Abstract: A system and method for establishing a connection on a mobile computing device includes generating a secret on a trusted platform of the mobile computing device. The secret is transported to a subscriber identity module (SIM)/Smartcard on the mobile computing device. A secure local communication channel is established between the trusted platform and the SIM/Smartcard using the secret.

Abstract: A system and method for establishing a connection on a mobile computing device includes generating a secret on a trusted platform of the mobile computing device. The secret is transported to a subscriber identity module (SIM)/Smartcard on the mobile computing device. A secure local communication channel is established between the trusted platform and the SIM/Smartcard using the secret.

Abstract: A system and method for establishing a connection on a mobile computing device. A secret is generated on a trusted platform of the mobile computing device. The secret is transported to a secure channel application. The secure channel application establishes a trusted local communication channel between the trusted platform and a SIM (subscriber identity module)/Smartcard. The secret is received by the SIM/Smartcard. The secret, after being received by the SIM/Smartcard, is provided to a secure channel applet on the SIM/Smartcard. The secure channel applet establishes the trusted local communication channel between the SIM/Smartcard and the trusted platform, wherein the secret is shared by the trusted platform and the SIM/Smartcard.

Abstract: A system and method for establishing a trusted connection on a mobile computing device. A shared secret is generated on a trusted platform of the mobile computing device. The shared secret is transported to a secure channel application. The secure channel application establishes a secure local communication channel between the trusted platform and a SIM (subscriber identity module)/Smartcard on the mobile computing device. The shared secret is received by the SlM/Smartcard. In one embodiment, the mobile computing device includes a GSM (Global Systems for Mobile Communications) 03.48 application that sends the shared secret to a GSM 03.48 network infrastructure for storage, management, and verification by the GSM 03.48 network infrastructure, and in turn sends the shared secret to the SIM/Smartcard on the mobile computing device. In an alternative embodiment, a Diffie-Hellman key exchange is performed by the trusted platform to send the shared secret to the SIM/Smartcard.

Abstract: A method and system for provisioning a shared secret key to enable trusted communications between a SIM and a platform running a trusted application in a third generation or beyond wireless network.

Abstract: Methods and apparatuses for mobile device location via a network based local area augmentation system. In one embodiment a plurality of base stations each has a known location. Each base station includes a positioning receiver to generate base station location information and a link to a network to transmit the base station location information. A correction information calculation module is coupled to the network to receive base station location information from each of the base stations via the network. The correction information calculation module calculates correction information as a function of the base station location information and the known location for all of the base stations.

Abstract: An approach for determining a type of credential card in a reader and, for some aspects, implementing a protection approach based on the determined type of credential card. For one aspect, an indication that a credential card has been received at a credential reader is received. In response, an instruction to be received by the credential card is provided, the instruction being recognizable by a first type of credential card, but not by a second type of credential card. The card is determined to be the first type of credential card if the response indicates that the instruction was recognized by the credential card. A protection policy may then be implemented for some aspects depending on the type of card detected.

Abstract: A method and system to exchange a private encryption key via a rusted path between a device and an application executed in a trusted platform of a computer system to generate a session key. In one embodiment, the session key is used to encrypt data to be exchanged via an non-trusted channel within the computer system.

Abstract: A method and an apparatus for a positioning system and augmentation of a global positioning system (GPS) are provided. The system includes at least one transmitter and at least one transceiver. The transceiver is able to calculate a position of the transceiver relative to the transmitter using information sent by the transmitter to the transceiver.

Abstract: A computing system includes a wireless wide area network (WWAN) module and an identity module reader external to and accessible by the WWAN module to receive an identity card to provide credentials to be accessed by the WWAN module. A platform to test such a system includes a WWAN module, an identity module reader external to the WWAN module to receive an identity card storing credentials to be accessed by the WWAN module and an identity card interface component coupled to the WWAN module and identity module reader, the identity module interface component to substantially emulate an interface between the WWAN module and the identity module reader in a computing platform in which the WWAN module and identity module reader are to be implemented.

Abstract: A method for providing security to a computer system is described. Specifically, the computer periodically polls for a Bluetooth electronic device or other similar wireless electronic device. If the computer locates such a Bluetooth electronic device, the computer requests authentication from the Bluetooth electronic device. The user of the electronic device is given access to the computer system only if the computer recognizes the identification of the Bluetooth electronic device and is able to validate the authentication information provided by the Bluetooth electronic device through an encrypted channel.

Abstract: A user-authentication sub-system and approach for user authentication. The user authentication sub-system of one aspect includes at least a first input mechanism to receive first multi-factor authentication data associated with Z authentication factors, a cryptographic engine to encrypt the first multi-factor authentication data, and a separated user authentication, non-volatile data store to store the encrypted first multi-factor authentication data. The sub-system further includes a processing unit to determine whether second authentication data received via the at least first input mechanism matches a subset of the first multi-factor authentication data, the second authentication data associated with N authentication factors where N is less than or equal to Z.

Abstract: An approach for providing a trusted time stamp in an open platform. A trusted application initiates a request for a trusted time stamp. A time estimate is then read from a trusted source of time and an attestation process is performed to provide a signed time response. The attestation process may include providing the signed time response using a trusted platform module or other hardware token. The signed time response is provided to the requesting application to be used as a trusted time stamp.

Abstract: According to some embodiments, location information may be included in a dynamic host configuration protocol (DHCP) message.

Abstract: Exchanging data between a SIM device and an application executed in a trusted platform, wherein the data to be exchanged is secured from unauthorized access. In one embodiment, the exchanging data includes exchanging an encryption key via a trusted path within a computer system, and exchanging data encrypted with the encryption key, via an untrusted path with the computer system.

Abstract: An approach for providing Subscriber Identity Module (SIM) capabilities in an open platform without the need for a discrete, physical SIM device. For one aspect, a computing system provides for secure provisioning of SIM data and algorithms, for example, protected storage of SIM secret data objects, and protected execution of SIM algorithms that provide for Authentication, Authorization and Accounting (AAA) capabilities currently associated with discrete hardware SIM devices.

Abstract: An approach for providing services to an open platform implementing Subscriber Identity Module (SIM) capabilities without the need for a discrete, physical SIM device. For one aspect, a protected communications channel is established with a computing system, the computing system providing SIM Authentication, Authorization and Accounting (AAA) capabilities without the use of a discrete hardware SIM device. SIM secret data is provisioned to the computing system over the protected communications channel.

Abstract: A docking architecture for a notebook computer is described. Specifically, a circuit coupled to a Low Pin Count (LPC) bus monitors the LPC bus for trusted data cycles. If a trusted data cycle is detected, the circuit prevents the trusted data cycle from being available to a non-trusted component.

Abstract: In one embodiment, the invention provides a method comprising storing user authentication information in a hardware structure of a computer system, the hardware structure including a security mechanism to protect the stored authentication information from unauthorized access, and authenticating a user of the computer system by comparing user input authentication information with the stored authentication information.

Abstract: A method and an apparatus for a positioning system and augmentation of a global positioning system (GPS) are provided. The system includes at least one transmitter and at least one transceiver. The transceiver is able to calculate a position of the transceiver relative to the transmitter using information sent by the transmitter to the transceiver.