Patents by Inventor Michael V. Meyerstein
Michael V. Meyerstein has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20190007406Abstract: Authentication of a user or a wireless transmit/receive unit may be based on an obtained measure of authentication strength, which may referred to as an assurance level. For example, a user, via a WTRU, may request access to a service controlled by an access control entity (ACE). The user may be authenticated with a user authenticator and assertion function (UAAF), producing a result. A user assertion may be provided that includes the user authentication result, a user assurance level, and/or a user freshness level. The WTRU may be authenticated with a device authenticator and assertion function (DAAF), producing an associated result. A device assertion may be provided that may include the device authentication result, a device assurance level, and/or a device freshness level. The assertions may be bound together to receive access to a service or resource.Type: ApplicationFiled: July 25, 2018Publication date: January 3, 2019Inventors: Vinod Kumar Choyi, Yogendra C. Shah, Michael V. Meyerstein, Louis J. Guccione
-
Publication number: 20180242129Abstract: A method and apparatus for performing secure Machine-to-Machine (M2M) provisioning and communication is disclosed. In particular a temporary private identifier, or provisional connectivity identification (PCID), for uniquely identifying machine-to-machine equipment (M2ME) is also disclosed. Additionally, methods and apparatus for use in validating, authenticating and provisioning a M2ME is also disclosed. The validation procedures disclosed include an autonomous, semi-autonomous, and remote validation are disclosed. The provisioning procedures include methods for re-provisioning the M2ME. Procedures for updating software, and detecting tampering with the M2ME are also disclosed.Type: ApplicationFiled: April 17, 2018Publication date: August 23, 2018Inventors: Yogendra C. SHAH, Inhyok CHA, Michael V. MEYERSTEIN, Andreas SCHMIDT
-
Patent number: 10038692Abstract: Authentication of a user or a wireless transmit/receive unit may be based on an obtained measure of authentication strength, which may referred to as an assurance level. For example, a user, via a WTRU, may request access to a service controlled by an access control entity (ACE). The user may be authenticated with a user authenticator and assertion function (UAAF), producing a result. A user assertion may be provided that includes the user authentication result, a user assurance level, and/or a user freshness level. The WTRU may be authenticated with a device authenticator and assertion function (DAAF), producing an associated result. A device assertion may be provided that may include the device authentication result, a device assurance level, and/or a device freshness level. The assertions may be bound together to receive access to a service or resource.Type: GrantFiled: November 21, 2016Date of Patent: July 31, 2018Assignee: InterDigital Patent Holdings, Inc.Inventors: Vinod Kumar Choyi, Yogendra C. Shah, Michael V. Meyerstein, Louis J. Guccione
-
Publication number: 20180159738Abstract: An apparatus and method for providing home evolved node-B (H(e)NB) integrity verification and validation using autonomous validation and semi-autonomous validation is disclosed herein.Type: ApplicationFiled: November 10, 2017Publication date: June 7, 2018Inventors: Yogendra C. Shah, Inhyok Cha, Andreas Leicher, Andreas Schmidt, Dolores F. Howry, Sudhir B. Pattar, David G. Greiner, Louis J. Guccione, Michael V. Meyerstein, Lawrence Case
-
Publication number: 20180121661Abstract: Methods and instrumentalities are disclosed that enable one or more domains on one or more devices to be owned or controlled by one or more different local or remote owners, while providing a level of system-wide management of those domains. Each domain may have a different owner, and each owner may specify policies for operation of its domain and for operation of its domain in relation to the platform on which the domain resides, and other domains. A system-wide domain manager may be resident on one of the domains. The system-wide domain manager may enforce the policies of the domain on which it is resident, and it may coordinate the enforcement of the other domains by their respective policies in relation to the domain in which the system-wide domain manager resides. Additionally, the system-wide domain manager may coordinate interaction among the other domains in accordance with their respective policies. A domain application may be resident on one of the domains.Type: ApplicationFiled: December 14, 2017Publication date: May 3, 2018Inventors: Louis J. Guccione, Michael V. Meyerstein, Inhyok Cha, Andreas Schmidt, Andreas Leicher, Yogendra C. Shah
-
Publication number: 20180091978Abstract: Universal integrated circuit card (UICC) having a virtual subscriber identity module functionality is disclosed. A wireless transmit/receive unit (WTRU) comprises a mobile equipment (ME) configured to perform wireless communication and a UICC. The UICC is configured to perform security functionalities. The UICC supports multiple isolated domains including UICC issuer's domain. Each domain is owned by a separate owner so that each owner stores and executes an application on the UICC under a control of an UICC issuer and the UICC issuer's domain controls creation and deletion of other domains and defines and enforces security rules for authorizing third parties to have an access to the domains. The UICC is configured to verify integrity of operating system functions and applications stored on the UICC. The UICC is configured to control an access to information regarding applications according to security policies stored within the UICC.Type: ApplicationFiled: December 4, 2017Publication date: March 29, 2018Inventors: Yogendra C. Shah, Michael V. Meyerstein, Inhyok Cha, Andreas Schmidt
-
Patent number: 9924366Abstract: Methods, components and apparatus for implementing platform validation and management (PVM) are disclosed. PVM provides the functionality and operations of a platform validation entity with remote management of devices by device management components and systems such as a home node-B management system or component. Example PVM operations bring devices into a secure target state before allowing connectivity and access to a core network.Type: GrantFiled: April 29, 2015Date of Patent: March 20, 2018Assignee: InterDigital Patent Holdings, Inc.Inventors: Andreas Schmidt, David G. Greiner, Louis J. Guccione, Dolores F. Howry, Michael V. Meyerstein, Sudhir B. Pattar, Yogendra C. Shah, Inhyok Cha, Andreas Leicher, Lawrence Case
-
Patent number: 9826335Abstract: A method and apparatus for performing secure Machine-to-Machine (M2M) provisioning and communication is disclosed. In particular a temporary private identifier, or provisional connectivity identification (PCID), for uniquely identifying machine-to-machine equipment (M2ME) is also disclosed. Additionally, methods and apparatus for use in validating, authenticating and provisioning a M2ME is also disclosed. The validation procedures disclosed include an autonomous, semi-autonomous, and remote validation are disclosed. The provisioning procedures include methods for re-provisioning the M2ME. Procedures for updating software, and detecting tampering with the M2ME are also disclosed.Type: GrantFiled: January 21, 2009Date of Patent: November 21, 2017Assignee: InterDigital Patent Holdings, Inc.Inventors: Inhyok Cha, Yogendra C. Shah, Andreas U. Schmidt, Michael V. Meyerstein
-
Patent number: 9681296Abstract: A method and apparatus are disclosed for performing secure remote subscription management. Secure remote subscription management may include providing the Wireless Transmit/Receive Unit (WTRU) with a connectivity identifier, such as a Provisional Connectivity Identifier (PCID), which may be used to establish an initial network connection to an Initial Connectivity Operator (ICO) for initial secure remote registration, provisioning, and activation. A connection to the ICO may be used to remotely provision the WTRU with credentials associated with the Selected Home Operator (SHO). A credential, such as a cryptographic keyset, which may be included in the Trusted Physical Unit (TPU), may be allocated to the SHO and may be activated. The WTRU may establish a network connection to the SHO and may receive services using the remotely managed credentials. Secure remote subscription management may be repeated to associate the WTRU with another SHO.Type: GrantFiled: August 15, 2014Date of Patent: June 13, 2017Assignee: InterDigital Patent Holdings, Inc.Inventors: Michael V Meyerstein, Yogendra C. Shah, Inhyok Cha, Andreas Leicher, Andreas Schmidt
-
Publication number: 20170070503Abstract: Authentication of a user or a wireless transmit/receive unit may be based on an obtained measure of authentication strength, which may referred to as an assurance level. For example, a user, via a WTRU, may request access to a service controlled by an access control entity (ACE). The user may be authenticated with a user authenticator and assertion function (UAAF), producing a result. A user assertion may be provided that includes the user authentication result, a user assurance level, and/or a user freshness level. The WTRU may be authenticated with a device authenticator and assertion function (DAAF), producing an associated result. A device assertion may be provided that may include the device authentication result, a device assurance level, and/or a device freshness level. The assertions may be bound together to receive access to a service or resource.Type: ApplicationFiled: November 21, 2016Publication date: March 9, 2017Inventors: Vinod Kumar Choyi, Yogendra C. Shah, Michael V. Meyerstein, Louis J. Guccione
-
Patent number: 9503438Abstract: Authentication of a user or a wireless transmit/receive unit may be based on an obtained measure of authentication strength, which may referred to as an assurance level. For example, a user, via a WTRU, may request access to a service controlled by an access control entity (ACE). The user may be authenticated with a user authenticator and assertion function (UAAF), producing a result. A user assertion may be provided that includes the user authentication result, a user assurance level, and/or a user freshness level. The WTRU may be authenticated with a device authenticator and assertion function (DAAF), producing an associated result. A device assertion may be provided that may include the device authentication result, a device assurance level, and/or a device freshness level. The assertions may be bound together to receive access to a service or resource.Type: GrantFiled: July 12, 2013Date of Patent: November 22, 2016Assignee: InterDigital Patent Holdings, Inc.Inventors: Vinod Kumar Choyi, Yogendra C Shah, Michael V Meyerstein, Louis J Guccione
-
Publication number: 20160286403Abstract: Methods and instrumentalities are disclosed that enable one or more domains on one or more devices to be owned or controlled by one or more different local or remote owners, while providing a level of system-wide management of those domains. Each domain may have a different owner, and each owner may specify policies for operation of its domain and for operation of its domain in relation to the platform on which the domain resides, and other domains. A system-wide domain manager may be resident on one of the domains. The system-wide domain manager may enforce the policies of the domain on which it is resident, and it may coordinate the enforcement of the other domains by their respective policies in relation to the domain in which the system-wide domain manager resides. Additionally, the system-wide domain manager may coordinate interaction among the other domains in accordance with their respective policies. A domain application may be resident on one of the domains.Type: ApplicationFiled: June 6, 2016Publication date: September 29, 2016Inventors: Louis J. Guccione, Michael V. Meyerstein, Inhyok Cha, Andreas Schmidt, Andreas Leicher, Yogendra C. Shah
-
Publication number: 20160283725Abstract: Methods and instrumentalities are disclosed that enable one or more domains on one or more devices to be owned or controlled by one or more different local or remote owners, while providing a level of system-wide management of those domains. Each domain may have a different owner, and each owner may specify policies for operation of its domain and for operation of its domain in relation to the platform on which the domain resides, and other domains. A system-wide domain manager may be resident on one of the domains. The system-wide domain manager may enforce the policies of the domain on which it is resident, and it may coordinate the enforcement of the other domains by their respective policies in relation to the domain in which the system-wide domain manager resides. Additionally, the system-wide domain manager may coordinate interaction among the other domains in accordance with their respective policies. A domain application may be resident on one of the domains.Type: ApplicationFiled: June 6, 2016Publication date: September 29, 2016Inventors: Louis J. Guccione, Michael V. Meyerstein, Inhyok Cha, Andreas Schmidt, Andreas Leicher, Yogendra C. Shah
-
Publication number: 20160226710Abstract: An abstract and method for providing home evolved node-B (H(e)NB) integrity verification and validation using autonomous validation and semi-autonomous validation is disclosed herein.Type: ApplicationFiled: January 19, 2016Publication date: August 4, 2016Inventors: Inhyok Cha, Andreas Leicher, Yogendra C. Shah, Andreas Schmidt, Dolores F. Howry, Sudhir B. Pattar, David G. Greiner, Louis J. Guccione, Michael V. Meyerstein, Lawrence L. Case
-
Patent number: 9363676Abstract: One or more wireless communications device may include one or more domains that may be owned or controlled by one or more different owners. One of the domains may include a security domain having ultimate control over the enforcement of security policies on the one or more wireless communications devices. Another one of the domains may include a system-wide domain manager that is subsidiary to the security domain and may enforce the policies of one or more subsidiary domains. The system-wide domain manager may enforce its policies based on a privilege level received from the security domain. The privilege level may be based on the level of trust between an external stakeholder, such as an owner of a domain that is subsidiary to the system-wide domain manager, and the security domain.Type: GrantFiled: December 6, 2011Date of Patent: June 7, 2016Assignee: InterDigital Patent Holdings, Inc.Inventors: Louis J. Guccione, Michael V. Meyerstein, Inhyok Cha, Andreas Schmidt, Andreas Leicher, Yogendra C. Shah
-
Publication number: 20160073262Abstract: A wireless device may perform a local authentication to reduce the traffic on a network. The local authentication may be performed using a local web server and/or a local OpenID provider (OP) associated with the wireless device. The local web server and/or local OP may be implemented on a security module, such as a smartcard or a trusted execution environment for example. The local OP and/or local web server may be used to implement a provisioning phase to derive a session key, associated with a service provider, from an authentication between the wireless device and the network. The session key may be reusable for subsequent local authentications to locally authenticate a user of the wireless device to the service provider.Type: ApplicationFiled: November 9, 2015Publication date: March 10, 2016Inventors: Andreas U. Schmidt, Michael V. Meyerstein, Andreas Leicher, Yogendra C. Shah, Louis J. Guccione, Inhyok Cha
-
Patent number: 9253643Abstract: An apparatus and method for providing home evolved node-B (H(e)NB) integrity verification and validation using autonomous validation and semi-autonomous validation is disclosed herein.Type: GrantFiled: March 5, 2010Date of Patent: February 2, 2016Assignee: InterDigital Patent Holdings, Inc.Inventors: Sudhir B. Pattar, Inhyok Cha, Andreas U. Schmidt, Andreas Leicher, Yogendra C. Shah, Dolores F. Howry, David G. Greiner, Lawrence L. Case, Michael V. Meyerstein, Louis J. Guccione
-
Patent number: 9185560Abstract: A wireless device may perform a local authentication to reduce the traffic on a network. The local authentication may be performed using a local web server and/or a local OpenID provider (OP) associated with the wireless device. The local web server and/or local OP may be implemented on a security module, such as a smartcard or a trusted execution environment for example. The local OP and/or local web server may be used to implement a provisioning phase to derive a session key, associated with a service provider, from an authentication between the wireless device and the network. The session key may be reusable for subsequent local authentications to locally authenticate a user of the wireless device to the service provider.Type: GrantFiled: November 10, 2014Date of Patent: November 10, 2015Assignee: InterDigital Patent Holdings, Inc.Inventors: Andreas U. Schmidt, Michael V. Meyerstein, Andreas Leicher, Yogendra C. Shah, Louis J. Guccione, Inhyok Cha
-
Publication number: 20150237502Abstract: Methods, components and apparatus for implementing platform validation and management (PVM) are disclosed. PVM provides the functionality and operations of a platform validation entity with remote management of devices by device management components and systems such as a home node-B management system or component. Example PVM operations bring devices into a secure target state before allowing connectivity and access to a core network.Type: ApplicationFiled: April 29, 2015Publication date: August 20, 2015Inventors: Andreas Schmidt, David G. Greiner, Louis J. Guccione, Dolores F. Howry, Michael V. Meyerstein, Sudhir B. Pattar, Yogendra C. Shah, Inhyok Cha, Andreas Leicher, Lawrence Case
-
Publication number: 20150065093Abstract: A wireless device may perform a local authentication to reduce the traffic on a network. The local authentication may be performed using a local web server and/or a local OpenID provider (OP) associated with the wireless device. The local web server and/or local OP may be implemented on a security module, such as a smartcard or a trusted execution environment for example. The local OP and/or local web server may be used to implement a provisioning phase to derive a session key, associated with a service provider, from an authentication between the wireless device and the network. The session key may be reusable for subsequent local authentications to locally authenticate a user of the wireless device to the service provider.Type: ApplicationFiled: November 10, 2014Publication date: March 5, 2015Inventors: Andreas U. Schmidt, Michael V. Meyerstein, Andreas Leicher, Yogendra C. Shah, Louis J. Guccione, Inhyok Cha