-
公开(公告)号:US08914674B2
公开(公告)日:2014-12-16
申请号:US13289154
申请日:2011-11-04
申请人: Yogendra C. Shah , Lawrence Case , Dolores F. Howry , Inhyok Cha , Andreas Leicher , Andreas Schmidt
发明人: Yogendra C. Shah , Lawrence Case , Dolores F. Howry , Inhyok Cha , Andreas Leicher , Andreas Schmidt
CPC分类号: G06F11/0709 , G06F11/0751 , G06F11/079 , G06F11/0793 , G06F11/08 , G06F21/10 , G06F21/575 , G06F2221/2103 , G06F2221/2111 , H04L63/123 , H04M1/24 , H04W8/22 , H04W12/10 , H04W24/02
摘要: A wireless communications device may be configured to perform integrity checking and interrogation with a network entity to isolate a portion of a failed component on the wireless network device for remediation. Once an integrity failure is determined on a component of the device, the device may identify a functionality associated with the component and indicate the failed functionality to the network entity. Both the wireless network device and the network entity may identify the failed functionality and/or failed component using a component-to-functionality map. After receiving an indication of an integrity failure at the device, the network entity may determine that one or more additional iterations of integrity checking may be performed at the device to narrow the scope of the integrity failure on the failed component. Once the integrity failure is isolated, the network entity may remediate a portion of the failed component on the wireless communications device.
摘要翻译: 无线通信设备可以被配置为执行与网络实体的完整性检查和询问,以隔离无线网络设备上的故障组件的一部分以进行修复。 一旦在设备的组件上确定完整性故障,则设备可以识别与组件相关联的功能并且向网络实体指示失败的功能。 无线网络设备和网络实体都可以使用组件到功能映射来识别故障功能和/或故障组件。 在接收到设备上的完整性故障的指示之后,网络实体可以确定可以在设备处执行完整性检查的一个或多个附加迭代以缩小故障组件上的完整性故障的范围。 一旦完整性故障被隔离,则网络实体可以修复无线通信设备上的故障组件的一部分。
-
2.发明申请Method and Apparatus for Trusted Federated Identity Management and Data Access Authorization 有权用于可信联合身份管理和数据访问授权的方法和装置公开(公告)号:US20120023568A1
公开(公告)日:2012-01-26
申请号:US13011558
申请日:2011-01-21
申请人: Inhyok Cha , Andreas Schmidt , Andreas Leicher , Yogendra C. Shah
发明人: Inhyok Cha , Andreas Schmidt , Andreas Leicher , Yogendra C. Shah
IPC分类号: H04W12/06
CPC分类号: H04W12/06 , G06F21/335 , G06F21/57 , G06F2221/2115 , H04L63/0807 , H04L2463/121
摘要: Systems, methods, and instrumentalities are disclosed that may provide for integration of trusted OpenID (TOpenID) with OpenID. The authentication may be accomplished, in part, via communications between a trusted ticket server on a UE and a network application function. The UE may retrieve platform validation data (e.g., from a trusted platform module on the UE). The UE may receive a platform verification in response to the platform validation data. The platform verification may indicate that the network application function has verified the platform validation data and the user. The platform verification may indicate that the platform validation data matches a previously generated reference value.
摘要翻译: 公开了可以提供可信OpenID(TOpenID)与OpenID的集成的系统,方法和工具。 认证可以部分地通过UE上的信任票据服务器和网络应用功能之间的通信来实现。 UE可以检索平台验证数据(例如,从UE上的可信平台模块)。 UE可以响应于平台验证数据而接收平台验证。 平台验证可以指示网络应用功能已经验证了平台验证数据和用户。 平台验证可以指示平台验证数据与先前生成的参考值相匹配。
-
公开(公告)号:US09762583B2
公开(公告)日:2017-09-12
申请号:US12910596
申请日:2010-10-22
申请人: Louis J. Guccione , Inhyok Cha , Andreas Schmidt , Andreas Leicher , David G. Greiner , Dolores F. Howry
发明人: Louis J. Guccione , Inhyok Cha , Andreas Schmidt , Andreas Leicher , David G. Greiner , Dolores F. Howry
IPC分类号: G06F7/04 , G06F15/16 , G06F17/30 , H04L29/06 , G06F21/33 , G06F21/36 , H04L12/58 , H04W12/06
CPC分类号: H04L63/101 , G06F21/33 , G06F21/36 , H04L51/12 , H04L63/0227 , H04L63/08 , H04L63/0869 , H04L63/145 , H04L65/1016 , H04W12/06
摘要: Methods and apparatus are disclosed to provide protection against Unsolicited Communication (UC) in a network, such as, without limitation, an Internet Protocol (IP) Multimedia Subsystem (IMS). A communication may originate from a sending device and may be intended for delivery to a receiving device. A network may determine authentication information associated with the sending device. The network may send the authentication information to a receiving entity to evaluate if the communication is unsolicited using the authentication information. If the communication is determined to be acceptable, a connection associated with the communication may be allowed.
-
4.发明授权Migration of credentials and/or domains between trusted hardware subscription modules 有权可信硬件订阅模块之间的凭证和/或域的迁移公开(公告)号:US09032473B2
公开(公告)日:2015-05-12
申请号:US13581752
申请日:2011-03-02
CPC分类号: H04L63/20 , H04L63/102 , H04W8/205 , H04W12/08
摘要: Systems, methods, and instrumentalities are disclosed that allow a user to initiate migration of a credential from one domain to another domain. A request to initiate a migration of credentials from a first domain to a second domain may be initiated by a user (1a.). A remote owner may receive a message indicating that the migration has been requested. The message received by the remote owner may be an indication that the source and destination devices have performed internal checks and determined that a migration could proceed. The remote owner may evaluate source information received from the source device and destination information received from the destination device (6), (6a.), (6b.). Based on the evaluation of the source information and the destination information, the remote owner may determine that the migration is acceptable. The remote owner may send an indication to proceed with the migration (7), (7a).
摘要翻译: 公开了允许用户启动将证书从一个域迁移到另一个域的系统,方法和工具。 可以由用户(1a。)发起将凭证从第一域迁移到第二域的请求。 远程所有者可能会收到指示已请求迁移的消息。 远程所有者收到的消息可能表示源设备和目标设备已执行内部检查,并确定迁移可以进行。 远程所有者可以评估从源设备接收的源信息和从目的地设备(6),(6a。),(6b。)接收的目的地信息。 基于源信息和目的地信息的评估,远程所有者可以确定迁移是可接受的。 远程所有者可以发送进行迁移的指示(7),(7a)。
-
5.发明申请公开(公告)号:US20140129815A9
公开(公告)日:2014-05-08
申请号:US12760690
申请日:2010-04-15
申请人: Yogendra C. Shah , Inhyok Cha , Andreas Schmidt , Andreas Leicher , Joseph Gredone , Samian J. Kaur
发明人: Yogendra C. Shah , Inhyok Cha , Andreas Schmidt , Andreas Leicher , Joseph Gredone , Samian J. Kaur
CPC分类号: H04W12/10 , H04L63/123
摘要: A device may include a trusted component. The trusted component may be verified by a trusted third party and may have a certificate of verification stored therein based on the verification by the trusted third party. The trusted component may include a root of trust that may provide secure code and data storage and secure application execution. The root of trust may also be configured to verify an integrity of the trusted component via a secure boot and to prevent access to the certain information in the device if the integrity of the trusted component may not be verified.
摘要翻译: 设备可以包括可信组件。 受信任的组件可以由受信任的第三方验证,并且可以基于可信赖的第三方的验证来存储其中的验证证书。 受信任的组件可以包括可以提供安全代码和数据存储以及安全应用执行的信任根。 还可以配置信任根以通过安全引导来验证可信组件的完整性,并且如果可信组件的完整性可能未被验证,则阻止访问设备中的某些信息。
-
公开(公告)号:US20110265153A1
公开(公告)日:2011-10-27
申请号:US12910596
申请日:2010-10-22
申请人: Louis J. Guccione , Inhyok Cha , Andreas Schmidt , Andreas Leicher , David G. Greiner , Dolores F. Howry
发明人: Louis J. Guccione , Inhyok Cha , Andreas Schmidt , Andreas Leicher , David G. Greiner , Dolores F. Howry
CPC分类号: H04L63/101 , G06F21/33 , G06F21/36 , H04L51/12 , H04L63/0227 , H04L63/08 , H04L63/0869 , H04L63/145 , H04L65/1016 , H04W12/06
摘要: Methods and apparatus are disclosed to provide protection against Unsolicited Communication (UC) in a network, such as, without limitation, an Internet Protocol (IP) Multimedia Subsystem (IMS). A communication may originate from a sending device and may be intended for delivery to a receiving device. A network may determine authentication information associated with the sending device. The network may send the authentication information to a receiving entity to evaluate if the communication is unsolicited using the authentication information. If the communication is determined to be acceptable, a connection associated with the communication may be allowed.
摘要翻译: 披露了一种方法和装置,用于提供对网络中的非请求通信(UC)的保护,例如但不限于互联网协议(IP)多媒体子系统(IMS)。 通信可以来自发送设备,并且可以用于传送到接收设备。 网络可以确定与发送设备相关联的认证信息。 网络可以将认证信息发送到接收实体,以使用认证信息评估该通信是否是主动的。 如果通信被确定为可接受的,则可以允许与该通信相关联的连接。
-
7.发明授权Smart card with domain-trust evaluation and domain policy management functions 有权具有域信任评估和域策略管理功能的智能卡公开(公告)号:US09363676B2
公开(公告)日:2016-06-07
申请号:US13991530
申请日:2011-12-06
申请人: Louis J. Guccione , Michael V. Meyerstein , Inhyok Cha , Andreas Schmidt , Andreas Leicher , Yogendra C. Shah
发明人: Louis J. Guccione , Michael V. Meyerstein , Inhyok Cha , Andreas Schmidt , Andreas Leicher , Yogendra C. Shah
CPC分类号: G06F21/604 , G06F21/10 , G06F21/6218 , H04L63/00 , H04L63/205 , H04W12/08 , H04W12/10 , H04W12/12
摘要: One or more wireless communications device may include one or more domains that may be owned or controlled by one or more different owners. One of the domains may include a security domain having ultimate control over the enforcement of security policies on the one or more wireless communications devices. Another one of the domains may include a system-wide domain manager that is subsidiary to the security domain and may enforce the policies of one or more subsidiary domains. The system-wide domain manager may enforce its policies based on a privilege level received from the security domain. The privilege level may be based on the level of trust between an external stakeholder, such as an owner of a domain that is subsidiary to the system-wide domain manager, and the security domain.
摘要翻译: 一个或多个无线通信设备可以包括可由一个或多个不同所有者拥有或控制的一个或多个域。 一个域可以包括对一个或多个无线通信设备上的安全策略的执行的最终控制的安全域。 另一个域可以包括系统范围的域管理器,其是安全域的子公司,并且可以执行一个或多个子域的策略。 系统范围的域管理器可以基于从安全域接收到的特权级别强制执行其策略。 权限级别可以基于外部利益相关者(例如,系统范围域名管理员的子域的所有者)与安全域之间的信任级别。
-
公开(公告)号:US09237142B2
公开(公告)日:2016-01-12
申请号:US13978219
申请日:2012-01-06
申请人: Inhyok Cha , Andreas Schmidt , Andreas Leicher
发明人: Inhyok Cha , Andreas Schmidt , Andreas Leicher
IPC分类号: H04L29/06
CPC分类号: H04L61/302 , H04L61/1511 , H04L63/08 , H04L63/0815 , H04L63/0853 , H04L63/10 , H04L63/102
摘要: A user of a mobile communications device may access services in a target domain using a source domain identity that is used to access services in a source domain. To enable such a use of the source domain identity in the target domain, the source domain identity may first be enrolled in the target domain. The enrollment may be facilitated by an enrollment entity at the target domain, such as a gateway or an OpenID server for example. The enrollment entity may establish a secure channel with the user's device for enabling enrollment of the source domain identity. Once enrolled, the source domain identity may be used for authentication of the user in the target domain. Enrollment of the source domain identity and/or authentication of the user based on the enrolled source domain identity may be implemented using a local OpenID provider (OP) residing on the user's device.
摘要翻译: 移动通信设备的用户可以使用用于访问源域中的服务的源域标识来访问目标域中的服务。 为了使目标域中的源域标识能够使用,可以首先将源域标识注册到目标域中。 可以通过目标域的注册实体(例如网关或OpenID服务器)来促进注册。 注册实体可以与用户设备建立安全通道,以使得能够注册源域标识。 一旦注册,源域标识可以用于目标域中的用户的认证。 可以使用驻留在用户设备上的本地OpenID提供商(OP)来实现基于注册的源域标识的用户域的源域标识和/或认证的注册。
-
9.发明授权Method and apparatus for trusted federated identity management and data access authorization 有权用于可信联合身份管理和数据访问授权的方法和装置公开(公告)号:US08881257B2
公开(公告)日:2014-11-04
申请号:US13011558
申请日:2011-01-21
申请人: Inhyok Cha , Andreas Schmidt , Andreas Leicher , Yogendra C. Shah
发明人: Inhyok Cha , Andreas Schmidt , Andreas Leicher , Yogendra C. Shah
IPC分类号: H04W12/06
CPC分类号: H04W12/06 , G06F21/335 , G06F21/57 , G06F2221/2115 , H04L63/0807 , H04L2463/121
摘要: Systems, methods, and instrumentalities are disclosed that may provide for integration of trusted OpenID (TOpenID) with OpenID. The authentication may be accomplished, in part, via communications between a trusted ticket server on a UE and a network application function. The UE may retrieve platform validation data (e.g., from a trusted platform module on the UE). The UE may receive a platform verification in response to the platform validation data. The platform verification may indicate that the network application function has verified the platform validation data and the user. The platform verification may indicate that the platform validation data matches a previously generated reference value.
摘要翻译: 公开了可以提供可信OpenID(TOpenID)与OpenID的集成的系统,方法和工具。 认证可以部分地通过UE上的信任票据服务器和网络应用功能之间的通信来实现。 UE可以检索平台验证数据(例如,从UE上的可信平台模块)。 UE可以响应于平台验证数据而接收平台验证。 平台验证可以指示网络应用功能已经验证了平台验证数据和用户。 平台验证可以指示平台验证数据与先前生成的参考值相匹配。
-
公开(公告)号:US08533803B2
公开(公告)日:2013-09-10
申请号:US13023985
申请日:2011-02-09
申请人: Inhyok Cha , Andreas Schmidt , Andreas Leicher , Yogendra C. Shah , Louis J. Guccione , Dolores F. Howry
发明人: Inhyok Cha , Andreas Schmidt , Andreas Leicher , Yogendra C. Shah , Louis J. Guccione , Dolores F. Howry
CPC分类号: H04L63/0815 , G06F21/34 , G06F21/35 , G06F2221/2115 , H04L63/0853 , H04W12/06
摘要: A trusted computing environment, such as a smartcard, UICC, Java card, global platform, or the like may be used as a local host trust center and a proxy for a single-sign on (SSO) provider. This may be referred to as a local SSO provider (OP). This may be done, for example, to keep authentication traffic local and to prevent over the air communications, which may burden an operator network. To establish the OP proxy in the trusted environment, the trusted environment may bind to the SSO provider in a number of ways. For example, the SSO provider may interoperate with UICC-based UE authentication or GBA. In this way, user equipment may leverage the trusted environment in order to provide increased security and reduce over the air communications and authentication burden on the OP or operator network.
摘要翻译: 可以使用诸如智能卡,UICC,Java卡,全球平台等的可信计算环境作为本地主机信任中心和用于单点登录(SSO)提供商的代理。 这可以被称为本地SSO提供商(OP)。 这可以被实现,例如,保持认证流量本地并且防止空中通信,这可能会对运营商网络造成负担。 要在受信任的环境中建立OP代理,可信环境可以通过多种方式绑定到SSO提供者。 例如,SSO提供商可以与基于UICC的UE认证或GBA进行互操作。 以这种方式,用户设备可以利用可信环境来提供增加的安全性并减少OP或运营商网络上的空中通信和认证负担。
-
-
-
-
-
-
-
-
-
搜索结果
35 条记录 (耗时 0.027 秒)