公开(公告)号：US09578664B1

公开(公告)日：2017-02-21

申请号：US14746615

申请日：2015-06-22

Applicant: Sprint Communications Company L.P.

Inventor： Lyle W. Paczkowski ,  Amar N. Ray ,  James P. Sisul

IPC: H04W12/08 ,  H04W76/02 ,  H04W88/16 ,  H04W12/00

CPC classification number: H04W76/10 ,  H04L63/0861 ,  H04L63/126 ,  H04L63/20 ,  H04W12/02 ,  H04W12/08 ,  H04W12/10 ,  H04W76/12 ,  H04W88/16

Abstract: A method for providing a trusted communication link in a wireless network. A mobility management entity (MME) interface of a MME virtualized network function (VNF) receives a trusted communication request. A MME interface trustlet is allocated to execute in a trusted security zone of compute resources provided by a virtual computing environment in which the MME VNF executes. The MME interface trustlet establishes trusted signaling with two or more different VNFs provided by virtual servers executing in the virtual computing environment. The MME interface trustlet sends a trust token to the eNB to establish the trusted communication link from the eNB via a virtualized network function path through the virtual computing environment.

Abstract translation: 一种用于在无线网络中提供可信通信链路的方法。 MME虚拟化网络功能（VNF）的移动性管理实体（MME）接口接收可信任的通信请求。 分配MME接口信任符，以在由MME VNF执行的虚拟计算环境提供的计算资源的可信安全区域中执行。 MME接口信任建立由在虚拟计算环境中执行的虚拟服务器提供的两个或多个不同VNF建立信任信令。 MME接口信任单元向eNB发送信任令牌，以通过虚拟计算环境经由虚拟化网络功能路径从eNB建立信任通信链路。

公开(公告)号：US09565168B1

公开(公告)日：2017-02-07

申请号：US14703885

申请日：2015-05-05

Applicant: Sprint Communications Company L.P.

Inventor： Ronald R. Marquardt ,  Lyle W. Paczkowski ,  Arun Rajagopal

IPC: H04L29/06 ,  H04L12/26 ,  H04L29/08

CPC classification number: H04L63/04 ,  H04L63/083

Abstract: A security monitor processing server is disclosed. The server comprises a plurality of processors, a memory, and a security monitor application that, when executed by a first processor checks for a message that requests establishment of a secure communication link between a different server and the server directed to it by the different server. The application sends a request to an operating system (OS) to suspend functionality of the other processors except for the first processor. The application sends a request to the OS to suspend a process executing on the first processor. The application conducts a communication session with the different server. The application, responsive to completion of the communication session sends a request to the OS to allow the other processors to resume functionality. The application sends a request to the OS to resume execution of the suspended process on the first processor.

Abstract translation: 公开了一种安全监视器处理服务器。 服务器包括多个处理器，存储器和安全监视器应用程序，当由第一处理器执行时，该应用程序检查请求建立不同服务器之间的安全通信链路的消息和由不同服务器指向的安全通信链路 。 应用程序向操作系统（OS）发送请求，以暂停除第一处理器之外的其他处理器的功能。 应用程序向操作系统发送请求，以暂停在第一处理器上执行的进程。 应用程序与不同的服务器进行通信会话。 应用程序响应于通信会话的完成向OS发送请求以允许其他处理器恢复功能。 应用程序向操作系统发送一个请求，以恢复在第一个处理器上暂停的进程的执行。

公开(公告)号：US09396424B1

公开(公告)日：2016-07-19

申请号：US14532954

申请日：2014-11-04

Applicant: Sprint Communications Company L.P.

Inventor： Clinton H. Loman ,  Douglas A. Olding ,  Lyle W. Paczkowski ,  Kenneth R. Steele

IPC: H04B5/00 ,  G06K19/07 ,  H04B7/06

CPC classification number: G06K19/0712 ,  G06K19/0727 ,  H04B5/0037 ,  H04B7/0802

Abstract: A mobile communication device. The mobile communication device comprises a motherboard comprising a communication bus, a cellular radio frequency transceiver connected to the communication bus, a plurality of antennas, at least one of the antennas communicatively coupled to the cellular radio frequency transceiver, and a processor connected to the communication bus. The mobile communication device further comprises a radio frequency identity (RFID) chip connected to the communication bus, wherein the RFID chip comprises a memory, provides wireless read access to the memory, and provides write access to the memory to the communication bus. The mobile communication device further comprises an antenna switch to selectably couple at least one of the antennas to the RFID chip and an application that selects the antenna switch to couple one of the antennas to the RFID chip based on a state of the mobile communication device.

Abstract translation: 移动通信设备。 移动通信设备包括主板，其包括通信总线，连接到通信总线的蜂窝无线电频率收发器，多个天线，通信地耦合到蜂窝射频收发器的天线中的至少一个以及连接到通信的处理器 总线。 移动通信设备还包括连接到通信总线的射频识别（RFID）芯片，其中RFID芯片包括存储器，提供对存储器的无线读取访问，并且向通信总线提供对存储器的写访问。 移动通信设备还包括天线开关，其可选地将至少一个天线耦合到RFID芯片;以及应用，其基于移动通信设备的状态，选择天线开关将天线耦合到RFID芯片。

公开(公告)号：US09286594B1

公开(公告)日：2016-03-15

申请号：US14732846

申请日：2015-06-08

Applicant: Sprint Communications Company L.P.

Inventor： Kevin R. Cordes ,  Clinton Harry Loman ,  Lyle W. Paczkowski ,  Kenneth Ray Steele

IPC: G06Q10/08 ,  G06K19/07 ,  G06K19/077

CPC classification number: G06Q10/087 ,  G06K19/0709 ,  G06K19/07707 ,  G06K19/07758 ,  G06Q10/0875

Abstract: A visually readable electronic label is disclosed. The system comprises a radio frequency identity (RFID) component that is operable to store data, an antenna coupled to the radio frequency identity component that is operable for deriving electrical power from an incident radio frequency field, where the derived electrical power is the sole electrical power available to the electronic label and a display coupled to the radio frequency identity component that is operable to present a visual indication of the data when commanded by the radio frequency identity component and when electrical power derived from an incident radio frequency field is available.

公开(公告)号：US09208339B1

公开(公告)日：2015-12-08

申请号：US13964112

申请日：2013-08-12

Applicant: Sprint Communications Company L.P.

Inventor： Lyle W. Paczkowski ,  William M. Parsel ,  Carl J. Persson ,  Matthew Carl Schlesener

IPC: G06F9/00 ,  G06F21/62 ,  G06F21/72

CPC classification number: G06F21/6218 ,  G06F21/53 ,  G06F21/57 ,  G06F21/725 ,  G06F21/74

Abstract: Systems and methods for transmitting information between virtual environments comprising: copying a first virtual environment, wherein the first virtual environment comprises a plurality of original applications, a first clock, and a first trusted security zone to create a second virtual environment, wherein the second virtual environment comprises a copy of at least some applications of the plurality of original applications, a second clock, and a second trusted security zone. The first trusted security zone may receive a request from a copied application to engage in a transmission with an original application. The first trusted security zone may then determine if a nonce associated with the copied application is a verified nonce, wherein determining if the nonce is a verified nonce comprises comparing, by the first trusted security zone, the nonce associated with the copied application to a nonce associated with the at least one original application.

Abstract translation: 用于在虚拟环境之间传输信息的系统和方法，包括：复制第一虚拟环境，其中所述第一虚拟环境包括多个原始应用，第一时钟和第一可信安全区域以创建第二虚拟环境，其中所述第二虚拟环境 环境包括多个原始应用的至少一些应用的副本，第二时钟和第二可信安全区。 第一个受信任的安全区域可以从复制的应用程序接收到与原始应用程序进行传输的请求。 第一信任的安全区域然后可以确定与所复制的应用程序相关联的随机数是否是经过验证的随机数，其中确定该随机数是否是经过验证的随机数，包括将与所复制的应用程序相关联的随机数进行比较， 与至少一个原始应用相关联。

公开(公告)号：US09171243B1

公开(公告)日：2015-10-27

申请号：US13857138

申请日：2013-04-04

Applicant: Sprint Communications Company L.P.

Inventor： Kevin R. Cordes ,  Clinton H. Loman ,  Lyle W. Paczkowski ,  Kenneth R. Steele

IPC: H04Q5/22 ,  H04B5/00 ,  H04B7/00 ,  H04B1/00 ,  H04M3/00 ,  G06K19/073

CPC classification number: G06K19/07309 ,  G06Q10/20 ,  G06Q10/30 ,  H04M1/00 ,  H04M2250/04 ,  H04W4/80 ,  H04W12/06

Abstract: A method of maintaining a biographical digest of information stored in a radio frequency identity chip communicatively coupled to a motherboard of a mobile communication device. The method comprises determining and writing inception information to the radio frequency identity chip once and preventing later modification of the inception information by a biographical digest software layer stored in a memory of the mobile communication device and executed by a processor of the device. The method further comprises determining and writing current information to the radio frequency identity chip by the biographical digest software layer in response to triggering events.

Abstract translation: 维持存储在通信地耦合到移动通信设备的主板的射频识别芯片中的信息的传记摘要的方法。 该方法包括一旦确定和写入入射信息到射频识别芯片，并且防止由存储在移动通信设备的存储器中并由该设备的处理器执行的传记摘要软件层稍后修改开始信息。 该方法还包括响应于触发事件，由传记摘要软件层确定并将当前信息写入射频识别芯片。

公开(公告)号：US09104840B1

公开(公告)日：2015-08-11

申请号：US13786450

申请日：2013-03-05

Applicant: Sprint Communications Company L.P.

Inventor： Lyle W. Paczkowski ,  William M. Parsel ,  Carl J. Persson ,  Matthew C. Schlesener

IPC: G06F12/14 ,  G06F7/04 ,  G06F12/00 ,  G06F13/00 ,  G11C7/00 ,  G06F21/00

CPC classification number: G06F21/00 ,  G06F21/44 ,  G06F21/57 ,  G06F21/74

Abstract: Embodiments relate generally to methods and systems for creating and using a watermark for verification of operation in a trusted security zone of a mobile device. The watermark may be created or chosen by a user and may be unique to the user. The watermark may be stored in a trusted security zone of the mobile device and may not be accessible from any other area of the mobile device. The watermark may comprise one or more of an image, an audio file, a video, a shape, a signature, a word, a phrase, or a number. The watermark may be verified by a user before operation of a secure application executed in the trusted security zone of the mobile device, and the watermark may also be present throughout the use of a secure application.

Abstract translation: 实施例一般涉及用于创建和使用水印以验证移动设备的可信安全区域中的操作的方法和系统。 水印可以由用户创建或选择，并且可以是用户唯一的。 水印可以存储在移动设备的可信安全区域中，并且可能不能从移动设备的任何其他区域访问。 水印可以包括图像，音频文件，视频，形状，签名，单词，短语或数字中的一个或多个。 水印可以在用户在移动设备的可信安全区域中执行的安全应用的操作之前被验证，并且水印也可以在安全应用的整个使用中存在。

公开(公告)号：US09087318B1

公开(公告)日：2015-07-21

申请号：US14076164

申请日：2013-11-08

Applicant: Sprint Communications Company L.P.

Inventor： Kevin R. Cordes ,  Clinton Harry Loman ,  Lyle W. Paczkowski ,  Kenneth Ray Steele

IPC: G06K19/07 ,  G06Q10/08 ,  G06K19/077

CPC classification number: G06Q10/087 ,  G06K19/0709 ,  G06K19/07707 ,  G06K19/07758 ,  G06Q10/0875

Abstract: A visually readable electronic label is disclosed. The system comprises a radio frequency identity (RFID) component that is operable to store data, an antenna coupled to the radio frequency identity component that is operable for deriving electrical power from an incident radio frequency field, where the derived electrical power is the sole electrical power available to the electronic label and a display coupled to the radio frequency identity component that is operable to present a visual indication of the data when commanded by the radio frequency identity component and when electrical power derived from an incident radio frequency field is available.

Abstract translation: 公开了一种视觉可读的电子标签。 该系统包括可操作以存储数据的射频识别（RFID）组件，耦合到射频识别组件的天线，其可操作用于从入射射频场导出电功率，其中导出的电功率是唯一的电 可用于电子标签的电力和耦合到射频识别部件的显示器，其可操作以在由射频识别部件命令时以及当从入射射频场导出的电功率可用时呈现数据的视觉指示。

公开(公告)号：US20150169885A1

公开(公告)日：2015-06-18

申请号：US14148714

申请日：2014-01-06

Applicant: Sprint Communications Company L.P.

Inventor： Lyle W. Paczkowski ,  William M. Parsel ,  Carl J. Persson ,  Matthew C. Schlesener

IPC: G06F21/62

CPC classification number: G06F21/62 ,  G06F21/74 ,  G06F21/85

Abstract: A method of trusted data communication. The method comprises executing a data communication application in a trusted security zone of a processor, wherein the processor is a component of a computer, commanding a controller of a peripheral device to execute a control application in a trusted security zone of the controller, wherein the controller is a component of the computer, commanding at least one of another peripheral device or a user interface device to not access a data bus of the computer, verifying that the controller is executing the control application in the trusted security zone of the controller, sending data from the processor to the controller over the data bus of the computer, and the controller one of transmitting the data sent by the processor on an external communication link, reading a memory storage disk, or writing to a memory storage disk.

Abstract translation: 可信数据通信的方法。 该方法包括在处理器的可信安全区域中执行数据通信应用，其中处理器是计算机的组件，命令外围设备的控制器执行控制器的可信安全区域中的控制应用，其中， 控制器是计算机的组件，命令至少另一个外围设备或用户接口设备之一，以不访问计算机的数据总线，验证控制器正在执行控制器的可信安全区域中的控制应用程序，发送 通过计算机的数据总线从处理器到控制器的数据，以及控制器，用于在外部通信链路上发送由处理器发送的数据，读取存储器存储盘或写入到存储器存储盘。

公开(公告)号：US09049013B2

公开(公告)日：2015-06-02

申请号：US13831463

申请日：2013-03-14

Applicant: Sprint Communications Company L.P.

Inventor： Lyle W. Paczkowski ,  William M. Parsel ,  Carl J. Persson ,  Matthew C. Schlesener

IPC: G06F21/00 ,  H04L9/08 ,  G06Q10/00

CPC classification number: H04L9/0866 ,  G06Q10/00 ,  H04L2209/80 ,  H04W12/04 ,  H04W12/08 ,  H04W12/10

Abstract: Embodiments relate generally to systems and methods for providing access to a trusted security zone container within a trusted security zone of a mobile device. An application may receive trusted service manager validation data from a trusted service manager. The application may also receive a trusted security zone master key, wherein the trusted security zone master key provides access to a plurality of trusted security zone containers within the trusted security zone. The application may hash the trusted service manager validation data with the trusted security zone master key. The application may generate the trusted security zone sub key based on hashing to access one or more containers. One or more signal may be transmitted to provision the set of one or more trusted security zone containers with the trusted security zone sub key. The application may provide the sub key to the trusted service manager to access a container.

Abstract translation: 实施例一般涉及用于提供对移动设备的可信安全区域内的可信安全区域容器的访问的系统和方法。 应用程序可以从可信服务管理器接收受信任的服务管理器验证数据。 应用还可以接收可信安全区域主密钥，其中信任安全区域主密钥提供对可信安全区域内的多个可信安全区域容器的访问。 应用程序可以使用可信安全区域主密钥对受信任的服务管理器验证数据进行散列。 该应用可以基于散列来生成可访问的安全区域子密钥以访问一个或多个容器。 一个或多个信号可以被传输以将一个或多个受信任的安全区域集合的集合提供给信任的安全区域子密钥。 应用程序可以向可信服务管理器提供子密钥以访问容器。