Platform validation and management of wireless devices

US 9,924,366 B2
Filed: 04/29/2015
Issued: 03/20/2018
Est. Priority Date: 03/06/2009
Status: Active Grant

First Claim

Patent Images

1. A method of performing validation of a device coupled to a platform validation entity (PVE), the method being performed at the PVE, the method comprising:

receiving a validation message from the device based on an integrity check of one or more software modules of the device, the validation message comprising information about the device and indicating one or more security policy attributes associated with any software modules that failed the integrity check, each security policy attribute providing information on an action that may be taken at the PVE in response to the failed integrity check; and

based on the validation message, determining whether to allow network access to the device.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, components and apparatus for implementing platform validation and management (PVM) are disclosed. PVM provides the functionality and operations of a platform validation entity with remote management of devices by device management components and systems such as a home node-B management system or component. Example PVM operations bring devices into a secure target state before allowing connectivity and access to a core network.

Citations

21 Claims

1. A method of performing validation of a device coupled to a platform validation entity (PVE), the method being performed at the PVE, the method comprising:
- receiving a validation message from the device based on an integrity check of one or more software modules of the device, the validation message comprising information about the device and indicating one or more security policy attributes associated with any software modules that failed the integrity check, each security policy attribute providing information on an action that may be taken at the PVE in response to the failed integrity check; and
  
  based on the validation message, determining whether to allow network access to the device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 18, 19)
- - 2. The method of claim 1, wherein one of the one or more security policy attributes for any failed software module is a code selected from a list of codes.
  - 3. The method of claim 2, wherein the code indicates that network access needs to be denied.
  - 4. The method of claim 2, wherein the code indicates that temporary network access is acceptable.
  - 5. The method of claim 2, wherein the code indicates that limited network access is acceptable.
  - 6. The method of claim 2, wherein the list includes a code that indicates that network access should be allowed.
  - 7. The method of claim 1, wherein the device is a wireless transmit/receive unit (WTRU).
  - 8. The method of claim 1, wherein based on the validation message the PVE determines whether to mandate configuration changes at the device.
  - 9. The method of claim 1, wherein the security policy attributes indicate what actions should be done by the PVE for the any modules that failed the integrity check.
  - 18. The method of claim 1, wherein the network access is limited.
  - 19. The method of claim 1, wherein the network access is a full access to a network.

10. A method of performing validation of a device to a platform validation entity (PVE), the method being done at the device, the method comprising:
- performing an integrity check on modules of the device;
  
  obtaining security policy attributes for any modules that fail the integrity check; and
  
  sending a validation message to the PVE based on the integrity check, the validation message comprising information about the device and indicating one or more security policy attributes associated with any software modules that failed the integrity check, each security policy attribute providing information on an action that may be taken at the PVE in response to the failed integrity check.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method of claim 10, wherein the security policy attribute for any failed software module is a code selected from a list of codes.
  - 12. The method of claim 11, wherein the code indicates that network access needs to be denied.
  - 13. The method of claim 11, wherein the code indicates that temporary network access is acceptable.
  - 14. The method of claim 11, wherein the code indicates network access should be allowed.
  - 15. The method of claim 11, wherein the code indicates that limited network access is acceptable.
  - 16. The method of claim 10, wherein the security policy attributes indicate what actions should be done by the PVE for the any modules that failed the integrity check.
  - 17. The method of claim 10, wherein the device is a wireless transmit/receive unit (WTRU).

20. A method of performing validation of a device coupled to a platform validation entity (PVE), comprising:
- measuring at least one pre-designated component of the device to produce an integrity measurement of the at least one pre-designated component of the device;
  
  retrieving a trusted reference value for the at least one pre-designated component of the device;
  
  performing, using a trusted environment (TrE) located in the device, an integrity check of the at least one pre-designated component of the device and storing integrity check results, the integrity check including the TrE comparing the measured integrity measurement of the at least one pre-designated component against the trusted reference value for the at least one pre-designated component of the device;
  
  performing, using the TrE, a secure start-up check on the device and storing secure start-up check results, the start-up check determining whether the at least one pre-designated component achieved a state of secure start-up, the start-up check results including an indication if the at least one pre-designated component fails to achieve the state of secure start-up;
  
  obtaining security policy attributes for any modules that fail the integrity check;
  
  forming, using the TrE, a validation message based on the integrity check results and the secure start-up check results, the validation message indicating results of the comparison of the measured integrity measurement against the trusted reference value, the validation message comprising information about the device and indicating one or more security policy attributes associated with any software modules that failed the integrity check;
  
  forwarding, using the TrE, the validation message from the device to the PVE, the PVE being external from the device; and
  
  after forwarding the validation message, receiving a message denying or allowing device authentication.

21. A method of performing validation of a device coupled to a platform validation entity (PVE), the method being performed at the PVE, the method comprising:
- receiving a validation message from the device based on an integrity check of one or more software modules of the device, the validation message comprising information about the device and indicating one or more security policy attributes associated with any software modules that failed the integrity check; and
  
  based on the validation message, determining whether to allow network access to the device, wherein the code indicates that network access should be allowed as long as a quarantine of the failed module is successful.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
InterDigital Patent Holdings, Inc. (InterDigital, Inc.)
Original Assignee
InterDigital Patent Holdings, Inc. (InterDigital, Inc.)
Inventors
Schmidt, Andreas, Greiner, David G., Guccione, Louis J., Howry, Dolores F., Meyerstein, Michael V., Pattar, Sudhir B., Shah, Yogendra C., Cha, Inhyok, Leicher, Andreas, Case, Lawrence
Primary Examiner(s)
Korsak, Oleg

Application Number

US14/699,509
Publication Number

US 20150237502A1
Time in Patent Office

1,056 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/57   Certifying or maintaining t...

H04L 63/123   received data contents, e.g...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/10   Integrity

H04W 12/35   Protecting application or s...

H04W 12/61   Time-dependent

H04W 12/71   Hardware identity

Platform validation and management of wireless devices

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Platform validation and management of wireless devices

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links