专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

WO2011109772A2 METHOD AND APPARATUS FOR PROVIDING SECURITY TO DEVICES 审中-公开
标题翻译：用于向设备提供安全性的方法和装置
公开(公告)号：WO2011109772A2
公开(公告)日：2011-09-09
申请号：PCT/US2011/027287
申请日：2011-03-04
申请人： INTERDIGITAL PATENT HOLDINGS, INC. , SCHMIDT, Andreas , LEICHER, Andreas , CHA, Inhyok , PATTAR, Sudhir, B. , SHAH, Yogendra, C.
发明人： SCHMIDT, Andreas , LEICHER, Andreas , CHA, Inhyok , PATTAR, Sudhir, B. , SHAH, Yogendra, C.
IPC分类号： H04W48/08
CPC分类号： G06F21/57 , G06F17/30327 , G06F21/53 , G06F21/64 , G06F2221/034 , H04L9/3234 , H04L9/3265 , H04L63/02 , H04L63/123 , H04L63/126 , H04L2209/30 , H04L2209/805 , H04W4/70 , H04W12/08 , H04W12/10
摘要： Systems, methods, and apparatus are provided for generating verification data that may be used for validation of a wireless transmit-receive unit (WTRU). The verification data may be generated using a tree structure having protected registers, represented as root nodes, and component measurements, represented as leaf nodes. The verification data may be used to validate the WTRU. The validation may be performed using split-validation, which is a form of validation described that distributes validation tasks between two or more network entities. Subtree certification is also described, wherein a subtree of the tree structure may be certified by a third party.
摘要翻译：提供了系统，方法和装置，用于产生可用于验证无线发射 - 接收单元（WTRU）的验证数据。验证数据可以使用具有表示为叶节点的根节点和组件测量的受保护寄存器的树结构来生成。验证数据可以用于验证WTRU。可以使用拆分验证来执行验证，分裂验证是描述的验证形式，其在两个或多个网络实体之间分发验证任务。还描述了子树认证，其中树结构的子树可以由第三方认证。

2. 发明申请

WO2011082150A1 MACHINE-TO-MACHINE GATEWAY ARCHITECTURE 审中-公开
标题翻译：机器到机器网关架构
公开(公告)号：WO2011082150A1
公开(公告)日：2011-07-07
申请号：PCT/US2010/062196
申请日：2010-12-28
申请人： INTERDIGITAL PATENT HOLDINGS, INC. , PATTAR, Sudhir, B. , CHA, Inhyok , SHAH, Yogendra, C. , SCHMIDT, Andreas , LEICHER, Andreas , CHITRAPU, Prabhakar, R. , CASE, Lawrence
发明人： PATTAR, Sudhir, B. , CHA, Inhyok , SHAH, Yogendra, C. , SCHMIDT, Andreas , LEICHER, Andreas , CHITRAPU, Prabhakar, R. , CASE, Lawrence
IPC分类号： H04W12/06 , H04L12/24 , H04L29/06
CPC分类号： H04W12/06 , H04W4/00 , H04W4/70 , H04W12/08 , H04W12/10
摘要： Systems, methods, and instrumentalities are disclosed that provide for a gateway outside of a network domain to provide services to a plurality of devices. For example, the gateway may act as a management entity or as a proxy for the network domain. As a management entity, the gateway may perform a security function relating to each of the plurality of devices. The gateway may perform the security function without the network domain participating or having knowledge of the particular devices. As a proxy for the network, the gateway may receive a command from the network domain to perform a security function relating to each of a plurality of devices. The network may know the identity of each of the plurality of devices. The gateway may perform the security function for each of the plurality of devices and aggregate related information before sending the information to the network domain.
摘要翻译：公开了提供网络外部的网关以向多个设备提供服务的系统，方法和工具。例如，网关可以充当管理实体或作为网络域的代理。作为管理实体，网关可以执行与多个设备中的每一个相关的安全功能。网关可以在没有参与网络域或具有特定设备的知识的情况下执行安全功能。作为网络的代理，网关可以从网络域接收命令以执行与多个设备中的每一个相关的安全功能。网络可以知道多个设备中的每一个的身份。网关可以在向网络域发送信息之前对多个设备中的每一个执行安全功能并聚合相关信息。

3. 发明申请

WO2010123890A1 SYSTEM OF MULTIPLE DOMAINS AND DOMAIN OWNERSHIP 审中-公开
标题翻译：多域和域所有权系统
公开(公告)号：WO2010123890A1
公开(公告)日：2010-10-28
申请号：PCT/US2010/031739
申请日：2010-04-20
申请人： INTERDIGITAL PATENT HOLDINGS, INC. , CHA, Inhyok , GUCCIONE, Louis, J. , SHAH, Yogendra, C. , SCHMIDT, Andreas , PATTAR, Sudhir, B.
发明人： CHA, Inhyok , GUCCIONE, Louis, J. , SHAH, Yogendra, C. , SCHMIDT, Andreas , PATTAR, Sudhir, B.
IPC分类号： H04L29/06
CPC分类号： H04W12/06 , H04L63/20 , H04W12/04
摘要： Methods and instrumentalities are disclosed that enable one or more domains (101, 102, 106, 111, 112, 121, 122) on one or more devices (100, 110, 120) to be owned or controlled by one or more different local or remote owners, while providing a level of system- wide management of those domains. Each domain may have a different owner, and each owner may specify policies for operation of its domain and for operation of its domain in relation to the platform on which the domain resides, and other domains. A system-wide domain manager (107) may be resident on one of the domains (106). The system-wide domain manager may enforce the policies of the domain (106) on which it is resident, and it may coordinate the enforcement of the other domains (111, 112, 121, 122) by their respective policies in relation to the domain (106) in which the system- wide domain manager resides. Additionally, the system- wide domain manager (107) may coordinate interaction among the other domains (111, 112, 121, 122) in accordance with their respective policies.
摘要翻译：公开了使得一个或多个设备（100,110,120）上的一个或多个域（101,102,106,111,112,121,122）能够由一个或多个不同的本地或多个设备拥有或控制的方法和工具，远程所有者，同时提供这些领域的全系统管理水平。每个域可以具有不同的所有者，并且每个所有者可以指定用于其域的操作的策略以及与域所在的平台相关的域的操作以及其他域。系统范围的域管理器（107）可以驻留在其中一个域（106）上。全系统域管理员可以执行其所在域的域（106）的策略，并且可以通过其相关域的相应策略协调其他域（111,112,121,122）的强制执行（106），其中系统范围的域管理器驻留。此外，系统范围域管理器（107）可以根据其各自的策略协调其他域（111,112,121,122）之间的交互。

4. 发明申请

WO2012040198A1 IDENTITY MANAGEMENT ON A WIRELESS DEVICE 审中-公开
标题翻译：无线设备的身份管理
公开(公告)号：WO2012040198A1
公开(公告)日：2012-03-29
申请号：PCT/US2011/052345
申请日：2011-09-20
申请人： INTERDIGITAL PATENT HOLDINGS, INC. , SCHMIDT, Andreas , MEYERSTEIN, Michael, V. , LEICHER, Andreas , SHAH, Yogendra, C. , GUCCIONE, Louis, J. , CHA, Inhyok
发明人： SCHMIDT, Andreas , MEYERSTEIN, Michael, V. , LEICHER, Andreas , SHAH, Yogendra, C. , GUCCIONE, Louis, J. , CHA, Inhyok
IPC分类号： H04L29/06 , G06F21/00 , H04W12/04 , H04W12/06
CPC分类号： H04W12/06 , H04L63/061 , H04L63/068 , H04L63/08 , H04L63/0815 , H04L63/0853 , H04L67/02 , H04L2463/061 , H04L2463/081 , H04W12/04 , H04W88/02
摘要： A wireless device may perform a local authentication to reduce the traffic on a network. The local authentication may be performed using a local web server and/or a local OpenID provider (OP) associated with the wireless device. The local web server and/or local OP may be implemented on a security module, such as a smartcard or a trusted execution environment for example. The local OP and/or local web server may be used to implement a provisioning phase to derive a session key, associated with a service provider, from an authentication between the wireless device and the network. The session key may be reusable for subsequent local authentications to locally authenticate a user of the wireless device to the service provider.
摘要翻译：无线设备可以执行本地认证以减少网络上的流量。可以使用与无线设备相关联的本地Web服务器和/或本地OpenID提供商（OP）来执行本地认证。本地Web服务器和/或本地OP可以在例如智能卡或可信执行环境的安全模块上实现。可以使用本地OP和/或本地Web服务器实现供应阶段，以从无线设备和网络之间的认证导出与服务提供商相关联的会话密钥。会话密钥可以可重用于随后的本地认证，以向服务提供商本地认证无线设备的用户。

5. 发明申请

WO2010121020A1 VALIDATION AND/OR AUTHENTICATION OF A DEVICE FOR COMMUNICATION WITH A NETWORK 审中-公开
标题翻译：用于与网络通信的设备的验证和/或认证
公开(公告)号：WO2010121020A1
公开(公告)日：2010-10-21
申请号：PCT/US2010/031226
申请日：2010-04-15
申请人： INTERDIGITAL PATENT HOLDINGS, INC. , SHAH, Yogendra, C. , CHA, Inhyok , SCHMIDT, Andreas , LEICHER, Andreas
发明人： SHAH, Yogendra, C. , CHA, Inhyok , SCHMIDT, Andreas , LEICHER, Andreas
IPC分类号： H04W12/10 , G06F11/22
CPC分类号： H04W12/10 , H04L63/123
摘要： A device may include a trusted component. The trusted component may be verified by a trusted third party and may have a certificate of verification stored therein based on the verification by the trusted third party. The trusted component may include a root of trust that may provide secure code and data storage and secure application execution. The root of trust may also be configured to verify an integrity of the trusted component via a secure boot and to prevent access to the certain information in the device if the integrity of the trusted component may not be verified.
摘要翻译：设备可以包括可信组件。受信任的组件可以由受信任的第三方验证，并且可以基于可信赖的第三方的验证来存储其中的验证证书。受信任的组件可以包括可以提供安全代码和数据存储以及安全应用执行的信任根。还可以配置信任根以通过安全引导来验证可信组件的完整性，并且如果可信组件的完整性可能未被验证，则阻止访问设备中的某些信息。

6. 发明申请

WO2012129503A1 SYSTEMS AND METHODS FOR SECURING NETWORK COMMUNICATIONS 审中-公开
标题翻译：用于安全网络通信的系统和方法
公开(公告)号：WO2012129503A1
公开(公告)日：2012-09-27
申请号：PCT/US2012/030352
申请日：2012-03-23
申请人： INTERDIGITAL PATENT HOLDINGS, INC. , CHA, Inhyok , GUCCIONE, Louis, J. , SCHMIDT, Andreas , LEICHER, Andreas , SHAH, Yogendra, C.
发明人： CHA, Inhyok , GUCCIONE, Louis, J. , SCHMIDT, Andreas , LEICHER, Andreas , SHAH, Yogendra, C.
IPC分类号： H04W12/06 , H04L29/06
CPC分类号： H04L9/0819 , G06F21/335 , G06F21/42 , G06F21/53 , G06F21/575 , G06F2221/2107 , G06F2221/2149 , H04L9/3271 , H04L63/0272 , H04L63/062 , H04L63/0869 , H04L63/168 , H04L67/02 , H04L67/42 , H04W12/02 , H04W12/04 , H04W12/06
摘要： Secure communications may be established amongst network entities for performing authentication and/or verification of the network entities. For example, a user equipment (UE) may establish a secure channel with an identity provider, capable of issuing user identities for authentication of the user/UE. The UE may also establish a secure channel with a service provider, capable of providing services to the UE via a network. The identity provider may even establish a secure channel with the service provider for performing secure communications. The establishment of each of these secure channels may enable each network entity to authenticate to the other network entities. The secure channels may also enable the UE to verify that the service provider with which it has established the secure channel is an intended service provider for accessing services.
摘要翻译：可以在用于执行网络实体的认证和/或验证的网络实体之间建立安全通信。例如，用户设备（UE）可以建立具有身份提供商的安全信道，能够发出用户/ UE用户身份。 UE还可以与服务提供商建立安全信道，能够经由网络向UE提供服务。身份提供商甚至可以与服务提供商建立用于执行安全通信的安全信道。这些安全信道中的每一个的建立可以使每个网络实体能够对其他网络实体进行认证。安全信道还可以使得UE能够验证其已建立安全信道的服务提供商是用于接入服务的预期服务提供商。

7. 发明申请

WO2011091313A1 METHOD AND APPARATUS FOR TRUSTED FEDERATED IDENTITY MANAGEMENT AND DATA ACCESS AUTHORIZATION 审中-公开
标题翻译：用于信托联合身份管理和数据访问授权的方法和装置
公开(公告)号：WO2011091313A1
公开(公告)日：2011-07-28
申请号：PCT/US2011/022141
申请日：2011-01-21
申请人： INTERDIGITAL PATENT HOLDINGS, INC. , CHA, Inhyok , SCHMIDT, Andreas , LEICHER, Andreas , SHAH, Yogendra, C.
发明人： CHA, Inhyok , SCHMIDT, Andreas , LEICHER, Andreas , SHAH, Yogendra, C.
IPC分类号： G06F21/00 , H04L29/06
CPC分类号： H04W12/06 , G06F21/335 , G06F21/57 , G06F2221/2115 , H04L63/0807 , H04L2463/121
摘要： Systems, methods, and instrumentalities are disclosed that may provide for integration of trusted OpenID (TOpenID) with OpenID. The authentication may be accomplished, in part, via Communications between a trusted ticket server on a UE and a network application function. The UE may retrieve platform validation data (e.g., from a trusted platform module on the UE). The UE may receive a platform verification in response to the platform validation data. The platform verification may indicate that the network application function has verified the platform validation data and the user. The platform verification may indicate that the platform validation data matches a previously generated reference value.
摘要翻译：公开了可以提供可信OpenID（TOpenID）与OpenID的集成的系统，方法和工具。认证可以部分地通过UE上的信任票据服务器和网络应用功能之间的通信来实现。 UE可以检索平台验证数据（例如，从UE上的可信平台模块）。 UE可以响应于平台验证数据而接收平台验证。平台验证可以指示网络应用功能已经验证了平台验证数据和用户。平台验证可以指示平台验证数据与先前生成的参考值相匹配。

8. 发明申请

WO2012149384A1 SSO FRAMEWORK FOR MULTIPLE SSO TECHNOLOGIES 审中-公开
标题翻译： SSO技术的SSO框架
公开(公告)号：WO2012149384A1
公开(公告)日：2012-11-01
申请号：PCT/US2012/035540
申请日：2012-04-27
申请人： INTERDIGITAL PATENT HOLDINGS, INC. , SHAH, Yogendra, C. , SCHMIDT, Andreas , CHA, Inhyok , GUCCIONE, Louis, J. , LEICHER, Andreas
发明人： SHAH, Yogendra, C. , SCHMIDT, Andreas , CHA, Inhyok , GUCCIONE, Louis, J. , LEICHER, Andreas
IPC分类号： H04L29/06
CPC分类号： H04W12/06 , H04L63/0815 , H04L63/205 , H04L2463/082
摘要： Users desire useable security or a seamless means for accessing internet services whereby user interaction in the provisioning of credentials may be kept to a minimum or even eliminated entirely. The Single Sign-On identity management concept enables user- assisted and network- assisted authentication for access to desired services. To enable seamless authentication services to users, a unified framework and a protocol layer interface for managing multiple authentication methods may be used. A user equipment, UE, comprises a user application (202, 204) configured to communicate with a service provider to access a service and a plurality of network- assisted authentication modules (208 - 216), each network-assisted authentication module corresponding to a different network-assisted authentication protocol. The UE further comprises a single sign-on subsystem (206) configured to authenticate a user of the UE based on user-assisted authentication information at the UE and/or network and to select one of the network-assisted authentication modules based on one more policies.
摘要翻译：用户希望可用的安全性或用于访问互联网服务的无缝手段，从而可以将凭证提供中的用户交互保持最小或甚至完全消除。单点登录身份管理概念使得用户辅助和网络协助的身份验证能够访问所需的服务。为了实现对用户的无缝认证服务，可以使用用于管理多种认证方法的统一框架和协议层接口。用户设备UE包括被配置为与服务提供商通信以访问服务的用户应用（202,204）和多个网络辅助认证模块（208-216），每个网络辅助认证模块对应于不同的网络辅助认证协议。 UE还包括单个登录子系统（206），其被配置为基于UE和/或网络处的用户辅助的认证信息来认证UE的用户，并且基于多个网络辅助认证模块选择一个政策。

9. 发明申请

WO2012092604A2 AUTHENTICATION AND SECURE CHANNEL SETUP FOR COMMUNICATION HANDOFF SCENARIOS 审中-公开
标题翻译：通信切换场景的认证和安全通道设置
公开(公告)号：WO2012092604A2
公开(公告)日：2012-07-05
申请号：PCT/US2011/068206
申请日：2011-12-30
申请人： INTERDIGITAL PATENT HOLDINGS, INC. , SHAH, Yogendra, C. , CHA, Inhyok , SCHMIDT, Andreas , GUCCIONE, Louis, J. , CASE, Lawrence , LEICHER, Andreas , TARGALI, Yousif
发明人： SHAH, Yogendra, C. , CHA, Inhyok , SCHMIDT, Andreas , GUCCIONE, Louis, J. , CASE, Lawrence , LEICHER, Andreas , TARGALI, Yousif
IPC分类号： H04L29/06
CPC分类号： H04L63/08 , H04L63/0209 , H04L63/0815 , H04L63/0892 , H04L63/10 , H04L63/18 , H04W12/04 , H04W12/06 , H04W12/08 , H04W36/0038
摘要： Persistent communication layer credentials generated on a persistent communication layer at one network may be leveraged to perform authentication on another. For example, the persistent communication layer credentials may include application- layer credentials derived on an application layer. The application-layer credentials may be used to establish authentication credentials for authenticating a mobile device for access to services at a network server. The authentication credentials may be derived from the application- layer credentials of another network to enable a seamless handoff from one network to another. The authentication credentials may be derived from the application- layer credentials using reverse bootstrapping or other key derivation functions. The mobile device and/or network entity to which the mobile device is being authenticated may enable communication of authentication information between the communication layers to enable authentication of a device using multiple communication layers.
摘要翻译：可以利用在一个网络上的持久通信层上生成的持久通信层凭证来对另一网络执行认证。例如，持久通信层凭证可以包括在应用层上派生的应用层凭证。应用层凭证可以用于建立用于认证移动设备以访问网络服务器处的服务的认证证书。身份验证凭证可以从另一个网络的应用层凭证导出，以实现从一个网络到另一个网络的无缝切换。认证证书可以使用反向自举或其他密钥派生函数从应用层证书派生。移动设备正在被认证的移动设备和/或网络实体可以启用通信层之间的认证信息的通信，以使得能够使用多个通信层来认证设备。

10. 发明申请

WO2011100331A1 METHOD AND APPARATUS FOR TRUSTED FEDERATED IDENTITY 审中-公开
标题翻译：用于信号联合识别的方法和装置
公开(公告)号：WO2011100331A1
公开(公告)日：2011-08-18
申请号：PCT/US2011/024200
申请日：2011-02-09
申请人： INTERDIGITAL PATENT HOLDINGS, INC , CHA, Inhyok , SCHMIDT, Andreas , LEICHER, Andreas , SHAH, Yogendra, C. , GUCCIONE, Louis, J. , HOWRY, Dolores, F.
发明人： CHA, Inhyok , SCHMIDT, Andreas , LEICHER, Andreas , SHAH, Yogendra, C. , GUCCIONE, Louis, J. , HOWRY, Dolores, F.
IPC分类号： H04L29/06 , G06F21/00
CPC分类号： H04L63/0815 , G06F21/34 , G06F21/35 , G06F2221/2115 , H04L63/0853 , H04W12/06
摘要： A trusted computing environment, such as a smartcard, UICC, Java card, global platform, or the like may be used as a local host trust center and a proxy for a single-sign on (SSO) provider. This may be referred to as a local SSO provider (OP). This may be done, for example, to keep authentication traffic local and to prevent over the air communications, which may burden an operator network. To establish the OP proxy in the trusted environment, the trusted environment may bind to the SSO provider in a number of ways. For example, the SSO provider may interoperate with UICC-based UE authentication or GBA. In this way, user equipment may leverage the trusted environment in order to provide increased security and reduce over the air communications and authentication burden on the OP or operator network.
摘要翻译：可以使用诸如智能卡，UICC，Java卡，全球平台等的可信计算环境作为本地主机信任中心和用于单点登录（SSO）提供商的代理。这可以被称为本地SSO提供商（OP）。这可以被实现，例如，保持认证流量本地并且防止空中通信，这可能会对运营商网络造成负担。要在受信任的环境中建立OP代理，可信环境可以通过多种方式绑定到SSO提供者。例如，SSO提供商可以与基于UICC的UE认证或GBA进行互操作。以这种方式，用户设备可以利用可信环境来提供增加的安全性并减少OP或运营商网络上的空中通信和认证负担。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式