-
公开(公告)号:US20120246481A1
公开(公告)日:2012-09-27
申请号:US13487748
申请日:2012-06-04
申请人: Louis J. Guccione , Andreas U. Schmidt , Nicolai Kuntze , Michael Kasper , Yogendra C. Shah , Inhyok Cha
发明人: Louis J. Guccione , Andreas U. Schmidt , Nicolai Kuntze , Michael Kasper , Yogendra C. Shah , Inhyok Cha
IPC分类号: H04L9/32
CPC分类号: H04L9/321 , H04L63/0853 , H04W8/265 , H04W12/06
摘要: A mobile trusted platform (MTP) configured to provide virtual subscriber identify module (vSIM) services is disclosed. In one embodiment, the MTP includes: a device manufacturer-trusted subsystem (TSS-DM) configured to store and provide credentials related to a manufacturer of the MTP; a mobile network operator—trusted subsystem (MNO-TSS) configured to store and provide credentials related to a mobile network operator (MNO); and a device user/owner—trusted subsystem (TSS-DO/TSS-U) configured to store and provide credentials related to user of the MTP. The TSS-MNO includes a vSIM core services unit, configured to store, provide and process credential information relating to the MNO. The TSS-DO/TSS-U includes a vSIM management unit, configured to store, provide and process credential information relating to the user/owner of the MTP. The TSS-DO/TSS-U and the TSS-MNO communicate through a trusted vSIM service.
摘要翻译: 公开了一种被配置为提供虚拟用户识别模块(vSIM)服务的移动信任平台(MTP)。 在一个实施例中,MTP包括:被配置为存储和提供与MTP的制造商有关的凭证的设备制造商信任子系统(TSS-DM); 被配置为存储和提供与移动网络运营商(MNO)相关的凭证的移动网络运营商信任子系统(MNO-TSS); 以及被配置为存储和提供与MTP的用户相关的凭证的设备用户/所有者信任的子系统(TSS-DO / TSS-U)。 TSS-MNO包括一个vSIM核心服务单元,用于存储,提供和处理与MNO有关的凭证信息。 TSS-DO / TSS-U包括一个vSIM管理单元,用于存储,提供和处理与MTP的用户/所有者有关的凭证信息。 TSS-DO / TSS-U和TSS-MNO通过可信的vSIM服务进行通信。
-
公开(公告)号:US20100125732A1
公开(公告)日:2010-05-20
申请号:US12563392
申请日:2009-09-21
申请人: Inhyok Cha , Yogendra C. Shah , Andreas U. Schmidt
发明人: Inhyok Cha , Yogendra C. Shah , Andreas U. Schmidt
CPC分类号: H04W12/06 , H04L63/107 , H04L63/162 , H04L63/205 , H04W88/08
摘要: A Home Node B or Home evolved Node B (HN(e)B) apparatus and methods are disclosed. The HN(e)B includes a Trusted Environment (TrE) and interfaces including unprotected interfaces, cryptographically protected interfaces, and hardware protected interfaces. The H(e)NB includes security/authentication protocols for communication between the H(e)NB and external network elements, including a Security Gateway (SGW).
摘要翻译: 家庭节点B或家庭演进节点B(HN(e)B)设备和方法被公开。 HN(e)B包括可信环境(TrE)和包括未受保护的接口,密码保护接口和硬件保护接口的接口。 H(e)NB包括用于H(e)NB与外部网络元件之间的通信的安全/认证协议,包括安全网关(SGW)。
-
公开(公告)号:US09807608B2
公开(公告)日:2017-10-31
申请号:US12763827
申请日:2010-04-20
摘要: Methods and instrumentalities are disclosed that enable one or more domains on one or more devices to be owned or controlled by one or more different local or remote owners, while providing a level of system-wide management of those domains. Each domain may have a different owner, and each owner may specify policies for operation of its domain and for operation of its domain in relation to the platform on which the domain resides, and other domains. A system-wide domain manager may be resident on one of the domains. The system-wide domain manager may enforce the policies of the domain on which it is resident, and it may coordinate the enforcement of the other domains by their respective policies in relation to the domain in which the system-wide domain manager resides. Additionally, the system-wide domain manager may coordinate interaction among the other domains in accordance with their respective policies.
-
公开(公告)号:US08756427B2
公开(公告)日:2014-06-17
申请号:US11745697
申请日:2007-05-08
申请人: Yogendra C. Shah , Inhyok Cha
发明人: Yogendra C. Shah , Inhyok Cha
IPC分类号: H04L29/06
CPC分类号: H04L9/3297 , G06F21/725 , H04L9/3234 , H04L63/0853 , H04L63/10 , H04L63/12 , H04L63/126 , H04L2463/101 , H04L2463/102 , H04W12/10 , H04W12/12
摘要: The present invention is related to a wireless transmit/receive unit (WTRU) for providing advanced security functions. The WTRU includes trusted platform module (TPM) for performing trusted computing operations; and a secure time component (STC) for providing a secure measurement of a current time. The STC and the TPM are integrated to provide accurate trusted time information to internal and external to the WTRU. The STC may be located on an expanded a subscriber identity module (SIM), on the WTRU platform, or two STCs may be used, one in each location. Similarly, the TPM may be located on an expanded SIM, on the WTRU platform, or two TPMs may be used, one in each location. Preferably, the STC will include a real time clock (RTC); a tamper detection and power failure unit; and a time report and sync controller.
摘要翻译: 本发明涉及用于提供高级安全功能的无线发射/接收单元(WTRU)。 WTRU包括用于执行可信计算操作的可信平台模块(TPM) 以及用于提供当前时间的安全测量的安全时间分量(STC)。 集成了STC和TPM,以向WTRU的内部和外部提供准确的可信时间信息。 STC可以位于WTRU平台上的扩展的订户身份模块(SIM)上,或者可以在每个位置中使用两个STC。 类似地,TPM可以位于WTRU平台上的扩展SIM上,或者可以在每个位置中使用两个TPM。 优选地,STC将包括实时时钟(RTC); 篡改检测和电源故障单元; 和时间报告和同步控制器。
-
公开(公告)号:US20110302638A1
公开(公告)日:2011-12-08
申请号:US13084840
申请日:2011-04-12
申请人: Inhyok Cha , Yogendra C. Shah , Lawrence Case
发明人: Inhyok Cha , Yogendra C. Shah , Lawrence Case
IPC分类号: G06F21/20
CPC分类号: G06F21/57 , G06F21/86 , H04L9/0861 , H04L63/08 , H04W12/10 , H04W84/045
摘要: Integrity validation of a network device may be performed. A network device comprising a secure hardware module, may receive a root key. The secure hardware module may also receive a first code measurement. The secure hardware module may provide a first key based on the root key and the first code measurement. The secure hardware module may receive a second code measurement and provide a second key based on the first key and the second code measurement. The release of keys based on code measurements may provide authentication in stages.
摘要翻译: 可以执行网络设备的完整性验证。 包括安全硬件模块的网络设备可以接收根密钥。 安全硬件模块还可以接收第一代码测量。 安全硬件模块可以基于根密钥和第一代码测量来提供第一密钥。 安全硬件模块可以接收第二代码测量,并且基于第一密钥和第二代码测量提供第二密钥。 基于代码测量的键的释放可以分阶段地进行认证。
-
公开(公告)号:US20080267114A1
公开(公告)日:2008-10-30
申请号:US12111259
申请日:2008-04-29
申请人: Rajat P. Mukherjee , Shankar Somasudaram , Ulises Olvera-Hernandez , Yogendra C. Shah , Prabhakar R. Chitrapu , Inhyok Cha
发明人: Rajat P. Mukherjee , Shankar Somasudaram , Ulises Olvera-Hernandez , Yogendra C. Shah , Prabhakar R. Chitrapu , Inhyok Cha
CPC分类号: H04L63/20 , H04L63/107 , H04W12/08 , H04W12/10 , H04W48/04 , H04W64/003
摘要: A wireless communication device is configured as an in-home node-B (H(e)NB). The H(e)NB is configured to perform a locking function to control modification of carrier and user controlled parameters, and also configured to detect a change in location.
摘要翻译: 无线通信设备被配置为家庭内节点-B(H(e)NB)。 H(e)NB被配置为执行锁定功能以控制载波和用户控制的参数的修改,并且还被配置为检测位置的变化。
-
公开(公告)号:US09497626B2
公开(公告)日:2016-11-15
申请号:US13296855
申请日:2011-11-15
申请人: Lawrence Case , Yogendra C. Shah , Inhyok Cha
发明人: Lawrence Case , Yogendra C. Shah , Inhyok Cha
CPC分类号: H04L63/0823 , H04L9/3263 , H04L63/061 , H04L63/0853 , H04L63/0869 , H04L63/0884 , H04W4/70 , H04W8/183 , H04W12/06
摘要: A constrained network entity may determine, via an authentication procedure with a core network entity, the trustworthiness of an endpoint attempting to establish a secure channel with the constrained network entity. The constrained network entity may receive a certificate from the endpoint attempting to establish the secure channel and the constrained network entity may send the certificate asserted by the endpoint to a core network entity for validation. The core network entity may receive the certificate during a key exchange with the constrained network entity and the core network entity may indicate to the constrained network entity the validity of the certificate. The constrained network entity may determine whether to establish the secure channel with the endpoint based on the validity of the certificate.
摘要翻译: 受限网络实体可以通过与核心网络实体的认证过程来确定试图与受限网络实体建立安全信道的端点的可信赖性。 受约束的网络实体可以从尝试建立安全信道的端点接收证书,并且受约束的网络实体可以将由端点确定的证书发送到核心网络实体进行验证。 核心网络实体可以在与受限网络实体的密钥交换期间接收证书,并且核心网络实体可以向受约束的网络实体指示证书的有效性。 受限网络实体可以基于证书的有效性来确定是否与端点建立安全信道。
-
公开(公告)号:US08856941B2
公开(公告)日:2014-10-07
申请号:US13084840
申请日:2011-04-12
申请人: Inhyok Cha , Yogendra C. Shah , Lawrence Case
发明人: Inhyok Cha , Yogendra C. Shah , Lawrence Case
CPC分类号: G06F21/57 , G06F21/86 , H04L9/0861 , H04L63/08 , H04W12/10 , H04W84/045
摘要: Integrity validation of a network device may be performed. A network device comprising a secure hardware module, may receive a root key. The secure hardware module may also receive a first code measurement. The secure hardware module may provide a first key based on the root key and the first code measurement. The secure hardware module may receive a second code measurement and provide a second key based on the first key and the second code measurement. The release of keys based on code measurements may provide authentication in stages.
摘要翻译: 可以执行网络设备的完整性验证。 包括安全硬件模块的网络设备可以接收根密钥。 安全硬件模块还可以接收第一代码测量。 安全硬件模块可以基于根密钥和第一代码测量来提供第一密钥。 安全硬件模块可以接收第二代码测量,并且基于第一密钥和第二代码测量提供第二密钥。 基于代码测量的键的释放可以分阶段地进行认证。
-
公开(公告)号:US08788832B2
公开(公告)日:2014-07-22
申请号:US13487748
申请日:2012-06-04
申请人: Louis J. Guccione , Andreas U. Schmidt , Nicolai Kuntze , Michael Kasper , Yogendra C. Shah , Inhyok Cha
发明人: Louis J. Guccione , Andreas U. Schmidt , Nicolai Kuntze , Michael Kasper , Yogendra C. Shah , Inhyok Cha
IPC分类号: H04L9/32
CPC分类号: H04L9/321 , H04L63/0853 , H04W8/265 , H04W12/06
摘要: A mobile trusted platform (MTP) configured to provide virtual subscriber identify module (vSIM) services is disclosed. In one embodiment, the MTP includes: a device manufacturer-trusted subsystem (TSS-DM) configured to store and provide credentials related to a manufacturer of the MTP; a mobile network operator-trusted subsystem (MNO-TSS) configured to store and provide credentials related to a mobile network operator (MNO); and a device user/owner-trusted subsystem (TSS-DO/TSS-U) configured to store and provide credentials related to user of the MTP. The TSS-MNO includes a vSIM core services unit, configured to store, provide and process credential information relating to the MNO. The TSS-DO/TSS-U includes a vSIM management unit, configured to store, provide and process credential information relating to the user/owner of the MTP. The TSS-DO/TSS-U and the TSS-MNO communicate through a trusted vSIM service.
摘要翻译: 公开了一种被配置为提供虚拟用户识别模块(vSIM)服务的移动信任平台(MTP)。 在一个实施例中,MTP包括:被配置为存储和提供与MTP的制造商有关的凭证的设备制造商信任子系统(TSS-DM); 被配置为存储和提供与移动网络运营商(MNO)相关的凭证的移动网络运营商信任子系统(MNO-TSS); 以及被配置为存储和提供与MTP的用户相关的凭证的设备用户/所有者信任的子系统(TSS-DO / TSS-U)。 TSS-MNO包括一个vSIM核心服务单元,用于存储,提供和处理与MNO有关的凭证信息。 TSS-DO / TSS-U包括一个vSIM管理单元,用于存储,提供和处理与MTP的用户/所有者有关的凭证信息。 TSS-DO / TSS-U和TSS-MNO通过可信的vSIM服务进行通信。
-
公开(公告)号:US20120297473A1
公开(公告)日:2012-11-22
申请号:US13296855
申请日:2011-11-15
申请人: Lawrence Case , Yogendra C. Shah , Inhyok Cha
发明人: Lawrence Case , Yogendra C. Shah , Inhyok Cha
IPC分类号: G06F21/20
CPC分类号: H04L63/0823 , H04L9/3263 , H04L63/061 , H04L63/0853 , H04L63/0869 , H04L63/0884 , H04W4/70 , H04W8/183 , H04W12/06
摘要: A constrained network entity may determine, via an authentication procedure with a core network entity, the trustworthiness of an endpoint attempting to establish a secure channel with the constrained network entity. The constrained network entity may receive a certificate from the endpoint attempting to establish the secure channel and the constrained network entity may send the certificate asserted by the endpoint to a core network entity for validation. The core network entity may receive the certificate during a key exchange with the constrained network entity and the core network entity may indicate to the constrained network entity the validity of the certificate. The constrained network entity may determine whether to establish the secure channel with the endpoint based on the validity of the certificate.
摘要翻译: 受限网络实体可以通过与核心网络实体的认证过程来确定试图与受限网络实体建立安全信道的端点的可信赖性。 受约束的网络实体可以从尝试建立安全信道的端点接收证书,并且受约束的网络实体可以将由端点确定的证书发送到核心网络实体进行验证。 核心网络实体可以在与受限网络实体的密钥交换期间接收证书,并且核心网络实体可以向受约束的网络实体指示证书的有效性。 受限网络实体可以基于证书的有效性来确定是否与端点建立安全信道。
-
-
-
-
-
-
-
-
-