公开(公告)号：US20180091978A1

公开(公告)日：2018-03-29

申请号：US15830442

申请日：2017-12-04

Applicant: InterDigital Patent Holdings, Inc.

Inventor： Yogendra C. Shah ,  Michael V. Meyerstein ,  Inhyok Cha ,  Andreas Schmidt

IPC: H04W12/08 ,  G06Q20/34 ,  G07F7/10 ,  G06Q20/32 ,  H04W12/10

CPC classification number: H04W12/08 ,  G06Q20/3229 ,  G06Q20/351 ,  G06Q20/35765 ,  G07F7/1008 ,  H04W12/0806 ,  H04W12/10

Abstract: Universal integrated circuit card (UICC) having a virtual subscriber identity module functionality is disclosed. A wireless transmit/receive unit (WTRU) comprises a mobile equipment (ME) configured to perform wireless communication and a UICC. The UICC is configured to perform security functionalities. The UICC supports multiple isolated domains including UICC issuer's domain. Each domain is owned by a separate owner so that each owner stores and executes an application on the UICC under a control of an UICC issuer and the UICC issuer's domain controls creation and deletion of other domains and defines and enforces security rules for authorizing third parties to have an access to the domains. The UICC is configured to verify integrity of operating system functions and applications stored on the UICC. The UICC is configured to control an access to information regarding applications according to security policies stored within the UICC.

公开(公告)号：US20160306975A1

公开(公告)日：2016-10-20

申请号：US15193348

申请日：2016-06-27

Applicant: InterDigital Patent Holdings, Inc.

Inventor： Andreas Schmidt ,  Andreas Leicher ,  Inhyok Cha ,  Sudhir B. Pattar ,  Yogendra C. Shah

IPC: G06F21/57 ,  H04W12/10 ,  H04W12/08

CPC classification number: G06F21/57 ,  G06F16/2246 ,  G06F21/53 ,  G06F21/64 ,  G06F2221/034 ,  H04L9/3234 ,  H04L9/3265 ,  H04L63/02 ,  H04L63/123 ,  H04L63/126 ,  H04L2209/30 ,  H04L2209/805 ,  H04W4/70 ,  H04W12/08 ,  H04W12/10

Abstract: Systems, methods, and apparatus are provided for generating verification data that may be used for validation of a wireless transmit-receive unit (WTRU). The verification data may be generated using a tree structure having protected registers, represented as root nodes, and component measurements, represented as leaf nodes. The verification data may be used to validate the WTRU. The validation may be performed using split-validation, which is a form of validation described that distributes validation tasks between two or more network entities. Subtree certification is also described, wherein a subtree of the tree structure may be certified by a third party.

公开(公告)号：US09380024B2

公开(公告)日：2016-06-28

申请号：US14611770

申请日：2015-02-02

Applicant: Interdigital Patent Holdings, Inc.

Inventor： Andreas Schmidt ,  Andreas Leicher ,  Inhyok Cha ,  Sudhir B Pattar ,  Yogendra C Shah

IPC: H04L29/06 ,  H04L9/32 ,  H04W12/10 ,  G06F17/30 ,  H04W12/08 ,  G06F21/57

CPC classification number: G06F21/57 ,  G06F17/30327 ,  G06F21/53 ,  G06F21/64 ,  G06F2221/034 ,  H04L9/3234 ,  H04L9/3265 ,  H04L63/02 ,  H04L63/123 ,  H04L63/126 ,  H04L2209/30 ,  H04L2209/805 ,  H04W4/70 ,  H04W12/08 ,  H04W12/10

Abstract: Systems, methods, and apparatus are provided for generating verification data that may be used for validation of a wireless transmit-receive unit (WTRU). The verification data may be generated using a tree structure having protected registers, represented as root nodes, and component measurements, represented as leaf nodes. The verification data may be used to validate the WTRU. The validation may be performed using split-validation, which is a form of validation described that distributes validation tasks between two or more network entities. Subtree certification is also described, wherein a subtree of the tree structure may be certified by a third party.

公开(公告)号：US20150172269A1

公开(公告)日：2015-06-18

申请号：US14570680

申请日：2014-12-15

Applicant: InterDigital Patent Holdings, Inc.

Inventor： Inhyok Cha ,  Andreas Leicher ,  Andreas Schmidt ,  Louis J. Guccione ,  Yogendra C. Shah ,  Yousif Targali

IPC: H04L29/06

CPC classification number: H04L63/08 ,  H04L9/0816 ,  H04L9/32 ,  H04L12/2856 ,  H04L63/0815 ,  H04L63/102 ,  H04L63/205 ,  H04W12/04031 ,  H04W12/06

Abstract: Wireless telecommunications networks may implement various forms of authentication. There are a variety of different user and device authentication protocols that follow a similar network architecture, involving various network entities such as a user equipment (UE), a service provider (SP), and an authentication endpoint (AEP). To select an acceptable authentication protocol or credential for authenticating a user or UE, authentication protocol negotiations may take place between various network entities. For example, negotiations may take place in networks implementing a single-sign on (SSO) architecture and/or networks implementing a Generic Bootstrapping Architecture (GBA).

Abstract translation: 无线电信网络可以实现各种形式的认证。 存在各种不同的用户和设备认证协议，其遵循类似的网络架构，涉及诸如用户设备（UE），服务提供商（SP）和认证端点（AEP）的各种网络实体。 为了选择用于验证用户或UE的可接受的认证协议或凭证，认证协议协商可以在各种网络实体之间进行。 例如，可以在实现单点登录（SSO）架构和/或实现通用引导架构（GBA）的网络的网络中进行协商。

公开(公告)号：US20180121661A1

公开(公告)日：2018-05-03

申请号：US15842594

申请日：2017-12-14

Applicant: InterDigital Patent Holdings, Inc.

Inventor： Louis J. Guccione ,  Michael V. Meyerstein ,  Inhyok Cha ,  Andreas Schmidt ,  Andreas Leicher ,  Yogendra C. Shah

IPC: G06F21/60 ,  H04W12/12 ,  H04L29/06 ,  H04W12/08 ,  G06F21/10 ,  G06F21/62 ,  H04W12/10

CPC classification number: G06F21/604 ,  G06F21/10 ,  G06F21/6218 ,  H04L63/00 ,  H04L63/205 ,  H04W12/08 ,  H04W12/0806 ,  H04W12/10 ,  H04W12/12

Abstract: Methods and instrumentalities are disclosed that enable one or more domains on one or more devices to be owned or controlled by one or more different local or remote owners, while providing a level of system-wide management of those domains. Each domain may have a different owner, and each owner may specify policies for operation of its domain and for operation of its domain in relation to the platform on which the domain resides, and other domains. A system-wide domain manager may be resident on one of the domains. The system-wide domain manager may enforce the policies of the domain on which it is resident, and it may coordinate the enforcement of the other domains by their respective policies in relation to the domain in which the system-wide domain manager resides. Additionally, the system-wide domain manager may coordinate interaction among the other domains in accordance with their respective policies. A domain application may be resident on one of the domains. The domain application may be ported to the platform based on a relationship between at least one domain owner and at least one other domain owner of the one or more domains.

公开(公告)号：US09396361B2

公开(公告)日：2016-07-19

申请号：US13949677

申请日：2013-07-24

Applicant: InterDigital Patent Holdings, Inc.

Inventor： Andreas Schmidt ,  Christian Hett ,  Yogendra C. Shah ,  Inhyok Cha

IPC: G06F21/44 ,  G06F21/81 ,  G06F21/72 ,  H04L29/06 ,  H04W12/10

CPC classification number: G06F21/81 ,  G06F21/725 ,  H04L63/123 ,  H04L2463/101 ,  H04L2463/121 ,  H04W12/10

Abstract: A method and apparatus to establish a trustworthy local time based on trusted computing methods are described. The concepts are scaling because they may be graded by the frequency and accuracy with which a reliable external time source is available for correction and/or reset, and how trustworthy this external source is in a commercial scenario. The techniques also take into account that the number of different paths and number of hops between the device and the trusted external time source may vary. A local clock related value which is protected by a TPM securely bound to an external clock. A system of Accuracy Statements (AS) is added to introduce time references to the audit data provided by other maybe cheaper sources than the time source providing the initial time.

Abstract translation: 描述了基于可信计算方法建立可靠的本地时间的方法和装置。 概念是缩放，因为它们可以通过可靠的外部时间源可用于校正和/或重置的频率和准确度进行分级，并且在商业场景中该外部源是如何可信赖的。 这些技术还考虑到设备与受信任的外部时间源之间的不同路径和跳数的数量可能会有所不同。 由TPM保护的本地时钟相关值安全地绑定到外部时钟。 添加准确性声明（AS）的系统来引入时间参考，以提供其他可能比提供初始时间的时间源更便宜的源提供的审计数据。

公开(公告)号：US20160044440A1

公开(公告)日：2016-02-11

申请号：US14857966

申请日：2015-09-18

Applicant: InterDigital Patent Holdings, Inc.

Inventor： Inhyok Cha ,  Michael Meyerstein ,  Yogendra C. Shah ,  Andreas Schmidt

IPC: H04W4/00 ,  H04L9/08 ,  H04W12/10 ,  H04W12/08

CPC classification number: H04W4/70 ,  G06F21/57 ,  G06F21/575 ,  G06F2221/2101 ,  G06F2221/2105 ,  G06F2221/2151 ,  G06F2221/2153 ,  H04L9/08 ,  H04L9/3234 ,  H04L63/062 ,  H04L63/0823 ,  H04L63/12 ,  H04L63/20 ,  H04L67/10 ,  H04L67/125 ,  H04W4/00 ,  H04W4/50 ,  H04W8/06 ,  H04W12/0023 ,  H04W12/00518 ,  H04W12/06 ,  H04W12/08 ,  H04W12/10 ,  H04W24/00 ,  H04W84/22

Abstract: A method and apparatus for performing secure Machine-to-Machine (M2M) provisioning and communication is disclosed. In particular a temporary private identifier, or provisional connectivity identification (PCID), for uniquely identifying machine-to-machine equipment (M2ME) is also disclosed. Additionally, methods and apparatus for use in validating, authenticating and provisioning a M2ME is also disclosed. The validation procedures disclosed include an autonomous, semi-autonomous, and remote validation are disclosed. The provisioning procedures include methods for re-provisioning the M2ME. Procedures for updating software, and detecting tampering with the M2ME are also disclosed.

Abstract translation: 公开了一种用于执行安全的机器对机器（M2M）供应和通信的方法和装置。 特别地，还公开了用于唯一地识别机器对机器设备（M2ME）的临时专用标识符或临时连接性标识（PCID）。 此外，还公开了用于验证，认证和供应M2ME的方法和装置。 所公开的验证程序包括自主，半自主和远程验证。 配置过程包括重新配置M2ME的方法。 还公开了更新软件的程序和检测M2ME的篡改。

公开(公告)号：US20140365777A1

公开(公告)日：2014-12-11

申请号：US14465491

申请日：2014-08-21

Applicant: InterDigital Patent Holdings, Inc.

Inventor： Inhyok Cha ,  Louis J. Guccione ,  Andreas Schmidt ,  Andreas Leicher ,  Yogendra C. Shah

IPC: H04L9/08 ,  H04L29/06

CPC classification number: H04L9/0819 ,  G06F21/335 ,  G06F21/42 ,  G06F21/53 ,  G06F21/575 ,  G06F2221/2107 ,  G06F2221/2149 ,  H04L9/3271 ,  H04L63/0272 ,  H04L63/062 ,  H04L63/0869 ,  H04L63/168 ,  H04L67/02 ,  H04L67/42 ,  H04W12/02 ,  H04W12/04031 ,  H04W12/06

Abstract: Secure communications may be established amongst network entities for performing authentication and/or verification of the network entities. For example, a user equipment (UE) may establish a secure channel with an identity provider, capable of issuing user identities for authentication of the user/UE. The UE may also establish a secure channel with a service provider, capable of providing services to the UE via a network. The identity provider may even establish a secure channel with the service provider for performing secure communications. The establishment of each of these secure channels may enable each network entity to authenticate to the other network entities. The secure channels may also enable the UE to verify that the service provider with which it has established the secure channel is an intended service provider for accessing services.

Abstract translation: 可以在用于执行网络实体的认证和/或验证的网络实体之间建立安全通信。 例如，用户设备（UE）可以建立具有身份提供商的安全信道，能够发出用户/ UE用户身份。 UE还可以与服务提供商建立安全信道，能够经由网络向UE提供服务。 身份提供商甚至可以与服务提供商建立用于执行安全通信的安全信道。 这些安全信道中的每一个的建立可以使每个网络实体能够对其他网络实体进行认证。 安全信道还可以使得UE能够验证其已建立安全信道的服务提供商是用于接入服务的预期服务提供商。

公开(公告)号：US09924366B2

公开(公告)日：2018-03-20

申请号：US14699509

申请日：2015-04-29

Applicant: InterDigital Patent Holdings, Inc.

Inventor： Andreas Schmidt ,  David G. Greiner ,  Louis J. Guccione ,  Dolores F. Howry ,  Michael V. Meyerstein ,  Sudhir B. Pattar ,  Yogendra C. Shah ,  Inhyok Cha ,  Andreas Leicher ,  Lawrence Case

IPC: H04W12/10 ,  H04W12/08 ,  H04W12/06

CPC classification number: H04W12/10 ,  G06F21/44 ,  G06F21/57 ,  H04L63/123 ,  H04W12/06 ,  H04W12/08

Abstract: Methods, components and apparatus for implementing platform validation and management (PVM) are disclosed. PVM provides the functionality and operations of a platform validation entity with remote management of devices by device management components and systems such as a home node-B management system or component. Example PVM operations bring devices into a secure target state before allowing connectivity and access to a core network.

公开(公告)号：US20170199777A1

公开(公告)日：2017-07-13

申请号：US15471591

申请日：2017-03-28

Applicant: InterDigital Patent Holdings, Inc.

Inventor： Yogendra C. Shah ,  Lawrence Case ,  Dolores F. Howry ,  Inhyok Cha ,  Andreas Leicher ,  Andreas Schmidt

IPC: G06F11/07

CPC classification number: G06F11/0709 ,  G06F11/0751 ,  G06F11/079 ,  G06F11/0793 ,  G06F11/08 ,  G06F21/10 ,  G06F21/575 ,  G06F2221/2103 ,  G06F2221/2111 ,  H04L63/123 ,  H04M1/24 ,  H04W8/22 ,  H04W12/0023 ,  H04W12/10 ,  H04W24/02

Abstract: A wireless communications device may be configured to perform integrity checking and interrogation with a network entity to isolate a portion of a failed component on the wireless network device for remediation. Once an integrity failure is determined on a component of the device, the device may identify a functionality associated with the component and indicate the failed functionality to the network entity. Both the wireless network device and the network entity may identify the failed functionality and/or failed component using a component-to-functionality map. After receiving an indication of an integrity failure at the device, the network entity may determine that one or more additional iterations of integrity checking may be performed at the device to narrow the scope of the integrity failure on the failed component. Once the integrity failure is isolated, the network entity may remediate a portion of the failed component on the wireless communications device.