MIGRATION OF CREDENTIALS AND/OR DOMAINS BETWEEN TRUSTED HARDWARE SUBSCRIPTION MODULES
    1.
    发明申请
    MIGRATION OF CREDENTIALS AND/OR DOMAINS BETWEEN TRUSTED HARDWARE SUBSCRIPTION MODULES 有权
    信用硬件认购模块之间的凭证和/或域名的移动

    公开(公告)号:US20130212637A1

    公开(公告)日:2013-08-15

    申请号:US13581752

    申请日:2011-03-02

    IPC分类号: H04L29/06

    摘要: Systems, methods, and instrumentalities are disclosed that allow a user to initiate migration of a credential from one domain to another domain. A request to initiate a migration of credentials from a first domain to a second domain may be initiated by a user (1a.). A remote owner may receive a message indicating that the migration has been requested. The message received by the remote owner may be an indication that the source and destination devices have performed internal checks and determined that a migration could proceed. The remote owner may evaluate source information received from the source device and destination information received from the destination device (6), (6a.), (6b.). Based on the evaluation of the source information and the destination information, the remote owner may determine that the migration is acceptable. The remote owner may send an indication to proceed with the migration (7), (7a.)

    摘要翻译: 公开了允许用户启动将证书从一个域迁移到另一个域的系统,方法和工具。 可以由用户(1a。)发起将凭证从第一域迁移到第二域的请求。 远程所有者可能会收到指示已请求迁移的消息。 远程所有者收到的消息可能表示源设备和目标设备已执行内部检查,并确定迁移可以进行。 远程所有者可以评估从源设备接收的源信息和从目的地设备(6),(6a。),(6b。)接收的目的地信息。 基于源信息和目的地信息的评估,远程所有者可以确定迁移是可接受的。 远程所有者可以发送进行迁移的指示(7),(7a。)

    Device validation, distress indication, and remediation
    2.
    发明授权
    Device validation, distress indication, and remediation 有权
    设备验证,遇险指示和修复

    公开(公告)号:US08914674B2

    公开(公告)日:2014-12-16

    申请号:US13289154

    申请日:2011-11-04

    摘要: A wireless communications device may be configured to perform integrity checking and interrogation with a network entity to isolate a portion of a failed component on the wireless network device for remediation. Once an integrity failure is determined on a component of the device, the device may identify a functionality associated with the component and indicate the failed functionality to the network entity. Both the wireless network device and the network entity may identify the failed functionality and/or failed component using a component-to-functionality map. After receiving an indication of an integrity failure at the device, the network entity may determine that one or more additional iterations of integrity checking may be performed at the device to narrow the scope of the integrity failure on the failed component. Once the integrity failure is isolated, the network entity may remediate a portion of the failed component on the wireless communications device.

    摘要翻译: 无线通信设备可以被配置为执行与网络实体的完整性检查和询问,以隔离无线网络设备上的故障组件的一部分以进行修复。 一旦在设备的组件上确定完整性故障,则设备可以识别与组件相关联的功能并且向网络实体指示失败的功能。 无线网络设备和网络实体都可以使用组件到功能映射来识别故障功能和/或故障组件。 在接收到设备上的完整性故障的指示之后,网络实体可以确定可以在设备处执行完整性检查的一个或多个附加迭代以缩小故障组件上的完整性故障的范围。 一旦完整性故障被隔离,则网络实体可以修复无线通信设备上的故障组件的一部分。

    Method and Apparatus for Trusted Federated Identity Management and Data Access Authorization
    3.
    发明申请
    Method and Apparatus for Trusted Federated Identity Management and Data Access Authorization 有权
    用于可信联合身份管理和数据访问授权的方法和装置

    公开(公告)号:US20120023568A1

    公开(公告)日:2012-01-26

    申请号:US13011558

    申请日:2011-01-21

    IPC分类号: H04W12/06

    摘要: Systems, methods, and instrumentalities are disclosed that may provide for integration of trusted OpenID (TOpenID) with OpenID. The authentication may be accomplished, in part, via communications between a trusted ticket server on a UE and a network application function. The UE may retrieve platform validation data (e.g., from a trusted platform module on the UE). The UE may receive a platform verification in response to the platform validation data. The platform verification may indicate that the network application function has verified the platform validation data and the user. The platform verification may indicate that the platform validation data matches a previously generated reference value.

    摘要翻译: 公开了可以提供可信OpenID(TOpenID)与OpenID的集成的系统,方法和工具。 认证可以部分地通过UE上的信任票据服务器和网络应用功能之间的通信来实现。 UE可以检索平台验证数据(例如,从UE上的可信平台模块)。 UE可以响应于平台验证数据而接收平台验证。 平台验证可以指示网络应用功能已经验证了平台验证数据和用户。 平台验证可以指示平台验证数据与先前生成的参考值相匹配。

    Migration of credentials and/or domains between trusted hardware subscription modules
    5.
    发明授权
    Migration of credentials and/or domains between trusted hardware subscription modules 有权
    可信硬件订阅模块之间的凭证和/或域的迁移

    公开(公告)号:US09032473B2

    公开(公告)日:2015-05-12

    申请号:US13581752

    申请日:2011-03-02

    摘要: Systems, methods, and instrumentalities are disclosed that allow a user to initiate migration of a credential from one domain to another domain. A request to initiate a migration of credentials from a first domain to a second domain may be initiated by a user (1a.). A remote owner may receive a message indicating that the migration has been requested. The message received by the remote owner may be an indication that the source and destination devices have performed internal checks and determined that a migration could proceed. The remote owner may evaluate source information received from the source device and destination information received from the destination device (6), (6a.), (6b.). Based on the evaluation of the source information and the destination information, the remote owner may determine that the migration is acceptable. The remote owner may send an indication to proceed with the migration (7), (7a).

    摘要翻译: 公开了允许用户启动将证书从一个域迁移到另一个域的系统,方法和工具。 可以由用户(1a。)发起将凭证从第一域迁移到第二域的请求。 远程所有者可能会收到指示已请求迁移的消息。 远程所有者收到的消息可能表示源设备和目标设备已执行内部检查,并确定迁移可以进行。 远程所有者可以评估从源设备接收的源信息和从目的地设备(6),(6a。),(6b。)接收的目的地信息。 基于源信息和目的地信息的评估,远程所有者可以确定迁移是可接受的。 远程所有者可以发送进行迁移的指示(7),(7a)。

    VALIDATION AND/OR AUTHENTICATION OF A DEVICE FOR COMMUNICATION WITH NETWORK
    6.
    发明申请
    VALIDATION AND/OR AUTHENTICATION OF A DEVICE FOR COMMUNICATION WITH NETWORK 有权
    用于与网络通信的设备的验证和/或认证

    公开(公告)号:US20140129815A9

    公开(公告)日:2014-05-08

    申请号:US12760690

    申请日:2010-04-15

    IPC分类号: G06F21/02 G06F9/445

    CPC分类号: H04W12/10 H04L63/123

    摘要: A device may include a trusted component. The trusted component may be verified by a trusted third party and may have a certificate of verification stored therein based on the verification by the trusted third party. The trusted component may include a root of trust that may provide secure code and data storage and secure application execution. The root of trust may also be configured to verify an integrity of the trusted component via a secure boot and to prevent access to the certain information in the device if the integrity of the trusted component may not be verified.

    摘要翻译: 设备可以包括可信组件。 受信任的组件可以由受信任的第三方验证,并且可以基于可信赖的第三方的验证来存储其中的验证证书。 受信任的组件可以包括可以提供安全代码和数据存储以及安全应用执行的信任根。 还可以配置信任根以通过安全引导来验证可信组件的完整性,并且如果可信组件的完整性可能未被验证,则阻止访问设备中的某些信息。

    Smart card with domain-trust evaluation and domain policy management functions
    8.
    发明授权
    Smart card with domain-trust evaluation and domain policy management functions 有权
    具有域信任评估和域策略管理功能的智能卡

    公开(公告)号:US09363676B2

    公开(公告)日:2016-06-07

    申请号:US13991530

    申请日:2011-12-06

    摘要: One or more wireless communications device may include one or more domains that may be owned or controlled by one or more different owners. One of the domains may include a security domain having ultimate control over the enforcement of security policies on the one or more wireless communications devices. Another one of the domains may include a system-wide domain manager that is subsidiary to the security domain and may enforce the policies of one or more subsidiary domains. The system-wide domain manager may enforce its policies based on a privilege level received from the security domain. The privilege level may be based on the level of trust between an external stakeholder, such as an owner of a domain that is subsidiary to the system-wide domain manager, and the security domain.

    摘要翻译: 一个或多个无线通信设备可以包括可由一个或多个不同所有者拥有或控制的一个或多个域。 一个域可以包括对一个或多个无线通信设备上的安全策略的执行的最终控制的安全域。 另一个域可以包括系统范围的域管理器,其是安全域的子公司,并且可以执行一个或多个子域的策略。 系统范围的域管理器可以基于从安全域接收到的特权级别强制执行其策略。 权限级别可以基于外部利益相关者(例如,系统范围域名管理员的子域的所有者)与安全域之间的信任级别。

    Client and server group SSO with local openID
    9.
    发明授权
    Client and server group SSO with local openID 有权
    客户端和服务器组SSO与本地openID

    公开(公告)号:US09237142B2

    公开(公告)日:2016-01-12

    申请号:US13978219

    申请日:2012-01-06

    IPC分类号: H04L29/06

    摘要: A user of a mobile communications device may access services in a target domain using a source domain identity that is used to access services in a source domain. To enable such a use of the source domain identity in the target domain, the source domain identity may first be enrolled in the target domain. The enrollment may be facilitated by an enrollment entity at the target domain, such as a gateway or an OpenID server for example. The enrollment entity may establish a secure channel with the user's device for enabling enrollment of the source domain identity. Once enrolled, the source domain identity may be used for authentication of the user in the target domain. Enrollment of the source domain identity and/or authentication of the user based on the enrolled source domain identity may be implemented using a local OpenID provider (OP) residing on the user's device.

    摘要翻译: 移动通信设备的用户可以使用用于访问源域中的服务的源域标识来访问目标域中的服务。 为了使目标域中的源域标识能够使用,可以首先将源域标识注册到目标域中。 可以通过目标域的注册实体(例如网关或OpenID服务器)来促进注册。 注册实体可以与用户设备建立安全通道,以使得能够注册源域标识。 一旦注册,源域标识可以用于目标域中的用户的认证。 可以使用驻留在用户设备上的本地OpenID提供商(OP)来实现基于注册的源域标识的用户域的源域标识和/或认证的注册。

    Method and apparatus for trusted federated identity management and data access authorization
    10.
    发明授权
    Method and apparatus for trusted federated identity management and data access authorization 有权
    用于可信联合身份管理和数据访问授权的方法和装置

    公开(公告)号:US08881257B2

    公开(公告)日:2014-11-04

    申请号:US13011558

    申请日:2011-01-21

    IPC分类号: H04W12/06

    摘要: Systems, methods, and instrumentalities are disclosed that may provide for integration of trusted OpenID (TOpenID) with OpenID. The authentication may be accomplished, in part, via communications between a trusted ticket server on a UE and a network application function. The UE may retrieve platform validation data (e.g., from a trusted platform module on the UE). The UE may receive a platform verification in response to the platform validation data. The platform verification may indicate that the network application function has verified the platform validation data and the user. The platform verification may indicate that the platform validation data matches a previously generated reference value.

    摘要翻译: 公开了可以提供可信OpenID(TOpenID)与OpenID的集成的系统,方法和工具。 认证可以部分地通过UE上的信任票据服务器和网络应用功能之间的通信来实现。 UE可以检索平台验证数据(例如,从UE上的可信平台模块)。 UE可以响应于平台验证数据而接收平台验证。 平台验证可以指示网络应用功能已经验证了平台验证数据和用户。 平台验证可以指示平台验证数据与先前生成的参考值相匹配。