公开(公告)号：US20170324733A1

公开(公告)日：2017-11-09

申请号：US15528288

申请日：2015-11-20

Applicant: INTERDIGITAL PATENT HOLDINGS, INC.

Inventor： Dolores F. HOWRY ,  Vinod Kumar CHOYI ,  Alec BRUSILOVSKY ,  Yogendra C. SHAH

IPC: H04L29/06 ,  H04W12/06 ,  H04W76/02 ,  H04W88/02

CPC classification number: H04L63/0823 ,  G06F21/577 ,  H04L63/102 ,  H04L63/105 ,  H04L63/1433 ,  H04L63/20 ,  H04W12/003 ,  H04W12/06 ,  H04W12/08 ,  H04W76/00 ,  H04W76/14 ,  H04W88/02

Abstract: Current approaches to using security postures lack functionalities. Security postures can be used to enable various nodes to make informed decisions. In accordance with one embodiment, a system comprises a first node and a second node. The first node receives a security posture associated with the second node. The security posture provides a verifiable point-in-time trust metric on an overall level of trust in the second node. The first node compares the security posture associated with the second node to an expected security posture level associated with the first node. If the security posture associated with the second node is adequate as compared to the expected security posture level, a connection is established between the first node and the second node.

公开(公告)号：US20180242129A1

公开(公告)日：2018-08-23

申请号：US15955186

申请日：2018-04-17

Applicant: InterDigital Patent Holdings, Inc.

Inventor： Yogendra C. SHAH ,  Inhyok CHA ,  Michael V. MEYERSTEIN ,  Andreas SCHMIDT

IPC: H04W4/70 ,  H04L29/06 ,  H04L9/32 ,  H04L9/08 ,  H04W4/50 ,  H04W12/06 ,  H04W12/10 ,  H04W12/08 ,  H04W84/22

CPC classification number: H04W4/70 ,  G06F21/57 ,  G06F21/575 ,  G06F2221/2101 ,  G06F2221/2105 ,  G06F2221/2151 ,  G06F2221/2153 ,  H04L9/08 ,  H04L9/3234 ,  H04L63/062 ,  H04L63/0823 ,  H04L63/12 ,  H04L63/20 ,  H04L67/10 ,  H04L67/125 ,  H04W4/00 ,  H04W4/50 ,  H04W8/06 ,  H04W12/0023 ,  H04W12/00518 ,  H04W12/06 ,  H04W12/08 ,  H04W12/10 ,  H04W24/00 ,  H04W84/22

Abstract: A method and apparatus for performing secure Machine-to-Machine (M2M) provisioning and communication is disclosed. In particular a temporary private identifier, or provisional connectivity identification (PCID), for uniquely identifying machine-to-machine equipment (M2ME) is also disclosed. Additionally, methods and apparatus for use in validating, authenticating and provisioning a M2ME is also disclosed. The validation procedures disclosed include an autonomous, semi-autonomous, and remote validation are disclosed. The provisioning procedures include methods for re-provisioning the M2ME. Procedures for updating software, and detecting tampering with the M2ME are also disclosed.

公开(公告)号：US20160087957A1

公开(公告)日：2016-03-24

申请号：US14786688

申请日：2014-04-25

Applicant: INTERDIGITAL PATENT HOLDINGS, INC.

Inventor： Yogendra C. SHAH ,  Andreas SCHMIDT ,  Vinod K. CHOYI ,  Lakshmi SUBRAMANIAN ,  Andreas LEICHER

IPC: H04L29/06 ,  H04W12/06

CPC classification number: H04L63/08 ,  H04L63/083 ,  H04L63/0861 ,  H04L63/20 ,  H04L63/205 ,  H04L2463/082 ,  H04L2463/121 ,  H04W12/00505 ,  H04W12/06

Abstract: As users gain access to different services, the grade of the services may vary, for example, from low value services to high value services. A low value may indicate that a low strength of authentication is required, while a high value may indicate that a high strength of authentication is required to access the service. There is disclosed a method for authenticating a device comprising the determination (204) of an authentication requirement to access a first service that is provided by a service provider, SP, the discovery (208) of one or more authentication factors, associated with the device or the user, that are available for the authentication, the determination (210) whether at least one of the discovered authentication factors are sufficient to achieve the authentication requirement and, if so, the performance (212-228) of corresponding authentication procedures.

Abstract translation: 当用户获得不同的服务时，服务等级可能会有所不同，例如从低价值服务到高价值服务。 低值可能表示需要低强度的身份验证，而较高的值可能表明需要高强度的身份验证来访问服务。 公开了一种用于认证设备的方法，该方法包括：确定（204）认证要求以访问由服务提供商SP提供的第一服务，与所述设备相关联的一个或多个认证因素的发现（208） 或用户可用于认证，确定（210）所发现的认证因素中的至少一个是否足以实现认证要求，如果是，则确定相应认证过程的性能（212-228）。

公开(公告)号：US20150319156A1

公开(公告)日：2015-11-05

申请号：US14651455

申请日：2013-12-12

Applicant: INTERDIGITAL PATENT HOLDINGS INC.

Inventor： Louis J. GUCCIONE ,  Vinod K. CHOYI ,  Yogendra C. SHAH ,  Andreas SCHMIDT ,  Alec BRUSILOVSKY ,  Yousif TARGALI

IPC: H04L29/06

CPC classification number: H04L63/083 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/0861 ,  H04L63/105 ,  H04L63/205 ,  H04W12/06

Abstract: Systems, methods and apparatus embodiments are described herein for authenticating a user and/or a user equipment (UE). For example, a user and/or UE may request access to a service controlled by a service provider (SP). The user may be authenticated by an identity provider (IdP), producing a result. A user assertion may be provided to the SP, and the user assertion may comprise the user authentication result. The UE may be authenticated with another IdP, producing an associated result. A device assertion may be provided to the SP and may comprise the device authentication result. A master IdP may bind the assertions together and a consolidated assertion may be provided to the SP so that the user/UE can receive access to a service that is provided by the SP.

Abstract translation: 本文描述了用于认证用户和/或用户设备（UE）的系统，方法和设备实施例。 例如，用户和/或UE可以请求对由服务提供商（SP）控制的服务的访问。 用户可以由身份提供商（IdP）认证，产生结果。 可以向SP提供用户断言，并且用户断言可以包括用户认证结果。 UE可以用另一个IdP认证，产生相关联的结果。 可以向SP提供设备断言，并且可以包括设备认证结果。 主IdP可以将断言绑定在一起，并且可以向SP提供合并的断言，使得用户/ UE可以接收对由SP提供的服务的访问。

公开(公告)号：US20170364685A1

公开(公告)日：2017-12-21

申请号：US15528257

申请日：2015-11-20

Applicant: INTERDIGITAL PATENT HOLDINGS. INC.

Inventor： Yogendra C. SHAH ,  Andreas SCHMIDT ,  John W. MARLAND

IPC: G06F21/57 ,  G06F21/53 ,  G06F9/455

CPC classification number: G06F21/575 ,  G06F9/45554 ,  G06F9/45558 ,  G06F21/53 ,  G06F2009/45562 ,  G06F2009/45587

Abstract: Described herein are methods, device, and systems that provide security to various computing systems, such as, smartphones, tablets, personal computers, computing servers, or the like. Security is provided to computing systems at various stages of their operational cycles. For example, a secure boot of a base computing platform (BCP) may be performed, and security processor (SecP) may be instantiated on the BCP. Using the SecP, an integrity of the OS of the BCP may be verified, and an integrity of a hypervisor may be verified. A virtual machine (VM) may be created on the BCP. The VM is provided with virtual access to the SecP on the BCP. Using the virtual access to the TAM, an integrity of the guest OS of the VM is verified and an integrity of applications running on the guest OS are verified.

公开(公告)号：US20190018979A1

公开(公告)日：2019-01-17

申请号：US16067367

申请日：2016-12-29

Applicant: InterDigital Patent Holdings, Inc.

Inventor： Alec BRUSILOVSKY ,  Yogendra C. SHAH

IPC: G06F21/62 ,  H04L29/06 ,  G06Q40/02 ,  H04W12/02 ,  H04W12/08

Abstract: In this disclosure, various issues related to data (information) privacy are addressed. For example, in an example embodiment, privacy and confidentiality of data is maintained while being consumed by a third party entity. As described herein, an entity may be able to perform secure and trustworthy operations, such as various computations and algorithmic functions for example, on private data without having direct access to the data, thereby protecting the data.

公开(公告)号：US20180013782A1

公开(公告)日：2018-01-11

申请号：US15539179

申请日：2015-12-23

Applicant: INTERDIGITAL PATENT HOLDINGS, INC.

Inventor： Vinod Kumar CHOYI ,  Yogendra C. SHAH ,  Alec BRUSILOVSKY ,  Li-Hsiang SUN ,  Nobuyuki TAMAKI ,  Rafael A. CEPEDA

IPC: H04L29/06

CPC classification number: H04L63/1433 ,  H04L63/083 ,  H04L63/0892 ,  H04L63/105 ,  H04L63/108 ,  H04L2463/082

Abstract: An authentication assurance level associated with an entity, for instance a user equipment, may be computed periodically or in response to an event. The authentication assurance level is compared to an authentication threshold. Based on the comparison, it is determined whether a fresh performance of at least one authentication factor needs to be performed. Thus, appropriate authentication factors and functions may be invoked on a periodic basis to maintain a certain authentication assurance level, which is referred to herein as the assurance threshold. The authentication assurance level may change, for instance decay, over time and may be refreshed periodically.

公开(公告)号：US20160065362A1

公开(公告)日：2016-03-03

申请号：US14781723

申请日：2014-04-04

Applicant: INTERDIGITAL PATENT HOLDINGS, INC.

Inventor： Vinod K. CHOYI ,  Samian KAUR ,  Alec BRUSILOVSKY ,  Yogendra C. SHAH

IPC: H04L9/08 ,  H04L29/06 ,  H04W12/04

CPC classification number: H04L9/083 ,  H04L9/0847 ,  H04L63/062 ,  H04L63/065 ,  H04L2209/80 ,  H04L2463/061 ,  H04L2463/062 ,  H04W12/04 ,  H04W12/04031 ,  H04W76/14

Abstract: Systems, methods and apparatus embodiments are described herein for leveraging security associations to enhance security of proximity services. Existing security associations are leveraged to create security associations that are used by proximity services. For example, existing keys may be leveraged to derive new keys that may be used to secure peer-to-peer communications.

Abstract translation: 本文描述了系统，方法和装置实施例，用于利用安全关联来增强邻近服务的安全性。 利用现有的安全关联来创建由邻近服务使用的安全关联。 例如，可以利用现有密钥来导出可用于保护对等通信的新密钥。