Secure Device Data Records
First Claim
1. A communications device comprising:
- one or more communication input/output (I/O) ports, at least one of the one or more communication I/O ports being a wide area network port configured to connect the communications device to a wide area network;
memory configured to store a device communication activity policy;
a secure execution environment configured to be inaccessible to user application software;
one or more secure data path processing agents configured to;
execute in the secure execution environment,monitor a device data communications activity through at least one of the one or more communication I/O ports,generate a device data record comprising information about the device data communications activity through at least one of the one or more communication I/O ports, the information configured to assist a network element in determining whether the communications device is operating or has operated in accordance with the device communication activity policy, andsend the device data record to the network element over a trusted communication link between the one or more data path processing agents and the network element; and
a trusted data path between the one or more data path processing agents and the wide area network port.
2 Assignments
0 Petitions
Accused Products
Abstract
Secure device data records (DDRs) are provided. In some embodiments, a system for secure DDRs includes a processor of a wireless communication device for wireless communication with a wireless network, in which the processor is configured with a secure execution environment, and in which the secure execution environment is configured to: monitor service usage of the wireless communication device with the wireless network; and generate a plurality of device data records of the monitored service usage of the wireless communication device with the wireless network, in which each device data record is associated with a unique sequence order identifier; and a memory coupled to the processor and configured to provide the processor with instructions. In some embodiments, the secure execution environment is located in an application processor, in a modem processor, and/or in a subscriber identity module (SIM).
-
Citations
28 Claims
-
1. A communications device comprising:
-
one or more communication input/output (I/O) ports, at least one of the one or more communication I/O ports being a wide area network port configured to connect the communications device to a wide area network; memory configured to store a device communication activity policy; a secure execution environment configured to be inaccessible to user application software; one or more secure data path processing agents configured to; execute in the secure execution environment, monitor a device data communications activity through at least one of the one or more communication I/O ports, generate a device data record comprising information about the device data communications activity through at least one of the one or more communication I/O ports, the information configured to assist a network element in determining whether the communications device is operating or has operated in accordance with the device communication activity policy, and send the device data record to the network element over a trusted communication link between the one or more data path processing agents and the network element; and a trusted data path between the one or more data path processing agents and the wide area network port. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A communications device comprising:
-
one or more communication input/output (I/O) ports, at least one of the one or more communication I/O ports being a wide area network port configured to connect the communications device to a wide area network; a secure execution environment configured to be inaccessible to user application software; one or more secure data path processing agents configured to; execute in the secure execution environment, monitor a device data communications activity through at least one of the one or more communication I/O ports, generate a device data record comprising information about the device data communications activity through the at least one of the one or more communication I/O ports, send the device data record to the network element over a trusted communication link between the one or more data path processing agents and the network element, monitor communications sent by the network element over the trusted communication link, and restrict access to the at least one of the one or more communication I/O ports if, within a specified event interval after sending the device data record to the network element over the trusted communication link, the one or more secure data path processing agents have not detected a secure message receipt in the communications from the network element sent over the trusted communication link; and a trusted data path between the one or more data path processing agents and the wide area network port. - View Dependent Claims (25)
-
-
26. A communications device comprising:
-
one or more communication input/output (I/O) ports, at least one of the one or more communication I/O ports being a wide area network port configured to connect the communications device to a wide area network; memory configured to store a device communication activity policy; and a SIM card comprising; a secure execution environment configured to be inaccessible to user application software, one or more secure data path processing agents configured to; execute in the secure execution environment, monitor a data communication activity through at least one of the one or more communication I/O ports, and based on the monitored data communication activity, take an action to assist in enforcing the device communication activity policy, and a trusted data path between the service processor and one or more I/O port modems, the one or more I/O port modems comprising a secure modem processor execution environment configured to be inaccessible to user application software.
-
-
27. A network system comprising:
-
memory configured to store a device communication activity policy; and a policy verification processor configured to; receive a device data record over a trusted communication link between the network system and a device data record generator on a communications device, the device data record comprising information about a data communications activity by the communications device, the information configured to assist the policy verification processor in determining whether the communications device is operating or has operated in accordance with the device communication activity policy, determine, based on the device data record, whether the communications device is operating or has operated in accordance with the device communication activity policy, and upon determining that the communications device is not operating or has not operated in accordance with the device communication activity policy, initiate an error handling action. - View Dependent Claims (28)
-
Specification