Patents by Inventor Andreas U. Schmidt
Andreas U. Schmidt has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9826335Abstract: A method and apparatus for performing secure Machine-to-Machine (M2M) provisioning and communication is disclosed. In particular a temporary private identifier, or provisional connectivity identification (PCID), for uniquely identifying machine-to-machine equipment (M2ME) is also disclosed. Additionally, methods and apparatus for use in validating, authenticating and provisioning a M2ME is also disclosed. The validation procedures disclosed include an autonomous, semi-autonomous, and remote validation are disclosed. The provisioning procedures include methods for re-provisioning the M2ME. Procedures for updating software, and detecting tampering with the M2ME are also disclosed.Type: GrantFiled: January 21, 2009Date of Patent: November 21, 2017Assignee: InterDigital Patent Holdings, Inc.Inventors: Inhyok Cha, Yogendra C. Shah, Andreas U. Schmidt, Michael V. Meyerstein
-
Patent number: 9807608Abstract: Methods and instrumentalities are disclosed that enable one or more domains on one or more devices to be owned or controlled by one or more different local or remote owners, while providing a level of system-wide management of those domains. Each domain may have a different owner, and each owner may specify policies for operation of its domain and for operation of its domain in relation to the platform on which the domain resides, and other domains. A system-wide domain manager may be resident on one of the domains. The system-wide domain manager may enforce the policies of the domain on which it is resident, and it may coordinate the enforcement of the other domains by their respective policies in relation to the domain in which the system-wide domain manager resides. Additionally, the system-wide domain manager may coordinate interaction among the other domains in accordance with their respective policies.Type: GrantFiled: April 20, 2010Date of Patent: October 31, 2017Assignee: InterDigital Patent Holdings, Inc.Inventors: Inhyok Cha, Louis J. Guccione, Yogendra C. Shah, Andreas U. Schmidt, Sudhir B. Pattar
-
Publication number: 20170054707Abstract: A method and apparatus for trusted authentication and logon is disclosed. A trusted platform module (TPM) based logon method is presented for authentication and access. A user registers an identity with an identity provider that is tightly bound to the user's specific platform, e.g., the TPM. If the user decides to login, for example to a service provider using this identity, the identity provider challenges the user to provide the correct credentials. The credentials consist of a TPM generated ticket, that is, a credential chain. This allows the user to login without the need for a password at the identity provider.Type: ApplicationFiled: November 7, 2016Publication date: February 23, 2017Inventors: Andreas Leicher, Andreas U. Schmidt
-
Patent number: 9490984Abstract: A method and apparatus for trusted authentication and logon is disclosed. A trusted platform module (TPM) based logon method is presented for authentication and access. A user registers an identity with an identity provider that is tightly bound to the user's specific platform, e.g., the TPM. If the user decides to login, for example to a service provider using this identity, the identity provider challenges the user to provide the correct credentials. The credentials consist of a TPM generated ticket, that is, a credential chain. This allows the user to login without the need for a password at the identity provider.Type: GrantFiled: September 14, 2009Date of Patent: November 8, 2016Assignee: InterDigital Patent Holdings, Inc.Inventors: Andreas Leicher, Andreas U. Schmidt
-
Publication number: 20160073262Abstract: A wireless device may perform a local authentication to reduce the traffic on a network. The local authentication may be performed using a local web server and/or a local OpenID provider (OP) associated with the wireless device. The local web server and/or local OP may be implemented on a security module, such as a smartcard or a trusted execution environment for example. The local OP and/or local web server may be used to implement a provisioning phase to derive a session key, associated with a service provider, from an authentication between the wireless device and the network. The session key may be reusable for subsequent local authentications to locally authenticate a user of the wireless device to the service provider.Type: ApplicationFiled: November 9, 2015Publication date: March 10, 2016Inventors: Andreas U. Schmidt, Michael V. Meyerstein, Andreas Leicher, Yogendra C. Shah, Louis J. Guccione, Inhyok Cha
-
Patent number: 9253643Abstract: An apparatus and method for providing home evolved node-B (H(e)NB) integrity verification and validation using autonomous validation and semi-autonomous validation is disclosed herein.Type: GrantFiled: March 5, 2010Date of Patent: February 2, 2016Assignee: InterDigital Patent Holdings, Inc.Inventors: Sudhir B. Pattar, Inhyok Cha, Andreas U. Schmidt, Andreas Leicher, Yogendra C. Shah, Dolores F. Howry, David G. Greiner, Lawrence L. Case, Michael V. Meyerstein, Louis J. Guccione
-
Patent number: 9253588Abstract: A mobile trusted platform (MTP) configured to provide virtual subscriber identify module (vSIM) services is disclosed. In one embodiment, the MTP includes: a device manufacturer-trusted subsystem (TSS-DM) configured to store and provide credentials related to a manufacturer of the MTP; a mobile network operator-trusted subsystem (MNO-TSS) configured to store and provide credentials related to a mobile network operator (MNO); and a device user/owner-trusted subsystem (TSS-DO/TSS-U) configured to store and provide credentials related to user of the MTP. The TSS-MNO includes a vSIM core services unit, configured to store, provide and process credential information relating to the MNO. The TSS-DO/TSS-U includes a vSIM management unit, configured to store, provide and process credential information relating to the user/owner of the MTP. The TSS-DO/TSS-U and the TSS-MNO communicate through a trusted vSIM service.Type: GrantFiled: July 7, 2008Date of Patent: February 2, 2016Assignee: InterDigital Patent Holdings, Inc.Inventors: Andreas U. Schmidt, Nicolai Kuntze, Michael Kasper
-
Patent number: 9185560Abstract: A wireless device may perform a local authentication to reduce the traffic on a network. The local authentication may be performed using a local web server and/or a local OpenID provider (OP) associated with the wireless device. The local web server and/or local OP may be implemented on a security module, such as a smartcard or a trusted execution environment for example. The local OP and/or local web server may be used to implement a provisioning phase to derive a session key, associated with a service provider, from an authentication between the wireless device and the network. The session key may be reusable for subsequent local authentications to locally authenticate a user of the wireless device to the service provider.Type: GrantFiled: November 10, 2014Date of Patent: November 10, 2015Assignee: InterDigital Patent Holdings, Inc.Inventors: Andreas U. Schmidt, Michael V. Meyerstein, Andreas Leicher, Yogendra C. Shah, Louis J. Guccione, Inhyok Cha
-
Publication number: 20150065093Abstract: A wireless device may perform a local authentication to reduce the traffic on a network. The local authentication may be performed using a local web server and/or a local OpenID provider (OP) associated with the wireless device. The local web server and/or local OP may be implemented on a security module, such as a smartcard or a trusted execution environment for example. The local OP and/or local web server may be used to implement a provisioning phase to derive a session key, associated with a service provider, from an authentication between the wireless device and the network. The session key may be reusable for subsequent local authentications to locally authenticate a user of the wireless device to the service provider.Type: ApplicationFiled: November 10, 2014Publication date: March 5, 2015Inventors: Andreas U. Schmidt, Michael V. Meyerstein, Andreas Leicher, Yogendra C. Shah, Louis J. Guccione, Inhyok Cha
-
Patent number: 8886948Abstract: A wireless device may perform a local authentication to reduce the traffic on a network. The local authentication may be performed using a local web server and/or a local OpenID provider (OP) associated with the wireless device. The local web server and/or local OP may be implemented on a security module, such as a smartcard or a trusted execution environment for example. The local OP and/or local web server may be used to implement a provisioning phase to derive a session key, associated with a service provider, from an authentication between the wireless device and the network. The session key may be reusable for subsequent local authentications to locally authenticate a user of the wireless device to the service provider.Type: GrantFiled: August 12, 2013Date of Patent: November 11, 2014Assignee: InterDigital Patent Holdings, Inc.Inventors: Andreas U. Schmidt, Michael V. Meyerstein, Andreas Leicher, Yogendra C. Shah, Louis J. Guccione, Inhyok Cha
-
Patent number: 8826020Abstract: A method for authenticating a home nodeB/home evolved node B (H(e)NB) with a network is disclosed.Type: GrantFiled: October 24, 2012Date of Patent: September 2, 2014Assignee: InterDigital Patent Holdings, Inc.Inventors: Yogendra C. Shah, Inhyok Cha, Andreas U. Schmidt
-
Patent number: 8812836Abstract: A method and apparatus are disclosed for performing secure remote subscription management. Secure remote subscription management may include providing the Wireless Transmit/Receive Unit (WTRU) with a connectivity identifier, such as a Provisional Connectivity Identifier (PCID), which may be used to establish an initial network connection to an Initial Connectivity Operator (ICO) for initial secure remote registration, provisioning, and activation. A connection to the ICO may be used to remotely provision the WTRU with credentials associated with the Selected Home Operator (SHO). A credential, such as a cryptographic keyset, which may be included in the Trusted Physical Unit (TPU), may be allocated to the SHO and may be activated. The WTRU may establish a network connection to the SHO and may receive services using the remotely managed credentials. Secure remote subscription management may be repeated to associate the WTRU with another SHO.Type: GrantFiled: March 5, 2010Date of Patent: August 19, 2014Assignee: InterDigital Patent Holdings, Inc.Inventors: Michael V. Meyerstein, Yogendra C. Shah, Inhyok Cha, Andreas Leicher, Andreas U. Schmidt
-
Patent number: 8788832Abstract: A mobile trusted platform (MTP) configured to provide virtual subscriber identify module (vSIM) services is disclosed. In one embodiment, the MTP includes: a device manufacturer-trusted subsystem (TSS-DM) configured to store and provide credentials related to a manufacturer of the MTP; a mobile network operator-trusted subsystem (MNO-TSS) configured to store and provide credentials related to a mobile network operator (MNO); and a device user/owner-trusted subsystem (TSS-DO/TSS-U) configured to store and provide credentials related to user of the MTP. The TSS-MNO includes a vSIM core services unit, configured to store, provide and process credential information relating to the MNO. The TSS-DO/TSS-U includes a vSIM management unit, configured to store, provide and process credential information relating to the user/owner of the MTP. The TSS-DO/TSS-U and the TSS-MNO communicate through a trusted vSIM service.Type: GrantFiled: June 4, 2012Date of Patent: July 22, 2014Assignee: InterDigital Patent Holdings, Inc.Inventors: Louis J. Guccione, Andreas U. Schmidt, Nicolai Kuntze, Michael Kasper, Yogendra C. Shah, Inhyok Cha
-
Publication number: 20140047528Abstract: A wireless device may perform a local authentication to reduce the traffic on a network. The local authentication may be performed using a local web server and/or a local OpenID provider (OP) associated with the wireless device. The local web server and/or local OP may be implemented on a security module, such as a smartcard or a trusted execution environment for example. The local OP and/or local web server may be used to implement a provisioning phase to derive a session key, associated with a service provider, from an authentication between the wireless device and the network. The session key may be reusable for subsequent local authentications to locally authenticate a user of the wireless device to the service provider.Type: ApplicationFiled: August 12, 2013Publication date: February 13, 2014Applicant: InterDigital Patent Holdings, Inc.Inventors: Andreas U. Schmidt, Michael V. Meyerstein, Andreas Leicher, Yogendra C. Shah, Louis J. Guccione, Inhyok Cha
-
Publication number: 20130227658Abstract: Identity management, user authentication, and/or user access to services on a network may be provided in a secure and/or trustworthy manner, as described herein. For example, trustworthy claims may be used to indicate security and/or trustworthiness of a user or user device on a network. Security and/or trustworthiness of a user or a user device on a network may also be established using OpenID and/or local OpenID, a secure channel between a service and the user device, and/or by including a network layer authentication challenge in an application layer authentication challenge on the user device for example.Type: ApplicationFiled: August 20, 2012Publication date: August 29, 2013Applicant: INTERDIGITAL PATENT HOLDINGS, INC.Inventors: Andreas Leicher, Andreas U. Schmidt, Yogendra C. Shah
-
Patent number: 8509431Abstract: A wireless device may perform a local authentication to reduce the traffic on a network. The local authentication may be performed using a local web server and/or a local OpenID provider (OP) associated with the wireless device. The local web server and/or local OP may be implemented on a security module, such as a smartcard or a trusted execution environment for example. The local OP and/or local web server may be used to implement a provisioning phase to derive a session key, associated with a service provider, from an authentication between the wireless device and the network. The session key may be reusable for subsequent local authentications to locally authenticate a user of the wireless device to the service provider.Type: GrantFiled: September 20, 2011Date of Patent: August 13, 2013Assignee: InterDigital Patent Holdings, Inc.Inventors: Andreas U. Schmidt, Michael V. Meyerstein, Andreas Leicher, Yogendra C. Shah, Louis J. Guccione, Inhyok Cha
-
Patent number: 8503376Abstract: The present invention is related to a wireless communication system. 3G UMTS mobile phone systems rely on a protected smart card called the UMTS integrated circuit card (UICC) that provides UMTS subscriber identity module (USIM) applications as a basis or root of various security measures protecting the communication path between the 3G mobile terminal and the UMTS wireless network (or UTRAN). Disclosed is a method by which the UICC exchanges information with a terminal, such as an Internal Key Center (IKC 1250) and a Bootstrapping Server Function (BSF 1270) enables a procedure where multiple local keys specific to applications and Network Application Functions (NAFs) (Ks_local) are used for authentication and to encrypt and decrypt messages.Type: GrantFiled: October 6, 2008Date of Patent: August 6, 2013Assignee: InterDigital Technology CorporationInventors: Inhyok Cha, Chinmayee V. Rathi, Yogendra C. Shah, Louis J. Guccione, Andreas U. Schmidt, Nicolai Kuntze
-
Patent number: 8499161Abstract: A method and apparatus to establish a trustworthy local time based on trusted computing methods are described. The concepts are scaling because they may be graded by the frequency and accuracy with which a reliable external time source is available for correction and/or reset, and how trustworthy this external source is in a commercial scenario. The techniques also take into account that the number of different paths and number of hops between the device and the trusted external time source may vary. A local clock related value which is protected by a TPM securely bound to an external clock. A system of Accuracy Statements (AS) is added to introduce time references to the audit data provided by other maybe cheaper sources than the time source providing the initial time.Type: GrantFiled: February 19, 2009Date of Patent: July 30, 2013Assignee: InterDigital Patent Holdings, Inc.Inventors: Inhyok Cha, Yogendra C. Shah, Andreas U. Schmidt, Christian Hett
-
Patent number: 8307205Abstract: A Home Node B or Home evolved Node B (HN(e)B) apparatus and methods are disclosed. The HN(e)B includes a Trusted Environment (TrE) and interfaces including unprotected interfaces, cryptographically protected interfaces, and hardware protected interfaces. The H(e)NB includes security/authentication protocols for communication between the H(e)NB and external network elements, including a Security Gateway (SGW).Type: GrantFiled: September 21, 2009Date of Patent: November 6, 2012Assignee: InterDigital Patent Holdings, Inc.Inventors: Inhyok Cha, Yogendra C. Shah, Andreas U. Schmidt
-
Publication number: 20120246481Abstract: A mobile trusted platform (MTP) configured to provide virtual subscriber identify module (vSIM) services is disclosed. In one embodiment, the MTP includes: a device manufacturer-trusted subsystem (TSS-DM) configured to store and provide credentials related to a manufacturer of the MTP; a mobile network operator—trusted subsystem (MNO-TSS) configured to store and provide credentials related to a mobile network operator (MNO); and a device user/owner—trusted subsystem (TSS-DO/TSS-U) configured to store and provide credentials related to user of the MTP. The TSS-MNO includes a vSIM core services unit, configured to store, provide and process credential information relating to the MNO. The TSS-DO/TSS-U includes a vSIM management unit, configured to store, provide and process credential information relating to the user/owner of the MTP. The TSS-DO/TSS-U and the TSS-MNO communicate through a trusted vSIM service.Type: ApplicationFiled: June 4, 2012Publication date: September 27, 2012Applicant: INTERDIGITAL PATENT HOLDINGS, INC.Inventors: Louis J. Guccione, Andreas U. Schmidt, Nicolai Kuntze, Michael Kasper, Yogendra C. Shah, Inhyok Cha