公开(公告)号：US20190007406A1

公开(公告)日：2019-01-03

申请号：US16044686

申请日：2018-07-25

Applicant: InterDigital Patent Holdings, Inc.

Inventor： Vinod Kumar Choyi ,  Yogendra C. Shah ,  Michael V. Meyerstein ,  Louis J. Guccione

IPC: H04L29/06 ,  H04W12/06

Abstract: Authentication of a user or a wireless transmit/receive unit may be based on an obtained measure of authentication strength, which may referred to as an assurance level. For example, a user, via a WTRU, may request access to a service controlled by an access control entity (ACE). The user may be authenticated with a user authenticator and assertion function (UAAF), producing a result. A user assertion may be provided that includes the user authentication result, a user assurance level, and/or a user freshness level. The WTRU may be authenticated with a device authenticator and assertion function (DAAF), producing an associated result. A device assertion may be provided that may include the device authentication result, a device assurance level, and/or a device freshness level. The assertions may be bound together to receive access to a service or resource.

公开(公告)号：US20180212962A1

公开(公告)日：2018-07-26

申请号：US15747558

申请日：2016-08-01

Applicant: INTERDIGITAL PATENT HOLDINGS, INC.

Inventor： Alexander Reznik ,  Yogendra C. Shah

IPC: H04L29/06 ,  H04W12/06 ,  H04W8/18 ,  H04L9/32 ,  H04W12/08 ,  H04W12/04

CPC classification number: H04L63/0876 ,  H04L9/3213 ,  H04W8/18 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08

Abstract: Approaches may be used for enabling coordinated identity management between an operator-managed mobile edge platform (MEP) and an external network. A token may be generated in the MEP that may associate a mobile network identity and an external network identity. The token may be negotiated on a per-session basis or on a per-wireless transmit/receive unit (WTRU) identity (WTRU-ID) basis. In an example method performed by a WTRU camped on a small cell network covered by the MEP, an enterprise bring your own device (BYOD) client (EBC) application may establish a secure link with an enterprise BYOD agent (EBA) application running on the MEP using an initial connection procedure. The EBC application may initiate an application-level authentication procedure with an enhanced evolved packet core (EPC) network. The EBC application may generate and provide a token to the EBA application via the established secure link.

公开(公告)号：US20180121661A1

公开(公告)日：2018-05-03

申请号：US15842594

申请日：2017-12-14

Applicant: InterDigital Patent Holdings, Inc.

Inventor： Louis J. Guccione ,  Michael V. Meyerstein ,  Inhyok Cha ,  Andreas Schmidt ,  Andreas Leicher ,  Yogendra C. Shah

IPC: G06F21/60 ,  H04W12/12 ,  H04L29/06 ,  H04W12/08 ,  G06F21/10 ,  G06F21/62 ,  H04W12/10

CPC classification number: G06F21/604 ,  G06F21/10 ,  G06F21/6218 ,  H04L63/00 ,  H04L63/205 ,  H04W12/08 ,  H04W12/0806 ,  H04W12/10 ,  H04W12/12

Abstract: Methods and instrumentalities are disclosed that enable one or more domains on one or more devices to be owned or controlled by one or more different local or remote owners, while providing a level of system-wide management of those domains. Each domain may have a different owner, and each owner may specify policies for operation of its domain and for operation of its domain in relation to the platform on which the domain resides, and other domains. A system-wide domain manager may be resident on one of the domains. The system-wide domain manager may enforce the policies of the domain on which it is resident, and it may coordinate the enforcement of the other domains by their respective policies in relation to the domain in which the system-wide domain manager resides. Additionally, the system-wide domain manager may coordinate interaction among the other domains in accordance with their respective policies. A domain application may be resident on one of the domains. The domain application may be ported to the platform based on a relationship between at least one domain owner and at least one other domain owner of the one or more domains.

公开(公告)号：US20170188235A1

公开(公告)日：2017-06-29

申请号：US15455412

申请日：2017-03-10

Applicant: InterDigital Patent Holdings, Inc.

Inventor： Liang Xiao ,  Chunxuan Ye ,  Suhas Mathur ,  Yogendra C. Shah ,  Alexander Reznik

IPC: H04W12/06 ,  H04L9/32

CPC classification number: H04W12/06 ,  H04L9/0875 ,  H04L9/3226 ,  H04L9/3236 ,  H04L2209/38 ,  H04L2209/805 ,  H04W12/003

Abstract: A method and apparatus for use in authentication for secure wireless communication is provided. A received signal is physically authenticated and higher layer processed. Physical authentication includes performing hypothesis testing using a channel impulse response (CIR) measurement of the received signal and predetermined referenced data. Higher layer processing includes validating the signal using a one-way hash chain value in the signal. Once a signal is authenticated, secure wireless communication is performed.

公开(公告)号：US09396361B2

公开(公告)日：2016-07-19

申请号：US13949677

申请日：2013-07-24

Applicant: InterDigital Patent Holdings, Inc.

Inventor： Andreas Schmidt ,  Christian Hett ,  Yogendra C. Shah ,  Inhyok Cha

IPC: G06F21/44 ,  G06F21/81 ,  G06F21/72 ,  H04L29/06 ,  H04W12/10

CPC classification number: G06F21/81 ,  G06F21/725 ,  H04L63/123 ,  H04L2463/101 ,  H04L2463/121 ,  H04W12/10

Abstract: A method and apparatus to establish a trustworthy local time based on trusted computing methods are described. The concepts are scaling because they may be graded by the frequency and accuracy with which a reliable external time source is available for correction and/or reset, and how trustworthy this external source is in a commercial scenario. The techniques also take into account that the number of different paths and number of hops between the device and the trusted external time source may vary. A local clock related value which is protected by a TPM securely bound to an external clock. A system of Accuracy Statements (AS) is added to introduce time references to the audit data provided by other maybe cheaper sources than the time source providing the initial time.

Abstract translation: 描述了基于可信计算方法建立可靠的本地时间的方法和装置。 概念是缩放，因为它们可以通过可靠的外部时间源可用于校正和/或重置的频率和准确度进行分级，并且在商业场景中该外部源是如何可信赖的。 这些技术还考虑到设备与受信任的外部时间源之间的不同路径和跳数的数量可能会有所不同。 由TPM保护的本地时钟相关值安全地绑定到外部时钟。 添加准确性声明（AS）的系统来引入时间参考，以提供其他可能比提供初始时间的时间源更便宜的源提供的审计数据。

公开(公告)号：US20160044440A1

公开(公告)日：2016-02-11

申请号：US14857966

申请日：2015-09-18

Applicant: InterDigital Patent Holdings, Inc.

Inventor： Inhyok Cha ,  Michael Meyerstein ,  Yogendra C. Shah ,  Andreas Schmidt

IPC: H04W4/00 ,  H04L9/08 ,  H04W12/10 ,  H04W12/08

CPC classification number: H04W4/70 ,  G06F21/57 ,  G06F21/575 ,  G06F2221/2101 ,  G06F2221/2105 ,  G06F2221/2151 ,  G06F2221/2153 ,  H04L9/08 ,  H04L9/3234 ,  H04L63/062 ,  H04L63/0823 ,  H04L63/12 ,  H04L63/20 ,  H04L67/10 ,  H04L67/125 ,  H04W4/00 ,  H04W4/50 ,  H04W8/06 ,  H04W12/0023 ,  H04W12/00518 ,  H04W12/06 ,  H04W12/08 ,  H04W12/10 ,  H04W24/00 ,  H04W84/22

Abstract: A method and apparatus for performing secure Machine-to-Machine (M2M) provisioning and communication is disclosed. In particular a temporary private identifier, or provisional connectivity identification (PCID), for uniquely identifying machine-to-machine equipment (M2ME) is also disclosed. Additionally, methods and apparatus for use in validating, authenticating and provisioning a M2ME is also disclosed. The validation procedures disclosed include an autonomous, semi-autonomous, and remote validation are disclosed. The provisioning procedures include methods for re-provisioning the M2ME. Procedures for updating software, and detecting tampering with the M2ME are also disclosed.

Abstract translation: 公开了一种用于执行安全的机器对机器（M2M）供应和通信的方法和装置。 特别地，还公开了用于唯一地识别机器对机器设备（M2ME）的临时专用标识符或临时连接性标识（PCID）。 此外，还公开了用于验证，认证和供应M2ME的方法和装置。 所公开的验证程序包括自主，半自主和远程验证。 配置过程包括重新配置M2ME的方法。 还公开了更新软件的程序和检测M2ME的篡改。

公开(公告)号：US09237448B2

公开(公告)日：2016-01-12

申请号：US13967484

申请日：2013-08-15

Applicant: INTERDIGITAL PATENT HOLDINGS, INC.

Inventor： Vinod K. Choyi ,  Yogendra C. Shah ,  Dolores F. Howry ,  Alpaslan Demir ,  Amith V. Chincholi ,  Sanjay Goyal ,  Yousif Targali

IPC: H04L29/06 ,  H04W12/04 ,  H04W12/08 ,  H04W12/06 ,  H04W88/06 ,  H04W84/12

CPC classification number: H04W12/06 ,  H04L63/061 ,  H04L63/08 ,  H04L63/18 ,  H04W12/04 ,  H04W12/08 ,  H04W84/12 ,  H04W88/06

Abstract: WTRUs, ARSs, APs, WLG/AAA proxies, networks, and methods thereon are disclosed for fast security setup on a multi-RAT WTRU. Methods of sharing security associations between RATs on a multi-RAT WTRU are disclosed. Methods of caching security associations are disclosed. Methods are disclosed for alerting an ANDSF server of an AP that should be considered for association. Enhancements to advertisements from an AP are disclosed where the advertisements may include SSID with a FQDN, a HESSID type information, or TAI type information. Methods of resolving AP identities to a reachable address are disclosed. An address resolution protocol is disclosed for resolving AP identities. ARSs are disclosed that may resolve a BSSID to a network routable address. Protocols for carrying AP identities and security parameters are disclosed. Methods are disclosed of using ANDSF to provide the WTRU with security information and parameters of an AP. An RSN may indicate security capabilities.

Abstract translation: WTRU，ARS，AP，WLG / AAA代理，网络和其上的方法被公开用于在多RAT WTRU上的快速安全设置。 公开了在多RAT WTRU上的RAT之间共享安全关联的方法。 披露了缓存安全关联的方法。 公开了用于警报应考虑进行关联的AP的ANDSF服务器的方法。 公开了对来自AP的广告的增强，其中广告可以包括具有FQDN的SSID，HESSID类型信息或TAI类型信息。 公开了将AP身份解析为可达地址的方法。 公开了解决AP身份的地址解析协议。 公开了可以将BSSID解析为网络可路由地址的ARS。 公开了携带AP身份和安全参数的协议。 公开了使用ANDSF向WTRU提供AP的安全信息和参数的方法。 RSN可以指示安全功能。

公开(公告)号：US09185560B2

公开(公告)日：2015-11-10

申请号：US14537226

申请日：2014-11-10

Applicant: InterDigital Patent Holdings, Inc.

Inventor： Andreas U. Schmidt ,  Michael V. Meyerstein ,  Andreas Leicher ,  Yogendra C. Shah ,  Louis J. Guccione ,  Inhyok Cha

IPC: H04L9/00 ,  H04W12/06 ,  H04L29/06 ,  H04W12/04 ,  H04L29/08 ,  H04W88/02

CPC classification number: H04W12/06 ,  H04L63/061 ,  H04L63/068 ,  H04L63/08 ,  H04L63/0815 ,  H04L63/0853 ,  H04L67/02 ,  H04L2463/061 ,  H04L2463/081 ,  H04W12/04 ,  H04W88/02

Abstract: A wireless device may perform a local authentication to reduce the traffic on a network. The local authentication may be performed using a local web server and/or a local OpenID provider (OP) associated with the wireless device. The local web server and/or local OP may be implemented on a security module, such as a smartcard or a trusted execution environment for example. The local OP and/or local web server may be used to implement a provisioning phase to derive a session key, associated with a service provider, from an authentication between the wireless device and the network. The session key may be reusable for subsequent local authentications to locally authenticate a user of the wireless device to the service provider.

Abstract translation: 无线设备可以执行本地认证以减少网络上的流量。 可以使用与无线设备相关联的本地Web服务器和/或本地OpenID提供商（OP）来执行本地认证。 本地Web服务器和/或本地OP可以在例如智能卡或可信执行环境的安全模块上实现。 可以使用本地OP和/或本地Web服务器来实现供应阶段，以从无线设备和网络之间的认证导出与服务提供商相关联的会话密钥。 会话密钥可以可重用于随后的本地认证，以向服务提供商本地认证无线设备的用户。

公开(公告)号：US20150065093A1

公开(公告)日：2015-03-05

申请号：US14537226

申请日：2014-11-10

Applicant: InterDigital Patent Holdings, Inc.

Inventor： Andreas U. Schmidt ,  Michael V. Meyerstein ,  Andreas Leicher ,  Yogendra C. Shah ,  Louis J. Guccione ,  Inhyok Cha

IPC: H04W12/06 ,  H04W12/04

CPC classification number: H04W12/06 ,  H04L63/061 ,  H04L63/068 ,  H04L63/08 ,  H04L63/0815 ,  H04L63/0853 ,  H04L67/02 ,  H04L2463/061 ,  H04L2463/081 ,  H04W12/04 ,  H04W88/02

Abstract: A wireless device may perform a local authentication to reduce the traffic on a network. The local authentication may be performed using a local web server and/or a local OpenID provider (OP) associated with the wireless device. The local web server and/or local OP may be implemented on a security module, such as a smartcard or a trusted execution environment for example. The local OP and/or local web server may be used to implement a provisioning phase to derive a session key, associated with a service provider, from an authentication between the wireless device and the network. The session key may be reusable for subsequent local authentications to locally authenticate a user of the wireless device to the service provider.

Abstract translation: 无线设备可以执行本地认证以减少网络上的流量。 可以使用与无线设备相关联的本地Web服务器和/或本地OpenID提供商（OP）来执行本地认证。 本地Web服务器和/或本地OP可以在例如智能卡或可信执行环境的安全模块上实现。 可以使用本地OP和/或本地Web服务器来实现供应阶段，以从无线设备和网络之间的认证导出与服务提供商相关联的会话密钥。 会话密钥可以可重用于随后的本地认证，以向服务提供商本地认证无线设备的用户。

公开(公告)号：US20150026471A1

公开(公告)日：2015-01-22

申请号：US14507205

申请日：2014-10-06

Applicant: InterDigital Patent Holdings, Inc.

Inventor： Inhyok Cha ,  Yogendra C. Shah ,  Lawrence Case

IPC: G06F21/57 ,  H04L9/08 ,  H04L29/06

CPC classification number: G06F21/57 ,  G06F21/86 ,  H04L9/0861 ,  H04L63/08 ,  H04W12/10 ,  H04W84/045

Abstract: Integrity validation of a network device may be performed. A network device comprising a secure hardware module, may receive a root key. The secure hardware module may also receive a first code measurement. The secure hardware module may provide a first key based on the root key and the first code measurement. The secure hardware module may receive a second code measurement and provide a second key based on the first key and the second code measurement. The release of keys based on code measurements may provide authentication in stages.

Abstract translation: 可以执行网络设备的完整性验证。 包括安全硬件模块的网络设备可以接收根密钥。 安全硬件模块还可以接收第一代码测量。 安全硬件模块可以基于根密钥和第一代码测量来提供第一密钥。 安全硬件模块可以接收第二代码测量，并且基于第一密钥和第二代码测量提供第二密钥。 基于代码测量的键的释放可以分阶段地进行认证。