-
公开(公告)号:US10936422B1
公开(公告)日:2021-03-02
申请号:US16361681
申请日:2019-03-22
IPC分类号: G06F11/14 , H04W24/04 , G06F9/4401 , G06F16/23
摘要: A Network Function Virtualization Infrastructure (NFVI) executes Virtual Network Functions (VNFs) to transfer the VNF boot data to a distributed ledger. The distributed ledger performs a distributed ledger transaction with the VNF boot data to commit the VNF boot data to distributed ledger memory in a blockchain format. The NFVI executes the network VNF to deliver a network communication service. The NFVI loses VNF boot functionality and transfers a VNF boot request to the distributed ledger. The distributed ledger performs a distributed ledger transaction with the VNF boot request and the VNF boot data to transfer VNF recovery data to the NFVI and to commit the VNF boot request and the VNF recovery data to the distributed ledger memory in the blockchain format. The NFVI processes the VNF recovery data to recover the VNF boot functionality. The NFVI executes the recovered VNF to deliver the network communication service.
-
公开(公告)号:US10531278B1
公开(公告)日:2020-01-07
申请号:US16270592
申请日:2019-02-08
摘要: A method of storing device information, provisioning data, and event information using distributed ledger technology (DLT). a manufacturer creates a first block of a first category comprising wireless communication device information, the block stored in a non-transitory memory of the device, a wireless communication service provider provisions device on a network, a server maintained by the wireless communication service provider creates a second block of a second category comprising information associated with the provisioning of the device, an application executing on the device stores the second block by in the non-transitory memory, creating a chain of blocks, the application uses at least part of the chain of blocks to provide authentication of the device to the network, and the block foundry server creates at least one block of a third category.
-
公开(公告)号:US09977914B1
公开(公告)日:2018-05-22
申请号:US15054130
申请日:2016-02-25
CPC分类号: G06F21/6218 , G06F9/4401 , G06F21/575
摘要: An electronic device. The electronic device comprises a memory comprising a confidential information region and a non-confidential information region, a processor, and an application stored in the memory. When executed by the processor, the application determines if a reboot has occurred after a most recent power-off boot, where a reboot takes place without removing power from the processor and memory and, in response to determining that the reboot occurred after the most recent power-off boot, prevents access of applications to the confidential information region in the memory.
-
公开(公告)号:US09613208B1
公开(公告)日:2017-04-04
申请号:US13802404
申请日:2013-03-13
摘要: An electronic device comprises a processor, a permissive sector, a trusted security zone that is separate from the permissive sector, a hardware driver, a first trusted application, stored in the trusted security zone, that is configured to invoke the hardware driver in response to activation instructions, and a second trusted application, stored in the trusted security zone, that when executed on the processor, configures the processor to: amass information about an uncompromised state of the hardware driver, store the information about the uncompromised state of the hardware driver in the trusted security zone, and compare, in response to receipt of activation instructions by the first trusted application, the information about the uncompromised state of the hardware driver with a current state of the hardware driver, and perform an action in response to a result of the comparison.
-
5.发明申请Systems and Methods for Provisioning and Using Multiple Trusted Security Zones on an Electronic Device 有权在电子设备上配置和使用多个可信安全区域的系统和方法公开(公告)号:US20160004876A1
公开(公告)日:2016-01-07
申请号:US14855364
申请日:2015-09-15
发明人: Stephen J. Bye , Lyle W. Paczkowski , William M. Parsel , Carl J. Persson , Matthew C. Schlesener , Trevor D. Shipley
CPC分类号: G06F21/604 , G06F21/62 , G06F21/74
摘要: A method of provisioning a subordinate trusted security zone in a processor having a trusted security zone. The method comprises receiving by a master trusted application executing in a master trusted security zone of the processor a request to provision a subordinate trusted security zone in the processor, wherein the request comprises a master trusted security zone key, wherein the request designates the subordinate trusted security zone, and wherein the request defines an independent key. The method further comprises provisioning by the master trusted application the subordinate trusted security zone to be accessible based on the independent key.
摘要翻译: 在具有可信安全区域的处理器中配置下级可信安全区域的方法。 所述方法包括由在所述处理器的主信任安全区执行的主信任应用程序接收在所述处理器中提供下级可信安全区的请求,其中所述请求包括主信任安全区密钥,其中所述请求指定所述下级可信 安全区域,并且其中所述请求定义独立密钥。 该方法还包括由主信任应用提供基于独立密钥可访问的下级可信安全区域。
-
6.发明授权Network based temporary trust extension to a remote or mobile device enabled via specialized cloud services 有权基于网络的临时信任扩展到通过专门的云服务启用的远程或移动设备公开(公告)号:US09230085B1
公开(公告)日:2016-01-05
申请号:US14446330
申请日:2014-07-29
IPC分类号: G06F21/34
CPC分类号: G06F21/335 , G06F21/57 , G06F21/602
摘要: A method of executing a trusted application on a trusted security zone enabled electronic device. The method comprises responsive to a trusted security subzone not being provisioned on the electronic device, generating, by a server, a temporary trust token, transmitting the temporary trust token to the electronic device, and comparing the temporary trust token with a plurality of trust tokens stored in the electronic device to determine the trustworthiness of the temporary trust token. The method further comprises responsive to the temporary trust token being determined to be trustworthy, provisioning the non-provisioned trusted security subzone on the electronic device to be a temporary trust enablement, transmitting the trusted application through an encrypted channel to the temporary trust enablement, executing the trusted application in the temporary trust enablement, and removing the trusted application, the temporary trust enablement, and the temporary trust token when the trusted application is completed.
摘要翻译: 一种在受信任的安全区域启用的电子设备上执行可信应用的方法。 该方法包括响应于在电子设备上未被配置的可信安全子区域,由服务器生成临时信任令牌,将临时信任令牌发送到电子设备,以及将临时信任令牌与多个信任令牌进行比较 存储在电子设备中以确定临时信任令牌的可信赖性。 所述方法还包括响应于所述临时信任令牌被确定为可信赖的,将所述电子设备上的未配置的可信安全子区域提供为临时信任启用,通过加密信道将所述可信应用传输到所述临时信任启用,执行 临时信任启用中的可信应用程序,以及在可信应用程序完成时删除可信应用程序,临时信任启用和临时信任令牌。
-
公开(公告)号:US11416619B1
公开(公告)日:2022-08-16
申请号:US16581126
申请日:2019-09-24
摘要: A method of boot-loading an electronic device. The method comprises boot-loading a trusted execution environment (TEE) in a trusted security zone of a processor of the electronic device, where the TEE boot-loads before a rich execution environment (REE) boot-loads, launching a boot-loader authentication application by the TEE in the trusted security zone, determining a signature value of an REE boot-loader by the boot-loader authentication application over the instructions of the REE boot-loader, comparing the signature value of the REE boot-loader to an authentication signature value stored in the TEE, and, in response to the signature value of the REE boot-loader not matching the authentication signature value, taking action by the boot-loader authentication application.
-
公开(公告)号:US10251053B1
公开(公告)日:2019-04-02
申请号:US15666564
申请日:2017-08-02
摘要: A method of storing device information, provisioning data, and event information using distributed ledger technology (DLT). a manufacturer creates a first block of a first category comprising wireless communication device information, the block stored in a non-transitory memory of the device, a wireless communication service provider provisions device on a network, a server maintained by the wireless communication service provider creates a second block of a second category comprising information associated with the provisioning of the device, an application executing on the device stores the second block by in the non-transitory memory, creating a chain of blocks, the application uses at least part of the chain of blocks to provide authentication of the device to the network, and the block foundry server creates at least one block of a third category.
-
9.发明申请AUTHORIZATION OF COMMUNICATION LINKS BETWEEN END USER DEVICES USING INTERMEDIARY NODES 审中-公开使用中间节目的最终用户设备之间的通信链接的授权公开(公告)号:US20160255060A1
公开(公告)日:2016-09-01
申请号:US15150650
申请日:2016-05-10
CPC分类号: H04L63/0428 , H04L9/3273 , H04L63/06 , H04L63/08 , H04L63/0869 , H04L63/0884 , H04L63/10 , H04L67/10 , H04W12/04 , H04W12/06 , H04W12/08 , H04W84/042
摘要: Systems, methods, and software for operating communication systems are provided herein. In one example, method of operating a communication system to establish secure communications between a first user device communicating in a first communication network and a second user device communicating in a second communication network is presented. The method includes, responsive to a communication request received from the first user device, establishing a secure communication link between the first user device and a first security node. When a second security node has a security relationship established with the first security node, the method includes establishing the secure communication link for the secure communications between the first user device and the second user device using at least the security relationship between the first security node and the second security node, and exchanging the secure communications over the secure communication link.
摘要翻译: 本文提供了用于操作通信系统的系统,方法和软件。 在一个示例中,呈现操作通信系统以在第一通信网络中通信的第一用户设备与在第二通信网络中通信的第二用户设备之间建立安全通信的方法。 该方法包括响应于从第一用户设备接收到的通信请求,在第一用户设备和第一安全节点之间建立安全通信链路。 当第二安全节点具有与第一安全节点建立的安全关系时,该方法包括使用至少第一安全节点和第二安全节点之间的安全关系来建立用于第一用户设备和第二用户设备之间的安全通信的安全通信链路, 第二安全节点,并且通过安全通信链路交换安全通信。
-
10.发明授权Restricting access of a portable communication device to confidential data or applications via a remote network based on event triggers generated by the portable communication device 有权基于由便携式通信设备产生的事件触发,通过远程网络限制便携式通信设备对机密数据或应用的访问公开(公告)号:US09374363B1
公开(公告)日:2016-06-21
申请号:US13844282
申请日:2013-03-15
CPC分类号: H04L63/083 , G06F21/10 , G06F21/32 , G06F21/57 , G06F21/6245 , H04L63/0492 , H04L63/08 , H04L63/102 , H04W12/06 , H04W12/08
摘要: Systems and methods disclosed herein relate to the protection of a plurality of protected personas on a protected network that may be isolated from a telecommunication service provider's network that supports a portable electronic device. The plurality of personas may be generated by the owners and/or administrators of the network on which the personas reside. Activating a persona on a device, whether that device is owned and maintained by the business or businesses affiliated with the protected network, enables access to a plurality of data on the business's network and restricts access to at least some of the capabilities and functionality of the device available under the original persona. Data created or modified while the protected persona is activated on the device may not be accessed while the original persona is active and may be uploaded dynamically or manually to the protected network.
摘要翻译: 本文公开的系统和方法涉及对可能与支持便携式电子设备的电信服务提供商的网络隔离的受保护网络上的多个受保护角色的保护。 多个人物角色可以由角色所在的网络的所有者和/或管理员生成。 激活设备上的角色,无论该设备是否由与受保护网络相关联的业务或业务拥有和维护,都能够访问业务网络上的多个数据,并限制对至少一些该功能的访问 设备可在原始角色下使用。 在设备上激活受保护角色时创建或修改的数据可能在原始角色处于活动状态时可能无法访问,并可能被动态上传或手动上传到受保护的网络。
-
-
-
-
-
-
-
-
-
搜索结果
31 条记录 (耗时 0.03 秒)
