公开(公告)号：US20110099361A1

公开(公告)日：2011-04-28

申请号：US12760690

申请日：2010-04-15

申请人： Yogendra C. Shah ,  Inhyok Cha ,  Andreas Schmidt ,  Andreas Leicher ,  Joseph Gredone

发明人： Yogendra C. Shah ,  Inhyok Cha ,  Andreas Schmidt ,  Andreas Leicher ,  Joseph Gredone

IPC分类号： G06F21/02 ,  G06F9/445

CPC分类号： H04W12/10 ,  H04L63/123

摘要： A device may include a trusted component. The trusted component may be verified by a trusted third party and may have a certificate of verification stored therein based on the verification by the trusted third party. The trusted component may include a root of trust that may provide secure code and data storage and secure application execution. The root of trust may also be configured to verify an integrity of the trusted component via a secure boot and to prevent access to the certain information in the device if the integrity of the trusted component may not be verified.

摘要翻译： 设备可以包括可信组件。 受信任的组件可以由受信任的第三方验证，并且可以基于可信赖的第三方的验证来存储其中的验证证书。 受信任的组件可以包括可以提供安全代码和数据存储以及安全应用执行的信任根。 还可以配置信任根以通过安全引导来验证可信组件的完整性，并且如果可信组件的完整性可能未被验证，则阻止访问设备中的某些信息。

公开(公告)号：US20140129815A9

公开(公告)日：2014-05-08

申请号：US12760690

申请日：2010-04-15

申请人： Yogendra C. Shah ,  Inhyok Cha ,  Andreas Schmidt ,  Andreas Leicher ,  Joseph Gredone ,  Samian J. Kaur

发明人： Yogendra C. Shah ,  Inhyok Cha ,  Andreas Schmidt ,  Andreas Leicher ,  Joseph Gredone ,  Samian J. Kaur

IPC分类号： G06F21/02 ,  G06F9/445

CPC分类号： H04W12/10 ,  H04L63/123

摘要： A device may include a trusted component. The trusted component may be verified by a trusted third party and may have a certificate of verification stored therein based on the verification by the trusted third party. The trusted component may include a root of trust that may provide secure code and data storage and secure application execution. The root of trust may also be configured to verify an integrity of the trusted component via a secure boot and to prevent access to the certain information in the device if the integrity of the trusted component may not be verified.

摘要翻译： 设备可以包括可信组件。 受信任的组件可以由受信任的第三方验证，并且可以基于可信赖的第三方的验证来存储其中的验证证书。 受信任的组件可以包括可以提供安全代码和数据存储以及安全应用执行的信任根。 还可以配置信任根以通过安全引导来验证可信组件的完整性，并且如果可信组件的完整性可能未被验证，则阻止访问设备中的某些信息。

公开(公告)号：US08701205B2

公开(公告)日：2014-04-15

申请号：US12760690

申请日：2010-04-15

申请人： Yogendra C. Shah ,  Inhyok Cha ,  Andreas Schmidt ,  Andreas Leicher ,  Joseph Gredone ,  Samian Kaur

发明人： Yogendra C. Shah ,  Inhyok Cha ,  Andreas Schmidt ,  Andreas Leicher ,  Joseph Gredone ,  Samian Kaur

IPC分类号： G06F21/02 ,  G06F7/04 ,  H04L9/00

CPC分类号： H04W12/10 ,  H04L63/123

摘要： A device may include a trusted component. The trusted component may be verified by a trusted third party and may have a certificate of verification stored therein based on the verification by the trusted third party. The trusted component may include a root of trust that may provide secure code and data storage and secure application execution. The root of trust may also be configured to verify an integrity of the trusted component via a secure boot and to prevent access to the certain information in the device if the integrity of the trusted component may not be verified.

摘要翻译： 设备可以包括可信组件。 受信任的组件可以由受信任的第三方验证，并且可以基于可信赖的第三方的验证来存储其中的验证证书。 受信任的组件可以包括可以提供安全代码和数据存储以及安全应用执行的信任根。 还可以配置信任根以通过安全引导来验证可信组件的完整性，并且如果可信组件的完整性可能未被验证，则阻止访问设备中的某些信息。

公开(公告)号：US08914674B2

公开(公告)日：2014-12-16

申请号：US13289154

申请日：2011-11-04

申请人： Yogendra C. Shah ,  Lawrence Case ,  Dolores F. Howry ,  Inhyok Cha ,  Andreas Leicher ,  Andreas Schmidt

发明人： Yogendra C. Shah ,  Lawrence Case ,  Dolores F. Howry ,  Inhyok Cha ,  Andreas Leicher ,  Andreas Schmidt

IPC分类号： G06F11/00 ,  H04W12/10 ,  G06F21/10 ,  G06F21/57

CPC分类号： G06F11/0709 ,  G06F11/0751 ,  G06F11/079 ,  G06F11/0793 ,  G06F11/08 ,  G06F21/10 ,  G06F21/575 ,  G06F2221/2103 ,  G06F2221/2111 ,  H04L63/123 ,  H04M1/24 ,  H04W8/22 ,  H04W12/10 ,  H04W24/02

摘要： A wireless communications device may be configured to perform integrity checking and interrogation with a network entity to isolate a portion of a failed component on the wireless network device for remediation. Once an integrity failure is determined on a component of the device, the device may identify a functionality associated with the component and indicate the failed functionality to the network entity. Both the wireless network device and the network entity may identify the failed functionality and/or failed component using a component-to-functionality map. After receiving an indication of an integrity failure at the device, the network entity may determine that one or more additional iterations of integrity checking may be performed at the device to narrow the scope of the integrity failure on the failed component. Once the integrity failure is isolated, the network entity may remediate a portion of the failed component on the wireless communications device.

摘要翻译： 无线通信设备可以被配置为执行与网络实体的完整性检查和询问，以隔离无线网络设备上的故障组件的一部分以进行修复。 一旦在设备的组件上确定完整性故障，则设备可以识别与组件相关联的功能并且向网络实体指示失败的功能。 无线网络设备和网络实体都可以使用组件到功能映射来识别故障功能和/或故障组件。 在接收到设备上的完整性故障的指示之后，网络实体可以确定可以在设备处执行完整性检查的一个或多个附加迭代以缩小故障组件上的完整性故障的范围。 一旦完整性故障被隔离，则网络实体可以修复无线通信设备上的故障组件的一部分。

公开(公告)号：US20120023568A1

公开(公告)日：2012-01-26

申请号：US13011558

申请日：2011-01-21

申请人： Inhyok Cha ,  Andreas Schmidt ,  Andreas Leicher ,  Yogendra C. Shah

发明人： Inhyok Cha ,  Andreas Schmidt ,  Andreas Leicher ,  Yogendra C. Shah

IPC分类号： H04W12/06

CPC分类号： H04W12/06 ,  G06F21/335 ,  G06F21/57 ,  G06F2221/2115 ,  H04L63/0807 ,  H04L2463/121

摘要： Systems, methods, and instrumentalities are disclosed that may provide for integration of trusted OpenID (TOpenID) with OpenID. The authentication may be accomplished, in part, via communications between a trusted ticket server on a UE and a network application function. The UE may retrieve platform validation data (e.g., from a trusted platform module on the UE). The UE may receive a platform verification in response to the platform validation data. The platform verification may indicate that the network application function has verified the platform validation data and the user. The platform verification may indicate that the platform validation data matches a previously generated reference value.

摘要翻译： 公开了可以提供可信OpenID（TOpenID）与OpenID的集成的系统，方法和工具。 认证可以部分地通过UE上的信任票据服务器和网络应用功能之间的通信来实现。 UE可以检索平台验证数据（例如，从UE上的可信平台模块）。 UE可以响应于平台验证数据而接收平台验证。 平台验证可以指示网络应用功能已经验证了平台验证数据和用户。 平台验证可以指示平台验证数据与先前生成的参考值相匹配。

公开(公告)号：US09363676B2

公开(公告)日：2016-06-07

申请号：US13991530

申请日：2011-12-06

申请人： Louis J. Guccione ,  Michael V. Meyerstein ,  Inhyok Cha ,  Andreas Schmidt ,  Andreas Leicher ,  Yogendra C. Shah

发明人： Louis J. Guccione ,  Michael V. Meyerstein ,  Inhyok Cha ,  Andreas Schmidt ,  Andreas Leicher ,  Yogendra C. Shah

IPC分类号： H04L29/06 ,  H04W12/08 ,  H04W12/12 ,  G06F21/10 ,  H04W12/10

CPC分类号： G06F21/604 ,  G06F21/10 ,  G06F21/6218 ,  H04L63/00 ,  H04L63/205 ,  H04W12/08 ,  H04W12/10 ,  H04W12/12

摘要： One or more wireless communications device may include one or more domains that may be owned or controlled by one or more different owners. One of the domains may include a security domain having ultimate control over the enforcement of security policies on the one or more wireless communications devices. Another one of the domains may include a system-wide domain manager that is subsidiary to the security domain and may enforce the policies of one or more subsidiary domains. The system-wide domain manager may enforce its policies based on a privilege level received from the security domain. The privilege level may be based on the level of trust between an external stakeholder, such as an owner of a domain that is subsidiary to the system-wide domain manager, and the security domain.

摘要翻译： 一个或多个无线通信设备可以包括可由一个或多个不同所有者拥有或控制的一个或多个域。 一个域可以包括对一个或多个无线通信设备上的安全策略的执行的最终控制的安全域。 另一个域可以包括系统范围的域管理器，其是安全域的子公司，并且可以执行一个或多个子域的策略。 系统范围的域管理器可以基于从安全域接收到的特权级别强制执行其策略。 权限级别可以基于外部利益相关者（例如，系统范围域名管理员的子域的所有者）与安全域之间的信任级别。

公开(公告)号：US08881257B2

公开(公告)日：2014-11-04

申请号：US13011558

申请日：2011-01-21

申请人： Inhyok Cha ,  Andreas Schmidt ,  Andreas Leicher ,  Yogendra C. Shah

发明人： Inhyok Cha ,  Andreas Schmidt ,  Andreas Leicher ,  Yogendra C. Shah

IPC分类号： H04W12/06

CPC分类号： H04W12/06 ,  G06F21/335 ,  G06F21/57 ,  G06F2221/2115 ,  H04L63/0807 ,  H04L2463/121

摘要： Systems, methods, and instrumentalities are disclosed that may provide for integration of trusted OpenID (TOpenID) with OpenID. The authentication may be accomplished, in part, via communications between a trusted ticket server on a UE and a network application function. The UE may retrieve platform validation data (e.g., from a trusted platform module on the UE). The UE may receive a platform verification in response to the platform validation data. The platform verification may indicate that the network application function has verified the platform validation data and the user. The platform verification may indicate that the platform validation data matches a previously generated reference value.

摘要翻译： 公开了可以提供可信OpenID（TOpenID）与OpenID的集成的系统，方法和工具。 认证可以部分地通过UE上的信任票据服务器和网络应用功能之间的通信来实现。 UE可以检索平台验证数据（例如，从UE上的可信平台模块）。 UE可以响应于平台验证数据而接收平台验证。 平台验证可以指示网络应用功能已经验证了平台验证数据和用户。 平台验证可以指示平台验证数据与先前生成的参考值相匹配。

公开(公告)号：US08533803B2

公开(公告)日：2013-09-10

申请号：US13023985

申请日：2011-02-09

申请人： Inhyok Cha ,  Andreas Schmidt ,  Andreas Leicher ,  Yogendra C. Shah ,  Louis J. Guccione ,  Dolores F. Howry

发明人： Inhyok Cha ,  Andreas Schmidt ,  Andreas Leicher ,  Yogendra C. Shah ,  Louis J. Guccione ,  Dolores F. Howry

IPC分类号： G06F7/04 ,  H04L29/06 ,  G06F17/30

CPC分类号： H04L63/0815 ,  G06F21/34 ,  G06F21/35 ,  G06F2221/2115 ,  H04L63/0853 ,  H04W12/06

摘要： A trusted computing environment, such as a smartcard, UICC, Java card, global platform, or the like may be used as a local host trust center and a proxy for a single-sign on (SSO) provider. This may be referred to as a local SSO provider (OP). This may be done, for example, to keep authentication traffic local and to prevent over the air communications, which may burden an operator network. To establish the OP proxy in the trusted environment, the trusted environment may bind to the SSO provider in a number of ways. For example, the SSO provider may interoperate with UICC-based UE authentication or GBA. In this way, user equipment may leverage the trusted environment in order to provide increased security and reduce over the air communications and authentication burden on the OP or operator network.

摘要翻译： 可以使用诸如智能卡，UICC，Java卡，全球平台等的可信计算环境作为本地主机信任中心和用于单点登录（SSO）提供商的代理。 这可以被称为本地SSO提供商（OP）。 这可以被实现，例如，保持认证流量本地并且防止空中通信，这可能会对运营商网络造成负担。 要在受信任的环境中建立OP代理，可信环境可以通过多种方式绑定到SSO提供者。 例如，SSO提供商可以与基于UICC的UE认证或GBA进行互操作。 以这种方式，用户设备可以利用可信环境来提供增加的安全性并减少OP或运营商网络上的空中通信和认证负担。

公开(公告)号：US20130174241A1

公开(公告)日：2013-07-04

申请号：US13535563

申请日：2012-06-28

申请人： Inhyok Cha ,  Andreas Leicher ,  Andreas Schmidt ,  Louis J. Guccione ,  Yogendra C. Shah ,  Yousif Targali

发明人： Inhyok Cha ,  Andreas Leicher ,  Andreas Schmidt ,  Louis J. Guccione ,  Yogendra C. Shah ,  Yousif Targali

IPC分类号： H04L29/06

CPC分类号： H04L63/08 ,  H04L9/0816 ,  H04L9/32 ,  H04L12/2856 ,  H04L63/0815 ,  H04L63/102 ,  H04L63/205 ,  H04W12/06

摘要： Wireless telecommunications networks may implement various forms of authentication. There are a variety of different user and device authentication protocols that follow a similar network architecture, involving various network entities such as a user equipment (UE), a service provider (SP), and an authentication endpoint (AEP). To select an acceptable authentication protocol or credential for authenticating a user or UE, authentication protocol negotiations may take place between various network entities. For example, negotiations may take place in networks implementing a single-sign on (SSO) architecture and/or networks implementing a Generic Bootstrapping Architecture (GBA).

公开(公告)号：US20130080769A1

公开(公告)日：2013-03-28

申请号：US13428836

申请日：2012-03-23

申请人： Inhyok Cha ,  Louis J. Guccione ,  Andreas Schmidt ,  Andreas Leicher ,  Yogendra C. Shah

发明人： Inhyok Cha ,  Louis J. Guccione ,  Andreas Schmidt ,  Andreas Leicher ,  Yogendra C. Shah

IPC分类号： H04L9/32

CPC分类号： H04L9/0819 ,  G06F21/335 ,  G06F21/42 ,  G06F21/53 ,  G06F21/575 ,  G06F2221/2107 ,  G06F2221/2149 ,  H04L9/3271 ,  H04L63/0272 ,  H04L63/062 ,  H04L63/0869 ,  H04L63/168 ,  H04L67/02 ,  H04L67/42 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06

摘要： Secure communications may be established amongst network entities for performing authentication and/or verification of the network entities. For example, a user equipment (UE) may establish a secure channel with an identity provider, capable of issuing user identities for authentication of the user/UE. The UE may also establish a secure channel with a service provider, capable of providing services to the UE via a network. The identity provider may even establish a secure channel with the service provider for performing secure communications. The establishment of each of these secure channels may enable each network entity to authenticate to the other network entities. The secure channels may also enable the UE to verify that the service provider with which it has established the secure channel is an intended service provider for accessing services.

摘要翻译： 可以在用于执行网络实体的认证和/或验证的网络实体之间建立安全通信。 例如，用户设备（UE）可以建立具有身份提供商的安全信道，能够发出用户/ UE用户身份。 UE还可以与服务提供商建立安全信道，能够经由网络向UE提供服务。 身份提供商甚至可以与服务提供商建立用于执行安全通信的安全信道。 这些安全信道中的每一个的建立可以使每个网络实体能够对其他网络实体进行认证。 安全信道还可以使得UE能够验证其已建立安全信道的服务提供商是用于接入服务的预期服务提供商。