公开(公告)号：US09892269B2

公开(公告)日：2018-02-13

申请号：US14736888

申请日：2015-06-11

Applicant: QUALCOMM Incorporated

Inventor： Michael J. T. Chan ,  Lu Xiao ,  Rosario Cammarota ,  Olivier Jean Benoit ,  Saurabh Sabnis ,  Yin Ling Liong ,  Manish Mohan

IPC: G06F21/60 ,  G06F21/62

CPC classification number: G06F21/604 ,  G06F21/6218 ,  G06F21/6245 ,  G06F21/64 ,  G06F2221/2101 ,  H04L63/0823 ,  H04L63/105

Abstract: Techniques for mitigating the transitive data problem using a secure asset manager are provided. These techniques include generating a secure asset manager compliant application by tagging source code for the application with a data tag to indicate that a data element associated with the source code is a sensitive data element, accessing a policy file comprising transitive rules associated with the sensitive data element, and generating one or more object files for the application from the source code. These techniques also include storing a sensitive data element in a secure memory region managed by a secure asset manager, and managing the sensitive data element according to a policy associated with the sensitive data element by an application from which the sensitive data element originates, the policy defining transitive rules associated with the sensitive data element.

公开(公告)号：US09654972B2

公开(公告)日：2017-05-16

申请号：US14462272

申请日：2014-08-18

Applicant: QUALCOMM Incorporated

Inventor： Olivier Jean Benoit ,  Peerapol Tinnakornsrisuphap

IPC: H04L29/00 ,  H04W12/06 ,  H04L29/06 ,  H04W12/04

CPC classification number: H04W12/06 ,  H04L63/0853 ,  H04L63/18 ,  H04W12/04

Abstract: Techniques are described for securely provisioning a client device. A client device may output first client information over a secure interface to a trusted device to be transmitted to an authentication server. Second client information related to the first client information may be transmitted to the authentication server. The authentication server may link the second client information and the first client information. The client device may receive an encrypted authentication credential from the authentication server. The authentication credential may be encrypted based at least in part on the first client information or the second client information. The client device may decrypt the encrypted authentication credential using the first client information, the second client information, or a shared secret key.

公开(公告)号：US09445443B2

公开(公告)日：2016-09-13

申请号：US14489234

申请日：2014-09-17

Applicant: QUALCOMM Incorporated

Inventor： Gavin Bernard Horn ,  Anand Palanigounder ,  Olivier Jean Benoit

IPC: H04J3/08 ,  H04W76/02 ,  H04W4/00 ,  H04W84/12 ,  H04W12/04 ,  H04W8/18

CPC classification number: H04W76/11 ,  H04W4/50 ,  H04W8/18 ,  H04W12/04 ,  H04W84/12

Abstract: Methods, systems, and devices are described for provisioning of devices, such as UEs, for service at a wireless network. One or more device parameters may be identified for use in provisioning the device on the wireless network, which may be provided to a network element. The network element may use the provided parameters to access a subscription server. The subscription server may provide verification and/or subscription parameters of the device that may then be used by the device to verify that the device is authorized to access the wireless network.

Abstract translation: 描述了用于为无线网络服务的诸如UE之类的设备的供应的方法，系统和设备。 可以识别一个或多个设备参数，以用于在可以提供给网络元件的无线网络上提供设备。 网元可以使用所提供的参数来访问订阅服务器。 订阅服务器可以提供设备的验证和/或订阅参数，然后设备可以使用该参数来验证设备是否被授权接入无线网络。

公开(公告)号：US20150089216A1

公开(公告)日：2015-03-26

申请号：US14207005

申请日：2014-03-12

Applicant: QUALCOMM Incorporated

Inventor： Olivier Jean Benoit ,  Cameron Allen George McDonald

IPC: H04W12/06 ,  H04L29/06

CPC classification number: H04W12/06 ,  H04L9/321 ,  H04L9/3265 ,  H04L63/0823 ,  H04L2209/805 ,  H04W12/04

Abstract: A remote station is configured with a certificate from a local root certificate authority for securing a wireless network. To configure the certificate, the remote station forwards a station public key to the local root certificate authority. The station public key is forwarded out-of-band of the wireless network. The remote station receives a certificate and a root public key from the local root certificate authority. The certificate is generated by the local root certificate authority based on the forwarded station public key, and the certificate and the root public key are received out-of-band of the wireless network. The remote station securely communicates, using the wireless network, with another station based on the certificate and the root public key.

Abstract translation: 远程站配置有来自本地根证书颁发机构的证书以保护无线网络。 要配置证书，远程站将站公钥转发到本地根证书颁发机构。 无线网络的带外转发站公钥。 远程站从本地根证书颁发机构接收证书和根公钥。 证书由本地根证书颁发机构基于转发的站公钥生成，证书和根公钥被接收到无线网络的带外。 远程站基于证书和根公钥，使用无线网络安全地与另一站通信。

公开(公告)号：US20140282960A1

公开(公告)日：2014-09-18

申请号：US13837703

申请日：2013-03-15

Applicant: QUALCOMM INCORPORATED

Inventor： Peerapol Tinnakornsrisuphap ,  Olivier Jean Benoit ,  Rajesh Kumar

IPC: H04L29/06

CPC classification number: H04L63/083 ,  H04L63/08 ,  H04W12/06

Abstract: One embodiment of seamless device configuration between a network device and an access point sends a device credential associated with the network device to the access point before the network device communicates with the access point. The device credential can be used to verify the identity of the network device and can authenticate the network device with the access point without requiring user interaction. Another embodiment can incorporate a central authority maintaining a database of network devices, access points and associated users. The central authority can determine when one or more network devices can seamlessly be configured for use with a particular access point. The central authority can send the device credential associated with the one or more network devices to the access point before the network device communicates with the access point.

Abstract translation: 在网络设备与接入点通信之前，网络设备和接入点之间的无缝设备配置的一个实施例将与网络设备相关联的设备凭证发送到接入点。 设备凭证可以用于验证网络设备的身份，并且可以使用接入点对网络设备进行身份验证，而不需要用户交互。 另一个实施例可以包括维护网络设备，接入点和相关用户的数据库的中央机构。 中央机构可以确定何时可以将一个或多个网络设备无缝地配置为与特定接入点一起使用。 在网络设备与接入点通信之前，中央机构可以将与一个或多个网络设备相关联的设备凭证发送到接入点。

公开(公告)号：US20130254519A1

公开(公告)日：2013-09-26

申请号：US13843395

申请日：2013-03-15

Applicant: QUALCOMM INCORPORATED

Inventor： Olivier Jean Benoit ,  Anand Palanigounder ,  Sai Yiu Duncan Ho ,  Aram Perez

IPC: H04L29/06

CPC classification number: H04L63/062 ,  G06F11/3051 ,  G06F13/10 ,  H04L63/08 ,  H04W4/80 ,  H04W12/04 ,  H04W12/06

Abstract: A configuration device is disclosed for configuring a network device in a communication network. The configuration device initiates pairing operations with the network device via a short-range communication connection. The configuration device determines whether the network device is in a registered state or an unregistered state. If the configuration device determines that the network device is in the unregistered state, the configuration device establishes a secure short-range communication channel between the configuration device and the network device. The configuration device transmits a network key to the network device via the secure short-range communication channel for configuring the network device to communicatively connect to the communication network. If the configuration device determines that the network device is in the registered state, the configuration device determines whether to unregister the network device.

Abstract translation: 公开了一种用于在通信网络中配置网络设备的配置设备。 配置设备通过短距离通信连接启动与网络设备的配对操作。 配置设备确定网络设备是处于注册状态还是未注册状态。 如果配置设备确定网络设备处于未注册状态，则配置设备在配置设备和网络设备之间建立安全的短距离通信信道。 配置设备通过安全短距离通信信道将网络密钥发送到网络设备，用于配置网络设备以通信方式连接到通信网络。 如果配置设备确定网络设备处于注册状态，则配置设备确定是否取消注册网络设备。

公开(公告)号：US10154025B2

公开(公告)日：2018-12-11

申请号：US13837703

申请日：2013-03-15

Applicant: QUALCOMM Incorporated

Inventor： Peerapol Tinnakornsrisuphap ,  Olivier Jean Benoit ,  Rajesh Kumar

IPC: H04L29/06 ,  H04W12/06

Abstract: One embodiment of seamless device configuration between a network device and an access point sends a device credential associated with the network device to the access point before the network device communicates with the access point. The device credential can be used to verify the identity of the network device and can authenticate the network device with the access point without requiring user interaction. Another embodiment can incorporate a central authority maintaining a database of network devices, access points and associated users. The central authority can determine when one or more network devices can seamlessly be configured for use with a particular access point. The central authority can send the device credential associated with the one or more network devices to the access point before the network device communicates with the access point.

公开(公告)号：US10126960B2

公开(公告)日：2018-11-13

申请号：US15180932

申请日：2016-06-13

Applicant: QUALCOMM Incorporated

Inventor： Olivier Jean Benoit ,  Vincent Pierre Le Roy

IPC: G06F3/06 ,  H04L9/32 ,  G06F12/14 ,  G06F21/51 ,  G06F21/64 ,  G06F21/79

Abstract: Techniques for providing data protection in an integrated circuit are provided. A method according to these techniques includes maintaining an anti-replay counter value in a volatile memory of the integrated circuit, the anti-replay counter value being associated with data stored in an off-chip, non-volatile memory in which the integrated circuit is configured to store the data, monitoring an external power source, and writing the anti-replay counter value to a programmable read-only memory of the integrated circuit responsive to a loss of power to the integrated circuit from the external power source.

公开(公告)号：US20170329995A1

公开(公告)日：2017-11-16

申请号：US15230091

申请日：2016-08-05

Applicant: QUALCOMM Incorporated

Inventor： Olivier Jean Benoit ,  Satish ANAND ,  David TAMAGNO

IPC: G06F21/64 ,  G06F21/70 ,  H04L9/08 ,  H04L9/32

CPC classification number: G06F21/64 ,  G06F21/70 ,  H04L9/0861 ,  H04L9/0866 ,  H04L9/0869 ,  H04L9/12 ,  H04L9/3242 ,  H04L9/3271

Abstract: Techniques for providing data protection in an integrated circuit are provided. A method according to these techniques includes exchanging messages with an off-chip, non-volatile memory to securely initialize an anti-replay counter (ARC) value in the integrated circuit based on an ARC value stored in the off-chip, non-volatile memory, and maintaining the ARC value stored in the integrated circuit such that the ARC value stored in the integrated circuit remains synchronized with the ARC value stored in the off-chip, non-volatile memory.

公开(公告)号：US20170286680A1

公开(公告)日：2017-10-05

申请号：US15089379

申请日：2016-04-01

Applicant: QUALCOMM Incorporated

Inventor： Olivier Jean Benoit ,  David Tamagno

IPC: G06F21/56

CPC classification number: G06F21/566 ,  G06F21/554 ,  G06F21/75 ,  G09C1/00 ,  H04L9/004

Abstract: Various features pertain to defending a smartphone processor or other device from a transient fault attack. In one example, the processor is equipped to detect transient faults using a fault detection system and to adaptively adjust a control parameter in response to the transient faults, where the control parameter controls a physical operation of the processor (such as by gating its clock signal) or a functional operation of the fault detection system (such as a particular Software Fault Sensor (SFS) employed to detect transient faults). In some examples, in response to each newly detected fault, the detection system is controlled to consume more processor time to become more aggressive in detecting additional faults. This serves to quickly escalate fault detection in response to an on-going attack to promptly detect the attack so that the device can be disabled to prevent loss of sensitive information, such as security keys or passcodes.