Platform validation and management of wireless devices
First Claim
Patent Images
1. A method of performing validation of a device coupled to a platform validation entity (PVE), the method being performed at the PVE, the method comprising:
- receiving a validation message from the device based on an integrity check of one or more software modules of the device, the validation message comprising information about the device and indicating one or more security policy attributes associated with any software modules that failed the integrity check, each security policy attribute providing information on an action that may be taken at the PVE in response to the failed integrity check; and
based on the validation message, determining whether to allow network access to the device.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods, components and apparatus for implementing platform validation and management (PVM) are disclosed. PVM provides the functionality and operations of a platform validation entity with remote management of devices by device management components and systems such as a home node-B management system or component. Example PVM operations bring devices into a secure target state before allowing connectivity and access to a core network.
-
Citations
21 Claims
-
1. A method of performing validation of a device coupled to a platform validation entity (PVE), the method being performed at the PVE, the method comprising:
-
receiving a validation message from the device based on an integrity check of one or more software modules of the device, the validation message comprising information about the device and indicating one or more security policy attributes associated with any software modules that failed the integrity check, each security policy attribute providing information on an action that may be taken at the PVE in response to the failed integrity check; and based on the validation message, determining whether to allow network access to the device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 18, 19)
-
-
10. A method of performing validation of a device to a platform validation entity (PVE), the method being done at the device, the method comprising:
-
performing an integrity check on modules of the device; obtaining security policy attributes for any modules that fail the integrity check; and sending a validation message to the PVE based on the integrity check, the validation message comprising information about the device and indicating one or more security policy attributes associated with any software modules that failed the integrity check, each security policy attribute providing information on an action that may be taken at the PVE in response to the failed integrity check. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
20. A method of performing validation of a device coupled to a platform validation entity (PVE), comprising:
-
measuring at least one pre-designated component of the device to produce an integrity measurement of the at least one pre-designated component of the device; retrieving a trusted reference value for the at least one pre-designated component of the device; performing, using a trusted environment (TrE) located in the device, an integrity check of the at least one pre-designated component of the device and storing integrity check results, the integrity check including the TrE comparing the measured integrity measurement of the at least one pre-designated component against the trusted reference value for the at least one pre-designated component of the device; performing, using the TrE, a secure start-up check on the device and storing secure start-up check results, the start-up check determining whether the at least one pre-designated component achieved a state of secure start-up, the start-up check results including an indication if the at least one pre-designated component fails to achieve the state of secure start-up; obtaining security policy attributes for any modules that fail the integrity check; forming, using the TrE, a validation message based on the integrity check results and the secure start-up check results, the validation message indicating results of the comparison of the measured integrity measurement against the trusted reference value, the validation message comprising information about the device and indicating one or more security policy attributes associated with any software modules that failed the integrity check; forwarding, using the TrE, the validation message from the device to the PVE, the PVE being external from the device; and after forwarding the validation message, receiving a message denying or allowing device authentication.
-
-
21. A method of performing validation of a device coupled to a platform validation entity (PVE), the method being performed at the PVE, the method comprising:
-
receiving a validation message from the device based on an integrity check of one or more software modules of the device, the validation message comprising information about the device and indicating one or more security policy attributes associated with any software modules that failed the integrity check; and based on the validation message, determining whether to allow network access to the device, wherein the code indicates that network access should be allowed as long as a quarantine of the failed module is successful.
-
Specification