Abstract: A machine-to-machine (M2M) gateway (GW) includes reachability, addressing, and repository (RAR) capability. The GW maintains a local mapping table and local device application repository, performs data aggregation, address/name translation, provides event reporting and establishes GW reachability and wake-up time. The GW supports requests from M2M applications or other capabilities within the GW, and from a network and application (N&A) domain RAR. The GW may include an M2M device and M2M gateway management (MDGM) capability that receives management requests for an M2M device and functions as a network proxy. The MDGM accepts and processes requests from the N&A domain on behalf of the M2M device and performs management functions of the M2M device on behalf of the N&A domain. The MDGM may request the N&A domain for permission to interact with the M2M device, initiate an interaction for device management tasks with the M2M device, and report to the N&A domain.

Abstract: A machine to machine (M2M) gateway (GW) comprises at least one processor configured to determine registration attributes for a registration service, for a plurality of M2M devices, that comprise an M2M device identification for each of the plurality of M2M devices permitted to register with the M2M GW. The at least one processor is configured to receive a registration request from one of the M2M devices to register with the M2M GW. The at least one processor is configured to determine, using the registration service, whether to register the requesting M2M device by comparing the registration request to the registration attributes. The at least one processor is configured to register the requesting M2M device with the M2M GW. The at least one processor is configured to communicate with the requesting M2M device to provide the requesting M2M device with an M2M common service capability.

Abstract: A machine-to-machine (M2M) gateway (GW) includes reachability, addressing, and repository (RAR) capability. The GW maintains a local mapping table and local device application repository, performs data aggregation, address/name translation, provides event reporting and establishes GW reachability and wake-up time. The GW supports requests from M2M applications or other capabilities within the GW, and from a network and application (N&A) domain RAR. The GW may include an M2M device and M2M gateway management (MDGM) capability that receives management requests for an M2M device and functions as a network proxy. The MDGM accepts and processes requests from the N&A domain on behalf of the M2M device and performs management functions of the M2M device on behalf of the N&A domain. The MDGM may request the N&A domain for permission to interact with the M2M device, initiate an interaction for device management tasks with the M2M device, and report to the N&A domain.

Abstract: A method and apparatus for performing secure Machine-to-Machine (M2M) provisioning and communication is disclosed. In particular a temporary private identifier, or provisional connectivity identification (PCID), for uniquely identifying machine-to-machine equipment (M2ME) is also disclosed. Additionally, methods and apparatus for use in validating, authenticating and provisioning a M2ME is also disclosed. The validation procedures disclosed include an autonomous, semi-autonomous, and remote validation are disclosed. The provisioning procedures include methods for re-provisioning the M2ME. Procedures for updating software, and detecting tampering with the M2ME are also disclosed.

Abstract: An apparatus and method for providing home evolved node-B (H(e)NB) integrity verification and validation using autonomous validation and semi-autonomous validation is disclosed herein.

Abstract: Methods and instrumentalities are disclosed that enable one or more domains on one or more devices to be owned or controlled by one or more different local or remote owners, while providing a level of system-wide management of those domains. Each domain may have a different owner, and each owner may specify policies for operation of its domain and for operation of its domain in relation to the platform on which the domain resides, and other domains. A system-wide domain manager may be resident on one of the domains. The system-wide domain manager may enforce the policies of the domain on which it is resident, and it may coordinate the enforcement of the other domains by their respective policies in relation to the domain in which the system-wide domain manager resides. Additionally, the system-wide domain manager may coordinate interaction among the other domains in accordance with their respective policies.

Abstract: A method for taking measurements with a smart antenna in a wireless communication system having a plurality of STAs begins by sending a measurement request from a first STA to a second STA. At least two measurement packets are transmitted consecutively from the second STA to the first STA. Each measurement packet is received at the first STA using a different antenna beam. The first STA performs measurements on each measurement packet and selects an antenna beam direction based on the measurement results.

Abstract: Methods and instrumentalities are disclosed that enable one or more domains on one or more devices to be owned or controlled by one or more different local or remote owners, while providing a level of system-wide management of those domains. Each domain may have a different owner, and each owner may specify policies for operation of its domain and for operation of its domain in relation to the platform on which the domain resides, and other domains. A system-wide domain manager may be resident on one of the domains. The system-wide domain manager may enforce the policies of the domain on which it is resident, and it may coordinate the enforcement of the other domains by their respective policies in relation to the domain in which the system-wide domain manager resides. Additionally, the system-wide domain manager may coordinate interaction among the other domains in accordance with their respective policies. A domain application may be resident on one of the domains.

Abstract: Universal integrated circuit card (UICC) having a virtual subscriber identity module functionality is disclosed. A wireless transmit/receive unit (WTRU) comprises a mobile equipment (ME) configured to perform wireless communication and a UICC. The UICC is configured to perform security functionalities. The UICC supports multiple isolated domains including UICC issuer's domain. Each domain is owned by a separate owner so that each owner stores and executes an application on the UICC under a control of an UICC issuer and the UICC issuer's domain controls creation and deletion of other domains and defines and enforces security rules for authorizing third parties to have an access to the domains. The UICC is configured to verify integrity of operating system functions and applications stored on the UICC. The UICC is configured to control an access to information regarding applications according to security policies stored within the UICC.

Abstract: Methods, components and apparatus for implementing platform validation and management (PVM) are disclosed. PVM provides the functionality and operations of a platform validation entity with remote management of devices by device management components and systems such as a home node-B management system or component. Example PVM operations bring devices into a secure target state before allowing connectivity and access to a core network.

Abstract: A method and apparatus for performing secure Machine-to-Machine (M2M) provisioning and communication is disclosed. In particular a temporary private identifier, or provisional connectivity identification (PCID), for uniquely identifying machine-to-machine equipment (M2ME) is also disclosed. Additionally, methods and apparatus for use in validating, authenticating and provisioning a M2ME is also disclosed. The validation procedures disclosed include an autonomous, semi-autonomous, and remote validation are disclosed. The provisioning procedures include methods for re-provisioning the M2ME. Procedures for updating software, and detecting tampering with the M2ME are also disclosed.

Abstract: Systems, methods, and instrumentalities are disclosed that provide for a gateway outside of a network domain to provide services to a plurality of devices. For example, the gateway may act as a management entity or as a proxy for the network domain. As a management entity, the gateway may perform a security function relating to each of the plurality of devices. The gateway may perform the security function without the network domain participating or having knowledge of the particular devices. As a proxy for the network, the gateway may receive a command from the network domain to perform a security function relating to each of a plurality of devices. The network may know the identity of each of the plurality of devices. The gateway may perform the security function for each of the plurality of devices and aggregate related information before sending the information to the network domain.

Abstract: A user may access a subscription-based service via a system comprising one or more devices with one or more separate domains where each domain may be owned or controlled by one or more different local or remote owners. Each domain may have a different owner, and a remote owner offering a subscription-based service may have taken ownership of a domain, which may be referred to as a remote owner domain. Further, the user may have taken ownership of a domain, which may be referred to as a user domain. In order for the user to access the subscription-based service, registration and credential roll-out may be needed. An exemplary registration and credential roll-out process may comprise registration of the user, obtaining credentials from the remote owner and storing the credentials.

Abstract: A method and apparatus for performing secure Machine-to-Machine (M2M) provisioning and communication is disclosed. In particular a temporary private identifier, or provisional connectivity identification (PCID), for uniquely identifying machine-to-machine equipment (M2ME) is also disclosed. Additionally, methods and apparatus for use in validating, authenticating and provisioning a M2ME is also disclosed. The validation procedures disclosed include an autonomous, semi-autonomous, and remote validation are disclosed. The provisioning procedures include methods for re-provisioning the M2ME. Procedures for updating software, and detecting tampering with the M2ME are also disclosed.

Abstract: Disclosed herein are methods and devices for sharing a packet data protocol (PDP) context among a plurality of devices. For example, a method or sharing a PDP context among a plurality of devices may include a wireless transmit/receive unit (WTRU) sending a request to establish or modify a PDP context. The request to establish or modify the PDP context may include an indication that the WTRU is a member of shared context group. The method may also include the WTRU receiving a response indicating that the request to establish or modify the PDP context was accepted. The method may also include the WTRU acting as a gateway for at least one other device in the shared context group. The request to establish or modify the PDP context may be an attach request. The indication that the WTRU is a member of shared context group may be a group identifier (ID).

Abstract: Methods and instrumentalities are disclosed that enable one or more domains on one or more devices to be owned or controlled by one or more different local or remote owners, while providing a level of system-wide management of those domains. Each domain may have a different owner, and each owner may specify policies for operation of its domain and for operation of its domain in relation to the platform on which the domain resides, and other domains. A system-wide domain manager may be resident on one of the domains. The system-wide domain manager may enforce the policies of the domain on which it is resident, and it may coordinate the enforcement of the other domains by their respective policies in relation to the domain in which the system-wide domain manager resides. Additionally, the system-wide domain manager may coordinate interaction among the other domains in accordance with their respective policies.

Abstract: A constrained network entity may determine, via an authentication procedure with a core network entity, the trustworthiness of an endpoint attempting to establish a secure channel with the constrained network entity. The constrained network entity may receive a certificate from the endpoint attempting to establish the secure channel and the constrained network entity may send the certificate asserted by the endpoint to a core network entity for validation. The core network entity may receive the certificate during a key exchange with the constrained network entity and the core network entity may indicate to the constrained network entity the validity of the certificate. The constrained network entity may determine whether to establish the secure channel with the endpoint based on the validity of the certificate.

Abstract: Integrity validation of a network device may be performed. A network device comprising a secure hardware module, may receive a root key. The secure hardware module may also receive a first code measurement. The secure hardware module may provide a first key based on the root key and the first code measurement. The secure hardware module may receive a second code measurement and provide a second key based on the first key and the second code measurement. The release of keys based on code measurements may provide authentication in stages.

Abstract: The present invention is related to a wireless transmit/receive unit (WTRU) for providing advanced security functions. The WTRU includes trusted platform module (TPM) for performing trusted computing operations; and a secure time component (STC) for providing a secure measurement of a current time. The STC and the TPM are integrated to provide accurate trusted time information to internal and external to the WTRU. The STC may be located on an expanded a subscriber identity module (SIM), on the WTRU platform, or two STCs may be used, one in each location. Similarly, the TPM may be located on an expanded SIM, on the WTRU platform, or two TPMs may be used, one in each location. Preferably, the STC will include a real time clock (RTC); a tamper detection and power failure unit; and a time report and sync controller.

Abstract: Methods and apparatus are disclosed to provide protection against Unsolicited Communication (UC) in a network, such as, without limitation, an Internet Protocol (IP) Multimedia Subsystem (IMS). A communication may originate from a sending device and may be intended for delivery to a receiving device. A network may determine authentication information associated with the sending device. The network may send the authentication information to a receiving entity to evaluate if the communication is unsolicited using the authentication information. If the communication is determined to be acceptable, a connection associated with the communication may be allowed.