| Patent application number | Description | Published |
|---|
| 20080267406 | Method and Device for Verifying The Integrity of Platform Software of an Electronic Device - A method for verifying the integrity of platform software of an electronic device is provided, the method comprising accessing a module of said platform software, obtaining a signature (S), obtaining a verification key (VK), said verification key (VK) corresponding to a signing key (SK), verifying if said signature (S) was derived by signing said platform software module with said signing key (SK), by using said verification key (VK), and establishing a positive verification of said platform software module if said verification is successful. The invention also provides a method for providing a platform software module to perform the aforementioned method, and a device on which the aforementioned method can be performed. | 10-30-2008 |
| 20080320308 | Method for remote message attestation in a communication system - The invention relates to a method for remote attestation. In the method is created a first asymmetric key pair in a trusted platform module in an electronic device. A first public key and software platform state information are certified with an attestation identity key associated with the trusted platform module to produce a first certificate. A second asymmetric key pair is produced in an application within the electronic device. The second public key is certified with said first secret key to produce a second certificate. A message is signed with the second secret key to provide a message signature in the first electronic device. The message and the message signature, software platform state information, the first certificate and the second certificate are sent to a second electronic device. | 12-25-2008 |
| 20090164783 | METHODS, APPARATUSES, AND COMPUTER PROGRAM PRODUCTS FOR AUTHENTICATION OF FRAGMENTS USING HASH TREES - An apparatus for authentication of fragments using hash trees may include a processor. The processor may be configured to provide one or more data fragments and a hash tree representing the one or more fragments, send at least one first fragment accompanied by any nodes of the hash tree necessary to authenticate the one or more first sent fragments, and send one or more subsequent fragments accompanied by only some, but not all, of the nodes of the hash tree necessary to authenticate the one or more subsequent fragments with the other nodes that are not sent but are necessary for authentication having been previously sent in conjunction with a prior fragment. | 06-25-2009 |
| 20090165077 | Method, Apparatus and Computer Program Product for Secure Software Installation - A method, apparatus and computer program product are provided for secure software download or installation. In this regard, sensory notifications and cognitive activities are implemented prior to proceeding to a download or installation procedure. For example, a sensory notification can be provided if security attributes of software are noncompliant with security preferences. Additionally, performance of a task can be required if security attributes of software are noncompliant with the security preferences prior to installation of the software, wherein requiring performance of a task comprises selecting the task such that the task is variable from one installation of the software to another installation of the software. | 06-25-2009 |
| 20090327713 | SYSTEM AND METHOD FOR ESTABLISHING BEARER-INDEPENDENT AND SECURE CONNECTIONS - A system and method for efficiently enabling local security connectivity between electronic devices over multiple bearers. Electronic devices are configured to advertise, over each bearer, their respective configuration parameters for each bearer. After a connection has been established between the electronic devices over a first bearer, the two electronic devices use the first bearer to establish connections over the other bearers using the configuration parameters contained in the advertisements and advertised over the first bearer. Shared keys are established for the other bearers either using keys derived from the first shared key or by using the first secure connection as an out-of-band channel. The present invention also provides for the creation of an ad hoc WLAN connection once a Bluetooth connection has been established. | 12-31-2009 |
| 20100266128 | CREDENTIAL PROVISIONING - Disclosed is a method in a provisioning apparatus. The method comprises obtaining a family key, a family key defining a family; submitting the family key to a security element in a secure manner ( | 10-21-2010 |
| 20110093938 | METHODS, APPARATUSES, AND COMPUTER PROGRAM PRODUCTS FOR BOOTSTRAPPING DEVICE AND USER AUTHENTICATION - An apparatus may include a processor configured to receive a security certificate request from a remote device comprising a public key of the remote device and an authentication credential based upon a legacy authentication mechanism of the remote device. The processor may be further configured to validate the received authentication credential in accordance with the legacy authentication mechanism. The processor may be additionally configured to generate a security certificate for the public key. The processor may be further configured to provide the generated security certificate to the remote device | 04-21-2011 |
| 20110289560 | Method And Apparatus To Bind A Key To A Namespace - A method includes identifying an application installed on a device as an authorized application of a certain domain, the application being signed with a private key; deriving a signer identity using a public key that forms a key pair with the private key; mapping the certain domain to another domain using a deterministic function map; making a request to the another domain to obtain a list of signer identities that are authorized to act on behalf of the certain domain; determining whether the signer of the application is in the list and, if it is, authorizing the application to act with the same privileges as granted in the certain domain. Apparatus and computer programs for performing the method are also disclosed. | 11-24-2011 |
