Patent application number | Description | Published |
20120246481 | VIRTUAL SUBSCRIBER IDENTITY MODULE - A mobile trusted platform (MTP) configured to provide virtual subscriber identify module (vSIM) services is disclosed. In one embodiment, the MTP includes: a device manufacturer-trusted subsystem (TSS-DM) configured to store and provide credentials related to a manufacturer of the MTP; a mobile network operator—trusted subsystem (MNO-TSS) configured to store and provide credentials related to a mobile network operator (MNO); and a device user/owner—trusted subsystem (TSS-DO/TSS-U) configured to store and provide credentials related to user of the MTP. The TSS-MNO includes a vSIM core services unit, configured to store, provide and process credential information relating to the MNO. The TSS-DO/TSS-U includes a vSIM management unit, configured to store, provide and process credential information relating to the user/owner of the MTP. The TSS-DO/TSS-U and the TSS-MNO communicate through a trusted vSIM service. | 09-27-2012 |
20120278869 | REGISTRATION AND CREDENTIAL ROLL-OUT FOR ACCESSING A SUBSCRIPTION-BASED SERVICE - A user may access a subscription-based service via a system comprising one or more devices with one or more separate domains where each domain may be owned or controlled by one or more different local or remote owners. Each domain may have a different owner, and a remote owner offering a subscription-based service may have taken ownership of a domain, which may be referred to as a remote owner domain. Further, the user may have taken ownership of a domain, which may be referred to as a user domain. In order for the user to access the subscription-based service, registration and credential roll-out may be needed. An exemplary registration and credential roll-out process may comprise registration of the user, obtaining credentials from the remote owner and storing the credentials. | 11-01-2012 |
20120297473 | CERTIFICATE VALIDATION AND CHANNEL BINDING - A constrained network entity may determine, via an authentication procedure with a core network entity, the trustworthiness of an endpoint attempting to establish a secure channel with the constrained network entity. The constrained network entity may receive a certificate from the endpoint attempting to establish the secure channel and the constrained network entity may send the certificate asserted by the endpoint to a core network entity for validation. The core network entity may receive the certificate during a key exchange with the constrained network entity and the core network entity may indicate to the constrained network entity the validity of the certificate. The constrained network entity may determine whether to establish the secure channel with the endpoint based on the validity of the certificate. | 11-22-2012 |
20130007858 | AUTHENTICATION AND SECURE CHANNEL SETUP FOR COMMUNICATION HANDOFF SCENARIOS - Persistent communication layer credentials generated on a persistent communication layer at one network may be leveraged to perform authentication on another. For example, the persistent communication layer credentials may include application-layer credentials derived on an application layer. The application-layer credentials may be used to establish authentication credentials for authenticating a mobile device for access to services at a network server. The authentication credentials may be derived from the application-layer credentials of another network to enable a seamless handoff from one network to another. The authentication credentials may be derived from the application-layer credentials using reverse bootstrapping or other key derivation functions. The mobile device and/or network entity to which the mobile device is being authenticated may enable communication of authentication information between the communication layers to enable authentication of a device using multiple communication layers. | 01-03-2013 |
20130125226 | SSO FRAMEWORK FOR MULTIPLE SSO TECHNOLOGIES - Users desire useable security or a seamless means for accessing internet services whereby user interaction in the provisioning of credentials may be kept to a minimum or even eliminated entirely. The Single Sign-On (SSO) identity management (IdM) concept may be a means by which a user may be provided with such ease of use, while enabling user-assisted and network-assisted authentication for access to desired services. To enable seamless authentication services to users, a unified framework and a protocol layer interface for managing multiple authentication methods may be used. | 05-16-2013 |
20130155948 | SYSTEM AND METHOD FOR SHARING A COMMON PDP CONTEXT - Disclosed herein are methods and devices for sharing a packet data protocol (PDP) context among a plurality of devices. For example, a method or sharing a PDP context among a plurality of devices may include a wireless transmit/receive unit (WTRU) sending a request to establish or modify a PDP context. The request to establish or modify the PDP context may include an indication that the WTRU is a member of shared context group. The method may also include the WTRU receiving a response indicating that the request to establish or modify the PDP context was accepted. The method may also include the WTRU acting as a gateway for at least one other device in the shared context group. The request to establish or modify the PDP context may be an attach request. The indication that the WTRU is a member of shared context group may be a group identifier (ID). | 06-20-2013 |
20130198838 | METHOD AND APPARATUS FOR PROVIDING SECURITY TO DEVICES - Systems, methods, and apparatus are provided for generating verification data that may be used for validation of a wireless transmit-receive unit (WTRU). The verification data may be generated using a tree structure having protected registers, represented as root nodes, and component measurements, represented as leaf nodes. The verification data may be used to validate the WTRU. The validation may be performed using split-validation, which is a form of validation described that distributes validation tasks between two or more network entities. Subtree certification is also described, wherein a subtree of the tree structure may be certified by a third party. | 08-01-2013 |
20130212637 | MIGRATION OF CREDENTIALS AND/OR DOMAINS BETWEEN TRUSTED HARDWARE SUBSCRIPTION MODULES - Systems, methods, and instrumentalities are disclosed that allow a user to initiate migration of a credential from one domain to another domain. A request to initiate a migration of credentials from a first domain to a second domain may be initiated by a user ( | 08-15-2013 |
20130294537 | METHOD AND APPARATUS FOR ANTENNA MAPPING SELECTION IN MIMO-OFDM WIRELESS NETWORKS - A method and apparatus for selecting an antenna mapping in multiple-in/multiple-out (MIMO) enabled wireless communication networks. A candidate set of currently available antenna mappings is determined based upon measured long term channel conditions. An antenna mapping is selected from the candidate set, and the mapping is calibrated with a selected antenna mapping of a receiving wireless transmit/receive unit (WTRU). When the selected mappings are calibrated, packet data transmission begins. In an alternative embodiment, a calibration training frame (CTF) is used to calibrate multiple antenna mappings simultaneously or sequentially. Also disclosed are physical layer and medium access control layer frame formats for implementing antenna mapping selection according to the invention. | 11-07-2013 |
20130312125 | METHOD AND APPARATUS FOR SECURE TRUSTED TIME TECHNIQUES - A method and apparatus to establish a trustworthy local time based on trusted computing methods are described. The concepts are scaling because they may be graded by the frequency and accuracy with which a reliable external time source is available for correction and/or reset, and how trustworthy this external source is in a commercial scenario. The techniques also take into account that the number of different paths and number of hops between the device and the trusted external time source may vary. A local clock related value which is protected by a TPM securely bound to an external clock. A system of Accuracy Statements (AS) is added to introduce time references to the audit data provided by other maybe cheaper sources than the time source providing the initial time. | 11-21-2013 |
20130315221 | METHOD AND APPARATUS FOR TRANSFERRING ANTENNA CAPABILITY INFORMATION - A method and apparatus for exchanging antenna capability information between a transmitting station (STA) and a receiving STA in a wireless communication system may include an antenna capability information element (IE) that includes information regarding the capability of the transmitting STA. The antenna capability IE may be transmitted from the transmitting STA to the receiving STA prior to data transmission between the transmitting STA and the receiving STA. When used in a wireless local area network, the antenna capability IE may be transmitted as part of a management frame, control frame, or data frame. | 11-28-2013 |
20140123292 | TRANSIT CONTROL FOR DATA - A method for an apparatus which operates in a data cloud includes requesting trust information from a service cloud, receiving the trust information from the service cloud, performing a trust assessment of the service cloud based on the trust information, and controlling transmission of data to the service cloud according to a result of the trust assessment. | 05-01-2014 |
20140179271 | SMART CARD WITH DOMAIN-TRUST EVALUATION AND DOMAIN POLICY MANAGEMENT FUNCTIONS - Methods and instrumentalities are disclosed that enable one or more domains on one or more devices to be owned or controlled by one or more different local or remote owners, while providing a level of system-wide management of those domains. Each domain may have a different owner, and each owner may specify policies for operation of its domain and for operation of its domain in relation to the platform on which the domain resides, and other domains. A system-wide domain manager may be resident on one of the domains. The system-wide domain manager may enforce the policies of the domain on which it is resident, and it may coordinate the enforcement of the other domains by their respective policies in relation to the domain in which the system-wide domain manager resides. Additionally, the system-wide domain manager may coordinate interaction among the other domains in accordance with their respective policies. A domain application may be resident on one of the domains. The domain application may be ported to the platform based on a relationship between at least one domain owner and at least one other domain owner of the one or more domains. | 06-26-2014 |
20140307684 | WIRELESS COMMUNICATION METHOD AND APPARATUS FOR ALLOCATING TRAINING SIGNALS AND INFORMATION BITS - Techniques of channel correction and demodulation for wireless systems are enhanced so that higher effective data rates, lower error rates or both can be achieved with a minimal processing load. Pilots are adaptively moved and/or removed, and their positions are changed, to enhance the channel estimation, decoding, and demodulation processes at the receiver. Reception is also enhanced by adding, removing, or changing the positions, of information-carrying data bits. | 10-16-2014 |
20140310528 | DIGITAL RIGHTS MANAGEMENT USING TRUSTED PROCESSING TECHNIQUES - The present invention discloses several methods to strengthen the integrity of entities, messages, and processing related to content distribution as defined by the Open Mobile Alliance (OMA) Digital Rights Management (DRM). The methods use techniques related to the Trusted Computing Group (TCG) specifications. A first embodiment uses TCG techniques to verify platform and DRM software integrity or trustworthiness, both with and without modifications to the DRM rights object acquisition protocol (ROAP) and DRM content format specifications. A second embodiment uses TCG techniques to strengthen the integrity of ROAP messages, constituent information, and processing without changing the existing ROAP protocol. A third embodiment uses TCG techniques to strengthen the integrity of the ROAP messages, information, and processing with some changes to the existing ROAP protocol. | 10-16-2014 |
20150026471 | Staged Control Release in Boot Process - Integrity validation of a network device may be performed. A network device comprising a secure hardware module, may receive a root key. The secure hardware module may also receive a first code measurement. The secure hardware module may provide a first key based on the root key and the first code measurement. The secure hardware module may receive a second code measurement and provide a second key based on the first key and the second code measurement. The release of keys based on code measurements may provide authentication in stages. | 01-22-2015 |