Abstract: A method and apparatus are described for maintaining communications connectivity for client applications that send keep-alive messages and network applications that send client-alive (i.e., “are you there?”) messages. The client applications may register with a client proxy provided in an operating system (OS) of a wireless transmit/receive unit (WTRU) and indicate a respective keep-alive message signaling rate. The network applications may register with a network proxy provided in an OS of a network node and indicate a respective client-alive message signaling rate. The client proxy and/or the network proxy may, respectively, register and prioritize keep-alive and/or client-alive message requirements, determine an optimal signaling rate based on the respective keep-alive and/or client-alive message signaling rates, and generate proxy messages, (i.e., an application layer proxy keep-alive message and/or a network layer proxy client-alive message), associated with the keep-alive and/or client-alive messages.

Abstract: A certification provenance tree (CPT) structure may provide information concerning a layered certification of a device that comprises a hierarchy of components. The CPT structure may include a hierarchy of secure certification provenance document (SCPD) structures. Each SCPD structure in the hierarchy may represent a given component at a given level of the hierarchy of components of the device. Each SCPD structure may include a field that stores a certification proof indicating that security properties of the given component have been certified by a certification authority. An SCPD structure may further include accreditation information fields that store a pointer to an SCPD structure of a component at a next layer of the hierarchy of components of the device. The pointer may provide an indication of assurance that the component at that next layer will perform securely within this component at said given layer.

Abstract: WTRUs, ARSs, APs, WLG/AAA proxies, networks, and methods thereon are disclosed for fast security setup on a multi-RAT WTRU. Methods of sharing security associations between RATs on a multi-RAT WTRU are disclosed. Methods of caching security associations are disclosed. Methods are disclosed for alerting an ANDSF server of an AP that should be considered for association. Enhancements to advertisements from an AP are disclosed where the advertisements may include SSID with a FQDN, a HESSID type information, or TAI type information. Methods of resolving AP identities to a reachable address are disclosed. An address resolution protocol is disclosed for resolving AP identities. ARSs are disclosed that may resolve a BSSID to a network routable address. Protocols for carrying AP identities and security parameters are disclosed. Methods are disclosed of using ANDSF to provide the WTRU with security information and parameters of an AP. An RSN may indicate security capabilities.

Abstract: A trusted computing environment, such as a smartcard, UICC, Java card, global platform, or the like may be used as a local host trust center and a proxy for a single-sign on (SSO) provider. This may be referred to as a local SSO provider (OP). This may be done, for example, to keep authentication traffic local and to prevent over the air communications, which may burden an operator network. To establish the OP proxy in the trusted environment, the trusted environment may bind to the SSO provider in a number of ways. For example, the SSO provider may interoperate with UICC-based UE authentication or GBA. In this way, user equipment may leverage the trusted environment in order to provide increased security and reduce over the air communications and authentication burden on the OP or operator network.

Abstract: Disclosed herein are methods and devices for sharing a packet data protocol (PDP) context among a plurality of devices. For example, a method or sharing a PDP context among a plurality of devices may include a wireless transmit/receive unit (WTRU) sending a request to establish or modify a PDP context. The request to establish or modify the PDP context may include an indication that the WTRU is a member of shared context group. The method may also include the WTRU receiving a response indicating that the request to establish or modify the PDP context was accepted. The method may also include the WTRU acting as a gateway for at least one other device in the shared context group. The request to establish or modify the PDP context may be an attach request. The indication that the WTRU is a member of shared context group may be a group identifier (ID).

Abstract: A wireless communications device may be configured to perform integrity checking and interrogation with a network entity to isolate a portion of a failed component on the wireless network device for remediation. Once an integrity failure is determined on a component of the device, the device may identify a functionality associated with the component and indicate the failed functionality to the network entity. Both the wireless network device and the network entity may identify the failed functionality and/or failed component using a component-to-functionality map. After receiving an indication of an integrity failure at the device, the network entity may determine that one or more additional iterations of integrity checking may be performed at the device to narrow the scope of the integrity failure on the failed component. Once the integrity failure is isolated, the network entity may remediate a portion of the failed component on the wireless communications device.

Abstract: A trusted computing environment, such as a smartcard, UICC, Java card, global platform, or the like may be used as a local host trust center and a proxy for a single-sign on (SSO) provider. This may be referred to as a local SSO provider (OP). This may be done, for example, to keep authentication traffic local and to prevent over the air communications, which may burden an operator network. To establish the OP proxy in the trusted environment, the trusted environment may bind to the SSO provider in a number of ways. For example, the SSO provider may interoperate with UICC-based UE authentication or GBA. In this way, user equipment may leverage the trusted environment in order to provide increased security and reduce over the air communications and authentication burden on the OP or operator network.

Abstract: Methods and apparatus are disclosed to provide protection against Unsolicited Communication (UC) in a network, such as, without limitation, an Internet Protocol (IP) Multimedia Subsystem (IMS). A communication may originate from a sending device and may be intended for delivery to a receiving device. A network may determine authentication information associated with the sending device. The network may send the authentication information to a receiving entity to evaluate if the communication is unsolicited using the authentication information. If the communication is determined to be acceptable, a connection associated with the communication may be allowed.

Abstract: An apparatus and method for providing home evolved node-B (H(e)NB) integrity verification and validation using autonomous validation and semi-autonomous validation is disclosed herein.

Abstract: Methods, components and apparatus for implementing platform validation and management (PVM) are disclosed. PVM provides the functionality and operations of a platform validation entity with remote management of devices by device management components and systems such as a home node-B management system or component. Example PVM operations bring devices into a secure target state before allowing connectivity and access to a core network.

Abstract: An apparatus, method and product for independently testing communications components are disclosed. A testing apparatus is provided that has a test control component which includes an input configured to receive a test script, an upper interface coupling and a lower upper interface coupling. In operation, a protocol stack component to be tested is coupled to the test control component via upper and lower interfaces.