Security techniques for device assisted services

US 10,694,385 B2
Filed: 07/13/2018
Issued: 06/23/2020
Est. Priority Date: 01/28/2009
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a processor of a communications device configured to;

implement a service profile executed at least in part in a secure execution environment for assisting control of the communications device use of a service on a wireless network, wherein the service profile includes a plurality of service policy settings, and wherein the service profile is associated with a service plan that provides for access to the service on the wireless network;

operate a host service control link in the secure execution environment to connect securely to a network service controller through a first control channel, the host service control link to receive one or more messages from the network service controller through the first control channel, and based on the one or more messages, to update one or more of the service policy settings;

monitor use of the service based on the service profile; and

verify the use of the service based on the monitored use of the service;

a memory of the communications device coupled to the processor and configured to provide the processor with instructions, the memory comprising a secure partition accessible only from the secure execution environment; and

a secure modem subsystem including;

a wireless modem to communicate with the wireless network;

a modem control link to connect securely to the network service controller through a second control channel.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Security techniques for device assisted services are provided. In some embodiments, secure service measurement and/or control execution partition is provided. In some embodiments, implementing a service profile executed at least in part in a secure execution environment of a processor of a communications device for assisting control of the communications device use of a service on a wireless network, in which the service profile includes a plurality of service policy settings, and wherein the service profile is associated with a service plan that provides for access to the service on the wireless network; monitoring use of the service based on the service profile; and verifying the use of the service based on the monitored use of the service.

1446 Citations

12 Claims

1. A system, comprising:
- a processor of a communications device configured to;
  
  implement a service profile executed at least in part in a secure execution environment for assisting control of the communications device use of a service on a wireless network, wherein the service profile includes a plurality of service policy settings, and wherein the service profile is associated with a service plan that provides for access to the service on the wireless network;
  
  operate a host service control link in the secure execution environment to connect securely to a network service controller through a first control channel, the host service control link to receive one or more messages from the network service controller through the first control channel, and based on the one or more messages, to update one or more of the service policy settings;
  
  monitor use of the service based on the service profile; and
  
  verify the use of the service based on the monitored use of the service;
  
  a memory of the communications device coupled to the processor and configured to provide the processor with instructions, the memory comprising a secure partition accessible only from the secure execution environment; and
  
  a secure modem subsystem including;
  
  a wireless modem to communicate with the wireless network;
  
  a modem control link to connect securely to the network service controller through a second control channel.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, wherein the second control channel connects the modem control link to the network service controller through a modem local channel on the communications device, the modem local channel providing secure communication between the modem control link and the host service control link.
  - 3. The system of claim 1, wherein the second control channel is separately secured from the first control channel.
  - 4. The system of claim 1, wherein the secure modem subsystem further comprises a modem agent accessible only by the network service controller through the second control channel.
  - 5. The system of claim 4, wherein the modem agent comprises a service measurement point for use of the service.
  - 6. The system of claim 5, wherein the modem agent communicates a report of the use of the service to the network service controller through the second control channel.
  - 7. The system of claim 6, wherein the processor separately communicates a report of the monitored use of the service from the secure execution environment through the first control channel.
  - 8. The system of claim 1, wherein the one or more service policy settings updated through the host service control link include an access control setting, a traffic control setting, and/or an admission control setting.
  - 9. The system of claim 1, wherein the one or more service policy settings updated through the host service control link include a network or device management communication setting.
  - 10. The system of claim 1, wherein the secure execution environment is implemented at least in part as a hardware partition.
  - 11. The system of claim 1, wherein the secure execution environment is implemented at least in part as a software partition.
  - 12. The system of claim 1, wherein the secure execution environment is implemented at least in part in a virtual machine executed on the processor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Headwater Research LLC (Greg Raleigh)
Original Assignee
Headwater Research LLC (Greg Raleigh)
Inventors
Raleigh, Gregory G.
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Kaplan, Benjamin A

Application Number

US16/034,362
Publication Number

US 20190141534A1
Time in Patent Office

711 Days
Field of Search

726 1
US Class Current
CPC Class Codes

G06F 15/177   Initialisation or configura...

G06Q 10/06315   Needs-based resource requir...

G06Q 10/06375   Prediction of business proc...

G06Q 20/102   Bill distribution or payments

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/32   using wireless devices

G06Q 20/40   Authorisation, e.g. identif...

G06Q 30/0207   Discounts or incentives, e....

G06Q 30/0241   Advertisements

G06Q 30/0283   Price estimation or determi...

G06Q 30/0284   Time or distance, e.g. usag...

G06Q 30/04   Billing or invoicing

G06Q 30/0601   Electronic shopping [e-shop...

G06Q 40/00   Finance; Insurance; Tax str...

G06Q 40/12   Accounting

H04L 12/14   Charging , metering or bill...

H04L 12/1407   Policy-and-charging control...

H04L 41/0806   for initial configuration o...

H04L 41/0876   Aspects of the degree of co...

H04L 41/0893   Assignment of logical group...

H04L 41/0894 : Policy-based network config...

H04L 41/5003 : Managing SLA; Interaction b...

H04L 41/5025 : by proactively reacting to ...

H04L 41/5054 : Automatic deployment of ser...

H04L 47/20 : Traffic policing

H04L 47/2408 : for supporting different se...

H04L 51/046 : Interoperability with other...

H04L 63/0236 : Filtering by address, proto...

H04L 63/04 : for providing a confidentia...

H04L 63/0428 : wherein the data content is...

H04L 63/08 : for authentication of entit...

H04L 63/0853 : using an additional device,...

H04L 63/0892 : by using authentication-aut...

H04L 63/10 : for controlling access to d...

H04L 63/20 : for managing network securi...

H04L 67/145 : avoiding end of session, e....

H04L 67/306 : User profiles

H04L 67/34 : involving the movement of s...

H04L 67/51 : Discovery or management the...

H04L 67/55 : Push-based network services

H04L 67/564 : Enhancement of application ...

H04L 67/63 : Routing a service request d...

H04L 9/32 : including means for verifyi...

H04L 9/3247 : involving digital signatures

H04M 15/00 : Arrangements for metering, ...

H04M 15/49 : Connection to several servi...

H04M 15/58 : based on statistics of usag...

H04M 15/61 : based on the service used

H04M 15/66 : Policy and charging system

H04M 15/80 : Rating or billing plans; Ta...

H04M 15/8055 : Selecting cheaper transport...

H04M 15/88 : Provision for limiting conn...

H04M 2215/0188 : Network monitoring; statist...

H04W 12/00 : Security arrangements; Auth...

H04W 12/02 : Protecting privacy or anony...

H04W 12/037 : of the control plane, e.g. ...

H04W 12/06 : Authentication

H04W 12/08 : Access security

H04W 12/37 : Managing security policies ...

H04W 24/08 : Testing, supervising or mon...

H04W 28/02 : Traffic management, e.g. fl...

H04W 28/0215 : based on user or device pro...

H04W 28/0268 : using specific QoS paramete...

H04W 28/12 : using signalling between ne...

H04W 4/02 : Services making use of loca...

H04W 4/12 : Messaging; Mailboxes; Annou...

H04W 4/18 : Information format or conte...

H04W 4/20 : Services signaling; Auxilia...

H04W 4/24 : Accounting or billing

H04W 4/50 : Service provisioning or rec...

H04W 48/14 : using user query or user de...

H04W 48/16 : Discovering, processing acc...

H04W 72/0453 : Resources in frequency doma...

H04W 8/02 : Processing of mobility data...

H04W 8/18 : Processing of user or subsc...

H04W 8/20 : Transfer of user or subscri...

H04W 84/04 : Large scale networks; Deep ...

H04W 84/042 : Public Land Mobile systems,...

H04W 84/12 : WLAN [Wireless Local Area N...

H04W 88/06 : adapted for operation in mu...

H04W 88/08 : Access point devices

Y02P 90/80 : Management or planning

View All

Security techniques for device assisted services

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

1446 Citations

12 Claims

Specification

Use Cases

Quick Links

Others

Security techniques for device assisted services

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

1446 Citations

12 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others