-
公开(公告)号:US08914674B2
公开(公告)日:2014-12-16
申请号:US13289154
申请日:2011-11-04
申请人: Yogendra C. Shah , Lawrence Case , Dolores F. Howry , Inhyok Cha , Andreas Leicher , Andreas Schmidt
发明人: Yogendra C. Shah , Lawrence Case , Dolores F. Howry , Inhyok Cha , Andreas Leicher , Andreas Schmidt
CPC分类号: G06F11/0709 , G06F11/0751 , G06F11/079 , G06F11/0793 , G06F11/08 , G06F21/10 , G06F21/575 , G06F2221/2103 , G06F2221/2111 , H04L63/123 , H04M1/24 , H04W8/22 , H04W12/10 , H04W24/02
摘要: A wireless communications device may be configured to perform integrity checking and interrogation with a network entity to isolate a portion of a failed component on the wireless network device for remediation. Once an integrity failure is determined on a component of the device, the device may identify a functionality associated with the component and indicate the failed functionality to the network entity. Both the wireless network device and the network entity may identify the failed functionality and/or failed component using a component-to-functionality map. After receiving an indication of an integrity failure at the device, the network entity may determine that one or more additional iterations of integrity checking may be performed at the device to narrow the scope of the integrity failure on the failed component. Once the integrity failure is isolated, the network entity may remediate a portion of the failed component on the wireless communications device.
摘要翻译: 无线通信设备可以被配置为执行与网络实体的完整性检查和询问,以隔离无线网络设备上的故障组件的一部分以进行修复。 一旦在设备的组件上确定完整性故障,则设备可以识别与组件相关联的功能并且向网络实体指示失败的功能。 无线网络设备和网络实体都可以使用组件到功能映射来识别故障功能和/或故障组件。 在接收到设备上的完整性故障的指示之后,网络实体可以确定可以在设备处执行完整性检查的一个或多个附加迭代以缩小故障组件上的完整性故障的范围。 一旦完整性故障被隔离,则网络实体可以修复无线通信设备上的故障组件的一部分。
-
2.发明申请公开(公告)号:US20130007858A1
公开(公告)日:2013-01-03
申请号:US13341670
申请日:2011-12-30
申请人: Yogendra C. SHAH , Inhyok CHA , Andreas SCHMIDT , Louis J. GUCCIONE , Lawrence CASE , Andreas LEICHER , Yousif TARGALI
发明人: Yogendra C. SHAH , Inhyok CHA , Andreas SCHMIDT , Louis J. GUCCIONE , Lawrence CASE , Andreas LEICHER , Yousif TARGALI
IPC分类号: H04W12/06
CPC分类号: H04L63/08 , H04L63/0209 , H04L63/0815 , H04L63/0892 , H04L63/10 , H04L63/18 , H04W12/04 , H04W12/06 , H04W12/08 , H04W36/0038
摘要: Persistent communication layer credentials generated on a persistent communication layer at one network may be leveraged to perform authentication on another. For example, the persistent communication layer credentials may include application-layer credentials derived on an application layer. The application-layer credentials may be used to establish authentication credentials for authenticating a mobile device for access to services at a network server. The authentication credentials may be derived from the application-layer credentials of another network to enable a seamless handoff from one network to another. The authentication credentials may be derived from the application-layer credentials using reverse bootstrapping or other key derivation functions. The mobile device and/or network entity to which the mobile device is being authenticated may enable communication of authentication information between the communication layers to enable authentication of a device using multiple communication layers.
摘要翻译: 可以利用在一个网络上的持久通信层上生成的持久通信层凭证来执行对另一个网络的认证。 例如,持久通信层凭证可以包括在应用层上导出的应用层凭证。 应用层凭证可以用于建立认证凭证,用于认证移动设备以访问网络服务器处的服务。 认证证书可以从另一网络的应用层凭证导出,以实现从一个网络到另一个网络的无缝切换。 认证证书可以使用反向引导或其他密钥导出功能从应用层凭证中导出。 移动设备和/或网络实体对移动设备进行身份验证可以实现通信层之间的认证信息的通信,从而能够使用多个通信层对设备进行认证。
-
3.发明申请Autonomous memory checker for runtime security assurance and method therefore 有权因此,用于运行时安全保证和方法的自动内存检查器公开(公告)号:US20050193217A1
公开(公告)日:2005-09-01
申请号:US10791171
申请日:2004-03-01
申请人: Lawrence Case , Mark Redman , Thomas Tkacik , Joel Feldman
发明人: Lawrence Case , Mark Redman , Thomas Tkacik , Joel Feldman
IPC分类号: H04L9/32
CPC分类号: G06F21/57 , Y10S707/99939
摘要: Methods and apparatus are provided for an electronic device having an autonomous memory checker for runtime security assurance. The autonomous memory checker comprises a controller, a memory reference file coupled to the controller, and an authentication engine coupled to the controller. A check is performed during runtime operation of the electronic device. The autonomous memory checker generates runtime reference values corresponding to trusted information stored in memory. The runtime reference values are compared against memory reference values stored in the memory reference file. The memory reference values are generated from the trusted information stored in memory. An error signal is generated when the runtime reference values are not identical to the memory reference values thereby indicating that the trusted information has been modified.
摘要翻译: 为具有用于运行时安全保证的自主存储器检查器的电子设备提供了方法和装置。 自主存储器检查器包括控制器,耦合到控制器的存储器参考文件以及耦合到控制器的认证引擎。 在电子设备的运行时操作期间执行检查。 自主内存检查器生成对应于存储在存储器中的可信信息的运行时参考值。 将运行时引用值与存储在存储器引用文件中的存储器引用值进行比较。 存储器参考值是从存储在存储器中的可信信息生成的。 当运行时引用值与存储器引用值不相同时,产生错误信号,由此指示信任信息已被修改。
-
公开(公告)号:US09497626B2
公开(公告)日:2016-11-15
申请号:US13296855
申请日:2011-11-15
申请人: Lawrence Case , Yogendra C. Shah , Inhyok Cha
发明人: Lawrence Case , Yogendra C. Shah , Inhyok Cha
CPC分类号: H04L63/0823 , H04L9/3263 , H04L63/061 , H04L63/0853 , H04L63/0869 , H04L63/0884 , H04W4/70 , H04W8/183 , H04W12/06
摘要: A constrained network entity may determine, via an authentication procedure with a core network entity, the trustworthiness of an endpoint attempting to establish a secure channel with the constrained network entity. The constrained network entity may receive a certificate from the endpoint attempting to establish the secure channel and the constrained network entity may send the certificate asserted by the endpoint to a core network entity for validation. The core network entity may receive the certificate during a key exchange with the constrained network entity and the core network entity may indicate to the constrained network entity the validity of the certificate. The constrained network entity may determine whether to establish the secure channel with the endpoint based on the validity of the certificate.
摘要翻译: 受限网络实体可以通过与核心网络实体的认证过程来确定试图与受限网络实体建立安全信道的端点的可信赖性。 受约束的网络实体可以从尝试建立安全信道的端点接收证书,并且受约束的网络实体可以将由端点确定的证书发送到核心网络实体进行验证。 核心网络实体可以在与受限网络实体的密钥交换期间接收证书,并且核心网络实体可以向受约束的网络实体指示证书的有效性。 受限网络实体可以基于证书的有效性来确定是否与端点建立安全信道。
-
公开(公告)号:US08856941B2
公开(公告)日:2014-10-07
申请号:US13084840
申请日:2011-04-12
申请人: Inhyok Cha , Yogendra C. Shah , Lawrence Case
发明人: Inhyok Cha , Yogendra C. Shah , Lawrence Case
CPC分类号: G06F21/57 , G06F21/86 , H04L9/0861 , H04L63/08 , H04W12/10 , H04W84/045
摘要: Integrity validation of a network device may be performed. A network device comprising a secure hardware module, may receive a root key. The secure hardware module may also receive a first code measurement. The secure hardware module may provide a first key based on the root key and the first code measurement. The secure hardware module may receive a second code measurement and provide a second key based on the first key and the second code measurement. The release of keys based on code measurements may provide authentication in stages.
摘要翻译: 可以执行网络设备的完整性验证。 包括安全硬件模块的网络设备可以接收根密钥。 安全硬件模块还可以接收第一代码测量。 安全硬件模块可以基于根密钥和第一代码测量来提供第一密钥。 安全硬件模块可以接收第二代码测量,并且基于第一密钥和第二代码测量提供第二密钥。 基于代码测量的键的释放可以分阶段地进行认证。
-
公开(公告)号:US08631466B2
公开(公告)日:2014-01-14
申请号:US13197007
申请日:2011-08-03
申请人: Inhyok Cha , Michael Meyerstein , Lawrence Case
发明人: Inhyok Cha , Michael Meyerstein , Lawrence Case
IPC分类号: G06F7/04
摘要: Systems, methods, and instrumentalities are disclosed to provide secure operations in an M2M device. An M2M device may receive an indication that an operation to be performed is security sensitive. The M2M device may determine that the operation is to be performed in a secure environment on the M2M device. The secure environment may be a logically distinct portion of the M2M device. The determination may be made in in accordance with a policy. For example, the M2M device may determine that the operation meets a requirement specified in the policy indicating that the operation is to be performed in the secure environment. The M2M device may perform the operation in the secure environment on the M2M device. The M2M device may store a result relating to the operation in the secure environment.
摘要翻译: 公开了系统,方法和工具,以在M2M设备中提供安全操作。 M2M设备可以接收要执行的操作对安全敏感的指示。 M2M设备可以确定在M2M设备上的安全环境中执行操作。 安全环境可以是M2M设备的逻辑上不同的部分。 可以按照政策做出决定。 例如,M2M设备可以确定操作满足在策略中指定的要求,指示操作将在安全环境中执行。 M2M设备可以在M2M设备上的安全环境中执行操作。 M2M设备可以将与操作有关的结果存储在安全环境中。
-
公开(公告)号:US20120297473A1
公开(公告)日:2012-11-22
申请号:US13296855
申请日:2011-11-15
申请人: Lawrence Case , Yogendra C. Shah , Inhyok Cha
发明人: Lawrence Case , Yogendra C. Shah , Inhyok Cha
IPC分类号: G06F21/20
CPC分类号: H04L63/0823 , H04L9/3263 , H04L63/061 , H04L63/0853 , H04L63/0869 , H04L63/0884 , H04W4/70 , H04W8/183 , H04W12/06
摘要: A constrained network entity may determine, via an authentication procedure with a core network entity, the trustworthiness of an endpoint attempting to establish a secure channel with the constrained network entity. The constrained network entity may receive a certificate from the endpoint attempting to establish the secure channel and the constrained network entity may send the certificate asserted by the endpoint to a core network entity for validation. The core network entity may receive the certificate during a key exchange with the constrained network entity and the core network entity may indicate to the constrained network entity the validity of the certificate. The constrained network entity may determine whether to establish the secure channel with the endpoint based on the validity of the certificate.
摘要翻译: 受限网络实体可以通过与核心网络实体的认证过程来确定试图与受限网络实体建立安全信道的端点的可信赖性。 受约束的网络实体可以从尝试建立安全信道的端点接收证书,并且受约束的网络实体可以将由端点确定的证书发送到核心网络实体进行验证。 核心网络实体可以在与受限网络实体的密钥交换期间接收证书,并且核心网络实体可以向受约束的网络实体指示证书的有效性。 受限网络实体可以基于证书的有效性来确定是否与端点建立安全信道。
-
公开(公告)号:US20120079559A1
公开(公告)日:2012-03-29
申请号:US13078716
申请日:2011-04-01
IPC分类号: G06F17/00
CPC分类号: H04L63/20 , H04L12/5692 , H04L41/5019 , H04L63/105 , H04W12/08
摘要: Systems, methods, and apparatus are disclosed for coordinating enforcement of policies on a network and/or a wireless transmit/receive unit. The policies may include stakeholder-specific policies of one or more stakeholders that provide services on a user equipment. Enforcement of the stakeholder-specific policies may be securely coordinated using a policy coordination function. Systems, methods, and apparatus are also disclosed that include a network policy coordination function (NPCF) that coordinates service control policies and access control policies. The NPCF may coordinate enforcement of the service control policies for one or more service control entities and the access control policies for one or more access control entities.
摘要翻译: 公开了用于协调网络和/或无线发射/接收单元上的策略的实施的系统,方法和装置。 这些策略可以包括在用户设备上提供服务的一个或多个利益相关者的利益相关者特定的策略。 可以使用政策协调功能来安全地协调利益相关者特定政策的执行。 还公开了包括协调服务控制策略和访问控制策略的网络策略协调功能(NPCF)的系统,方法和装置。 NPCF可以协调一个或多个服务控制实体的服务控制策略的执行和一个或多个访问控制实体的访问控制策略。
-
9.发明授权公开(公告)号:US09009801B2
公开(公告)日:2015-04-14
申请号:US13341670
申请日:2011-12-30
申请人: Yogendra C. Shah , Inhyok Cha , Andreas Schmidt , Louis J. Guccione , Lawrence Case , Andreas Leicher , Yousif Targali
发明人: Yogendra C. Shah , Inhyok Cha , Andreas Schmidt , Louis J. Guccione , Lawrence Case , Andreas Leicher , Yousif Targali
CPC分类号: H04L63/08 , H04L63/0209 , H04L63/0815 , H04L63/0892 , H04L63/10 , H04L63/18 , H04W12/04 , H04W12/06 , H04W12/08 , H04W36/0038
摘要: Persistent communication layer credentials generated on a persistent communication layer at one network may be leveraged to perform authentication on another. For example, the persistent communication layer credentials may include application-layer credentials derived on an application layer. The application-layer credentials may be used to establish authentication credentials for authenticating a mobile device for access to services at a network server. The authentication credentials may be derived from the application-layer credentials of another network to enable a seamless handoff from one network to another. The authentication credentials may be derived from the application-layer credentials using reverse bootstrapping or other key derivation functions. The mobile device and/or network entity to which the mobile device is being authenticated may enable communication of authentication information between the communication layers to enable authentication of a device using multiple communication layers.
摘要翻译: 可以利用在一个网络上的持久通信层上生成的持久通信层凭证来执行对另一个网络的认证。 例如,持久通信层凭证可以包括在应用层上导出的应用层凭证。 应用层凭证可以用于建立认证凭证,用于认证移动设备以访问网络服务器处的服务。 认证证书可以从另一网络的应用层凭证导出,以实现从一个网络到另一个网络的无缝切换。 认证证书可以使用反向引导或其他密钥导出功能从应用层凭证中导出。 移动设备和/或网络实体对移动设备进行身份验证可以实现通信层之间的认证信息的通信,从而能够使用多个通信层对设备进行认证。
-
公开(公告)号:US20120290870A1
公开(公告)日:2012-11-15
申请号:US13289154
申请日:2011-11-04
申请人: Yogendra C. Shah , Lawrence Case , Dolores F. Howry , Inhyok Cha , Andreas Leicher , Andreas Schmidt
发明人: Yogendra C. Shah , Lawrence Case , Dolores F. Howry , Inhyok Cha , Andreas Leicher , Andreas Schmidt
CPC分类号: G06F11/0709 , G06F11/0751 , G06F11/079 , G06F11/0793 , G06F11/08 , G06F21/10 , G06F21/575 , G06F2221/2103 , G06F2221/2111 , H04L63/123 , H04M1/24 , H04W8/22 , H04W12/10 , H04W24/02
摘要: A wireless communications device may be configured to perform integrity checking and interrogation with a network entity to isolate a portion of a failed component on the wireless network device for remediation. Once an integrity failure is determined on a component of the device, the device may identify a functionality associated with the component and indicate the failed functionality to the network entity. Both the wireless network device and the network entity may identify the failed functionality and/or failed component using a component-to-functionality map. After receiving an indication of an integrity failure at the device, the network entity may determine that one or more additional iterations of integrity checking may be performed at the device to narrow the scope of the integrity failure on the failed component. Once the integrity failure is isolated, the network entity may remediate a portion of the failed component on the wireless communications device.
摘要翻译: 无线通信设备可以被配置为执行与网络实体的完整性检查和询问,以隔离无线网络设备上的故障组件的一部分以进行修复。 一旦在设备的组件上确定完整性故障,则设备可以识别与组件相关联的功能并且向网络实体指示失败的功能。 无线网络设备和网络实体都可以使用组件到功能映射来识别故障功能和/或故障组件。 在接收到设备上的完整性故障的指示之后,网络实体可以确定可以在设备处执行完整性检查的一个或多个附加迭代以缩小故障组件上的完整性故障的范围。 一旦完整性故障被隔离,则网络实体可以修复无线通信设备上的故障组件的一部分。
-
-
-
-
-
-
-
-
-
搜索结果
17 条记录 (耗时 0.017 秒)
