Patent application number | Description | Published |
20090054094 | METHOD FOR IDENTIFYING A CODE GROUP REPRESENTATIVE OF A NUMBER OF BASE STATIONS - A method and apparatus for identifying a code group representative of a predetermined number of base stations is disclosed. A chip offset within a frame is input into a first correlator. A plurality of samples of chips at which a primary synchronization code (PSC) has been detected are input into the first correlator. Output of the first correlator is multiplied by the complex conjugate of the PSC to obtain a magnitude for the signals being transmitted at the chips inputted into the first correlator. The magnitude is summed over four frames. The summed signals view of a predetermined set of decision variables is evaluated. A case number, a code group, a timeslot location, and a system frame number are determined based on the evaluation and noise estimation. | 02-26-2009 |
20090125996 | VIRTUAL SUBSCRIBER IDENTITY MODULE - A mobile trusted platform (MTP) configured to provide virtual subscriber identify module (vSIM) services is disclosed. In one embodiment, the MTP includes: a device manufacturer-trusted subsystem (TSS-DM) configured to store and provide credentials related to a manufacturer of the MTP; a mobile network operator-trusted subsystem (MNO-TSS) configured to store and provide credentials related to a mobile network operator (MNO); and a device user/owner-trusted subsystem (TSS-DO/TSS-U) configured to store and provide credentials related to user of the MTP. The TSS-MNO includes a vSIM core services unit, configured to store, provide and process credential information relating to the MNO. The TSS-DO/TSS-U includes a vSIM management unit, configured to store, provide and process credential information relating to the user/owner of the MTP. The TSS-DO/TSS-U and the TSS-MNO communicate through a trusted vSIM service. | 05-14-2009 |
20090209232 | TECHNIQUES FOR SECURE CHANNELIZATION BETWEEN UICC AND A TERMINAL - The present invention is related to a wireless communication system. 3G UMTS mobile phone systems rely on a protected smart card called the UMTS integrated circuit card (UICC) that provides UMTS subscriber identity module (USIM) applications as a basis or root of various security measures protecting the communication path between the 3G mobile terminal and the UMTS wireless network (or UTRAN). Disclosed is a method by which the UICC exchanges information with a terminal, such as an Internal Key Center (IKC | 08-20-2009 |
20090313472 | SECURE SESSION KEY GENERATION - A method and apparatus for securing the interface between a Universal Integrated Circuit Card (UICC) and a Terminal in wireless communications is disclosed. The security of Authentication and Key Agreement (AKA) and application level generic bootstrapping architecture (GBA) with UICC-based enhancements (GBA_U) procedures is improved. A secure shared session key is used to encrypt communications between the UICC and the Terminal. The secure shared session key generated using authenticating or non-authenticating procedures. | 12-17-2009 |
20110010543 | PLATFORM VALIDATION AND MANAGEMENT OF WIRELESS DEVICES - Methods, components and apparatus for implementing platform validation and management (PVM) are disclosed. PVM provides the functionality and operations of a platform validation entity with remote management of devices by device management components and systems such as a home node-B management system or component. Example PVM operations bring devices into a secure target state before allowing connectivity and access to a core network. | 01-13-2011 |
20110041003 | METHOD AND APPARATUS FOR H(e)NB INTEGRITY VERIFICATION AND VALIDATION - An apparatus and method for providing home evolved node-B (H(e)NB) integrity verification and validation using autonomous validation and semi-autonomous validation is disclosed herein. | 02-17-2011 |
20110099605 | SYSTEM OF MULTIPLE DOMAINS AND DOMAIN OWNERSHIP - Methods and instrumentalities are disclosed that enable one or more domains on one or more devices to be owned or controlled by one or more different local or remote owners, while providing a level of system-wide management of those domains. Each domain may have a different owner, and each owner may specify policies for operation of its domain and for operation of its domain in relation to the platform on which the domain resides, and other domains. A system-wide domain manager may be resident on one of the domains. The system-wide domain manager may enforce the policies of the domain on which it is resident, and it may coordinate the enforcement of the other domains by their respective policies in relation to the domain in which the system-wide domain manager resides. Additionally, the system-wide domain manager may coordinate interaction among the other domains in accordance with their respective policies. | 04-28-2011 |
20110265153 | Protection Against Unsolicited Communication - Methods and apparatus are disclosed to provide protection against Unsolicited Communication (UC) in a network, such as, without limitation, an Internet Protocol (IP) Multimedia Subsystem (IMS). A communication may originate from a sending device and may be intended for delivery to a receiving device. A network may determine authentication information associated with the sending device. The network may send the authentication information to a receiving entity to evaluate if the communication is unsolicited using the authentication information. If the communication is determined to be acceptable, a connection associated with the communication may be allowed. | 10-27-2011 |
20120003961 | METHOD AND APPARATUS FOR BASE STATION SELF-CONFIGURATION - Disclosed is method and apparatus for operation of a base station in wireless communications, including self-configuration of the base station for secure and authenticated communications with other base stations. | 01-05-2012 |
20120072979 | Method And Apparatus For Trusted Federated Identity - A trusted computing environment, such as a smartcard, UICC, Java card, global platform, or the like may be used as a local host trust center and a proxy for a single-sign on (SSO) provider. This may be referred to as a local SSO provider (OP). This may be done, for example, to keep authentication traffic local and to prevent over the air communications, which may burden an operator network. To establish the OP proxy in the trusted environment, the trusted environment may bind to the SSO provider in a number of ways. For example, the SSO provider may interoperate with UICC-based UE authentication or GBA. In this way, user equipment may leverage the trusted environment in order to provide increased security and reduce over the air communications and authentication burden on the OP or operator network. | 03-22-2012 |
20120246481 | VIRTUAL SUBSCRIBER IDENTITY MODULE - A mobile trusted platform (MTP) configured to provide virtual subscriber identify module (vSIM) services is disclosed. In one embodiment, the MTP includes: a device manufacturer-trusted subsystem (TSS-DM) configured to store and provide credentials related to a manufacturer of the MTP; a mobile network operator—trusted subsystem (MNO-TSS) configured to store and provide credentials related to a mobile network operator (MNO); and a device user/owner—trusted subsystem (TSS-DO/TSS-U) configured to store and provide credentials related to user of the MTP. The TSS-MNO includes a vSIM core services unit, configured to store, provide and process credential information relating to the MNO. The TSS-DO/TSS-U includes a vSIM management unit, configured to store, provide and process credential information relating to the user/owner of the MTP. The TSS-DO/TSS-U and the TSS-MNO communicate through a trusted vSIM service. | 09-27-2012 |
20120254959 | IDENTITY MANAGEMENT ON A WIRELESS DEVICE - A wireless device may perform a local authentication to reduce the traffic on a network. The local authentication may be performed using a local web server and/or a local OpenID provider (OP) associated with the wireless device. The local web server and/or local OP may be implemented on a security module, such as a smartcard or a trusted execution environment for example. The local OP and/or local web server may be used to implement a provisioning phase to derive a session key, associated with a service provider, from an authentication between the wireless device and the network. The session key may be reusable for subsequent local authentications to locally authenticate a user of the wireless device to the service provider. | 10-04-2012 |
20120278869 | REGISTRATION AND CREDENTIAL ROLL-OUT FOR ACCESSING A SUBSCRIPTION-BASED SERVICE - A user may access a subscription-based service via a system comprising one or more devices with one or more separate domains where each domain may be owned or controlled by one or more different local or remote owners. Each domain may have a different owner, and a remote owner offering a subscription-based service may have taken ownership of a domain, which may be referred to as a remote owner domain. Further, the user may have taken ownership of a domain, which may be referred to as a user domain. In order for the user to access the subscription-based service, registration and credential roll-out may be needed. An exemplary registration and credential roll-out process may comprise registration of the user, obtaining credentials from the remote owner and storing the credentials. | 11-01-2012 |
20130007858 | AUTHENTICATION AND SECURE CHANNEL SETUP FOR COMMUNICATION HANDOFF SCENARIOS - Persistent communication layer credentials generated on a persistent communication layer at one network may be leveraged to perform authentication on another. For example, the persistent communication layer credentials may include application-layer credentials derived on an application layer. The application-layer credentials may be used to establish authentication credentials for authenticating a mobile device for access to services at a network server. The authentication credentials may be derived from the application-layer credentials of another network to enable a seamless handoff from one network to another. The authentication credentials may be derived from the application-layer credentials using reverse bootstrapping or other key derivation functions. The mobile device and/or network entity to which the mobile device is being authenticated may enable communication of authentication information between the communication layers to enable authentication of a device using multiple communication layers. | 01-03-2013 |
20130080769 | SYSTEMS AND METHODS FOR SECURING NETWORK COMMUNICATIONS - Secure communications may be established amongst network entities for performing authentication and/or verification of the network entities. For example, a user equipment (UE) may establish a secure channel with an identity provider, capable of issuing user identities for authentication of the user/UE. The UE may also establish a secure channel with a service provider, capable of providing services to the UE via a network. The identity provider may even establish a secure channel with the service provider for performing secure communications. The establishment of each of these secure channels may enable each network entity to authenticate to the other network entities. The secure channels may also enable the UE to verify that the service provider with which it has established the secure channel is an intended service provider for accessing services. | 03-28-2013 |
20130125226 | SSO FRAMEWORK FOR MULTIPLE SSO TECHNOLOGIES - Users desire useable security or a seamless means for accessing internet services whereby user interaction in the provisioning of credentials may be kept to a minimum or even eliminated entirely. The Single Sign-On (SSO) identity management (IdM) concept may be a means by which a user may be provided with such ease of use, while enabling user-assisted and network-assisted authentication for access to desired services. To enable seamless authentication services to users, a unified framework and a protocol layer interface for managing multiple authentication methods may be used. | 05-16-2013 |
20130174241 | AUTOMATED NEGOTIATION AND SELECTION OF AUTHENTICATION PROTOCOLS - Wireless telecommunications networks may implement various forms of authentication. There are a variety of different user and device authentication protocols that follow a similar network architecture, involving various network entities such as a user equipment (UE), a service provider (SP), and an authentication endpoint (AEP). To select an acceptable authentication protocol or credential for authenticating a user or UE, authentication protocol negotiations may take place between various network entities. For example, negotiations may take place in networks implementing a single-sign on (SSO) architecture and/or networks implementing a Generic Bootstrapping Architecture (GBA). | 07-04-2013 |
20130336162 | METHODS AND APPARATUS FOR BASE STATION SELF-CONFIGURATION - Disclosed is method and apparatus for operation of a base station in wireless communications, including self-configuration of the base station for secure and authenticated communications with other base stations. | 12-19-2013 |
20140047528 | IDENTITY MANAGEMENT ON A WIRELESS DEVICE - A wireless device may perform a local authentication to reduce the traffic on a network. The local authentication may be performed using a local web server and/or a local OpenID provider (OP) associated with the wireless device. The local web server and/or local OP may be implemented on a security module, such as a smartcard or a trusted execution environment for example. The local OP and/or local web server may be used to implement a provisioning phase to derive a session key, associated with a service provider, from an authentication between the wireless device and the network. The session key may be reusable for subsequent local authentications to locally authenticate a user of the wireless device to the service provider. | 02-13-2014 |
20140179271 | SMART CARD WITH DOMAIN-TRUST EVALUATION AND DOMAIN POLICY MANAGEMENT FUNCTIONS - Methods and instrumentalities are disclosed that enable one or more domains on one or more devices to be owned or controlled by one or more different local or remote owners, while providing a level of system-wide management of those domains. Each domain may have a different owner, and each owner may specify policies for operation of its domain and for operation of its domain in relation to the platform on which the domain resides, and other domains. A system-wide domain manager may be resident on one of the domains. The system-wide domain manager may enforce the policies of the domain on which it is resident, and it may coordinate the enforcement of the other domains by their respective policies in relation to the domain in which the system-wide domain manager resides. Additionally, the system-wide domain manager may coordinate interaction among the other domains in accordance with their respective policies. A domain application may be resident on one of the domains. The domain application may be ported to the platform based on a relationship between at least one domain owner and at least one other domain owner of the one or more domains. | 06-26-2014 |
20140201809 | Characteristics of Security Associations - Authentication of a user or a wireless transmit/receive unit may be based on an obtained measure of authentication strength, which may referred to as an assurance level. For example, a user, via a WTRU, may request access to a service controlled by an access control entity (ACE). The user may be authenticated with a user authenticator and assertion function (UAAF), producing a result. A user assertion may be provided that includes the user authentication result, a user assurance level, and/or a user freshness level. The WTRU may be authenticated with a device authenticator and assertion function (DAAF), producing an associated result. A device assertion may be provided that may include the device authentication result, a device assurance level, and/or a device freshness level. The assertions may be bound together to receive access to a service or resource. | 07-17-2014 |
20140365777 | SYSTEMS AND METHODS FOR SECURING NETWORK COMMUNICATIONS - Secure communications may be established amongst network entities for performing authentication and/or verification of the network entities. For example, a user equipment (UE) may establish a secure channel with an identity provider, capable of issuing user identities for authentication of the user/UE. The UE may also establish a secure channel with a service provider, capable of providing services to the UE via a network. The identity provider may even establish a secure channel with the service provider for performing secure communications. The establishment of each of these secure channels may enable each network entity to authenticate to the other network entities. The secure channels may also enable the UE to verify that the service provider with which it has established the secure channel is an intended service provider for accessing services. | 12-11-2014 |
20150065093 | Identity Management on a Wireless Device - A wireless device may perform a local authentication to reduce the traffic on a network. The local authentication may be performed using a local web server and/or a local OpenID provider (OP) associated with the wireless device. The local web server and/or local OP may be implemented on a security module, such as a smartcard or a trusted execution environment for example. The local OP and/or local web server may be used to implement a provisioning phase to derive a session key, associated with a service provider, from an authentication between the wireless device and the network. The session key may be reusable for subsequent local authentications to locally authenticate a user of the wireless device to the service provider. | 03-05-2015 |
20150237502 | Platform Validation and Management of Wireless Devices - Methods, components and apparatus for implementing platform validation and management (PVM) are disclosed. PVM provides the functionality and operations of a platform validation entity with remote management of devices by device management components and systems such as a home node-B management system or component. Example PVM operations bring devices into a secure target state before allowing connectivity and access to a core network. | 08-20-2015 |
20150319156 | INDEPENDENT IDENTITY MANAGEMENT SYSTEMS - Systems, methods and apparatus embodiments are described herein for authenticating a user and/or a user equipment (UE). For example, a user and/or UE may request access to a service controlled by a service provider (SP). The user may be authenticated by an identity provider (IdP), producing a result. A user assertion may be provided to the SP, and the user assertion may comprise the user authentication result. The UE may be authenticated with another IdP, producing an associated result. A device assertion may be provided to the SP and may comprise the device authentication result. A master IdP may bind the assertions together and a consolidated assertion may be provided to the SP so that the user/UE can receive access to a service that is provided by the SP. | 11-05-2015 |
20150326561 | Authentication and Secure Channel Setup for Communication Handoff Scenarios - Persistent communication layer credentials generated on a persistent communication layer at one network may be leveraged to perform authentication on another. For example, the persistent communication layer credentials may include application-layer credentials derived on an application layer. The application-layer credentials may be used to establish authentication credentials for authenticating a mobile device for access to services at a network server. The authentication credentials may be derived from the application-layer credentials of another network to enable a seamless handoff from one network to another. The authentication credentials may be derived from the application-layer credentials using reverse bootstrapping or other key derivation functions. The mobile device and/or network entity to which the mobile device is being authenticated may enable communication of authentication information between the communication layers to enable authentication of a device using multiple communication layers. | 11-12-2015 |
20150341805 | METHOD AND APPARATUS FOR BASE STATION SELF-CONFIGURATION - Disclosed is method and apparatus for operation of a base station in wireless communications, including self-configuration of the base station for secure and authenticated communications with other base stations. | 11-26-2015 |