Platform Validation and Management of Wireless Devices

US 20150237502A1
Filed: 04/29/2015
Published: 08/20/2015
Est. Priority Date: 03/06/2009
Status: Active Grant

First Claim

Patent Images

1. A method of performing validation of a wireless transmit/receive unit (WTRU) coupled to a platform validation entity (PVE), the method being done at the PVE, the method comprising:

receiving a validation message from the WTRU based on an integrity check, the validation message indicating any software module of the WTRU that failed the integrity check along with a security policy attribute associated with the any software module that failed the integrity check; and

based on the validation message, determining whether to allow network access to the WTRU.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, components and apparatus for implementing platform validation and management (PVM) are disclosed. PVM provides the functionality and operations of a platform validation entity with remote management of devices by device management components and systems such as a home node-B management system or component. Example PVM operations bring devices into a secure target state before allowing connectivity and access to a core network.

Citations

20 Claims

1. A method of performing validation of a wireless transmit/receive unit (WTRU) coupled to a platform validation entity (PVE), the method being done at the PVE, the method comprising:
- receiving a validation message from the WTRU based on an integrity check, the validation message indicating any software module of the WTRU that failed the integrity check along with a security policy attribute associated with the any software module that failed the integrity check; and
  
  based on the validation message, determining whether to allow network access to the WTRU.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, wherein based on the validation message the PVE determines whether to mandate configuration changes at the WTRU.
  - 3. The method of claim 1, wherein the security policy attributes indicate what actions should be done by the PVE for the any modules that failed the integrity check.

4. A method of performing validation of a wireless transmit/receive unit (WTRU) coupled to a platform validation entity (PVE), the method being done at the WTRU, the method comprising:
- performing an integrity check on modules of the WTRU;
  
  obtaining security policy attributes for any modules that fail the integrity check; and
  
  sending a validation message to the PVE based on the integrity check, the validation message indicating the any modules of the WTRU that failed an integrity check along with the associated security policy attributes for the any modules that failed the integrity check.
- View Dependent Claims (5)
- - 5. The method of claim 4, wherein the security policy attributes indicate what actions should be done by the PVE for the any modules that failed the integrity check.

6. A method of performing validation of a wireless transmit/receive unit (WTRU) coupled to a platform validation entity (PVE), comprising:
- measuring at least one pre-designated component of the WTRU to produce an integrity measurement of the at least one pre-designated component of the WTRU;
  
  retrieving a trusted reference value for the at least one pre-designated component of the WTRU;
  
  performing, using a trusted environment (TrE) located in a wireless transmit/receive unit (WTRU), an integrity check of the at least one pre-designated component of the WTRU and storing integrity check results, the integrity check including the TrE comparing the measured integrity measurement of the at least one pre-designated component against the trusted reference value for the at least one pre-designated component of the WTRU;
  
  performing, using the TrE, a secure start-up check on the WTRU and storing secure start-up check results, the start-up check determining whether the at least one pre-designated component achieved a state of secure start-up, wherein if secure startup is not achieved, fallback code is loaded onto the WTRU;
  
  forming, using the TrE, a validation message based on the integrity check results, the validation message indicating results of the comparison of the measured integrity measurement against the trusted reference value;
  
  forwarding, using the TrE, the validation message from the WTRU to the PVE, the PVE being external from the WTRU; and
  
  after forwarding the validation message, receiving a message denying or allowing device authentication.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 7. The method of claim 6, further comprising:
    - performing, using the TrE, a secure start-up in stages, ensuring that a first TrE component and a second TrE component are loaded on a condition that a local validation of the each TrE component is successful;
      
      at a first stage, loading the TrE component via a secure start-up relying on a Root of Trust (RoT);
      
      at a second stage, loading a second component outside the TrE to permit communications with the PVE.
  - 8. The method of claim 6, wherein performing the integrity check is based on at least one trusted reference value and the TrE.
  - 9. The method of claim 6, wherein the validation message includes a local pass/fail indicator as a measurement of integrity established during the first and second stages.
  - 10. The method of claim 6, further comprising a fallback code base.
  - 11. The method of claim 10, wherein initiating the fallback code base includes triggering a software update of a main code base including RIMs.
  - 12. The method of claim 6, further comprising sending a distress signal on a condition that a fallback code base is loaded.
  - 13. The method of claim 6, wherein the fallback code (FBC) image facilitates the remediation of a device and is stored in secure memory.
  - 14. The method of claim 6, wherein the integrity check determines that only registered components are activated.
  - 15. The method of claim 14, wherein the registered components are activated by loading into a memory.
  - 16. The method of claim 14, wherein the registered components are activated by starting into an integrity-proven state.
  - 17. The method of claim 6, further comprising performing a second integrity check.
  - 18. The method of claim 6, further comprising performing a second integrity check on condition that the device has completed a successful network connection.
  - 19. The method of claim 17, wherein the second integrity check is initiated by one of the device or in response to a message.
  - 20. The method of claim 6, wherein storing integrity check results is in a protected storage location.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
InterDigital Patent Holdings, Inc. (InterDigital, Inc.)
Original Assignee
InterDigital Patent Holdings, Inc. (InterDigital, Inc.)
Inventors
Schmidt, Andreas, Greiner, David G., Guccione, Louis J., Howry, Dolores F., Meyerstein, Michael V., Pattar, Sudhir B., Shah, Yogendra C., Cha, Inhyok, Leicher, Andreas, Case, Lawrence

Granted Patent

US 9,924,366 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/57   Certifying or maintaining t...

H04L 63/123   received data contents, e.g...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/10   Integrity

H04W 12/35   Protecting application or s...

H04W 12/61   Time-dependent

H04W 12/71   Hardware identity

Platform Validation and Management of Wireless Devices

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Platform Validation and Management of Wireless Devices

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links