Communications device with secure data path processing agents
First Claim
1. A wireless communications device comprising:
- an application execution environment and network stack to provide wireless network access for user application software executing in the application execution environment;
a policy enforcement client to implement a device communication activity policy applicable to wireless network access provided for the user application software;
a wireless modem chipset in network data path communication with the network stack, the wireless modem chipset includinga secure execution environment configured to be inaccessible to the user application software, the secure execution environment including signal processing elements andone or more secure data path processing agents configured to;
execute in the secure execution environment,monitor a device data communications activity that utilizes the wireless modem chipset to receive and transmit data passing between the network stack and a wireless network,generate a device data record comprising information about the monitored device data communications activity, the information configured to assist a network element in determining whether the wireless communications device is operating or has operated in accordance with the device communication activity policy, andsend the device data record to the network element over a trusted communication link between the one or more data path processing agents and the network element; and
a trusted data path between the one or more secure data path processing agents and the signal processing elements wide area network port.
2 Assignments
0 Petitions
Accused Products
Abstract
Secure device data records (DDRs) are provided. In some embodiments, a system for secure DDRs includes a processor of a wireless communication device for wireless communication with a wireless network, in which the processor is configured with a secure execution environment, and in which the secure execution environment is configured to: monitor service usage of the wireless communication device with the wireless network; and generate a plurality of device data records of the monitored service usage of the wireless communication device with the wireless network, in which each device data record is associated with a unique sequence order identifier; and a memory coupled to the processor and configured to provide the processor with instructions. In some embodiments, the secure execution environment is located in an application processor, in a modem processor, and/or in a subscriber identity module (SIM).
1666 Citations
10 Claims
-
1. A wireless communications device comprising:
-
an application execution environment and network stack to provide wireless network access for user application software executing in the application execution environment; a policy enforcement client to implement a device communication activity policy applicable to wireless network access provided for the user application software; a wireless modem chipset in network data path communication with the network stack, the wireless modem chipset including a secure execution environment configured to be inaccessible to the user application software, the secure execution environment including signal processing elements and one or more secure data path processing agents configured to; execute in the secure execution environment, monitor a device data communications activity that utilizes the wireless modem chipset to receive and transmit data passing between the network stack and a wireless network, generate a device data record comprising information about the monitored device data communications activity, the information configured to assist a network element in determining whether the wireless communications device is operating or has operated in accordance with the device communication activity policy, and send the device data record to the network element over a trusted communication link between the one or more data path processing agents and the network element; and a trusted data path between the one or more secure data path processing agents and the signal processing elements wide area network port. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
Specification