Patents by Inventor Nicholas Bone
Nicholas Bone has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9247429Abstract: To facilitate a change in network authentication key (Ki) for use by a smart card (SIM) during authentication on a cellular telecommunications network, there is provided a smart card management scheme that combines key derivation with over the air (OTA) provisioning. This scheme ensures both that the Ki is never transmitted OTA and that the Ki is stored in two locations only: on the SIM and at an authentication center (AuC).Type: GrantFiled: December 15, 2011Date of Patent: January 26, 2016Assignee: Vodafone IP Licensing LimitedInventors: Stephen Babbage, Nicholas Bone
-
Patent number: 9210174Abstract: To control access by any given mobile terminal to a mobile telecommunications network, a smartcard (i.e. a SIM) is arranged to include a list of device identifiers corresponding to one or more mobile terminals together with an indication of their respective access categories (i.e. black-list, grey-list or white-list). This list is constructed from an updated list of identifiers of mobile devices into which the smartcard has been inserted. This may be enhanced with a limited number of generic excluded identifiers. The smartcard thus maintains a local database of banned devices and/or devices that need to be monitored by the network.Type: GrantFiled: September 14, 2011Date of Patent: December 8, 2015Assignee: VODAFONE IP LICENSING LIMITEDInventors: Nicholas Bone, James Raeburn
-
Patent number: 9049597Abstract: A terminal (1) for use with a cellular or mobile telecommunications network (3) includes authentication means (15) such as a SIM, USIM, UICC etc. for authenticating the terminal with the network. The terminal further includes a normal execution environment (30) and a secure execution environment (34). An interface controller (46) is provided in the secure execution environment and intercepts all communications directed to the authentication means to control access to the authentication means by these communications.Type: GrantFiled: August 29, 2008Date of Patent: June 2, 2015Assignee: VODAFONE GROUP PLCInventors: Caroline Belrose, Nicholas Bone
-
Patent number: 9015495Abstract: A mobile terminal for use with a cellular or mobile telecommunications network includes a normal execution environment and a secure execution environment The mobile terminal enables the software of the terminal in the secure execution environment to be updated. The terminal may be provided with minimal software initially in the secure execution environment, and is operable to subsequently update the software by over the air transmission of software. Also disclosed is a method for managing rights in respect of broadcast, multicast and/or unicast (downloaded) data. The method defines a service protection platform implemented on mobile terminals having both normal execution environment and secure execution environment. Service protection is provided by separating the operation of service protection application components into those that operate in the normal environment and those that are adapted to execute only in the secure execution environment.Type: GrantFiled: December 2, 2013Date of Patent: April 21, 2015Assignee: Vodafone IP Licensing LimitedInventors: Mark Priestley, Timothy Wright, Caroline Jessica Belrose, Nicholas Bone, James Irwin
-
Patent number: 8831518Abstract: The subject innovation relates to a device for contactless short range communication. An exemplary device comprises a contactless communication module enabled for contactless short range communication with an external target. A processor of the device is configured to execute at least one contactless application. The exemplary device includes a smart card external to the processor and connected to the contactless communication module. The smart card provides an interface used by the contactless application to access functions of the contactless communication module via the smart card.Type: GrantFiled: October 13, 2011Date of Patent: September 9, 2014Assignee: Vodafone Holding GmbHInventors: Sebastiaan Hoeksel, Nicholas Bone, Anita Döhler
-
Publication number: 20140237260Abstract: A mobile terminal for use with a cellular or mobile telecommunications network includes a normal execution environment and a secure execution environment The mobile terminal enables the software of the terminal in the secure execution environment to be updated. The terminal may be provided with minimal software initially in the secure execution environment, and is operable to subsequently update the software by over the air transmission of software. Also disclosed is a method for managing rights in respect of broadcast, multicast and/or unicast (downloaded) data. The method defines a service protection platform implemented on mobile terminals having both normal execution environment and secure execution environment. Service protection is provided by separating the operation of service protection application components into those that operate in the normal environment and those that are adapted to execute only in the secure execution environment.Type: ApplicationFiled: December 2, 2013Publication date: August 21, 2014Inventors: Mark PRIESTLEY, Timothy WRIGHT, Caroline Jessica BELROSE, Nicholas BONE, James IRWIN
-
Patent number: 8775812Abstract: A method of verifying the validity of a message received by a telecommunications terminal (8) having a processor (30) and which is operable in a boot mode and a runtime mode is disclosed. In the embodiments the message is a SIM unlock message, for removing or modifying a restriction of the types of subscriber identity module (SIM) with which the mobile terminal may be used. In response to reception of the SIM unlock message when the terminal (1) is in the runtime mode, the processor 30 of the terminal (1) causes the terminal to enter the boot mode and verify the validity of the message during the boot mode. Because the validity of the message is checked during the boot mode, the check can be performed with greater security.Type: GrantFiled: July 7, 2008Date of Patent: July 8, 2014Assignee: Vodafone Group PLCInventors: Caroline Belrose, Nicholas Bone, Timothy Wright
-
Publication number: 20140181902Abstract: To allow devices to authenticate to a wide area mobile network when they temporarily do not have a connection to a SIM card and to authenticate the base station and so protect against false base stations, a system is provided where certain authentication credentials are pre-fetched while connection to the SIM card and the authentication subsystem of the wide area mobile network are in signaling connection. These advance credentials are then presented by the devices in authentication requests without requiring access via the mobile network or the connected presence of the SIM card being necessary for successful authentication.Type: ApplicationFiled: September 14, 2011Publication date: June 26, 2014Applicant: VODAFONE IP LICENSING LIMITEDInventors: Nicholas Bone, Peter Howard
-
Publication number: 20140150063Abstract: To enable formation of secure associations between IP-enabled devices when they have not previously connected, a method is proposed where a declaration of ownership of a target device is made by the subscriber of a originating device and that subscriber giving that declaration is authenticated by means of a SIM card, say. The originating device establishes secure connection to a first server. The target device establishes a secure connection to a second server. Provided the first and second servers can establish a conventional IP-type SA (e.g. using IPSec or TLS), there is a chain of secure associations between the two devices. This chain is then used to build a new secure association between originating device and target Device. The first and second servers thus act as proxies for two devices respectively and negotiate the secure association on their behalf. They then transfer the new secure association information securely to the devices using the existing chain of secure associations.Type: ApplicationFiled: September 14, 2011Publication date: May 29, 2014Applicant: VODAFONE IP LICENSING LIMITEDInventor: Nicholas Bone
-
Publication number: 20140150073Abstract: To facilitate authentication over a wireless access network, it is proposed to provide a hub device having an authentication storage means (i.e. a (U)SIM) to which one or more machine devices are connected. Each machine devices connects to a wireless access network and in order to authenticate with that network requests authentication information from the hub device. The core network of the wireless access network, authenticates each machine device and provides the machine devices with parallel access to the access network in accordance with authentication information obtained from the hub device. The authentication information is unique to the respective machine device but also associated with information stored on the authentication storage means of the hub device.Type: ApplicationFiled: September 14, 2011Publication date: May 29, 2014Applicant: VODAFONE IP LICENSING LIMITEDInventor: Nicholas Bone
-
Publication number: 20140128028Abstract: To control access by any given mobile terminal to a mobile telecommunications network, a smartcard (i.e. a SIM) is arranged to include a list of device identifiers corresponding to one or more mobile terminals together with an indication of their respective access categories (i.e. black-list, grey-list or white-list). This list is constructed from an updated list of identifiers of mobile devices into which the smartcard has been inserted. This may be enhanced with a limited number of generic excluded identifiers. The smartcard thus maintains a local database of banned devices and/or devices that need to be monitored by the network.Type: ApplicationFiled: September 14, 2011Publication date: May 8, 2014Applicant: VODAFONE IP LICENSING LIMITEDInventors: Nicholas Bone, James Raeburn
-
Publication number: 20140087790Abstract: Where a smartcard is embedded or inaccessible within a cellular telecommunications device (i.e. an eUICC), locking the smartcard (or the subscription associated with the smartcard) to a particular MNO while allowing the MNO to be altered legitimately presents a challenge. A method is described using policy control tables stored in a trusted service manager registry and/or the smartcard's data store. By maintaining the policy control table, any MNO subscription may be downloaded/activated on the smartcard but the device will be prevented from accessing the desired MNO because that access would violate the lock rules.Type: ApplicationFiled: December 22, 2011Publication date: March 27, 2014Applicant: VODAFONE IP LICENSING LIMITEDInventors: Stephen Babbage, Nicholas Bone
-
Publication number: 20140087691Abstract: To facilitate a change in network authentication key (Ki) for use by a smart card (SIM) during authentication on a cellular telecommunications network, there is provided a smart card management scheme that combines key derivation with over the air (OTA) provisioning. This scheme ensures both that the Ki is never transmitted OTA and that the Ki is stored in two locations only: on the SIM and at an authentication centre (AuC).Type: ApplicationFiled: December 15, 2011Publication date: March 27, 2014Applicant: VODAFONE IP LICENSING LIMITEDInventors: Steven Babbage, Nicholas Bone
-
Patent number: 8600060Abstract: A mobile terminal for use with a cellular or mobile telecommunications network includes a normal execution environment (operating system) (30) and a secure execution environment (32) comprising a Mobile Trusted Module (MTM). The mobile terminal enables the software of the terminal in the secure execution environment (32) to be updated. The terminal 1 may be provided with minimal software initially in the secure execution environment (32), and is operable to subsequently update the software by over the air transmission of software. Also disclosed is a method for managing rights in respect of broadcast, multicast and/or unicast (downloaded) data, relevant in particular to managing access to a broadcast video data stream complying with a mobile digital broadcast scheme. The method defines a service protection platform implemented on mobile terminals having both normal execution environment (i.e. the operating system) and secure execution environment.Type: GrantFiled: July 13, 2007Date of Patent: December 3, 2013Assignee: Vodafone Group PLCInventors: Mark Priestley, Timothy James Wright, Caroline Jessica Belrose, Nicholas Bone, James Irwin
-
Patent number: 8321864Abstract: A framework whereby mobile terminals are configured and managed by a central server. In accordance with one aspect of the present invention, there is provided a mobile telecommunications terminal including a first execution environment and a second execution environment, each execution environment being arranged to execute a respective device management agent and each agent issuing, in accordance with instructions from a device management server, management actions that act upon one or more respective management entities running within one or more of the execution environments; wherein the management entities of the second execution environment are grouped into a management structure, the management structure being one of the management entities within the first execution environment, whereby the he first and second execution environments permit the device management server is permitted to manage applications and/or services running within both.Type: GrantFiled: October 22, 2007Date of Patent: November 27, 2012Assignee: Vodafone Group PLCInventors: Nicholas Bone, Caroline Jessica Belrose, Timothy Wright, Stephen Babbage
-
Publication number: 20120094603Abstract: The subject innovation relates to a device for contactless short range communication. An exemplary device comprises a contactless communication module enabled for contactless short range communication with an external target. A processor of the device is configured to execute at least one contactless application. The exemplary device includes a smart card external to the processor and connected to the contactless communication module. The smart card provides an interface used by the contactless application to access functions of the contactless communication module via the smart card.Type: ApplicationFiled: October 13, 2011Publication date: April 19, 2012Applicant: Vodafone Holding GmbHInventors: Sebastiaan Hoeksel, Nicholas Bone, Anita Döhler
-
Publication number: 20110003580Abstract: A terminal (1) for use with a cellular or mobile telecommunications network (3) includes authentication means (15) such as a SIM, USIM, UICC etc. for authenticating the terminal with the network. The terminal further includes a normal execution environment (30) and a secure execution environment (34). An interface controller (46) is provided in the secure execution environment and intercepts all communications directed to the authentication means to control access to the authentication means by these communications.Type: ApplicationFiled: August 29, 2008Publication date: January 6, 2011Applicant: VODAFONE GROUP PLCInventors: Caroline Belrose, Nicholas Bone
-
Publication number: 20100275027Abstract: A method of verifying the validity of a message received by a telecommunications terminal (8) having a processor (30) and which is operable in a boot mode and a runtime mode is disclosed. In the embodiments the message is a SIM unlock message, for removing or modifying a restriction of the types of subscriber identity module (SIM) with which the mobile terminal may be used. In response to reception of the SIM unlock message when the terminal (1) is in the runtime mode, the processor 30 of the terminal (1) causes the terminal to enter the boot mode and verify the validity of the message during the boot mode. Because the validity of the message is checked during the boot mode, the check can be performed with greater security.Type: ApplicationFiled: July 7, 2008Publication date: October 28, 2010Inventors: Caroline Belrose, Nicholas Bone, Timothy Wright
-
Publication number: 20100255813Abstract: A method of controlling a telecommunications terminal (1, 11, 13) requiring an authorised input to perform at least one operation, and including a locking function that locks said at least one operation of the telecommunications terminal. The method comprises selectively transmitting to the telecommunications terminal an unlocking application, receiving the unlocking application at the telecommunications terminal and running the unlocking application to enable said at least one locked operation. The operation may be the full use of the terminal with a selected subscriber identity module. In addition, and preferably in combination, a method and system for a telecommunications terminal to securely receive a message in which the telecommunications terminal has a first environment for running an operating system, and a second environment adapted to be substantially secure against third party tampering.Type: ApplicationFiled: July 7, 2008Publication date: October 7, 2010Inventors: Caroline Belrose, Nicholas Bone
-
Publication number: 20100195833Abstract: A mobile terminal for use with a cellular or mobile telecommunications network includes a normal execution environment (operating system) (30) and a secure execution environment (32) comprising a Mobile Trusted Module (MTM). The mobile terminal enables the software of the terminal in the secure execution environment (32) to be updated. The terminal 1 may be provided with minimal software initially in the secure execution environment (32), and is operable to subsequently update the software by over the air transmission of software. Also disclosed is a method for managing rights in respect of broadcast, multicast and/or unicast (downloaded) data, relevant in particular to managing access to a broadcast video data stream complying with a mobile digital broadcast scheme. The method defines a service protection platform implemented on mobile terminals having both normal execution environment (i.e. the operating system) and secure execution environment.Type: ApplicationFiled: July 13, 2007Publication date: August 5, 2010Applicant: VODAFONE GROUP PLCInventors: Mark Priestley, Timothy Wright, Caroline Jessica Belrose, Nicholas Bone, James Irwin