Patent application number | Description | Published |
20080220746 | KEY ESTABLISHMENT UTILIZING LINK PRIVACY - A system for allowing two or more wireless devices to form a secure relationship despite any other device that may be attempting to intercept information exchanged between the devices. The process may be performed automatically by the devices, yielding security information that may be used to authenticate information believed to have been sent from a known device. The security information may include at least an encryption key utilized to identify previously encountered known devices and for securing communication with these devices. The security key may be computed by analyzing the transmission and receipt of advertising messages, or by analyzing the contents of pseudorandom information contained in advertising message payloads. | 09-11-2008 |
20090316908 | Verification key handling - A method, an apparatus, and a computer program product for enabling verification key handling is disclosed. Said handling is enabled by receiving a verification key including an identifier of the parent verification key of the verification key, wherein the verification key includes a constraint portion, determining whether the constraint portion of the verification key corresponds to the constraint portion of the parent verification key, associating, in case the constraint portion of the verification key corresponds to the constraint portion of the parent verification key, the verification key with a particular state update, and storing the verification key associated with the particular state update. | 12-24-2009 |
20100005294 | Security in Wireless Environments Using Out-Of-Band Channel Communication - A methodology of using an (preferably uni-directional) out-of-band channel for secure information transmission between two devices capable for LPRF communication is provided. Information, which is intended for secure transmission from one of the devices to the other device, is encoded into a time dependent visual sequence. The visual sequence may comprise one or more visual signals, in particular lighted-up and dark states. The visual sequence is emitted in a time-dependent visual signal by a light emitter of the one device and the emitted signal is detected by a light sensor of the other device on the basis of the detected signal. The time-dependent signal especially timely varies in the light intensity. The light sensor generates a (time-dependent) sequence of detection signals. These detection signals are decoded to reconstruct the information intended for secure transmission. The out-of-band channel transmission of the information being separate from the LPRF communication enables to transmit a shared secret. The shared secret is required for secure authentication of the devices during initialization of the LPRF communication. | 01-07-2010 |
20100082679 | METHOD, APPARATUS AND COMPUTER PROGRAM PRODUCT FOR PROVIDING OBJECT PRIVILEGE MODIFICATION - An apparatus for providing object privilege modification may include a processor. The processor may be configured to receive an indication to modify at least one privilege associated with an object. The processor may be further configured to modify the at least one privilege associated with the object based at least in part on the indication and update a policy file based at least in part on the modified privilege associated with the object. The processor may be additionally configured to provide for an output of the object based at least in part on the modified privilege associated with the object. Associated methods and computer program products may also be provided. | 04-01-2010 |
20100262841 | METHOD FOR SECURE PROGRAM CODE EXECUTION IN AN ELECTRONIC DEVICE - The invention relates to a method for secure piecemeal execution of a program code. In the method, the program code is split to a number of pieces in a first electronic device. The pieces are provided one after another to a second electronic device, which computes a message authentication code from the pieces and returns the authenticated pieces back to the first electronic device. In order to execute the program, the authenticated pieces are provided for execution to the second electronic device, which verifies the message authentication codes in the pieces to allow the execution of the pieces in the second electronic device. | 10-14-2010 |
20100325427 | METHOD AND APPARATUS FOR AUTHENTICATING A MOBILE DEVICE - An approach is provided for authenticating a mobile device. A mobile device initiates transmission of a request to an authentication platform for generating a public-key certificate to access a service from the mobile device. The mobile device receives an identity challenge and responds by initiating transmission of a tag specific to the mobile device to the authentication platform. The authentication platform uses the tag to generate a public-key certificate. | 12-23-2010 |
20110093938 | METHODS, APPARATUSES, AND COMPUTER PROGRAM PRODUCTS FOR BOOTSTRAPPING DEVICE AND USER AUTHENTICATION - An apparatus may include a processor configured to receive a security certificate request from a remote device comprising a public key of the remote device and an authentication credential based upon a legacy authentication mechanism of the remote device. The processor may be further configured to validate the received authentication credential in accordance with the legacy authentication mechanism. The processor may be additionally configured to generate a security certificate for the public key. The processor may be further configured to provide the generated security certificate to the remote device | 04-21-2011 |
20110161648 | SOFTWARE LOADING METHOD AND APPARATUS - A method and an apparatus that enable loading of computer programs to a trusted computing platform. The computer program loading is enabled by executing a first program loader ( | 06-30-2011 |
20120253974 | METHOD AND APPARATUS FOR PROVIDING MEMORY TAG-BASED PAYMENT METHODS - An approach is provided for memory tag-based payment methods. A transaction management platform receives a payment request via a radio frequency memory tag associated with a device. The transaction management platform also processes and/or facilitates a processing of the payment request to determine whether the radio frequency memory tag includes a value that is sufficient to complete the payment request. On a determination that the value is not sufficient, the transaction management platform further causes, at least in part, one or more actions that result in the device initiating a transfer of additional value to the radio frequency memory tag to complete the payment request. | 10-04-2012 |
20120297175 | Secure Boot With Trusted Computing Group Platform Registers - Disclosed is a method that includes providing at least two platform configuration registers, where a first platform configuration register is a measurement platform configuration register and where a second platform configuration register is a resettable binding configuration platform configuration register; executing an authorization chain under direction of a trusted engine to perform an authorization, where a value of the measurement platform configuration register is included as a precondition; extending the binding platform configuration register with a value enforced by the authorization; and monitoring, such as with a trusted operating system, a validation result of the binding platform configuration register. Apparatus and computer program instructions embodied in a computer-readable medium that implement the method are also disclosed. | 11-22-2012 |
20130005374 | METHOD AND APPARATUS FOR PROVIDING SPECTRUM RESERVATION - An approach is provided for providing spectrum reservation in cognitive radio information sharing. A cognitive radio spectrum reservation platform determines information regarding at least one predicted location of at least one device. The cognitive radio spectrum reservation platform also processes and/or facilitates a processing of the information to generate a prediction of one or more cognitive radio resources that are to be used by the at least one device at the at least one predicted location. The cognitive radio spectrum reservation platform further causes, at least in part, a reservation of the one or more cognitive resources from one or more cognitive radio connectivity providers based, at least in part, on the prediction. | 01-03-2013 |
20130148805 | METHOD AND APPARATUS FOR IMPLEMENTING KEY STREAM HIERARCHY - Various methods for implementing keystream hierarchy in a distributed memory environment are provided. One example method may comprise causing a generated keystream to be accessed on a memory device, wherein the keystream was generated in an instance in which the memory device was in radio communications range. One example method may further comprise determining a session key based on the generated keystream and a modified keystream. In some example embodiments, the modified keystream is created by the memory device based on the generated keystream and a keystream received by the memory device from a second device. One example method may further comprise causing communications data to be transmitted to the memory device or to the second device. In some example embodiments, the communications data is protected using at least a portion of the session key and is intended for the second device. | 06-13-2013 |
20130243189 | METHOD AND APPARATUS FOR PROVIDING INFORMATION AUTHENTICATION FROM EXTERNAL SENSORS TO SECURE ENVIRONMENTS - An approach is provided for providing information authentication from external sensors to secure environments. An authentication support platform causes, at least in part, a generation of at least one cryptographic key for use by (a) at least one secure environment, (b) one or more sensors that are associated with at least one device and that are external to the at least one secure environment, or (c) a combination thereof. The authentication support platform further causes, at least in part, an authentication of sensor information transmitted by the one or more sensors to the at least one secure environment based, at least in part, on the cryptographic key. | 09-19-2013 |
20140026200 | METHOD AND APPARATUS FOR PROVIDING SECRET DELEGATION - A method for providing secret delegation may comprise receiving a credential secret applied to an algorithm associated with a distributed application in a trusted execution environment, causing delegation of the credential secret from one communication device to at least one other communication device, and modifying the credential secret prior to transfer of a modified version of the credential secret to the at least one other communication device in a manner that enables a generation of the credential secret to be determined. An apparatus and computer program product corresponding to the method are also provided. | 01-23-2014 |
20140106763 | METHOD AND APPARATUS FOR IMPROVED COGNITIVE CONNECTIVITY BASED ON GROUP DATASETS - An approach is provided for allocating radio resources based on social distance information for one or more social groups. The coexistence platform determines social distance information for at least one group of a plurality of one or more users, one or more devices associated with the one or more users, or a combination thereof. The coexistence platform causes, at least in part, at least one allocation of the one or more radio resources to the one or more devices based, at least in part, on the social distance information for the at least one group or a subset of the at least one group. The coexistence client causes an initiation of a request for at least one allocation of one or more radio resources. The coexistence client determines the one or more radio resources based, at least in part, on social distance information. | 04-17-2014 |
20140115346 | METHOD AND APPARATUS FOR IMPLEMENTING MEMORY SEGMENT ACCESS CONTROL IN A DISTRIBUTED MEMORY ENVIRONMENT - Various methods for implementing memory segment access control in a distributed memory environment are provided. One example method may comprise during a first write state for a memory segment receiving a cryptographic key stream in association with a request from a first device for use of shared storage capacity of a second device and causing the cryptographic key stream to be stored in the memory segment. Further, during the second write state for the memory segment, the example method may comprise receiving data content, transforming the date content using the cryptographic key stream to form encrypted data content, and causing the encrypted data content to be stored in the memory segment. Finally, during the first read state, the example method may comprise causing the encrypted data content to be provided to one or more requesting devices. Similar and related example methods, example apparatuses, and example computer program products are also provided. | 04-24-2014 |
20140130124 | Partially Virtualizing PCR Banks In Mobile TPM - In accordance with the exemplary embodiments of the invention there is at least a method and apparatus to perform operations including triggering, with an entity of a device, an attestation with a trusted platform module/mobile platform module of the device; and in response to the triggering, sending information comprising a platform configuration register value towards the entity, where the platform configuration register depends on measurements of the entity triggering the attestation. | 05-08-2014 |
20140173690 | METHOD AND APPARATUS FOR SECURITY MECHANISM FOR PROXIMITY-BASED ACCESS REQUESTS - An approach is provided for providing security mechanism for proximity-based interactions among devices. At least one first device (e.g., a memory tag) may determine a request for interaction between the at least one first device and at least one second device (e.g., a mobile phone), wherein at least the at least one first device is associated with at least one first antenna and at least one second antenna. The at least one first device may determine a first signal received by the at least one first antenna and a second signal received by the at least one second antenna. Further, the at least one first device may determine one or more differences in one or more characteristics of the first signal and the second signal. Furthermore, the at least one first device may process and/or facilitate a processing of the one or more differences to determine whether to allow the interaction. | 06-19-2014 |
20140220929 | Method and Apparatus For Providing Network Access To A Connecting Apparatus - A method and apparatus are provided for providing network access to a connecting apparatus. A method may include determining, at a terminal apparatus, a selection of a network access credential for a network from a plurality of available network access credentials installed on the terminal apparatus. The method may further include responsive to the selection, activating the selected network access credential. The method may additionally include using the activated network access credential to cause a connecting apparatus to be provided with access to the network via a local connection between the terminal apparatus and the connecting apparatus. A corresponding apparatus is also provided. | 08-07-2014 |
20140298016 | METHOD AND APPARATUS FOR IDENTITY BASED TICKETING - A method, apparatus, system and computer program where an apparatus stores user specific credentials, receives a certificate via the communication interface from a certificate authority and stores the certificate in the memory. The apparatus further stores a private key and a public key in the memory and attempts authenticating of the apparatus to a ticket reader for accessing a service, by transmission of one or more messages, wherein the messages contain an authenticator that has at least one of the following: the certificate or its cryptographic derivative; one or more data items contained by the certificate or a cryptographic derivative thereof. The messages are prepared such that the public key is not recoverable from outside of the authenticator. | 10-02-2014 |
20140351578 | DETERMINATION OF APPARATUS CONFIGURATION AND PROGRAMMING DATA - A method including determining a public identifier for identifying a configuration of an apparatus, determining a common configuration certificate comprising a common configuration certificate identifier for verifying programming data, and determining a hardware certificate comprising the public identifier and the common configuration certificate identifier for associating a permitted combination of the apparatus configuration and the programming data. Furthermore, the method includes generating a dedicated package of the hardware certificates corresponding to the apparatus configurations allowed to be provided, encrypting the dedicated package of the hardware certificates using a public key, and storing the encrypted dedicated package of the hardware certificates with an identifier to a passive memory of the apparatus. | 11-27-2014 |
Patent application number | Description | Published |
20100266128 | CREDENTIAL PROVISIONING - Disclosed is a method in a provisioning apparatus. The method comprises obtaining a family key, a family key defining a family; submitting the family key to a security element in a secure manner ( | 10-21-2010 |
20100303236 | METHOD AND APPARATUS FOR PROPAGATING ENCRYPTION KEYS BETWEEN WIRELESS COMMUNICATION DEVICES - A system for propagating encryption key information between wireless communication devices without the requirement of pairing each and every device. A wireless communication device may be paired with at least one device in a group of devices. When a secure link is established between these devices, a determination may be made as to whether encryption key information should be passed from one device to another. The additional encryption key information may allow a wireless communication device to create a secure link with other devices without having to first establish a trusted relationship (e.g., go through a pairing process) with the other devices. | 12-02-2010 |
20110066850 | COMMUNICATION USING MULTIPLE APPARATUS IDENTITIES - A system for broadcasting multiple public identities corresponding to the same apparatus. For example, each public identity may correspond to different operational environments, while none of the public identities disclose a private identity that uniquely and permanently identifies the apparatus. This allows apparatuses to keep their unique identity a secret while still being able to communicate with other apparatuses in various environments. | 03-17-2011 |
20120244805 | METHOD AND APPARATUS FOR BATTERY WITH SECURE ELEMENT - In accordance with an example embodiment of the present invention, mobile device comprises a battery, a short-range wireless communication (SRW) chip set, a secure element incorporated into the battery, and a bootloader, wherein the SRW chip set is configured to sense proximity to a point of sales terminal and, in response, initiate bootup of the mobile device, and wherein the bootloader is configured to determine that bootup was initiated by the SRW chip set and, in response, power up only the SRW chip set and the secure element. | 09-27-2012 |
20120311315 | Method and Apparatus to Reset Platform Configuration Register in Mobile Trusted Module - In accordance with the exemplary embodiments of the invention there is at least a method, apparatus, and executable program of computer instructions to perform the operations of establishing and initializing a set of platform configuration registers, where a first subset of platform configuration registers is defined as being non-resettable, and a second subset of platform configuration registers is defined as being resettable, storing initial boot-up system state information in one or more non-resettable platform configuration registers, dynamically resetting ( | 12-06-2012 |
20120324214 | Method and Apparatus to Provide Attestation with PCR Reuse and Existing Infrastructure - The exemplary embodiments or the invention provide at least a method, apparatus, and program of computer instructions to perform operations including receiving a challenge from a prover device, reading and saving an old value of a selected platform configuration register, obtaining at least one measurement or property and forming a new platform configuration register value, where the forming includes calculating a cryptographic hash over the old value of the platform configuration register and the obtained at least one measurement or property, triggering, with the trusted software, an attestation by sending a challenge to a trusted platform module/mobile platform module, and sending by the prover device a device certificate, attestation, at least one measurement or property, and old platform configuration register value to the verifier. Further, the exemplary embodiments or the invention teach sending a challenge to a trusted software of a prover device, and receiving by the verifier device a device certificate, attestation, at least one measurement or property, and an old platform configuration register value from the prover device, checking by the verifier device that extending the old platform configuration register value with the at least one measurement or property results in a new platform configuration register value that has been attested, and using the new platform configuration register value in attestation of the prover device. | 12-20-2012 |