公开(公告)号：US20120072979A1

公开(公告)日：2012-03-22

申请号：US13023985

申请日：2011-02-09

Applicant: Inhyok Cha ,  Andreas Schmidt ,  Andreas Leicher ,  Yogendra C. Shah ,  Louis J. Guccione ,  Dolores F. Howry

Inventor： Inhyok Cha ,  Andreas Schmidt ,  Andreas Leicher ,  Yogendra C. Shah ,  Louis J. Guccione ,  Dolores F. Howry

IPC: H04L9/32 ,  G06F21/00

CPC classification number: H04L63/0815 ,  G06F21/34 ,  G06F21/35 ,  G06F2221/2115 ,  H04L63/0853 ,  H04W12/06

Abstract: A trusted computing environment, such as a smartcard, UICC, Java card, global platform, or the like may be used as a local host trust center and a proxy for a single-sign on (SSO) provider. This may be referred to as a local SSO provider (OP). This may be done, for example, to keep authentication traffic local and to prevent over the air communications, which may burden an operator network. To establish the OP proxy in the trusted environment, the trusted environment may bind to the SSO provider in a number of ways. For example, the SSO provider may interoperate with UICC-based UE authentication or GBA. In this way, user equipment may leverage the trusted environment in order to provide increased security and reduce over the air communications and authentication burden on the OP or operator network.

Abstract translation: 可以使用诸如智能卡，UICC，Java卡，全球平台等的可信计算环境作为本地主机信任中心和用于单点登录（SSO）提供商的代理。 这可以被称为本地SSO提供商（OP）。 这可以被实现，例如，保持认证流量本地并且防止空中通信，这可能会对运营商网络造成负担。 要在受信任的环境中建立OP代理，可信环境可以通过多种方式绑定到SSO提供者。 例如，SSO提供商可以与基于UICC的UE认证或GBA进行互操作。 以这种方式，用户设备可以利用可信环境来提供增加的安全性并减少OP或运营商网络上的空中通信和认证负担。

公开(公告)号：US07991160B2

公开(公告)日：2011-08-02

申请号：US11736830

申请日：2007-04-18

Applicant: Louis J. Guccione ,  Inhyok Cha ,  Alexander Reznik ,  Chunxuan Ye ,  Renuka Racha

Inventor： Louis J. Guccione ,  Inhyok Cha ,  Alexander Reznik ,  Chunxuan Ye ,  Renuka Racha

IPC: H04K1/00

CPC classification number: H04L63/061 ,  H04L9/0875 ,  H04L9/0891 ,  H04L63/083 ,  H04L2209/80 ,  H04W12/02 ,  H04W12/04 ,  H04W80/02

Abstract: A wireless transmit/receive unit (WTRU) and a Node B, respectively, perform joint randomness not shared by others (JRNSO) measurement to generate JRNSO bits based on a channel estimate between the WTRU and the Node B. The WTRU and the Node B then perform a reconciliation procedure to generate a common JRNSO bits. The Node B sends the common JRNSO bits to a serving network. The WTRU and the SN secure a session key (such as an integrity key, a cipher key and an anonymity key), using the common JRNSO bits. The JRNSO measurements are performed on an on-going basis, and the session key is updated using a new set of common JRNSO bits. The JRNSO bits may be expanded by using a pseudorandom number generator (PNG) or a windowing technique. A handover may be intentionally induced to increase the JRNSO bits generation rate.

Abstract translation: 无线发送/接收单元（WTRU）和节点B分别基于WTRU和节点B之间的信道估计来执行其他人不共享的联合随机（JRNSO）测量以生成JRNSO比特。WTRU和节点B 然后执行协调过程以生成一个常见的JRNSO位。 节点B将公共JRNSO比特发送到服务网络。 WTRU和SN使用公共JRNSO比特来保护会话密钥（诸如完整性密钥，加密密钥和匿名密钥）。 JRNSO测量是在持续的基础上执行的，会话密钥使用一组常见的JRNSO位进行更新。 可以通过使用伪随机数生成器（PNG）或开窗技术来扩展JRNSO比特。 可以有意地引起切换以增加JRNSO比特生成速率。

公开(公告)号：US20110099605A1

公开(公告)日：2011-04-28

申请号：US12763827

申请日：2010-04-20

Applicant: Inhyok Cha ,  Louis J. Guccione ,  Yogendra C. Shah ,  Andreas U. Schmidt ,  Sudhir B. Pattar

Inventor： Inhyok Cha ,  Louis J. Guccione ,  Yogendra C. Shah ,  Andreas U. Schmidt ,  Sudhir B. Pattar

IPC: G06F15/173 ,  G06F21/00

CPC classification number: H04W12/06 ,  H04L63/20 ,  H04W12/04

Abstract: Methods and instrumentalities are disclosed that enable one or more domains on one or more devices to be owned or controlled by one or more different local or remote owners, while providing a level of system-wide management of those domains. Each domain may have a different owner, and each owner may specify policies for operation of its domain and for operation of its domain in relation to the platform on which the domain resides, and other domains. A system-wide domain manager may be resident on one of the domains. The system-wide domain manager may enforce the policies of the domain on which it is resident, and it may coordinate the enforcement of the other domains by their respective policies in relation to the domain in which the system-wide domain manager resides. Additionally, the system-wide domain manager may coordinate interaction among the other domains in accordance with their respective policies.

Abstract translation: 公开了使一个或多个设备上的一个或多个域由一个或多个不同的本地或远程所有者拥有或控制的方法和手段，同时提供这些域的系统范围管理级别。 每个域可以具有不同的所有者，并且每个所有者可以指定用于其域的操作的策略以及关于域所在的平台以及其他域的其域的操作。 系统范围的域管理员可能驻留在其中一个域上。 全系统域管理员可以强制执行其驻留的域的策略，并且可以通过其相关于与全系统域管理员所在的域相关的策略来协调其他域的强制。 另外，系统范围的域管理器可以根据各自的策略协调其他域之间的交互。

公开(公告)号：US07697626B2

公开(公告)日：2010-04-13

申请号：US11377152

申请日：2006-03-16

Applicant: Jin Wang ,  Arty Chandra ,  Inhyok Cha ,  Yingxue Li

Inventor： Jin Wang ,  Arty Chandra ,  Inhyok Cha ,  Yingxue Li

IPC: H04L1/02

CPC classification number: H04B7/0695 ,  H04B7/088 ,  H04L1/0003 ,  H04L1/0009 ,  H04L1/0025

Abstract: A method and apparatus for selecting a beam combination of beam switched antennas in a multiple-input multiple-output (MIMO) wireless communication system including a first node and a second node. The first node sends a plurality of modulation and coding scheme (MCS) requests to the second node. Each of the plurality of MCS requests is sent using a particular beam combination. The second node receives the MCS requests and generates MCS feedback signals for each of the MCS requests. Each MCS feedback signal includes an MCS recommendation for the particular beam. The first node selects a beam combination for communicating with the second node based on the MCS recommendations.

Abstract translation: 一种用于在包括第一节点和第二节点的多输入多输出（MIMO）无线通信系统中选择波束切换天线的波束组合的方法和装置。 第一节点向第二节点发送多个调制和编码方案（MCS）请求。 使用特定的波束组合发送多个MCS请求中的每一个。 第二节点接收MCS请求，并为每个MCS请求生成MCS反馈信号。 每个MCS反馈信号包括针对特定波束的MCS推荐。 第一节点基于MCS建议选择用于与第二节点进行通信的波束组合。

公开(公告)号：US20100062808A1

公开(公告)日：2010-03-11

申请号：US12546827

申请日：2009-08-25

Applicant: Inhyok Cha ,  Andreas U. Schmidt ,  Yogendra C. Shah ,  Michael V. Meyerstein

Inventor： Inhyok Cha ,  Andreas U. Schmidt ,  Yogendra C. Shah ,  Michael V. Meyerstein

IPC: H04B1/38 ,  G06F21/00

CPC classification number: H04W12/08 ,  G06Q20/3229 ,  G06Q20/351 ,  G06Q20/35765 ,  G07F7/1008 ,  H04W12/0806 ,  H04W12/10

Abstract: Universal integrated circuit card (UICC) having a virtual subscriber identity module functionality is disclosed. A wireless transmit/receive unit (WTRU) comprises a mobile equipment (ME) configured to perform wireless communication and a UICC. The UICC is configured to perform security functionalities. The UICC supports multiple isolated domains including UICC issuer's domain. Each domain is owned by a separate owner so that each owner stores and executes an application on the UICC under a control of an UICC issuer and the UICC issuer's domain controls creation and deletion of other domains and defines and enforces security rules for authorizing third parties to have an access to the domains. The UICC is configured to verify integrity of operating system functions and applications stored on the UICC. The UICC is configured to control an access to information regarding applications according to security policies stored within the UICC.

Abstract translation: 公开了具有虚拟用户识别模块功能的通用集成电路卡（UICC）。 无线发射/接收单元（WTRU）包括被配置为执行无线通信的移动设备（ME）和UICC。 UICC配置为执行安全功能。 UICC支持多个隔离域，包括UICC发行者域。 每个域由单独的所有者拥有，以便每个所有者在UICC发行者的控制下在UICC上存储和执行应用程序，并且UICC发行人的域控制其他域的创建和删除，并定义和执行授权第三方的安全规则 可以访问域。 UICC配置为验证存储在UICC上的操作系统功能和应用程序的完整性。 UICC被配置为根据存储在UICC内的安全策略来控制对应用信息的访问。

公开(公告)号：US20090209232A1

公开(公告)日：2009-08-20

申请号：US12246064

申请日：2008-10-06

Applicant: Inhyok Cha ,  Chinmayee V. Rathi ,  Yogendra C. Shah ,  Louis J. Guccione ,  Andreas U. Schmidt ,  Nicolai Kuntze

Inventor： Inhyok Cha ,  Chinmayee V. Rathi ,  Yogendra C. Shah ,  Louis J. Guccione ,  Andreas U. Schmidt ,  Nicolai Kuntze

IPC: H04M1/66

CPC classification number: H04L63/0428 ,  H04L63/06 ,  H04L63/0853 ,  H04W12/04

Abstract: The present invention is related to a wireless communication system. 3G UMTS mobile phone systems rely on a protected smart card called the UMTS integrated circuit card (UICC) that provides UMTS subscriber identity module (USIM) applications as a basis or root of various security measures protecting the communication path between the 3G mobile terminal and the UMTS wireless network (or UTRAN). Disclosed is a method by which the UICC exchanges information with a terminal, such as an Internal Key Center (IKC 1250) and a Bootstrapping Server Function (BSF 1270) enables a procedure where multiple local keys specific to applications and Network Application Functions (NAFs) (Ks_local) are used for authentication and to encrypt and decrypt messages.

Abstract translation: 本发明涉及无线通信系统。 3G UMTS移动电话系统依赖于被称为UMTS集成电路卡（UICC）的受保护的智能卡，其提供UMTS用户识别模块（USIM）应用，作为保护3G移动终端与3G移动终端之间的通信路径的各种安全措施的基础或根源 UMTS无线网络（或UTRAN）。 本发明公开了一种UICC与诸如内部密钥中心（IKC 1250）和引导服务器功能（BSF 1270）之类的终端交换信息的方法，能够实现特定于应用和网络应用功能（NAF）的多个本地密钥的过程， （Ks_local）用于认证和加密和解密消息。

公开(公告)号：US20090125996A1

公开(公告)日：2009-05-14

申请号：US12234146

申请日：2008-09-19

Applicant: Louis J. Guccione ,  Andreas U. Schmidt ,  Nicolai Kuntze ,  Michael Kasper ,  Yogendra C. Shah ,  Inhyok Cha

Inventor： Louis J. Guccione ,  Andreas U. Schmidt ,  Nicolai Kuntze ,  Michael Kasper ,  Yogendra C. Shah ,  Inhyok Cha

IPC: G06F21/00

CPC classification number: H04L9/321 ,  H04L63/0853 ,  H04W8/265 ,  H04W12/0023 ,  H04W12/06

Abstract: A mobile trusted platform (MTP) configured to provide virtual subscriber identify module (vSIM) services is disclosed. In one embodiment, the MTP includes: a device manufacturer-trusted subsystem (TSS-DM) configured to store and provide credentials related to a manufacturer of the MTP; a mobile network operator-trusted subsystem (MNO-TSS) configured to store and provide credentials related to a mobile network operator (MNO); and a device user/owner-trusted subsystem (TSS-DO/TSS-U) configured to store and provide credentials related to user of the MTP. The TSS-MNO includes a vSIM core services unit, configured to store, provide and process credential information relating to the MNO. The TSS-DO/TSS-U includes a vSIM management unit, configured to store, provide and process credential information relating to the user/owner of the MTP. The TSS-DO/TSS-U and the TSS-MNO communicate through a trusted vSIM service.

公开(公告)号：US20080189250A1

公开(公告)日：2008-08-07

申请号：US11854265

申请日：2007-09-12

Applicant: Inhyok Cha ,  Debashish Purkayastha ,  Richard D. Herschaft ,  Yogendra C. Shah

Inventor： Inhyok Cha ,  Debashish Purkayastha ,  Richard D. Herschaft ,  Yogendra C. Shah

IPC: G06F17/30 ,  H04L9/00 ,  G06Q30/00

CPC classification number: G06F21/10 ,  G06F21/6227 ,  G06F21/6245 ,  G06F2221/2145 ,  H04L9/00 ,  H04L2209/127 ,  H04L2209/603 ,  H04L2209/80

Abstract: An embodiment is related to a database system for protecting data privacy and efficient organization of data. An enhanced database system comprises a DBMS, a data classifier, a database of applications and a rules and policy unit. The DBMS includes a query processor for processing a query from a user. The rules and policy unit outputs a pointer to a node within the data classification tree based on several criteria. In accordance with another embodiment, a DBMS residing within a communication network organizes data related to the ID of mobile users. In accordance with another embodiment, an enhanced database system comprises a DRM user agent and a DBMS. The DRM user agent receives a CO protected by DRM. The DBMS stores the CO and controls access to the CO based on restrictions specified in an RO associated with the CO.

Abstract translation: 一个实施例涉及用于保护数据隐私和有效组织数据的数据库系统。 增强的数据库系统包括DBMS，数据分类器，应用数据库以及规则和策略单元。 DBMS包括用于处理来自用户的查询的查询处理器。 规则和策略单元基于几个标准输出指向数据分类树中的节点的指针。 根据另一实施例，驻留在通信网络内的DBMS组织与移动用户的ID相关的数据。 根据另一个实施例，增强数据库系统包括DRM用户代理和DBMS。 DRM用户代理接收受DRM保护的CO。 DBMS存储CO并根据与CO相关联的RO中规定的限制来控制对CO的访问。

公开(公告)号：US20080046758A1

公开(公告)日：2008-02-21

申请号：US11744304

申请日：2007-05-04

Applicant: Inhyok Cha ,  Amit Singhal ,  Yogendra Shah

Inventor： Inhyok Cha ,  Amit Singhal ,  Yogendra Shah

IPC: G06F12/14 ,  H04L9/00

CPC classification number: G06F21/10 ,  G06F21/57 ,  H04L9/3247 ,  H04L63/12 ,  H04L63/20

Abstract: The present invention discloses several methods to strengthen the integrity of entities, messages, and processing related to content distribution as defined by the Open Mobile Alliance (OMA) Digital Rights Management (DRM). The methods use techniques related to the Trusted Computing Group (TCG) specifications. A first embodiment uses TCG techniques to verify platform and DRM software integrity or trustworthiness, both with and without modifications to the DRM rights object acquisition protocol (ROAP) and DRM content format specifications. A second embodiment uses TCG techniques to strengthen the integrity of ROAP messages, constituent information, and processing without changing the existing ROAP protocol. A third embodiment uses TCG techniques to strengthen the integrity of the ROAP messages, information, and processing with some changes to the existing ROAP protocol.

Abstract translation: 本发明公开了加强与由开放移动联盟（OMA）数字版权管理（DRM）定义的内容分发有关的实体，消息和处理的完整性的几种方法。 该方法使用与可信计算组（TCG）规范相关的技术。 第一实施例使用TCG技术来验证平台和DRM软件完整性或可信赖性，无论是否修改DRM权限对象获取协议（ROAP）和DRM内容格式规范。 第二实施例使用TCG技术来加强ROAP消息，组成信息和处理的完整性，而不改变现有的ROAP协议。 第三个实施例使用TCG技术来加强ROAP消息，信息和处理的完整性，并对现有的ROAP协议进行一些改变。

公开(公告)号：US20060264184A1

公开(公告)日：2006-11-23

申请号：US11352631

申请日：2006-02-13

Applicant: Yingxue Li ,  Inhyok Cha ,  Jungwoo Lee

Inventor： Yingxue Li ,  Inhyok Cha ,  Jungwoo Lee

IPC: H04B1/02 ,  H04M1/00 ,  H04B7/02

CPC classification number: H04B7/088 ,  H01Q3/24 ,  H04B7/0695 ,  H04B7/0697 ,  H04B17/309 ,  H04B17/318 ,  H04B17/336 ,  H04B17/382

Abstract: A method and apparatus for selecting a beam combination of multiple-input multiple-output (MIMO) antennas are disclosed. A wireless transmit/receive unit (WTRUs) includes a plurality of antennas to generate a plurality of beams for supporting MIMO. At least one antenna is configured to generate multiple beams, such that various beam combinations can be produced and a desired beam combination selected for conducting wireless communication with another WTRU. A quality metric is measured with respect to each or subset of the possible beam combinations. A desired beam combination for MIMO transmission and reception is selected based on the quality metric measurements.

Abstract translation: 公开了一种用于选择多输入多输出（MIMO）天线的波束组合的方法和装置。 无线发射/接收单元（WTRU）包括多个天线以产生用于支持MIMO的多个波束。 至少一个天线被配置为产生多个波束，使得可以产生各种波束组合，并且选择用于与另一个WTRU进行无线通信的期望波束组合。 相对于可能的波束组合的每个或子集来测量质量度量。 基于质量度量测量来选择用于MIMO传输和接收的期望的波束组合。