Patents by Inventor Yogendra C. Shah
Yogendra C. Shah has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9743280Abstract: WTRUs, ARSs, APs, WLG/AAA proxies, networks, and methods thereon are disclosed for fast security setup on a multi-RAT WTRU. Methods of sharing security associations between RATs on a multi-RAT WTRU are disclosed. Methods of caching security associations are disclosed. Methods are disclosed for alerting an ANDSF server of an AP that should be considered for association. Enhancements to advertisements from an AP are disclosed where the advertisements may include SSID with a FQDN, a HESSID type information, or TAI type information. Methods of resolving AP identities to a reachable address are disclosed. An address resolution protocol is disclosed for resolving AP identities. ARSs are disclosed that may resolve a BSSID to a network routable address. Protocols for carrying AP identities and security parameters are disclosed. Methods are disclosed of using ANDSF to provide the WTRU with security information and parameters of an AP. An RSN may indicate security capabilities.Type: GrantFiled: January 11, 2016Date of Patent: August 22, 2017Assignee: InterDigital Patent Holdings, Inc.Inventors: Vinod K. Choyi, Yogendra C. Shah, Dolores F. Howry, Alpaslan Demir, Amith V. Chincholi, Sanjay Goyal, Yousif Targali
-
Publication number: 20170199777Abstract: A wireless communications device may be configured to perform integrity checking and interrogation with a network entity to isolate a portion of a failed component on the wireless network device for remediation. Once an integrity failure is determined on a component of the device, the device may identify a functionality associated with the component and indicate the failed functionality to the network entity. Both the wireless network device and the network entity may identify the failed functionality and/or failed component using a component-to-functionality map. After receiving an indication of an integrity failure at the device, the network entity may determine that one or more additional iterations of integrity checking may be performed at the device to narrow the scope of the integrity failure on the failed component. Once the integrity failure is isolated, the network entity may remediate a portion of the failed component on the wireless communications device.Type: ApplicationFiled: March 28, 2017Publication date: July 13, 2017Inventors: Yogendra C. Shah, Lawrence Case, Dolores F. Howry, Inhyok Cha, Andreas Leicher, Andreas Schmidt
-
Publication number: 20170188235Abstract: A method and apparatus for use in authentication for secure wireless communication is provided. A received signal is physically authenticated and higher layer processed. Physical authentication includes performing hypothesis testing using a channel impulse response (CIR) measurement of the received signal and predetermined referenced data. Higher layer processing includes validating the signal using a one-way hash chain value in the signal. Once a signal is authenticated, secure wireless communication is performed.Type: ApplicationFiled: March 10, 2017Publication date: June 29, 2017Inventors: Liang Xiao, Chunxuan Ye, Suhas Mathur, Yogendra C. Shah, Alexander Reznik
-
Publication number: 20170171184Abstract: Persistent communication layer credentials generated on a persistent communication layer at one network may be leveraged to perform authentication on another. For example, the persistent communication layer credentials may include application-layer credentials derived on an application layer. The application-layer credentials may be used to establish authentication credentials for authenticating a mobile device for access to services at a network server. The authentication credentials may be derived from the application-layer credentials of another network to enable a seamless handoff from one network to another. The authentication credentials may be derived from the application-layer credentials using reverse bootstrapping or other key derivation functions. The mobile device and/or network entity to which the mobile device is being authenticated may enable communication of authentication information between the communication layers to enable authentication of a device using multiple communication layers.Type: ApplicationFiled: February 28, 2017Publication date: June 15, 2017Inventors: Yogendra C. Shah, Inhyok Cha, Andreas Schmidt, Louis J. Guccione, Lawrence Case, Andreas Leicher, Yousif Targali
-
Patent number: 9681296Abstract: A method and apparatus are disclosed for performing secure remote subscription management. Secure remote subscription management may include providing the Wireless Transmit/Receive Unit (WTRU) with a connectivity identifier, such as a Provisional Connectivity Identifier (PCID), which may be used to establish an initial network connection to an Initial Connectivity Operator (ICO) for initial secure remote registration, provisioning, and activation. A connection to the ICO may be used to remotely provision the WTRU with credentials associated with the Selected Home Operator (SHO). A credential, such as a cryptographic keyset, which may be included in the Trusted Physical Unit (TPU), may be allocated to the SHO and may be activated. The WTRU may establish a network connection to the SHO and may receive services using the remotely managed credentials. Secure remote subscription management may be repeated to associate the WTRU with another SHO.Type: GrantFiled: August 15, 2014Date of Patent: June 13, 2017Assignee: InterDigital Patent Holdings, Inc.Inventors: Michael V Meyerstein, Yogendra C. Shah, Inhyok Cha, Andreas Leicher, Andreas Schmidt
-
Patent number: 9679142Abstract: Integrity validation of a network device may be performed. A network device comprising a secure hardware module, may receive a root key. The secure hardware module may also receive a first code measurement. The secure hardware module may provide a first key based on the root key and the first code measurement. The secure hardware module may receive a second code measurement and provide a second key based on the first key and the second code measurement. The release of keys based on code measurements may provide authentication in stages.Type: GrantFiled: October 6, 2014Date of Patent: June 13, 2017Assignee: InterDigital Patent Holdings, Inc.Inventors: Inhyok Cha, Yogendra C Shah, Lawrence Case
-
Patent number: 9652320Abstract: A wireless communications device may be configured to perform integrity checking and interrogation with a network entity to isolate a portion of a failed component on the wireless network device for remediation. Once an integrity failure is determined on a component of the device, the device may identify a functionality associated with the component and indicate the failed functionality to the network entity. Both the wireless network device and the network entity may identify the failed functionality and/or failed component using a component-to-functionality map. After receiving an indication of an integrity failure at the device, the network entity may determine that one or more additional iterations of integrity checking may be performed at the device to narrow the scope of the integrity failure on the failed component. Once the integrity failure is isolated, the network entity may remediate a portion of the failed component on the wireless communications device.Type: GrantFiled: December 15, 2014Date of Patent: May 16, 2017Assignee: InterDigital Patent Holdings, Inc.Inventors: Yogendra C. Shah, Lawrence Case, Dolores F. Howry, Inhyok Cha, Andreas Leicher, Andreas Schmidt
-
Publication number: 20170105243Abstract: In an embodiment, a client proxy provides an operating-system-functions (OS-functions) interface to client applications. The client proxy and each of the client applications resides on a wireless transmit/receive unit (WTRU). The client proxy receives, via the OS-functions interface, respective registrations from each of a plurality of the client applications. Each respective registration indicates a respective keep-alive-message signaling rate for the corresponding registered client application. The client proxy determines an optimal signaling rate based on the respective keep-alive message signaling rates indicated by the respective registrations. The client proxy generates proxy keep-alive signaling messages that collectively convey keep-alive-message information on behalf of the registered client applications. The client proxy transmits the generated proxy keep-alive signaling messages to a network node at the determined optimal signaling rate.Type: ApplicationFiled: December 19, 2016Publication date: April 13, 2017Inventors: Dolores F. Howry, Ulises Olvera-Hernandez, Yogendra C. Shah, Peter S. Wang
-
Patent number: 9614831Abstract: Persistent communication layer credentials generated on a persistent communication layer at one network may be leveraged to perform authentication on another. For example, the persistent communication layer credentials may include application-layer credentials derived on an application layer. The application-layer credentials may be used to establish authentication credentials for authenticating a mobile device for access to services at a network server. The authentication credentials may be derived from the application-layer credentials of another network to enable a seamless handoff from one network to another. The authentication credentials may be derived from the application-layer credentials using reverse bootstrapping or other key derivation functions. The mobile device and/or network entity to which the mobile device is being authenticated may enable communication of authentication information between the communication layers to enable authentication of a device using multiple communication layers.Type: GrantFiled: April 13, 2015Date of Patent: April 4, 2017Assignee: InterDigital Patent Holdings, Inc.Inventors: Yogendra C. Shah, Inhyok Cha, Andreas Schmidt, Louis J. Guccione, Lawrence Case, Andreas Leicher, Yousif Targali
-
Patent number: 9596599Abstract: A method and apparatus for use in authentication for secure wireless communication is provided. A received signal is physically authenticated and higher layer processed. Physical authentication includes performing hypothesis testing using a channel impulse response (CIR) measurement of the received signal and predetermined referenced data. Higher layer processing includes validating the signal using a one-way hash chain value in the signal. Once a signal is authenticated, secure wireless communication is performed.Type: GrantFiled: September 18, 2009Date of Patent: March 14, 2017Assignee: InterDigital Patent Holdings, Inc.Inventors: Liang Xiao, Chunxuan Ye, Suhas Mathur, Yogendra C Shah, Alexander Reznik
-
Publication number: 20170070503Abstract: Authentication of a user or a wireless transmit/receive unit may be based on an obtained measure of authentication strength, which may referred to as an assurance level. For example, a user, via a WTRU, may request access to a service controlled by an access control entity (ACE). The user may be authenticated with a user authenticator and assertion function (UAAF), producing a result. A user assertion may be provided that includes the user authentication result, a user assurance level, and/or a user freshness level. The WTRU may be authenticated with a device authenticator and assertion function (DAAF), producing an associated result. A device assertion may be provided that may include the device authentication result, a device assurance level, and/or a device freshness level. The assertions may be bound together to receive access to a service or resource.Type: ApplicationFiled: November 21, 2016Publication date: March 9, 2017Inventors: Vinod Kumar Choyi, Yogendra C. Shah, Michael V. Meyerstein, Louis J. Guccione
-
Publication number: 20170063931Abstract: An extensible policy-based service layer dynamic authorization framework can allow a service layer to determine whether or not to grant or deny a registrant access to a resource or service hosted by the service layer for which the registrant currently lacks the proper privileges to access. This method can also enable a service layer to dynamically update its statically configured authorization privileges (by leveraging its dynamic authorization results) such that future requests from the same registrant and to the same resource and service do not require dynamic authorization to be performed.Type: ApplicationFiled: August 26, 2016Publication date: March 2, 2017Inventors: Dale N. Seed, Vinod Kumar Choyi, William Robert Flynn, Quang Ly, Donald A. Fleck, Richard P. Gorman, Nicholas J. Podias, Michael F. Starsinic, Hongkun Li, Zhuo Chen, Yogendra C. Shah, Shamim Akbar Rahman
-
Publication number: 20170063847Abstract: A constrained network entity may determine, via an authentication procedure with a core network entity, the trustworthiness of an endpoint attempting to establish a secure channel with the constrained network entity. The constrained network entity may receive a certificate from the endpoint attempting to establish the secure channel and the constrained network entity may send the certificate asserted by the endpoint to a core network entity for validation. The core network entity may receive the certificate during a key exchange with the constrained network entity and the core network entity may indicate to the constrained network entity the validity of the certificate. The constrained network entity may determine whether to establish the secure channel with the endpoint based on the validity of the certificate.Type: ApplicationFiled: November 10, 2016Publication date: March 2, 2017Inventors: Lawrence Case, Yogendra C Shah, Inhyok Cha
-
Publication number: 20170041231Abstract: Methods, system, and apparatuses may support end-to-end (E2E) quality of service (QoS) through the use of service layer (SL) sessions. For example, an application can communicate with a targeted device based on application specified schedule, latency, jitter, error rate, throughput, level of security, and cost requirements.Type: ApplicationFiled: August 4, 2016Publication date: February 9, 2017Inventors: Dale N. Seed, Michael F. Starsinic, Vinod Kumar Choyi, Quang Ly, Yogendra C. Shah, William Robert Flynn, IV, Shamim Akbar Rahman, Zhuo Chen
-
Patent number: 9554270Abstract: A method and apparatus for secure direct link communication between multiple wireless transmit/receive units (WTRUs) are disclosed. The WTRUs may exchange nonces that are used for generating a common nonce. Group identification information may be generated from at least the common nonce and is forwarded to an authentication server. The authentication server may generate a master key from the group identification information to match WTRUs as part of a key agreement group. The common nonce may be a session key and be refreshed during communication with the second WTRU. A group key encryption key (GKEK) and a group key confirmation key (GKCK) may also be generated based on the common nonce and used to encrypt and sign the master key so that base stations do not have access to the master key. A first WTRU may generate a group direct link temporal key (GDLTK) for communicating with the second WTRU.Type: GrantFiled: November 17, 2014Date of Patent: January 24, 2017Assignee: InterDigital Patent Holdings, Inc.Inventors: Alexander Reznik, Yogendra C. Shah
-
Publication number: 20170005999Abstract: Existing approaches to security within network, for instance oneM2M networks, are limited. For example, content might only be protected while the content is in transit between entities that trust each other. Here, the integrity and the confidentiality of content in an M2M network are protected. Such content may be “at rest,” such that the content is stored at a hosting node. Only authorized entities may store and retrieve the data that is stored at the hosting node, and the data may be protected from a confidentiality perspective and an integrity perspective.Type: ApplicationFiled: June 30, 2016Publication date: January 5, 2017Inventors: Vinod Kumar Choyi, Yogendra C. Shah, Dale N. Seed, Michael F. Starsinic, Shamim Akbar Rahman, Quang Ly, Zhuo Chen, William Robert Flynn, IV
-
Publication number: 20160373265Abstract: The present invention is related to a wireless transmit/receive unit (WTRU) for providing advanced security functions. The WTRU includes trusted platform module (TPM) for performing trusted computing operations; and a secure time component (STC) for providing a secure measurement of a current time. The STC and the TPM are integrated to provide accurate trusted time information to internal and external to the WTRU. The STC may be located on an expanded a subscriber identity module (SIM), on the WTRU platform, or two STCs may be used, one in each location. Similarly, the TPM may be located on an expanded SIM, on the WTRU platform, or two TPMs may be used, one in each location. Preferably, the STC will include a real time clock (RTC); a tamper detection and power failure unit; and a time report and sync controller.Type: ApplicationFiled: August 29, 2016Publication date: December 22, 2016Inventors: Yogendra C. Shah, Inhyok Cha
-
Patent number: 9525742Abstract: A method and apparatus are described for maintaining communications connectivity for client applications that send keep-alive messages and network applications that send client-alive (i.e., “are you there?”) messages. The client applications may register with a client proxy provided in an operating system (OS) of a wireless transmit/receive unit (WTRU) and indicate a respective keep-alive message signaling rate. The network applications may register with a network proxy provided in an OS of a network node and indicate a respective client-alive message signaling rate. The client proxy and/or the network proxy may, respectively, register and prioritize keep-alive and/or client-alive message requirements, determine an optimal signaling rate based on the respective keep-alive and/or client-alive message signaling rates, and generate proxy messages, (i.e., an application layer proxy keep-alive message and/or a network layer proxy client-alive message), associated with the keep-alive and/or client-alive messages.Type: GrantFiled: June 12, 2012Date of Patent: December 20, 2016Assignee: InterDigital Patent Holdings, Inc.Inventors: Yogendra C. Shah, Dolores F. Howry, Peter S. Wang, Ulises Olvera-Hernandex
-
Patent number: 9503438Abstract: Authentication of a user or a wireless transmit/receive unit may be based on an obtained measure of authentication strength, which may referred to as an assurance level. For example, a user, via a WTRU, may request access to a service controlled by an access control entity (ACE). The user may be authenticated with a user authenticator and assertion function (UAAF), producing a result. A user assertion may be provided that includes the user authentication result, a user assurance level, and/or a user freshness level. The WTRU may be authenticated with a device authenticator and assertion function (DAAF), producing an associated result. A device assertion may be provided that may include the device authentication result, a device assurance level, and/or a device freshness level. The assertions may be bound together to receive access to a service or resource.Type: GrantFiled: July 12, 2013Date of Patent: November 22, 2016Assignee: InterDigital Patent Holdings, Inc.Inventors: Vinod Kumar Choyi, Yogendra C Shah, Michael V Meyerstein, Louis J Guccione
-
Patent number: 9497626Abstract: A constrained network entity may determine, via an authentication procedure with a core network entity, the trustworthiness of an endpoint attempting to establish a secure channel with the constrained network entity. The constrained network entity may receive a certificate from the endpoint attempting to establish the secure channel and the constrained network entity may send the certificate asserted by the endpoint to a core network entity for validation. The core network entity may receive the certificate during a key exchange with the constrained network entity and the core network entity may indicate to the constrained network entity the validity of the certificate. The constrained network entity may determine whether to establish the secure channel with the endpoint based on the validity of the certificate.Type: GrantFiled: November 15, 2011Date of Patent: November 15, 2016Assignee: InterDigital Patent Holdings, Inc.Inventors: Lawrence Case, Yogendra C. Shah, Inhyok Cha