以与基于UICC的UE认证或GBA进行互操作。 以这种方式,用户设备可以利用可信环境来提供增加的安全性并减少OP或运营商网络上的空中通信和认证负担。
-
公开(公告)号:US08812836B2
公开(公告)日:2014-08-19
申请号:US12718853
申请日:2010-03-05
CPC分类号: H04W12/06 , H04L63/0428 , H04L63/0869 , H04W4/70 , H04W8/265 , H04W12/04 , H04W88/18
摘要: A method and apparatus are disclosed for performing secure remote subscription management. Secure remote subscription management may include providing the Wireless Transmit/Receive Unit (WTRU) with a connectivity identifier, such as a Provisional Connectivity Identifier (PCID), which may be used to establish an initial network connection to an Initial Connectivity Operator (ICO) for initial secure remote registration, provisioning, and activation. A connection to the ICO may be used to remotely provision the WTRU with credentials associated with the Selected Home Operator (SHO). A credential, such as a cryptographic keyset, which may be included in the Trusted Physical Unit (TPU), may be allocated to the SHO and may be activated. The WTRU may establish a network connection to the SHO and may receive services using the remotely managed credentials. Secure remote subscription management may be repeated to associate the WTRU with another SHO.
摘要翻译: 公开了用于执行安全远程订阅管理的方法和装置。 安全远程订阅管理可以包括为无线发射/接收单元(WTRU)提供诸如临时连接标识符(PCID)的连接标识符,其可以用于建立到初始连接性运营商(ICO)的初始网络连接,用于 初始安全远程注册,配置和激活。 可以使用到ICO的连接来远程地提供与选择家庭运营商(SHO)相关联的凭证的WTRU。 可以包括在可信物理单元(TPU)中的诸如加密密钥集的证书可以被分配给SHO并且可以被激活。 WTRU可以建立到SHO的网络连接,并且可以使用远程管理的凭证来接收服务。 可以重复安全的远程订阅管理以将WTRU与另一个SHO相关联。
-
24.发明授权公开(公告)号:US09009801B2
公开(公告)日:2015-04-14
申请号:US13341670
申请日:2011-12-30
申请人: Yogendra C. Shah , Inhyok Cha , Andreas Schmidt , Louis J. Guccione , Lawrence Case , Andreas Leicher , Yousif Targali
发明人: Yogendra C. Shah , Inhyok Cha , Andreas Schmidt , Louis J. Guccione , Lawrence Case , Andreas Leicher , Yousif Targali
CPC分类号: H04L63/08 , H04L63/0209 , H04L63/0815 , H04L63/0892 , H04L63/10 , H04L63/18 , H04W12/04 , H04W12/06 , H04W12/08 , H04W36/0038
摘要: Persistent communication layer credentials generated on a persistent communication layer at one network may be leveraged to perform authentication on another. For example, the persistent communication layer credentials may include application-layer credentials derived on an application layer. The application-layer credentials may be used to establish authentication credentials for authenticating a mobile device for access to services at a network server. The authentication credentials may be derived from the application-layer credentials of another network to enable a seamless handoff from one network to another. The authentication credentials may be derived from the application-layer credentials using reverse bootstrapping or other key derivation functions. The mobile device and/or network entity to which the mobile device is being authenticated may enable communication of authentication information between the communication layers to enable authentication of a device using multiple communication layers.
摘要翻译: 可以利用在一个网络上的持久通信层上生成的持久通信层凭证来执行对另一个网络的认证。 例如,持久通信层凭证可以包括在应用层上导出的应用层凭证。 应用层凭证可以用于建立认证凭证,用于认证移动设备以访问网络服务器处的服务。 认证证书可以从另一网络的应用层凭证导出,以实现从一个网络到另一个网络的无缝切换。 认证证书可以使用反向引导或其他密钥导出功能从应用层凭证中导出。 移动设备和/或网络实体对移动设备进行身份验证可以实现通信层之间的认证信息的通信,从而能够使用多个通信层对设备进行认证。
-
公开(公告)号:US20130125226A1
公开(公告)日:2013-05-16
申请号:US13458422
申请日:2012-04-27
IPC分类号: H04W12/06
摘要: Users desire useable security or a seamless means for accessing internet services whereby user interaction in the provisioning of credentials may be kept to a minimum or even eliminated entirely. The Single Sign-On (SSO) identity management (IdM) concept may be a means by which a user may be provided with such ease of use, while enabling user-assisted and network-assisted authentication for access to desired services. To enable seamless authentication services to users, a unified framework and a protocol layer interface for managing multiple authentication methods may be used.
摘要翻译: 用户希望可用的安全性或用于访问互联网服务的无缝手段,从而可以将凭证提供中的用户交互保持最小或甚至完全消除。 单点登录(SSO)身份管理(IdM)概念可以是为用户提供这种易用性的手段,同时允许用户辅助和网络辅助认证来访问期望的服务。 为了实现对用户的无缝认证服务,可以使用用于管理多种认证方法的统一框架和协议层接口。
-
公开(公告)号:US08307205B2
公开(公告)日:2012-11-06
申请号:US12563392
申请日:2009-09-21
申请人: Inhyok Cha , Yogendra C. Shah , Andreas U. Schmidt
发明人: Inhyok Cha , Yogendra C. Shah , Andreas U. Schmidt
IPC分类号: H04L29/06
CPC分类号: H04W12/06 , H04L63/107 , H04L63/162 , H04L63/205 , H04W88/08
摘要: A Home Node B or Home evolved Node B (HN(e)B) apparatus and methods are disclosed. The HN(e)B includes a Trusted Environment (TrE) and interfaces including unprotected interfaces, cryptographically protected interfaces, and hardware protected interfaces. The H(e)NB includes security/authentication protocols for communication between the H(e)NB and external network elements, including a Security Gateway (SGW).
摘要翻译: 家庭节点B或家庭演进节点B(HN(e)B)设备和方法被公开。 HN(e)B包括可信环境(TrE)和包括未受保护的接口,密码保护接口和硬件保护接口的接口。 H(e)NB包括用于H(e)NB与外部网络元件之间的通信的安全/认证协议,包括安全网关(SGW)。
-
27.发明申请UNIVERSAL INTEGRATED CIRCUIT CARD HAVING A VIRTUAL SUBSCRIBER IDENTITY MODULE FUNCTIONALITY 审中-公开具有虚拟订阅者身份识别模块功能的通用集成电路卡公开(公告)号:US20100062808A1
公开(公告)日:2010-03-11
申请号:US12546827
申请日:2009-08-25
CPC分类号: H04W12/08 , G06Q20/3229 , G06Q20/351 , G06Q20/35765 , G07F7/1008 , H04W12/0806 , H04W12/10
摘要: Universal integrated circuit card (UICC) having a virtual subscriber identity module functionality is disclosed. A wireless transmit/receive unit (WTRU) comprises a mobile equipment (ME) configured to perform wireless communication and a UICC. The UICC is configured to perform security functionalities. The UICC supports multiple isolated domains including UICC issuer's domain. Each domain is owned by a separate owner so that each owner stores and executes an application on the UICC under a control of an UICC issuer and the UICC issuer's domain controls creation and deletion of other domains and defines and enforces security rules for authorizing third parties to have an access to the domains. The UICC is configured to verify integrity of operating system functions and applications stored on the UICC. The UICC is configured to control an access to information regarding applications according to security policies stored within the UICC.
摘要翻译: 公开了具有虚拟用户识别模块功能的通用集成电路卡(UICC)。 无线发射/接收单元(WTRU)包括被配置为执行无线通信的移动设备(ME)和UICC。 UICC配置为执行安全功能。 UICC支持多个隔离域,包括UICC发行者域。 每个域由单独的所有者拥有,以便每个所有者在UICC发行者的控制下在UICC上存储和执行应用程序,并且UICC发行人的域控制其他域的创建和删除,并定义和执行授权第三方的安全规则 可以访问域。 UICC配置为验证存储在UICC上的操作系统功能和应用程序的完整性。 UICC被配置为根据存储在UICC内的安全策略来控制对应用信息的访问。
-
公开(公告)号:US09826335B2
公开(公告)日:2017-11-21
申请号:US12863009
申请日:2009-01-21
CPC分类号: H04W4/70 , G06F21/57 , G06F21/575 , G06F2221/2101 , G06F2221/2105 , G06F2221/2151 , G06F2221/2153 , H04L9/08 , H04L9/3234 , H04L63/062 , H04L63/0823 , H04L63/12 , H04L63/20 , H04L67/10 , H04L67/125 , H04W4/00 , H04W4/50 , H04W8/06 , H04W12/06 , H04W12/08 , H04W12/10 , H04W24/00 , H04W84/22
摘要: A method and apparatus for performing secure Machine-to-Machine (M2M) provisioning and communication is disclosed. In particular a temporary private identifier, or provisional connectivity identification (PCID), for uniquely identifying machine-to-machine equipment (M2ME) is also disclosed. Additionally, methods and apparatus for use in validating, authenticating and provisioning a M2ME is also disclosed. The validation procedures disclosed include an autonomous, semi-autonomous, and remote validation are disclosed. The provisioning procedures include methods for re-provisioning the M2ME. Procedures for updating software, and detecting tampering with the M2ME are also disclosed.
-
公开(公告)号:US08499161B2
公开(公告)日:2013-07-30
申请号:US12389088
申请日:2009-02-19
IPC分类号: H04L29/06
CPC分类号: G06F21/81 , G06F21/725 , H04L63/123 , H04L2463/101 , H04L2463/121 , H04W12/10
摘要: A method and apparatus to establish a trustworthy local time based on trusted computing methods are described. The concepts are scaling because they may be graded by the frequency and accuracy with which a reliable external time source is available for correction and/or reset, and how trustworthy this external source is in a commercial scenario. The techniques also take into account that the number of different paths and number of hops between the device and the trusted external time source may vary. A local clock related value which is protected by a TPM securely bound to an external clock. A system of Accuracy Statements (AS) is added to introduce time references to the audit data provided by other maybe cheaper sources than the time source providing the initial time.
摘要翻译: 描述了基于可信计算方法建立可靠的本地时间的方法和装置。 概念是缩放,因为它们可以通过可靠的外部时间源可用于校正和/或重置的频率和准确度进行分级,并且在商业场景中该外部源是如何可信赖的。 这些技术还考虑到设备与受信任的外部时间源之间的不同路径和跳数的数量可能会有所不同。 由TPM保护的本地时钟相关值安全地绑定到外部时钟。 添加准确性声明(AS)的系统来引入时间参考,以提供其他可能比提供初始时间的时间源更便宜的源提供的审计数据。
-
公开(公告)号:US20110265158A1
公开(公告)日:2011-10-27
申请号:US12863009
申请日:2009-01-21
IPC分类号: G06F21/20
CPC分类号: H04W4/70 , G06F21/57 , G06F21/575 , G06F2221/2101 , G06F2221/2105 , G06F2221/2151 , G06F2221/2153 , H04L9/08 , H04L9/3234 , H04L63/062 , H04L63/0823 , H04L63/12 , H04L63/20 , H04L67/10 , H04L67/125 , H04W4/00 , H04W4/50 , H04W8/06 , H04W12/06 , H04W12/08 , H04W12/10 , H04W24/00 , H04W84/22
摘要: A method and apparatus for performing secure Machine-to-Machine (M2M) provisioning and communication is disclosed. In particular a temporary private identifier, or provisional connectivity identification (PCID), for uniquely identifying machine-to-machine equipment (M2ME) is also disclosed. Additionally, methods and apparatus for use in validating, authenticating and provisioning a M2ME is also disclosed. The validation procedures disclosed include an autonomous, semi-autonomous, and remote validation are disclosed. The provisioning procedures include methods for re-provisioning the M2ME. Procedures for updating software, and detecting tampering with the M2ME are also disclosed.
摘要翻译: 公开了一种用于执行安全的机器对机器(M2M)供应和通信的方法和装置。 特别地,还公开了用于唯一地识别机器对机器设备(M2ME)的临时专用标识符或临时连接性标识(PCID)。 此外,还公开了用于验证,认证和供应M2ME的方法和装置。 所公开的验证程序包括自主,半自主和远程验证。 配置过程包括重新配置M2ME的方法。 还公开了更新软件的程序和检测M2ME的篡改。
-
-
-
-
-
-
-
-
-
搜索结果
80 条记录 (耗时 0.034 秒)