公开(公告)号：US11416619B1

公开(公告)日：2022-08-16

申请号：US16581126

申请日：2019-09-24

Applicant: Sprint Communications Company L.P.

Inventor： Lyle W. Paczkowski ,  William M. Parsel

IPC: H04L29/00 ,  G06F21/57 ,  G06F11/10 ,  G06F21/44

Abstract: A method of boot-loading an electronic device. The method comprises boot-loading a trusted execution environment (TEE) in a trusted security zone of a processor of the electronic device, where the TEE boot-loads before a rich execution environment (REE) boot-loads, launching a boot-loader authentication application by the TEE in the trusted security zone, determining a signature value of an REE boot-loader by the boot-loader authentication application over the instructions of the REE boot-loader, comparing the signature value of the REE boot-loader to an authentication signature value stored in the TEE, and, in response to the signature value of the REE boot-loader not matching the authentication signature value, taking action by the boot-loader authentication application.

公开(公告)号：US11076296B1

公开(公告)日：2021-07-27

申请号：US16411134

申请日：2019-05-13

Applicant: Sprint Communications Company L.P.

Inventor： Nishi Kant ,  Lyle W. Paczkowski ,  Ivo Rook

IPC: H04W12/37 ,  H04W12/041 ,  H04W12/06 ,  H04W8/18 ,  H04L29/06

Abstract: A method of authenticating access of an electronic device to an application server based on a subscriber identity module (SIM) associated with the electronic device. The method receiving an authentication challenge from an application executing on the device by a SIM application toolkit (SAT) executing on the device, transmitting a random number and an authentication value of the challenge to a SIM of the device by the SAT, receiving a response from the SIM by the SAT, transmitting an authentication response to the application by the SAT, where the authentication response comprises the response received from the SIM, generating an application key by the SAT based at least in part on the response received from the SIM, and transmitting the application key to the application by the SAT, whereby the application executing on the electronic device establishes a communication session with an application server via an access communication network.

公开(公告)号：US10764374B1

公开(公告)日：2020-09-01

申请号：US16403614

申请日：2019-05-06

Applicant: Sprint Communications Company L.P.

Inventor： Ronald R. Marquardt ,  Lyle W. Paczkowski

IPC: H04L12/26 ,  H04L29/08 ,  H04W4/70 ,  H04L9/32 ,  H04B3/54 ,  G06Q20/30

Abstract: A method of operating a reference network comprising a plurality of Internet-of-things (IoT) devices. The method comprises monitoring reference activities of a plurality of IoT devices in a reference network by a first IoT device, wherein the monitoring comprises detecting events of reference rations being delivered to the IoT devices and detecting events of references being transmitted by the IoT devices, maintaining a reference ration account balance by the first IoT device for each of the IoT devices, determining by the first IoT device that a second IoT device transmits a reference while the reference ration account balance of the second IoT device is below a threshold value, and transmitting a report by the first IoT device, where the report identifies the second IoT device, identifies the reference transmitted by the second IoT device, and identifies the value of the reference ration account balance of the second IoT device.

公开(公告)号：US10251053B1

公开(公告)日：2019-04-02

申请号：US15666564

申请日：2017-08-02

Applicant: Sprint Communications Company L.P.

Inventor： Lyle W. Paczkowski ,  William M. Parsel ,  Robert L. Spanel

IPC: H04W8/22 ,  H04W88/02

Abstract: A method of storing device information, provisioning data, and event information using distributed ledger technology (DLT). a manufacturer creates a first block of a first category comprising wireless communication device information, the block stored in a non-transitory memory of the device, a wireless communication service provider provisions device on a network, a server maintained by the wireless communication service provider creates a second block of a second category comprising information associated with the provisioning of the device, an application executing on the device stores the second block by in the non-transitory memory, creating a chain of blocks, the application uses at least part of the chain of blocks to provide authentication of the device to the network, and the block foundry server creates at least one block of a third category.

公开(公告)号：US09591434B1

公开(公告)日：2017-03-07

申请号：US14696835

申请日：2015-04-27

Applicant: Sprint Communications Company L.P.

Inventor： Kevin R. Cordes ,  Clint H. Loman ,  Lyle W. Paczkowski ,  Kenneth R. Steele

IPC: H04B7/00 ,  H04W4/00 ,  H04W12/06 ,  H04L29/06

CPC classification number: H04W4/008 ,  H04L63/0272 ,  H04W4/80 ,  H04W12/02 ,  H04W12/06

Abstract: A user equipment (UE). The UE comprises a motherboard comprising a communication bus, a cellular radio frequency transceiver, a processor, a radio frequency identity (RFID) chip, and a memory storing an application. The RFID chip is connected to the communication bus and comprises an RFID near field communication (NFC) transceiver, an RFID internal processor, an RFID internal memory, and an RFID application. When executed by the processor, the application receives a request from the RFID chip to establish a virtual private network (VPN) tunnel via the cellular radio frequency transceiver based on information encapsulated in the request. The RFID application, when executed by the RFID internal processor, receives a message from an NFC device comprising a command to open the VPN tunnel and sends the request to establish the VPN tunnel to the application executed on the processor.

Abstract translation: 用户设备（UE）。 UE包括主板，其包括通信总线，蜂窝式射频收发器，处理器，射频识别（RFID）芯片以及存储应用的存储器。 RFID芯片连接到通信总线，并且包括RFID近场通信（NFC）收发器，RFID内部处理器，RFID内部存储器和RFID应用。 当由处理器执行时，应用程序接收来自RFID芯片的请求，以根据请求中封装的信息经由蜂窝射频收发器建立虚拟专用网（VPN）隧道。 当RFID应用程序由RFID内部处理器执行时，RFID应用从NFC设备接收包括打开VPN隧道的命令的消息，并向在处理器上执行的应用发送建立VPN隧道的请求。

公开(公告)号：US09426604B1

公开(公告)日：2016-08-23

申请号：US13873813

申请日：2013-04-30

Applicant: Sprint Communications Company L.P.

Inventor： Kevin R. Cordes ,  Clinton H. Loman ,  Lyle W. Paczkowski ,  Kenneth R. Steele

IPC: H04B5/00 ,  H04W4/00

CPC classification number: H04W4/80 ,  H04B5/0031 ,  H04L43/16

Abstract: A method of organizing components of a mobile communication device. The method comprises orienting a radio frequency identity chip of the mobile communication device relative to a general purpose near field communication transceiver of the mobile communication device, locating the radio frequency identity chip in a null region of an electromagnetic field radiated by the general purpose near field communication transceiver, whereby, the null region of the electromagnetic field may be below a threshold required to activate the radio frequency identity chip.

Abstract translation: 一种组织移动通信设备的组件的方法。 该方法包括：将移动通信设备的射频识别芯片相对于移动通信设备的通用近场通信收发器定向，将射频识别芯片定位在由通用近场辐射的电磁场的零区域中 通信收发器，由此，电磁场的零区域可以低于激活射频识别芯片所需的阈值。

公开(公告)号：US09384498B1

公开(公告)日：2016-07-05

申请号：US14659614

申请日：2015-03-17

Applicant: Sprint Communications Company L.P.

Inventor： Lyle T. Bertz ,  Stephen J. Bye ,  Lyle W. Paczkowski ,  Daniel J. Sershen

IPC: G06Q30/00 ,  G06Q30/06 ,  G06Q30/02 ,  H04L12/801

CPC classification number: G06Q30/0253 ,  G06Q30/0633 ,  G06Q30/0635 ,  H04L47/11

Abstract: A method of transmitting digital content via a communication network. The method comprises receiving by a computer a request for a uniform resource identifier (URI), determining by a computer based on the request for the uniform resource identifier a communication service provider associated with a communication device, and when the communication service provider is affiliated with a digital content custom delivery offer building system, transmitting by a computer an image file to be presented by the communication device.

Abstract translation: 一种通过通信网络发送数字内容的方法。 该方法包括由计算机接收对统一资源标识符（URI）的请求，由计算机基于与通信设备相关联的通信服务提供商的统一资源标识符的请求，以及当通信服务提供商隶属于 数字内容定制交付提供构建系统，由计算机发送要由通信设备呈现的图像文件。

公开(公告)号：US09374363B1

公开(公告)日：2016-06-21

申请号：US13844282

申请日：2013-03-15

Applicant: Sprint Communications Company L.P.

Inventor： Lyle W. Paczkowski ,  William M. Parsel ,  Carl J. Persson ,  Matthew C. Schlesener

IPC: G06F7/04 ,  H04L29/06 ,  G06F21/32 ,  G06F21/10 ,  G06F17/30

CPC classification number: H04L63/083 ,  G06F21/10 ,  G06F21/32 ,  G06F21/57 ,  G06F21/6245 ,  H04L63/0492 ,  H04L63/08 ,  H04L63/102 ,  H04W12/06 ,  H04W12/08

Abstract: Systems and methods disclosed herein relate to the protection of a plurality of protected personas on a protected network that may be isolated from a telecommunication service provider's network that supports a portable electronic device. The plurality of personas may be generated by the owners and/or administrators of the network on which the personas reside. Activating a persona on a device, whether that device is owned and maintained by the business or businesses affiliated with the protected network, enables access to a plurality of data on the business's network and restricts access to at least some of the capabilities and functionality of the device available under the original persona. Data created or modified while the protected persona is activated on the device may not be accessed while the original persona is active and may be uploaded dynamically or manually to the protected network.

Abstract translation: 本文公开的系统和方法涉及对可能与支持便携式电子设备的电信服务提供商的网络隔离的受保护网络上的多个受保护角色的保护。 多个人物角色可以由角色所在的网络的所有者和/或管理员生成。 激活设备上的角色，无论该设备是否由与受保护网络相关联的业务或业务拥有和维护，都能够访问业务网络上的多个数据，并限制对至少一些该功能的访问 设备可在原始角色下使用。 在设备上激活受保护角色时创建或修改的数据可能在原始角色处于活动状态时可能无法访问，并可能被动态上传或手动上传到受保护的网络。

公开(公告)号：US09210576B1

公开(公告)日：2015-12-08

申请号：US14090667

申请日：2013-11-26

Applicant: Sprint Communications Company L.P.

Inventor： Warren B. Cope ,  Lyle W. Paczkowski

IPC: H04M1/66 ,  H04W12/08

CPC classification number: H04W12/08 ,  G06F21/53 ,  G06F21/6245 ,  H04M1/67 ,  H04M1/7253 ,  H04W12/02 ,  H04W88/06

Abstract: A cellular wireless modem. The cellular wireless modem comprises a cellular radio transceiver, a short range communication interface, a processor, wherein the processor comprises a trusted security zone, a memory, wherein the memory stores an input forwarding application, and a trusted security zone extension application stored in the memory. When executed by the processor, the extension application provisions the input forwarding application to an intelligent appliance via the short range communication interface, receives input from the input forwarding application executing on the intelligent appliance via the short range communication interface, and transmits a message based on the input via the cellular radio transceiver.

Abstract translation: 蜂窝无线调制解调器。 蜂窝无线调制解调器包括蜂窝无线电收发器，短距离通信接口，处理器，其中处理器包括可信安全区域，存储器，其中存储器存储输入转发应用程序，以及存储在存储器中的可信安全区域扩展应用程序 记忆。 当处理器执行时，扩展应用通过短距离通信接口将输入转发应用程序提供给智能设备，通过短距离通信接口从智能设备上执行的输入转发应用接收输入，并发送基于 通过蜂窝无线电收发器的输入。

公开(公告)号：US09069952B1

公开(公告)日：2015-06-30

申请号：US13898435

申请日：2013-05-20

Applicant: Sprint Communications Company L.P.

Inventor： Lyle W. Paczkowski ,  William M. Parsel ,  Carl J. Persson ,  Matthew C. Schlesener

IPC: G06F21/00 ,  G06F21/53

CPC classification number: G06F21/57 ,  G06F2221/2105

Abstract: An electronic device. The device comprises an anti-trusted-security-zone in the trusted security zone that, when installed and managed by the trusted security zone manager, places non-trusted applications into the anti-trusted-security-zone for execution, restricts access of the non-trusted applications to at least some resources of the electronic device outside the anti-trusted-security-zone, alerts the user when the non-trusted application inside the anti-trusted-security-zone desires access to any restricted resource of the electronic device outside the anti-trusted-security-zone, asks the user for permission to access the desired resource outside the anti-trusted-security-zone, grants access for the non-trusted application to requested resources outside the anti-trusted-security-zone upon the permission by the user, moves the applications from the anti-trusted-security-zone to the normal zone that are determined not to be malicious, keeps the applications within the anti-trusted-security-zone that do not need to execute outside the anti-trusted-security-zone, and deletes the applications that are determined to be malicious.

Abstract translation: 电子设备。 该设备包括可信安全区域中的反信任安全区域，当受信任的安全区域管理器安装和管理时，该非可信安全区域将不可信任的应用程序置于反信任安全区域中以供执行， 不信任的应用程序到反信赖安全区域之外的电子设备的至少一些资源，当反信赖安全区域内的不可信应用程序希望访问电子的任何受限资源时，提醒用户 在反信赖安全区域之外的设备请求用户访问反信任安全区域之外的期望资源的许可，将不可信应用的访问权授予反信任安全区外的所请求的资源， 区域，在用户许可的情况下，将应用程序从反信任安全区域移动到正确的区域，确定不恶意，将应用程序保留在不可信任安全区域内 t需要在反信任安全区之外执行，并删除确定为恶意的应用程序。