公开(公告)号：US12192203B2

公开(公告)日：2025-01-07

申请号：US18494287

申请日：2023-10-25

Applicant: Convida Wireless, LLC

Inventor： Vinod Kumar Choyi ,  Chonggang Wang ,  Dale N. Seed

IPC: H04L9/40 ,  H04W12/30 ,  H04W48/18

Abstract: Described herein are complete lifecycle management processes for IoT/M2M devices. In an example, devices are commissioned and de-commissioned in a given system without requiring a user/human administrator. A delegated life-cycle management process is described, wherein devices rely upon a delegatee, which may have more computing and battery resources than the devices, to perform complete or partial lifecycle management operations on behalf of the devices. The delegatee may be a trusted entity that may belong to the same domain as the devices. Further, a Trust Enabling Infrastructure (TEI) is described herein, which may belong to a different trusted domain than the given device and its delegatee.

公开(公告)号：US11323862B2

公开(公告)日：2022-05-03

申请号：US16099316

申请日：2017-05-04

Applicant: CONVIDA WIRELESS, LLC

Inventor： Michael F. Starsinic ,  Dale N. Seed ,  William Robert Flynn, IV ,  Vinod Kumar Choyi ,  Quang Ly ,  Shamim Akbar Rahman ,  Zhuo Chen ,  Yogendra C. Shah ,  Rocco Di Girolamo

IPC: G06F15/173 ,  H04W4/70 ,  H04L47/2441 ,  H04W4/24 ,  H04L12/14 ,  H04M15/00 ,  H04L67/00 ,  H04W40/02 ,  H04W28/02 ,  H04W80/08

Abstract: It is recognized herein that current approaches to traffic steering in M2M systems lack capabilities, particularly with respect to traversing value added services in an operator's network. As described herein, nodes or apparatuses at a machine-to-machine (M2M) service layer can leverage value added services that are deployed in an operator's network. The M2M service layer may add metadata to downlink traffic so that the metadata can be used to assist with steering and processing data in the operator's value added services (VASs) network. By of example, the M2M service layer can use a control plane interface to push polices into a network operator's VASs network, and to allow functions in the VASs network to extract information from the M2M service layer.

公开(公告)号：US20220109660A1

公开(公告)日：2022-04-07

申请号：US17556433

申请日：2021-12-20

Applicant: Convida Wireless, LLC

Inventor： Vinod Kumar Choyi ,  Yogendra C. Shah ,  Dale N. Seed ,  Michael F. Starsinic ,  Shamim Akbar Rahman ,  Quang Ly ,  Zhuo Chen ,  William Robert Flynn, IV

IPC: H04W12/06 ,  H04W12/069 ,  H04W12/08 ,  H04W12/086 ,  H04W4/70

Abstract: Existing approaches to security within network, for instance oneM2M networks, are limited. For example, content might only be protected while the content is in transit between entities that trust each other. Here, the integrity and the confidentiality of content in an M2M network are protected. Such content may be “at rest,” such that the content is stored at a hosting node. Only authorized entities may store and retrieve the data that is stored at the hosting node, and the data may be protected from a confidentiality perspective and an integrity perspective.

公开(公告)号：US11032706B2

公开(公告)日：2021-06-08

申请号：US15579703

申请日：2016-06-03

Applicant: Convida Wireless, LLC

Inventor： Ahmed Mohamed ,  Michael F. Starsinic ,  Vinod Kumar Choyi ,  Qing Li

IPC: H04W12/08 ,  H04L29/06 ,  H04W12/04 ,  H04W36/14 ,  H04W36/00 ,  H04W12/062 ,  H04W12/06 ,  H04W76/15 ,  H04W36/08 ,  H04W48/02 ,  H04W88/06 ,  H04W84/04 ,  H04W84/12 ,  H04W88/02 ,  H04W88/08

Abstract: Multi-RAT UEs currently have 2 independent paths to authenticate with HSS (either via the MME or the 3GPP AAA Server causing repeated authentication messages to HSS. The use of one unified authentication path between the UE and HSS for Small Cell and Wi-Fi authentication is described. First, a new 3GPP EPC-TWAN interworking architecture has the MME manage all the authentication requests from multi-RAT UEs. Second, new unified authentication procedures are added, which allow the ISWN-based multi-RAT UE to be authenticated directly with the HSS, irrespective of its current access network (TWAN or HeNB). Third, new fast re-authentication procedures for Inter-RAT handover scenarios are done. Finally, the needed extensions to the various standard protocol messages to execute the authentication procedures are described.

公开(公告)号：US10999289B2

公开(公告)日：2021-05-04

申请号：US15770900

申请日：2016-10-28

Applicant: CONVIDA WIRELESS, LLC

Inventor： Yogendra C. Shah ,  Vinod Kumar Choyi ,  Dale N. Seed ,  Michael F. Starsinic ,  William Robert Flynn, IV ,  Zhuo Chen

IPC: H04L29/06

Abstract: An IoT E2E Service Layer Security Management system supports methods and procedures to allow an application to establish, use, and teardown an IoT SL communication session that has application specified E2E security preferences and that targets one or more SL addressable targets (e.g., an IoT application, device, or gateway SL addressable resource). E2E SL Session based methods and procedures described herein achieve a required overall E2E security level, by allowing IoT SL instances to influence and coordinate hop security for a multi-hop communication path spanning across multiple intermediary nodes. The methods and procedures described herein reduce overhead, simplify and obviate the need for E2E service level nodes (initiation and termination nodes) from having to perform security service negotiation, in order to establish secure hop-by-hop security associations aligned with an E2E security requirement.

公开(公告)号：US20200351146A1

公开(公告)日：2020-11-05

申请号：US16930705

申请日：2020-07-16

Applicant: Convida Wireless, LLC

Inventor： Quang Ly ,  Dale N. SEED ,  Michael F. Starsinic ,  Chonggang Wang ,  Rocco Di Girolamo ,  Vinod Kumar Choyi ,  William Robert Flynn, IV ,  Zhuo Chen ,  Shamim Akbar Rahman ,  Yogendra C. Shah ,  Xu Li ,  Catalina Mihaela Mladin ,  Lijun Dong

IPC: H04L12/24 ,  G06F9/455 ,  H04L29/08 ,  H04W4/70

Abstract: Enhancements to the device management functionality within service layer architecture of a Gateway node are described. The SL application registration procedure can be enhanced for devices in support of device management. Functionality can be added to the service layer to initiate automated request notification for DM purposes. Lightweight SL Transport Protocol bindings can support sending multiple DM commands called DM Action Scripts with a specific focus on the Constrained Application Protocol (CoAP) Protocol.

公开(公告)号：US10708885B2

公开(公告)日：2020-07-07

申请号：US16062404

申请日：2016-12-15

Applicant: CONVIDA WIRELESS, LLC

Inventor： Rocco Di Girolamo ,  Quang Ly ,  Xu Li ,  Chonggang Wang, IV ,  Shamim Akbar Rahman ,  Zhuo Chen ,  Vinod Kumar Choyi ,  Lijun Dong

IPC: H04L29/08 ,  H04W72/00 ,  H04W4/70 ,  H04L5/00 ,  H04W4/08 ,  H04W24/08 ,  H04W88/18

Abstract: CoAP network nodes may leverage context awareness to take autonomous action to adjust network operations. Context-aware procedures may be pre-configured, established by management entities, or negotiated between nodes, and include parameters for the monitoring and evaluation of data, as well has triggers for taking action. By monitoring requests to observe a resource, a node may determine when a resource should transition to multicast or unicast notification, and dynamically manage multicast group membership based on observation registrations and/or cancellations. By monitoring resource requests, a proxy may determine when to proactively refresh a cached representation of a resource. By monitoring timeouts and/or retransmissions, a client may dynamically adjust a timeout value to optimize communications.

公开(公告)号：US20190036910A1

公开(公告)日：2019-01-31

申请号：US16138312

申请日：2018-09-21

Applicant: Convida Wireless, LLC

Inventor： Vinod Kumar Choyi ,  Dale N. Seed ,  Yogendra C. Shah ,  Quang Ly ,  William Robert Flynn, IV ,  Michael F. Starsinic ,  Shamim Akbar Rahman ,  Zhuo Chen ,  Qing Li

IPC: H04L29/06 ,  G06F21/64 ,  H04L9/32 ,  H04W12/06 ,  H04L29/08 ,  H04W4/70 ,  H04W84/18

Abstract: In a machine-to-machine/Internet-of-things environment, end-to-end authentication of devices separated by multiple hops is achieved via direct or delegated/intermediated negotiations using pre-provisioned hop-by-hop credentials, uniquely generated hop-by-hop credentials, and-or public key certificates, whereby remote resources and services may be discovered via single-hop communications, and then secure communications with the remote resources may be established using secure protocols appropriate to the resources and services and capabilities of end devices, and communication thereafter conducted directly without the overhead or risks engendered hop-by-hop translation.

公开(公告)号：US10110595B2

公开(公告)日：2018-10-23

申请号：US15071659

申请日：2016-03-16

Applicant: Convida Wireless, LLC

Inventor： Vinod Kumar Choyi ,  Dale N. Seed ,  Yogendra C. Shah ,  Quang Ly ,  William Robert Flynn, IV ,  Michael F. Starsinic ,  Shamim Akbar Rahman ,  Zhuo Chen ,  Qing Li

IPC: H04L29/06 ,  H04L9/32 ,  H04W12/06 ,  G06F21/64 ,  H04L29/08 ,  H04W84/18 ,  H04W4/70

Abstract: In a machine-to-machine/Internet-of-things environment, end-to-end authentication of devices separated by multiple hops is achieved via direct or delegated/intermediated negotiations using pre-provisioned hop-by-hop credentials, uniquely generated hop-by-hop credentials, and-or public key certificates, whereby remote resources and services may be discovered via single-hop communications, and then secure communications with the remote resources may be established using secure protocols appropriate to the resources and services and capabilities of end devices, and communication thereafter conducted directly without the overhead or risks engendered hop-by-hop translation.

公开(公告)号：US20160277391A1

公开(公告)日：2016-09-22

申请号：US15071659

申请日：2016-03-16

Applicant: Convida Wireless, LLC

Inventor： Vinod Kumar Choyi ,  Dale N. Seed ,  Yogendra C. Shah ,  Quang Ly ,  William Robert Flynn, IV ,  Michael F. Starsinic ,  Shamim Akbar Rahman ,  Zhuo Chen ,  Qing Li

IPC: H04L29/06 ,  G06F21/64

CPC classification number: H04L63/0823 ,  G06F21/64 ,  G06F2221/2115 ,  H04L9/3247 ,  H04L63/06 ,  H04L63/062 ,  H04L67/12 ,  H04W4/70 ,  H04W12/06 ,  H04W84/18

Abstract: In a machine-to-machine/Internet-of-things environment, end-to-end authentication of devices separated by multiple hops is achieved via direct or delegated/intermediated negotiations using pre-provisioned hop-by-hop credentials, uniquely generated hop-by-hop credentials, and-or public key certificates, whereby remote resources and services may be discovered via single-hop communications, and then secure communications with the remote resources may be established using secure protocols appropriate to the resources and services and capabilities of end devices, and communication thereafter conducted directly without the overhead or risks engendered hop-by-hop translation.

Abstract translation: 在机器对机器/互联网环境中，通过直接或委托/中间协商，通过预先提供的逐跳凭证，唯一生成的跳跃来实现对由多跳跳开分离的设备的端到端认证 - 跳转凭证和公钥证书，由此可以通过单跳通信发现远程资源和服务，然后可以使用适合于资源和服务以及能力的安全协议来建立与远程资源的安全通信 终端设备，并且之后的通信直接进行，而不会产生逐跳转换的开销或风险。