Abstract: In an embodiment, a client proxy provides an operating-system-functions (OS-functions) interface to client applications. The client proxy and each of the client applications resides on a wireless transmit/receive unit (WTRU). The client proxy receives, via the OS-functions interface, respective registrations from each of a plurality of the client applications. Each respective registration indicates a respective keep-alive-message signaling rate for the corresponding registered client application. The client proxy determines an optimal signaling rate based on the respective keep-alive message signaling rates indicated by the respective registrations. The client proxy generates proxy keep-alive signaling messages that collectively convey keep-alive-message information on behalf of the registered client applications. The client proxy transmits the generated proxy keep-alive signaling messages to a network node at the determined optimal signaling rate.

Abstract: An apparatus and method for providing home evolved node-B (H(e)NB) integrity verification and validation using autonomous validation and semi-autonomous validation is disclosed herein.

Abstract: A certification provenance tree (CPT) structure may provide information concerning a layered certification of a device that comprises a hierarchy of components. The CPT structure may include a hierarchy of secure certification provenance document (SCPD) structures. Each SCPD structure in the hierarchy may represent a given component at a given level of the hierarchy of components of the device. Each SCPD structure may include a field that stores a certification proof indicating that security properties of the given component have been certified by a certification authority. An SCPD structure may further include accreditation information fields that store a pointer to an SCPD structure of a component at a next layer of the hierarchy of components of the device. The pointer may provide an indication of assurance that the component at that next layer will perform securely within this component at said given layer.

Abstract: Methods, components and apparatus for implementing platform validation and management (PVM) are disclosed. PVM provides the functionality and operations of a platform validation entity with remote management of devices by device management components and systems such as a home node-B management system or component. Example PVM operations bring devices into a secure target state before allowing connectivity and access to a core network.

Abstract: Disclosed herein are methods and devices for sharing a packet data protocol (PDP) context among a plurality of devices. For example, a method or sharing a PDP context among a plurality of devices may include a wireless transmit/receive unit (WTRU) sending a request to establish or modify a PDP context. The request to establish or modify the PDP context may include an indication that the WTRU is a member of shared context group. The method may also include the WTRU receiving a response indicating that the request to establish or modify the PDP context was accepted. The method may also include the WTRU acting as a gateway for at least one other device in the shared context group. The request to establish or modify the PDP context may be an attach request. The indication that the WTRU is a member of shared context group may be a group identifier (ID).

Abstract: Current approaches to using security postures lack functionalities. Security postures can be used to enable various nodes to make informed decisions. In accordance with one embodiment, a system comprises a first node and a second node. The first node receives a security posture associated with the second node. The security posture provides a verifiable point-in-time trust metric on an overall level of trust in the second node. The first node compares the security posture associated with the second node to an expected security posture level associated with the first node. If the security posture associated with the second node is adequate as compared to the expected security posture level, a connection is established between the first node and the second node.

Abstract: Methods and apparatus are disclosed to provide protection against Unsolicited Communication (UC) in a network, such as, without limitation, an Internet Protocol (IP) Multimedia Subsystem (IMS). A communication may originate from a sending device and may be intended for delivery to a receiving device. A network may determine authentication information associated with the sending device. The network may send the authentication information to a receiving entity to evaluate if the communication is unsolicited using the authentication information. If the communication is determined to be acceptable, a connection associated with the communication may be allowed.

Abstract: A certification provenance tree (CPT) structure may provide information concerning a layered certification of a device that comprises a hierarchy of components. The CPT structure may include a hierarchy of secure certification provenance document (SCPD) structures. Each SCPD structure in the hierarchy may represent a given component at a given level of the hierarchy of components of the device. Each SCPD structure may include a field that stores a certification proof indicating that security properties of the given component have been certified by a certification authority. An SCPD structure may further include accreditation information fields that store a pointer to an SCPD structure of a component at a next layer of the hierarchy of components of the device. The pointer may provide an indication of assurance that the component at that next layer will perform securely within this component at said given layer.

Abstract: WTRUs, ARSs, APs, WLG/AAA proxies, networks, and methods thereon are disclosed for fast security setup on a multi-RAT WTRU. Methods of sharing security associations between RATs on a multi-RAT WTRU are disclosed. Methods of caching security associations are disclosed. Methods are disclosed for alerting an ANDSF server of an AP that should be considered for association. Enhancements to advertisements from an AP are disclosed where the advertisements may include SSID with a FQDN, a HESSID type information, or TAI type information. Methods of resolving AP identities to a reachable address are disclosed. An address resolution protocol is disclosed for resolving AP identities. ARSs are disclosed that may resolve a BSSID to a network routable address. Protocols for carrying AP identities and security parameters are disclosed. Methods are disclosed of using ANDSF to provide the WTRU with security information and parameters of an AP. An RSN may indicate security capabilities.

Abstract: A wireless communications device may be configured to perform integrity checking and interrogation with a network entity to isolate a portion of a failed component on the wireless network device for remediation. Once an integrity failure is determined on a component of the device, the device may identify a functionality associated with the component and indicate the failed functionality to the network entity. Both the wireless network device and the network entity may identify the failed functionality and/or failed component using a component-to-functionality map. After receiving an indication of an integrity failure at the device, the network entity may determine that one or more additional iterations of integrity checking may be performed at the device to narrow the scope of the integrity failure on the failed component. Once the integrity failure is isolated, the network entity may remediate a portion of the failed component on the wireless communications device.

Abstract: A wireless communications device may be configured to perform integrity checking and interrogation with a network entity to isolate a portion of a failed component on the wireless network device for remediation. Once an integrity failure is determined on a component of the device, the device may identify a functionality associated with the component and indicate the failed functionality to the network entity. Both the wireless network device and the network entity may identify the failed functionality and/or failed component using a component-to-functionality map. After receiving an indication of an integrity failure at the device, the network entity may determine that one or more additional iterations of integrity checking may be performed at the device to narrow the scope of the integrity failure on the failed component. Once the integrity failure is isolated, the network entity may remediate a portion of the failed component on the wireless communications device.

Abstract: In an embodiment, a client proxy provides an operating-system-functions (OS-functions) interface to client applications. The client proxy and each of the client applications resides on a wireless transmit/receive unit (WTRU). The client proxy receives, via the OS-functions interface, respective registrations from each of a plurality of the client applications. Each respective registration indicates a respective keep-alive-message signaling rate for the corresponding registered client application. The client proxy determines an optimal signaling rate based on the respective keep-alive message signaling rates indicated by the respective registrations. The client proxy generates proxy keep-alive signaling messages that collectively convey keep-alive-message information on behalf of the registered client applications. The client proxy transmits the generated proxy keep-alive signaling messages to a network node at the determined optimal signaling rate.

Abstract: A method and apparatus are described for maintaining communications connectivity for client applications that send keep-alive messages and network applications that send client-alive (i.e., “are you there?”) messages. The client applications may register with a client proxy provided in an operating system (OS) of a wireless transmit/receive unit (WTRU) and indicate a respective keep-alive message signaling rate. The network applications may register with a network proxy provided in an OS of a network node and indicate a respective client-alive message signaling rate. The client proxy and/or the network proxy may, respectively, register and prioritize keep-alive and/or client-alive message requirements, determine an optimal signaling rate based on the respective keep-alive and/or client-alive message signaling rates, and generate proxy messages, (i.e., an application layer proxy keep-alive message and/or a network layer proxy client-alive message), associated with the keep-alive and/or client-alive messages.

Abstract: An abstract and method for providing home evolved node-B (H(e)NB) integrity verification and validation using autonomous validation and semi-autonomous validation is disclosed herein.

Abstract: WTRUs, ARSs, APs, WLG/AAA proxies, networks, and methods thereon are disclosed for fast security setup on a multi-RAT WTRU. Methods of sharing security associations between RATs on a multi-RAT WTRU are disclosed. Methods of caching security associations are disclosed. Methods are disclosed for alerting an ANDSF server of an AP that should be considered for association. Enhancements to advertisements from an AP are disclosed where the advertisements may include SSID with a FQDN, a HESSID type information, or TAI type information. Methods of resolving AP identities to a reachable address are disclosed. An address resolution protocol is disclosed for resolving AP identities. ARSs are disclosed that may resolve a BSSID to a network routable address. Protocols for carrying AP identities and security parameters are disclosed. Methods are disclosed of using ANDSF to provide the WTRU with security information and parameters of an AP. An RSN may indicate security capabilities.

Abstract: An apparatus and method for providing home evolved node-B (H(e)NB) integrity verification and validation using autonomous validation and semi-autonomous validation is disclosed herein.

Abstract: WTRUs, ARSs, APs, WLG/AAA proxies, networks, and methods thereon are disclosed for fast security setup on a multi-RAT WTRU. Methods of sharing security associations between RATs on a multi-RAT WTRU are disclosed. Methods of caching security associations are disclosed. Methods are disclosed for alerting an ANDSF server of an AP that should be considered for association. Enhancements to advertisements from an AP are disclosed where the advertisements may include SSID with a FQDN, a HESSID type information, or TAI type information. Methods of resolving AP identities to a reachable address are disclosed. An address resolution protocol is disclosed for resolving AP identities. ARSs are disclosed that may resolve a BSSID to a network routable address. Protocols for carrying AP identities and security parameters are disclosed. Methods are disclosed of using ANDSF to provide the WTRU with security information and parameters of an AP. An RSN may indicate security capabilities.

Abstract: Methods, components and apparatus for implementing platform validation and management (PVM) are disclosed. PVM provides the functionality and operations of a platform validation entity with remote management of devices by device management components and systems such as a home node-B management system or component. Example PVM operations bring devices into a secure target state before allowing connectivity and access to a core network.

Abstract: A wireless communications device may be configured to perform integrity checking and interrogation with a network entity to isolate a portion of a failed component on the wireless network device for remediation. Once an integrity failure is determined on a component of the device, the device may identify a functionality associated with the component and indicate the failed functionality to the network entity. Both the wireless network device and the network entity may identify the failed functionality and/or failed component using a component-to-functionality map. After receiving an indication of an integrity failure at the device, the network entity may determine that one or more additional iterations of integrity checking may be performed at the device to narrow the scope of the integrity failure on the failed component. Once the integrity failure is isolated, the network entity may remediate a portion of the failed component on the wireless communications device.

Abstract: A wireless communications device may be configured to perform integrity checking and interrogation with a network entity to isolate a portion of a failed component on the wireless network device for remediation. Once an integrity failure is determined on a component of the device, the device may identify a functionality associated with the component and indicate the failed functionality to the network entity. Both the wireless network device and the network entity may identify the failed functionality and/or failed component using a component-to-functionality map. After receiving an indication of an integrity failure at the device, the network entity may determine that one or more additional iterations of integrity checking may be performed at the device to narrow the scope of the integrity failure on the failed component. Once the integrity failure is isolated, the network entity may remediate a portion of the failed component on the wireless communications device.