-
公开(公告)号:US08914674B2
公开(公告)日:2014-12-16
申请号:US13289154
申请日:2011-11-04
申请人: Yogendra C. Shah , Lawrence Case , Dolores F. Howry , Inhyok Cha , Andreas Leicher , Andreas Schmidt
发明人: Yogendra C. Shah , Lawrence Case , Dolores F. Howry , Inhyok Cha , Andreas Leicher , Andreas Schmidt
CPC分类号: G06F11/0709 , G06F11/0751 , G06F11/079 , G06F11/0793 , G06F11/08 , G06F21/10 , G06F21/575 , G06F2221/2103 , G06F2221/2111 , H04L63/123 , H04M1/24 , H04W8/22 , H04W12/10 , H04W24/02
摘要: A wireless communications device may be configured to perform integrity checking and interrogation with a network entity to isolate a portion of a failed component on the wireless network device for remediation. Once an integrity failure is determined on a component of the device, the device may identify a functionality associated with the component and indicate the failed functionality to the network entity. Both the wireless network device and the network entity may identify the failed functionality and/or failed component using a component-to-functionality map. After receiving an indication of an integrity failure at the device, the network entity may determine that one or more additional iterations of integrity checking may be performed at the device to narrow the scope of the integrity failure on the failed component. Once the integrity failure is isolated, the network entity may remediate a portion of the failed component on the wireless communications device.
摘要翻译: 无线通信设备可以被配置为执行与网络实体的完整性检查和询问,以隔离无线网络设备上的故障组件的一部分以进行修复。 一旦在设备的组件上确定完整性故障,则设备可以识别与组件相关联的功能并且向网络实体指示失败的功能。 无线网络设备和网络实体都可以使用组件到功能映射来识别故障功能和/或故障组件。 在接收到设备上的完整性故障的指示之后,网络实体可以确定可以在设备处执行完整性检查的一个或多个附加迭代以缩小故障组件上的完整性故障的范围。 一旦完整性故障被隔离,则网络实体可以修复无线通信设备上的故障组件的一部分。
-
公开(公告)号:US20120047551A1
公开(公告)日:2012-02-23
申请号:US12979874
申请日:2010-12-28
申请人: Sudhir B. Pattar , Inhyok Cha , Andreas Schmidt , Andreas Leicher , Yogendra C. Shah , Prabhakar R. Chitrapu , Lawrence Case
发明人: Sudhir B. Pattar , Inhyok Cha , Andreas Schmidt , Andreas Leicher , Yogendra C. Shah , Prabhakar R. Chitrapu , Lawrence Case
摘要: Systems, methods, and instrumentalities are disclosed that provide for a gateway outside of a network domain to provide services to a plurality of devices. For example, the gateway may act as a management entity or as a proxy for the network domain. As a management entity, the gateway may perform a security function relating to each of the plurality of devices. The gateway may perform the security function without the network domain participating or having knowledge of the particular devices. As a proxy for the network, the gateway may receive a command from the network domain to perform a security function relating to each of a plurality of devices. The network may know the identity of each of the plurality of devices. The gateway may perform the security function for each of the plurality of devices and aggregate related information before sending the information to the network domain.
摘要翻译: 公开了提供网络外部的网关以向多个设备提供服务的系统,方法和工具。 例如,网关可以充当管理实体或作为网络域的代理。 作为管理实体,网关可以执行与多个设备中的每一个相关的安全功能。 网关可以在没有参与网络域或具有特定设备的知识的情况下执行安全功能。 作为网络的代理,网关可以从网络域接收命令以执行与多个设备中的每一个相关的安全功能。 网络可以知道多个设备中的每一个的身份。 网关可以在向网络域发送信息之前对多个设备中的每一个执行安全功能并聚合相关信息。
-
公开(公告)号:US20110302638A1
公开(公告)日:2011-12-08
申请号:US13084840
申请日:2011-04-12
申请人: Inhyok Cha , Yogendra C. Shah , Lawrence Case
发明人: Inhyok Cha , Yogendra C. Shah , Lawrence Case
IPC分类号: G06F21/20
CPC分类号: G06F21/57 , G06F21/86 , H04L9/0861 , H04L63/08 , H04W12/10 , H04W84/045
摘要: Integrity validation of a network device may be performed. A network device comprising a secure hardware module, may receive a root key. The secure hardware module may also receive a first code measurement. The secure hardware module may provide a first key based on the root key and the first code measurement. The secure hardware module may receive a second code measurement and provide a second key based on the first key and the second code measurement. The release of keys based on code measurements may provide authentication in stages.
摘要翻译: 可以执行网络设备的完整性验证。 包括安全硬件模块的网络设备可以接收根密钥。 安全硬件模块还可以接收第一代码测量。 安全硬件模块可以基于根密钥和第一代码测量来提供第一密钥。 安全硬件模块可以接收第二代码测量,并且基于第一密钥和第二代码测量提供第二密钥。 基于代码测量的键的释放可以分阶段地进行认证。
-
公开(公告)号:US20110010543A1
公开(公告)日:2011-01-13
申请号:US12718480
申请日:2010-03-05
申请人: Andreas U. Schmidt , Andreas Leicher , Inhyok Cha , Yogendra C. Shah , Sudhir B. Pattar , Dolores F. Howry , David G. Greiner , Lawrence Case , Michael V. Meyerstein , Louis J. Guccione
发明人: Andreas U. Schmidt , Andreas Leicher , Inhyok Cha , Yogendra C. Shah , Sudhir B. Pattar , Dolores F. Howry , David G. Greiner , Lawrence Case , Michael V. Meyerstein , Louis J. Guccione
IPC分类号: H04L9/32
CPC分类号: H04W12/10 , G06F21/44 , G06F21/57 , H04L63/123 , H04W12/0023 , H04W12/00502 , H04W12/00512 , H04W12/06 , H04W12/08
摘要: Methods, components and apparatus for implementing platform validation and management (PVM) are disclosed. PVM provides the functionality and operations of a platform validation entity with remote management of devices by device management components and systems such as a home node-B management system or component. Example PVM operations bring devices into a secure target state before allowing connectivity and access to a core network.
摘要翻译: 公开了实现平台验证和管理(PVM)的方法,组件和设备。 PVM通过设备管理组件和系统(如家庭节点B管理系统或组件)提供对设备进行远程管理的平台验证实体的功能和操作。 示例PVM操作在允许连接和访问核心网络之前将设备置于安全目标状态。
-
公开(公告)号:US09497626B2
公开(公告)日:2016-11-15
申请号:US13296855
申请日:2011-11-15
申请人: Lawrence Case , Yogendra C. Shah , Inhyok Cha
发明人: Lawrence Case , Yogendra C. Shah , Inhyok Cha
CPC分类号: H04L63/0823 , H04L9/3263 , H04L63/061 , H04L63/0853 , H04L63/0869 , H04L63/0884 , H04W4/70 , H04W8/183 , H04W12/06
摘要: A constrained network entity may determine, via an authentication procedure with a core network entity, the trustworthiness of an endpoint attempting to establish a secure channel with the constrained network entity. The constrained network entity may receive a certificate from the endpoint attempting to establish the secure channel and the constrained network entity may send the certificate asserted by the endpoint to a core network entity for validation. The core network entity may receive the certificate during a key exchange with the constrained network entity and the core network entity may indicate to the constrained network entity the validity of the certificate. The constrained network entity may determine whether to establish the secure channel with the endpoint based on the validity of the certificate.
摘要翻译: 受限网络实体可以通过与核心网络实体的认证过程来确定试图与受限网络实体建立安全信道的端点的可信赖性。 受约束的网络实体可以从尝试建立安全信道的端点接收证书,并且受约束的网络实体可以将由端点确定的证书发送到核心网络实体进行验证。 核心网络实体可以在与受限网络实体的密钥交换期间接收证书,并且核心网络实体可以向受约束的网络实体指示证书的有效性。 受限网络实体可以基于证书的有效性来确定是否与端点建立安全信道。
-
公开(公告)号:US08856941B2
公开(公告)日:2014-10-07
申请号:US13084840
申请日:2011-04-12
申请人: Inhyok Cha , Yogendra C. Shah , Lawrence Case
发明人: Inhyok Cha , Yogendra C. Shah , Lawrence Case
CPC分类号: G06F21/57 , G06F21/86 , H04L9/0861 , H04L63/08 , H04W12/10 , H04W84/045
摘要: Integrity validation of a network device may be performed. A network device comprising a secure hardware module, may receive a root key. The secure hardware module may also receive a first code measurement. The secure hardware module may provide a first key based on the root key and the first code measurement. The secure hardware module may receive a second code measurement and provide a second key based on the first key and the second code measurement. The release of keys based on code measurements may provide authentication in stages.
摘要翻译: 可以执行网络设备的完整性验证。 包括安全硬件模块的网络设备可以接收根密钥。 安全硬件模块还可以接收第一代码测量。 安全硬件模块可以基于根密钥和第一代码测量来提供第一密钥。 安全硬件模块可以接收第二代码测量,并且基于第一密钥和第二代码测量提供第二密钥。 基于代码测量的键的释放可以分阶段地进行认证。
-
公开(公告)号:US20120297473A1
公开(公告)日:2012-11-22
申请号:US13296855
申请日:2011-11-15
申请人: Lawrence Case , Yogendra C. Shah , Inhyok Cha
发明人: Lawrence Case , Yogendra C. Shah , Inhyok Cha
IPC分类号: G06F21/20
CPC分类号: H04L63/0823 , H04L9/3263 , H04L63/061 , H04L63/0853 , H04L63/0869 , H04L63/0884 , H04W4/70 , H04W8/183 , H04W12/06
摘要: A constrained network entity may determine, via an authentication procedure with a core network entity, the trustworthiness of an endpoint attempting to establish a secure channel with the constrained network entity. The constrained network entity may receive a certificate from the endpoint attempting to establish the secure channel and the constrained network entity may send the certificate asserted by the endpoint to a core network entity for validation. The core network entity may receive the certificate during a key exchange with the constrained network entity and the core network entity may indicate to the constrained network entity the validity of the certificate. The constrained network entity may determine whether to establish the secure channel with the endpoint based on the validity of the certificate.
摘要翻译: 受限网络实体可以通过与核心网络实体的认证过程来确定试图与受限网络实体建立安全信道的端点的可信赖性。 受约束的网络实体可以从尝试建立安全信道的端点接收证书,并且受约束的网络实体可以将由端点确定的证书发送到核心网络实体进行验证。 核心网络实体可以在与受限网络实体的密钥交换期间接收证书,并且核心网络实体可以向受约束的网络实体指示证书的有效性。 受限网络实体可以基于证书的有效性来确定是否与端点建立安全信道。
-
8.发明授权公开(公告)号:US09009801B2
公开(公告)日:2015-04-14
申请号:US13341670
申请日:2011-12-30
申请人: Yogendra C. Shah , Inhyok Cha , Andreas Schmidt , Louis J. Guccione , Lawrence Case , Andreas Leicher , Yousif Targali
发明人: Yogendra C. Shah , Inhyok Cha , Andreas Schmidt , Louis J. Guccione , Lawrence Case , Andreas Leicher , Yousif Targali
CPC分类号: H04L63/08 , H04L63/0209 , H04L63/0815 , H04L63/0892 , H04L63/10 , H04L63/18 , H04W12/04 , H04W12/06 , H04W12/08 , H04W36/0038
摘要: Persistent communication layer credentials generated on a persistent communication layer at one network may be leveraged to perform authentication on another. For example, the persistent communication layer credentials may include application-layer credentials derived on an application layer. The application-layer credentials may be used to establish authentication credentials for authenticating a mobile device for access to services at a network server. The authentication credentials may be derived from the application-layer credentials of another network to enable a seamless handoff from one network to another. The authentication credentials may be derived from the application-layer credentials using reverse bootstrapping or other key derivation functions. The mobile device and/or network entity to which the mobile device is being authenticated may enable communication of authentication information between the communication layers to enable authentication of a device using multiple communication layers.
摘要翻译: 可以利用在一个网络上的持久通信层上生成的持久通信层凭证来执行对另一个网络的认证。 例如,持久通信层凭证可以包括在应用层上导出的应用层凭证。 应用层凭证可以用于建立认证凭证,用于认证移动设备以访问网络服务器处的服务。 认证证书可以从另一网络的应用层凭证导出,以实现从一个网络到另一个网络的无缝切换。 认证证书可以使用反向引导或其他密钥导出功能从应用层凭证中导出。 移动设备和/或网络实体对移动设备进行身份验证可以实现通信层之间的认证信息的通信,从而能够使用多个通信层对设备进行认证。
-
公开(公告)号:US20120290870A1
公开(公告)日:2012-11-15
申请号:US13289154
申请日:2011-11-04
申请人: Yogendra C. Shah , Lawrence Case , Dolores F. Howry , Inhyok Cha , Andreas Leicher , Andreas Schmidt
发明人: Yogendra C. Shah , Lawrence Case , Dolores F. Howry , Inhyok Cha , Andreas Leicher , Andreas Schmidt
CPC分类号: G06F11/0709 , G06F11/0751 , G06F11/079 , G06F11/0793 , G06F11/08 , G06F21/10 , G06F21/575 , G06F2221/2103 , G06F2221/2111 , H04L63/123 , H04M1/24 , H04W8/22 , H04W12/10 , H04W24/02
摘要: A wireless communications device may be configured to perform integrity checking and interrogation with a network entity to isolate a portion of a failed component on the wireless network device for remediation. Once an integrity failure is determined on a component of the device, the device may identify a functionality associated with the component and indicate the failed functionality to the network entity. Both the wireless network device and the network entity may identify the failed functionality and/or failed component using a component-to-functionality map. After receiving an indication of an integrity failure at the device, the network entity may determine that one or more additional iterations of integrity checking may be performed at the device to narrow the scope of the integrity failure on the failed component. Once the integrity failure is isolated, the network entity may remediate a portion of the failed component on the wireless communications device.
摘要翻译: 无线通信设备可以被配置为执行与网络实体的完整性检查和询问,以隔离无线网络设备上的故障组件的一部分以进行修复。 一旦在设备的组件上确定完整性故障,则设备可以识别与组件相关联的功能并且向网络实体指示失败的功能。 无线网络设备和网络实体都可以使用组件到功能映射来识别故障功能和/或故障组件。 在接收到设备上的完整性故障的指示之后,网络实体可以确定可以在设备处执行完整性检查的一个或多个附加迭代以缩小故障组件上的完整性故障的范围。 一旦完整性故障被隔离,则网络实体可以修复无线通信设备上的故障组件的一部分。
-
10.发明申请公开(公告)号:US20140129815A9
公开(公告)日:2014-05-08
申请号:US12760690
申请日:2010-04-15
申请人: Yogendra C. Shah , Inhyok Cha , Andreas Schmidt , Andreas Leicher , Joseph Gredone , Samian J. Kaur
发明人: Yogendra C. Shah , Inhyok Cha , Andreas Schmidt , Andreas Leicher , Joseph Gredone , Samian J. Kaur
CPC分类号: H04W12/10 , H04L63/123
摘要: A device may include a trusted component. The trusted component may be verified by a trusted third party and may have a certificate of verification stored therein based on the verification by the trusted third party. The trusted component may include a root of trust that may provide secure code and data storage and secure application execution. The root of trust may also be configured to verify an integrity of the trusted component via a secure boot and to prevent access to the certain information in the device if the integrity of the trusted component may not be verified.
摘要翻译: 设备可以包括可信组件。 受信任的组件可以由受信任的第三方验证,并且可以基于可信赖的第三方的验证来存储其中的验证证书。 受信任的组件可以包括可以提供安全代码和数据存储以及安全应用执行的信任根。 还可以配置信任根以通过安全引导来验证可信组件的完整性,并且如果可信组件的完整性可能未被验证,则阻止访问设备中的某些信息。
-
-
-
-
-
-
-
-
-
搜索结果
80 条记录 (耗时 0.029 秒)
