公开(公告)号：WO2012040198A1

公开(公告)日：2012-03-29

申请号：PCT/US2011/052345

申请日：2011-09-20

Applicant: INTERDIGITAL PATENT HOLDINGS, INC. ,  SCHMIDT, Andreas ,  MEYERSTEIN, Michael, V. ,  LEICHER, Andreas ,  SHAH, Yogendra, C. ,  GUCCIONE, Louis, J. ,  CHA, Inhyok

Inventor： SCHMIDT, Andreas ,  MEYERSTEIN, Michael, V. ,  LEICHER, Andreas ,  SHAH, Yogendra, C. ,  GUCCIONE, Louis, J. ,  CHA, Inhyok

IPC: H04L29/06 ,  G06F21/00 ,  H04W12/04 ,  H04W12/06

CPC classification number: H04W12/06 ,  H04L63/061 ,  H04L63/068 ,  H04L63/08 ,  H04L63/0815 ,  H04L63/0853 ,  H04L67/02 ,  H04L2463/061 ,  H04L2463/081 ,  H04W12/04 ,  H04W88/02

Abstract: A wireless device may perform a local authentication to reduce the traffic on a network. The local authentication may be performed using a local web server and/or a local OpenID provider (OP) associated with the wireless device. The local web server and/or local OP may be implemented on a security module, such as a smartcard or a trusted execution environment for example. The local OP and/or local web server may be used to implement a provisioning phase to derive a session key, associated with a service provider, from an authentication between the wireless device and the network. The session key may be reusable for subsequent local authentications to locally authenticate a user of the wireless device to the service provider.

Abstract translation: 无线设备可以执行本地认证以减少网络上的流量。 可以使用与无线设备相关联的本地Web服务器和/或本地OpenID提供商（OP）来执行本地认证。 本地Web服务器和/或本地OP可以在例如智能卡或可信执行环境的安全模块上实现。 可以使用本地OP和/或本地Web服务器实现供应阶段，以从无线设备和网络之间的认证导出与服务提供商相关联的会话密钥。 会话密钥可以可重用于随后的本地认证，以向服务提供商本地认证无线设备的用户。

公开(公告)号：WO2011130211A1

公开(公告)日：2011-10-20

申请号：PCT/US2011/032036

申请日：2011-04-12

Applicant: INTERDIGITAL PATENT HOLDINGS, INC. ,  CHA, Inhyok ,  SHAH, Yogendra, C. ,  CASE, Lawrence

Inventor： CHA, Inhyok ,  SHAH, Yogendra, C. ,  CASE, Lawrence

IPC: G06F21/00

CPC classification number: G06F21/57 ,  G06F21/86 ,  H04L9/0861 ,  H04L63/08 ,  H04W12/10 ,  H04W84/045

Abstract: Integrity validation of a network device may be performed. A network device comprising a secure hardware module, may receive a root key. The secure hardware module may also receive a first code measurement. The secure hardware module may provide a first key based on the root key and the first code measurement. The secure hardware module may receive a second code measurement and provide a second key based on the first key and the second code measurement. The release of keys based on code measurements may provide authentication in stages.

Abstract translation: 可以执行网络设备的完整性验证。 包括安全硬件模块的网络设备可以接收根密钥。 安全硬件模块还可以接收第一代码测量。 安全硬件模块可以基于根密钥和第一代码测量来提供第一密钥。 安全硬件模块可以接收第二代码测量，并且基于第一密钥和第二代码测量提供第二密钥。 基于代码测量的键的释放可以分阶段地提供认证。

公开(公告)号：WO2011109772A2

公开(公告)日：2011-09-09

申请号：PCT/US2011/027287

申请日：2011-03-04

Applicant: INTERDIGITAL PATENT HOLDINGS, INC. ,  SCHMIDT, Andreas ,  LEICHER, Andreas ,  CHA, Inhyok ,  PATTAR, Sudhir, B. ,  SHAH, Yogendra, C.

Inventor： SCHMIDT, Andreas ,  LEICHER, Andreas ,  CHA, Inhyok ,  PATTAR, Sudhir, B. ,  SHAH, Yogendra, C.

IPC: H04W48/08

CPC classification number: G06F21/57 ,  G06F17/30327 ,  G06F21/53 ,  G06F21/64 ,  G06F2221/034 ,  H04L9/3234 ,  H04L9/3265 ,  H04L63/02 ,  H04L63/123 ,  H04L63/126 ,  H04L2209/30 ,  H04L2209/805 ,  H04W4/70 ,  H04W12/08 ,  H04W12/10

Abstract: Systems, methods, and apparatus are provided for generating verification data that may be used for validation of a wireless transmit-receive unit (WTRU). The verification data may be generated using a tree structure having protected registers, represented as root nodes, and component measurements, represented as leaf nodes. The verification data may be used to validate the WTRU. The validation may be performed using split-validation, which is a form of validation described that distributes validation tasks between two or more network entities. Subtree certification is also described, wherein a subtree of the tree structure may be certified by a third party.

Abstract translation: 提供了系统，方法和装置，用于产生可用于验证无线发射 - 接收单元（WTRU）的验证数据。 验证数据可以使用具有表示为叶节点的根节点和组件测量的受保护寄存器的树结构来生成。 验证数据可以用于验证WTRU。 可以使用拆分验证来执行验证，分裂验证是描述的验证形式，其在两个或多个网络实体之间分发验证任务。 还描述了子树认证，其中树结构的子树可以由第三方认证。

公开(公告)号：WO2010102259A3

公开(公告)日：2010-10-28

申请号：PCT/US2010026436

申请日：2010-03-05

Applicant: INTERDIGITAL PATENT HOLDINGS ,  SCHMIDT ANDREAS U ,  LEICHER ANDREAS ,  CHA INHYOK ,  SHAH YOGENDRA C ,  PATTAR SUDHIR B ,  HOWRY DOLORES F ,  GREINER DAVID G ,  CASE LAWRENCE L ,  MEYERSTEIN MICHAEL V ,  GUCCIONE LOUIS J

Inventor： SCHMIDT ANDREAS U ,  LEICHER ANDREAS ,  CHA INHYOK ,  SHAH YOGENDRA C ,  PATTAR SUDHIR B ,  HOWRY DOLORES F ,  GREINER DAVID G ,  CASE LAWRENCE L ,  MEYERSTEIN MICHAEL V ,  GUCCIONE LOUIS J

IPC: H04W12/10

CPC classification number: H04W12/10 ,  G06F21/44 ,  G06F21/57 ,  H04L63/123

Abstract: Methods, components and apparatus for implementing platform validation and management (PVM) are disclosed. PVM provides the functionality and operations of a platform validation entity with remote management of devices by device management components and systems such as a home node-B management system or component. Example PVM operations bring devices into a secure target state before allowing connectivity and access to a core network.

Abstract translation: 披露了用于实现平台验证和管理（PVM）的方法，组件和设备。 PVM提供平台验证实体的功能和操作，通过设备管理组件和系统（如家庭节点B管理系统或组件）对设备进行远程管理。 示例PVM操作在允许连接和访问核心网络之前使设备进入安全目标状态。

公开(公告)号：WO2010121020A1

公开(公告)日：2010-10-21

申请号：PCT/US2010/031226

申请日：2010-04-15

Applicant: INTERDIGITAL PATENT HOLDINGS, INC. ,  SHAH, Yogendra, C. ,  CHA, Inhyok ,  SCHMIDT, Andreas ,  LEICHER, Andreas

Inventor： SHAH, Yogendra, C. ,  CHA, Inhyok ,  SCHMIDT, Andreas ,  LEICHER, Andreas

IPC: H04W12/10 ,  G06F11/22

CPC classification number: H04W12/10 ,  H04L63/123

Abstract: A device may include a trusted component. The trusted component may be verified by a trusted third party and may have a certificate of verification stored therein based on the verification by the trusted third party. The trusted component may include a root of trust that may provide secure code and data storage and secure application execution. The root of trust may also be configured to verify an integrity of the trusted component via a secure boot and to prevent access to the certain information in the device if the integrity of the trusted component may not be verified.

Abstract translation: 设备可以包括可信组件。 受信任的组件可以由受信任的第三方验证，并且可以基于可信赖的第三方的验证来存储其中的验证证书。 受信任的组件可以包括可以提供安全代码和数据存储以及安全应用执行的信任根。 还可以配置信任根以通过安全引导来验证可信组件的完整性，并且如果可信组件的完整性可能未被验证，则阻止访问设备中的某些信息。

公开(公告)号：WO2010102259A2

公开(公告)日：2010-09-10

申请号：PCT/US2010/026436

申请日：2010-03-05

Applicant: INTERDIGITAL PATENT HOLDINGS, INC. ,  SCHMIDT, Andreas U. ,  LEICHER, Andreas ,  CHA, Inhyok ,  SHAH, Yogendra, C. ,  PATTAR, Sudhir B. ,  HOWRY, Dolores F. ,  GREINER, David G. ,  CASE, Lawrence L. ,  MEYERSTEIN, Michael V. ,  GUCCIONE, Louis, J.

Inventor： SCHMIDT, Andreas U. ,  LEICHER, Andreas ,  CHA, Inhyok ,  SHAH, Yogendra, C. ,  PATTAR, Sudhir B. ,  HOWRY, Dolores F. ,  GREINER, David G. ,  CASE, Lawrence L. ,  MEYERSTEIN, Michael V. ,  GUCCIONE, Louis, J.

IPC: H04W12/10

CPC classification number: H04W12/10 ,  G06F21/44 ,  G06F21/57 ,  H04L63/123 ,  H04W12/06 ,  H04W12/08

Abstract: Methods, components and apparatus for implementing platform validation and management (PVM) are disclosed. PVM provides the functionality and operations of a platform validation entity with remote management of devices by device management components and systems such as a home node-B management system or component. Example PVM operations bring devices into a secure target state before allowing connectivity and access to a core network.

Abstract translation: 公开了实现平台验证和管理（PVM）的方法，组件和设备。 PVM通过设备管理组件和系统（如家庭节点B管理系统或组件）提供对设备进行远程管理的平台验证实体的功能和操作。 示例PVM操作在允许连接和访问核心网络之前将设备置于安全目标状态。

公开(公告)号：WO2010102236A2

公开(公告)日：2010-09-10

申请号：PCT/US2010026404

申请日：2010-03-05

Applicant: INTERDIGITAL PATENT HOLDINGS ,  MEYERSTEIN MICHAEL V ,  CHA INHYOK ,  LEICHER ANDREAS ,  SCHMIDT ANDREAS U ,  SHAH YOGENDRA C

Inventor： MEYERSTEIN MICHAEL V ,  CHA INHYOK ,  LEICHER ANDREAS ,  SCHMIDT ANDREAS U ,  SHAH YOGENDRA C

IPC: H04W12/08 ,  H04W8/26 ,  H04W88/18

CPC classification number: H04W12/06 ,  H04L63/0428 ,  H04L63/0869 ,  H04W4/005 ,  H04W8/265 ,  H04W12/04 ,  H04W88/18

Abstract: A method and apparatus are disclosed for performing secure remote subscription management. Secure remote subscription management may include providing the Wireless Transmit/Receive Unit (WTRU) with a connectivity identifier, such as a Provisional Connectivity Identifier (PCID), which may be used to establish an initial network connection to an Initial Connectivity Operator (ICO) for initial secure remote registration, provisioning, and activation. A connection to the ICO may be used to remotely provision the WTRU with credentials associated with the Selected Home Operator (SHO). A credential, such as a cryptographic keyset, which may be included in the Trusted Physical Unit (TPU), may be allocated to the SHO and may be activated. The WTRU may establish a network connection to the SHO and may receive services using the remotely managed credentials. Secure remote subscription management may be repeated to associate the WTRU with another SHO.

Abstract translation: 公开了用于执行安全远程订阅管理的方法和装置。 安全远程订阅管理可以包括为无线发射/接收单元（WTRU）提供诸如临时连接标识符（PCID）的连接标识符，其可以用于建立到初始连接性运营商（ICO）的初始网络连接，用于 初始安全远程注册，配置和激活。 可以使用到ICO的连接来远程地提供与选择家庭运营商（SHO）相关联的凭证的WTRU。 可以包括在可信物理单元（TPU）中的诸如加密密钥集的证书可以被分配给SHO并且可以被激活。 WTRU可以建立到SHO的网络连接，并且可以使用远程管理的凭证来接收服务。 可以重复安全的远程订阅管理以将WTRU与另一个SHO相关联。

公开(公告)号：WO2008137417A3

公开(公告)日：2009-04-02

申请号：PCT/US2008061893

申请日：2008-04-29

Applicant: INTERDIGITAL TECH CORP ,  MUKHERJEE RAJAT P ,  SOMASUNDARAM SHANKAR ,  OLVERA-HERNANDEZ ULISES ,  SHAH YOGENDRA C ,  CHITRAPU PRABHAKAR R ,  CHA INHYOK

Inventor： MUKHERJEE RAJAT P ,  SOMASUNDARAM SHANKAR ,  OLVERA-HERNANDEZ ULISES ,  SHAH YOGENDRA C ,  CHITRAPU PRABHAKAR R ,  CHA INHYOK

IPC: H04W48/12 ,  H04W12/00 ,  H04W84/14 ,  H04W88/08

CPC classification number: H04L63/20 ,  H04L63/107 ,  H04W12/08 ,  H04W12/10 ,  H04W48/04 ,  H04W64/003

Abstract: A wireless communication device is configured as an in-home node-B (H(e)NB). The H(e)NB is configured to perform a locking function to control modification of carrier and user controlled parameters, and also configured to detect a change in location.

Abstract translation: 无线通信设备被配置为家庭内节点-B（H（e）NB）。 H（e）NB被配置为执行锁定功能以控制载波和用户控制的参数的修改，并且还被配置为检测位置的变化。

公开(公告)号：WO2012174006A1

公开(公告)日：2012-12-20

申请号：PCT/US2012/042078

申请日：2012-06-12

Applicant: INTERDIGITAL PATENT HOLDINGS, INC. ,  SHAH, Yogendra, C. ,  HOWRY, Dolores, F. ,  WANG, Peter, S. ,  OLVERA-HERNANDEZ, Ulises

Inventor： SHAH, Yogendra, C. ,  HOWRY, Dolores, F. ,  WANG, Peter, S. ,  OLVERA-HERNANDEZ, Ulises

IPC: H04W76/04

CPC classification number: H04W76/25 ,  H04L67/145 ,  H04W4/00 ,  H04W68/00 ,  H04W88/182

Abstract: A method and apparatus are described for maintaining communications connectivity for client applications that send keep-alive messages and network applications that send client-alive (i.e., "are you there?") messages. The client applications may register with a client proxy provided in an operating system (OS) of a wireless transmit/receive unit (WTRU) and indicate a respective keep-alive message signaling rate. The network applications may register with a network proxy provided in an OS of a network node and indicate a respective client-alive message signaling rate. The client proxy and/or the network proxy may, respectively, register and prioritize keep-alive and/or client-alive message requirements, determine an optimal signaling rate based on the respective keep-alive and/or client-alive message signaling rates, and generate proxy messages, (i.e., an application layer proxy keep-alive message and/or a network layer proxy client-alive message), associated with the keep-alive and/or client-alive messages. The proxy messages may be transmitted at the optimal signaling rate.

Abstract translation: 描述了一种方法和装置，用于维护发送保持活动消息的客户端应用程序和发送客户端活动的网络应用程序（即“您在那里？”）消息的通信连接。 客户端应用可以向无线发射/接收单元（WTRU）的操作系统（OS）中提供的客户端代理注册，并指示相应的保持活动消息信令速率。 网络应用可以向网络节点的OS中提供的网络代理注册，并指示相应的客户端活动消息信令速率。 客户端代理和/或网络代理可以分别注册和优先保持活动和/或客户端活动消息需求，基于相应的保持活动和/或客户端活动消息信令速率来确定最佳信令速率， 并且生成与保持活动和/或客户端活动消息相关联的代理消息（即，应用层代理保持活动消息和/或网络层代理客户端活动消息）。 代理消息可以以最佳信令速率发送。

公开(公告)号：WO2012129503A1

公开(公告)日：2012-09-27

申请号：PCT/US2012/030352

申请日：2012-03-23

Applicant: INTERDIGITAL PATENT HOLDINGS, INC. ,  CHA, Inhyok ,  GUCCIONE, Louis, J. ,  SCHMIDT, Andreas ,  LEICHER, Andreas ,  SHAH, Yogendra, C.

Inventor： CHA, Inhyok ,  GUCCIONE, Louis, J. ,  SCHMIDT, Andreas ,  LEICHER, Andreas ,  SHAH, Yogendra, C.

IPC: H04W12/06 ,  H04L29/06

CPC classification number: H04L9/0819 ,  G06F21/335 ,  G06F21/42 ,  G06F21/53 ,  G06F21/575 ,  G06F2221/2107 ,  G06F2221/2149 ,  H04L9/3271 ,  H04L63/0272 ,  H04L63/062 ,  H04L63/0869 ,  H04L63/168 ,  H04L67/02 ,  H04L67/42 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06

Abstract: Secure communications may be established amongst network entities for performing authentication and/or verification of the network entities. For example, a user equipment (UE) may establish a secure channel with an identity provider, capable of issuing user identities for authentication of the user/UE. The UE may also establish a secure channel with a service provider, capable of providing services to the UE via a network. The identity provider may even establish a secure channel with the service provider for performing secure communications. The establishment of each of these secure channels may enable each network entity to authenticate to the other network entities. The secure channels may also enable the UE to verify that the service provider with which it has established the secure channel is an intended service provider for accessing services.

Abstract translation: 可以在用于执行网络实体的认证和/或验证的网络实体之间建立安全通信。 例如，用户设备（UE）可以建立具有身份提供商的安全信道，能够发出用户/ UE用户身份。 UE还可以与服务提供商建立安全信道，能够经由网络向UE提供服务。 身份提供商甚至可以与服务提供商建立用于执行安全通信的安全信道。 这些安全信道中的每一个的建立可以使每个网络实体能够对其他网络实体进行认证。 安全信道还可以使得UE能够验证其已建立安全信道的服务提供商是用于接入服务的预期服务提供商。