Communications device with secure data path processing agents

US 10,771,980 B2
Filed: 05/11/2018
Issued: 09/08/2020
Est. Priority Date: 01/28/2009
Status: Active Grant

First Claim

Patent Images

1. A wireless communications device comprising:

an application execution environment and network stack to provide wireless network access for user application software executing in the application execution environment;

a policy enforcement client to implement a device communication activity policy applicable to wireless network access provided for the user application software;

a wireless modem chipset in network data path communication with the network stack, the wireless modem chipset includinga secure execution environment configured to be inaccessible to the user application software, the secure execution environment including signal processing elements andone or more secure data path processing agents configured to;

execute in the secure execution environment,monitor a device data communications activity that utilizes the wireless modem chipset to receive and transmit data passing between the network stack and a wireless network,generate a device data record comprising information about the monitored device data communications activity, the information configured to assist a network element in determining whether the wireless communications device is operating or has operated in accordance with the device communication activity policy, andsend the device data record to the network element over a trusted communication link between the one or more data path processing agents and the network element; and

a trusted data path between the one or more secure data path processing agents and the signal processing elements wide area network port.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Secure device data records (DDRs) are provided. In some embodiments, a system for secure DDRs includes a processor of a wireless communication device for wireless communication with a wireless network, in which the processor is configured with a secure execution environment, and in which the secure execution environment is configured to: monitor service usage of the wireless communication device with the wireless network; and generate a plurality of device data records of the monitored service usage of the wireless communication device with the wireless network, in which each device data record is associated with a unique sequence order identifier; and a memory coupled to the processor and configured to provide the processor with instructions. In some embodiments, the secure execution environment is located in an application processor, in a modem processor, and/or in a subscriber identity module (SIM).

1666 Citations

10 Claims

1. A wireless communications device comprising:
- an application execution environment and network stack to provide wireless network access for user application software executing in the application execution environment;
  
  a policy enforcement client to implement a device communication activity policy applicable to wireless network access provided for the user application software;
  
  a wireless modem chipset in network data path communication with the network stack, the wireless modem chipset includinga secure execution environment configured to be inaccessible to the user application software, the secure execution environment including signal processing elements andone or more secure data path processing agents configured to;
  
  execute in the secure execution environment,monitor a device data communications activity that utilizes the wireless modem chipset to receive and transmit data passing between the network stack and a wireless network,generate a device data record comprising information about the monitored device data communications activity, the information configured to assist a network element in determining whether the wireless communications device is operating or has operated in accordance with the device communication activity policy, andsend the device data record to the network element over a trusted communication link between the one or more data path processing agents and the network element; and
  
  a trusted data path between the one or more secure data path processing agents and the signal processing elements wide area network port.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The wireless communications device of claim 1, wherein the secure data path processing agents further comprise a device data record mailbox, the device data record mailbox relaying the device data records to an agent outside of the secure execution environment for transmission to the network element.
  - 3. The wireless communications device of claim 1, further comprising a subscriber identity module (SIM), wherein at least a portion of the SIM is within the secure execution environment.
  - 4. The wireless communications device of claim 3, wherein the agent configured to generate the device data record resides on the SIM.
  - 5. The wireless communications device of claim 4, wherein the network data path between the network stack and the wireless modem chipset passes through the SIM, and the secure data path processing agents further comprise a data path security verifier in the wireless modem chipset.
  - 6. The wireless communications device of claim 5, wherein the data path security verifier restricts network access to allow only monitored device data communications activity.
  - 7. The wireless communications device of claim 1, further comprising an applications processor unit section that is within the secure execution environment.
  - 8. The wireless communications device of claim 7, wherein the agent configured to generate the device data record resides within the applications processor unit section.
  - 9. The wireless communications device of claim 8, wherein the network data path between the network stack and the wireless modem chipset passes through the applications processor unit section, and the secure data path processing agents further comprise a data path security verifier in the wireless modem chipset.
  - 10. The wireless communications device of claim 9, wherein the data path security verifier restricts network access to allow only monitored device data communications activity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Headwater Research LLC (Greg Raleigh)
Original Assignee
Headwater Research LLC (Greg Raleigh)
Inventors
Raleigh, Gregory G., Lavine, James, Raissinia, Alireza, Sabin, Michael J.
Primary Examiner(s)
Rudy, Andrew Joseph

Application Number

US15/977,731
Publication Number

US 20190132739A1
Time in Patent Office

851 Days
Field of Search

705 28- 32, 340 51, 709217-223, 455405, 455406, 4554141, 4554321, 4554561
US Class Current
CPC Class Codes

G06F 21/575   Secure boot

H04L 41/046   comprising network manageme...

H04L 63/1425   Traffic logging, e.g. anoma...

H04W 12/12   Detection or prevention of ...

H04W 12/128   Anti-malware arrangements, ...

Communications device with secure data path processing agents

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

1666 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Communications device with secure data path processing agents

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

1666 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links