A vehicle processing device authenticates that an authorized user has requested an action by the vehicle and generates an authentication acknowledgement message. At least two security devices being present within the cabin of, or close to, the vehicle during a predetermined period following an authentication trigger event that occurs while the user performs a predetermined sequence of authentication activities (i.e., button presses, operating the vehicle or a part of it, etc.) provides a basis for the authentication acknowledgement message. Typically, information unique to each security device has been associated with the vehicle at a service provider's server. The authentication acknowledgement may include an activation code that results from processing the information, unique to each security device, received from the security devices and other random information, such as date. A service provider's server, or a user device, provides services to, or can access, respectively, the vehicle upon receiving the authentication acknowledgement.
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
B60R 25/24 - Moyens pour enclencher ou arrêter le système antivol par des éléments d’identification électroniques comportant un code non mémorisé par l’utilisateur
G06F 21/34 - Authentification de l’utilisateur impliquant l’utilisation de dispositifs externes supplémentaires, p. ex. clés électroniques ou cartes à puce intelligentes
G06F 21/35 - Authentification de l’utilisateur impliquant l’utilisation de dispositifs externes supplémentaires, p. ex. clés électroniques ou cartes à puce intelligentes communiquant sans fils
G06F 21/44 - Authentification de programme ou de dispositif
G07C 9/00 - Enregistrement de l’entrée ou de la sortie d'une entité isolée
H04L 67/12 - Protocoles spécialement adaptés aux environnements propriétaires ou de mise en réseau pour un usage spécial, p. ex. les réseaux médicaux, les réseaux de capteurs, les réseaux dans les véhicules ou les réseaux de mesure à distance
H04W 4/021 - Services concernant des domaines particuliers, p. ex. services de points d’intérêt, services sur place ou géorepères
H04W 4/40 - Services spécialement adaptés à des environnements, à des situations ou à des fins spécifiques pour les véhicules, p. ex. communication véhicule-piétons
H04W 4/80 - Services utilisant la communication de courte portée, p. ex. la communication en champ proche, l'identification par radiofréquence ou la communication à faible consommation d’énergie
A network platform manages the provisioning of a UE with a dominant identity profile and a recessive identity profile. The dominant profile is associated with a user's existing wireless data plan and the recessive profile corresponds to a data plan of a provider of device, or machine-to-machine, services to the UE. The UE uses the two profiles to transmit separate data contexts on separate respective bearers. When managing two separate bearers, the UE always uses the dominant profile first for managing a handoff to a stronger cell. The UE reports that the new cell that now serves the dominant context is the only cell that has enough strength to support the recessive context, even if other cells near the UE have signals strong enough. This necessarily causes the recessive context to always be handed off to the same cell to which the dominant context has already been handed off.
H04W 28/02 - Gestion du trafic, p. ex. régulation de flux ou d'encombrement
H04W 76/11 - Attribution ou utilisation d'identifiants de connexion
H04L 47/2441 - Trafic caractérisé par des attributs spécifiques, p. ex. la priorité ou QoS en s'appuyant sur la classification des flux, p. ex. en utilisant des services intégrés [IntServ]
3.
AUTOMATICALLY CHANGING MESSAGE TRANSMISSION MODES IN A TRACKING DEVICE
A tracking device is configured to monitor a parameter, such as battery state or cellular network signal strength, and cause a component of the tracking device to enter a sleep state when a monitored parameter value satisfies a sleep state criterion. Before entering a sleep state, which may comprise a long-range wireless transceiver being turned off, one or more final messages may be emitted that indicate the location of the tracking device before, or at, entering of the sleep state. While in a sleep state, the tracking device may emit a low power beacon, which may be emitted in different formats at different transmission of the beacon. The different beacons may be emitted according to a configured pattern.
A wireless mobile device in a public communication network receives network-initiated signaling or messaging, while operating in a battery-conserving mode, or modes that, keep(s) minimal baseband processing functions awake. The baseband processing functions process incoming signaling or data in a received message to determine whether to act further on information in the incoming message by enabling additional processing capability in the mobile device. The mobile device may have permanent template criteria values, either coded in firmware or implemented in hardware, or temporary template criteria values, stored in RAM or processor registers, that are compared to values of an incoming message or datagram from the mobile network to determine whether to perform additional actions, such as awakening an application processor. Multiple templates may co-exist to allow different incoming datagrams to cause the device to take some additional action, respond, or even ignore information in an incoming datagram or message.
G06F 1/3237 - Économie d’énergie caractérisée par l'action entreprise par désactivation de la génération ou de la distribution du signal d’horloge
G06F 1/3287 - Économie d’énergie caractérisée par l'action entreprise par la mise hors tension d’une unité fonctionnelle individuelle dans un ordinateur
5.
DETERMINING THE STATUS OF A TRACKING DEVICE BASED ON ORIENTATION
A battery-powered tracking device may comprise a processor and orientation sensors that generate orientation signals and provide them to a processor. The processor may use the orientation signals, or orientation values corresponding thereto, to determine whether or not the tracking device has moved during a configured no-change period relative to a baseline orientation that was determined before the no-change period. The no-change period may be selected to correspond to an amount of time during which the tracking device, or an item with which it is associated, such as a vehicle, tool, or shipping package, is not expected to move. If a determination is made during the no-change period that the tracking device has changed orientation, an alert may be sent to a tracking application to notify a user of the application that the tracking device may have been removed from the item with which is it associated.
A vehicle processing device authenticates that an authorized user has requested an action by the vehicle and generates an authentication acknowledgement message. At least two security devices being present within the cabin of, or close to, the vehicle during a predetermined period following an authentication trigger event that occurs while the user performs a predetermined sequence of authentication activities (i.e., button presses, operating the vehicle or a part of it, etc.) provides a basis for the authentication acknowledgement message. Typically, information unique to each security device has been associated with the vehicle at a service provider's server. The authentication acknowledgement may include an activation code that results from processing the information, unique to each security device, received from the security devices and other random information, such as date. A service provider's server, or a user device, provides services to, or can access, respectively, the vehicle upon receiving the authentication acknowledgement.
H04W 4/80 - Services utilisant la communication de courte portée, p. ex. la communication en champ proche, l'identification par radiofréquence ou la communication à faible consommation d’énergie
H04W 4/021 - Services concernant des domaines particuliers, p. ex. services de points d’intérêt, services sur place ou géorepères
H04W 4/40 - Services spécialement adaptés à des environnements, à des situations ou à des fins spécifiques pour les véhicules, p. ex. communication véhicule-piétons
H04W 12/30 - Sécurité des dispositifs mobilesSécurité des applications mobiles
H04L 67/12 - Protocoles spécialement adaptés aux environnements propriétaires ou de mise en réseau pour un usage spécial, p. ex. les réseaux médicaux, les réseaux de capteurs, les réseaux dans les véhicules ou les réseaux de mesure à distance
B60R 25/24 - Moyens pour enclencher ou arrêter le système antivol par des éléments d’identification électroniques comportant un code non mémorisé par l’utilisateur
G06F 21/34 - Authentification de l’utilisateur impliquant l’utilisation de dispositifs externes supplémentaires, p. ex. clés électroniques ou cartes à puce intelligentes
G06F 21/35 - Authentification de l’utilisateur impliquant l’utilisation de dispositifs externes supplémentaires, p. ex. clés électroniques ou cartes à puce intelligentes communiquant sans fils
G06F 21/44 - Authentification de programme ou de dispositif
H04W 12/63 - Sécurité dépendant du contexte dépendant de la localisationSécurité dépendant du contexte dépendant de la proximité
A wireless mobile device in a public communication network receives network-initiated signaling or messaging, while operating in a battery-conserving mode, or modes that, keep(s) minimal baseband processing functions awake. The baseband processing functions process incoming signaling or data in a received message to determine whether to act further on information in the incoming message by enabling additional processing capability in the mobile device. The mobile device may have permanent template criteria values, either coded in firmware or implemented in hardware, or temporary template criteria values, stored in RAM or processor registers, that are compared to values of an incoming message or datagram from the mobile network to determine whether to perform additional actions, such as awakening an application processor. Multiple templates may co-exist to allow different incoming datagrams to cause the device to take some additional action, respond, or even ignore information in an incoming datagram or message.
G06F 1/3246 - Économie d’énergie caractérisée par l'action entreprise par mise hors tension initiée par logiciel
G06F 1/3237 - Économie d’énergie caractérisée par l'action entreprise par désactivation de la génération ou de la distribution du signal d’horloge
G06F 1/3287 - Économie d’énergie caractérisée par l'action entreprise par la mise hors tension d’une unité fonctionnelle individuelle dans un ordinateur
8.
Method and system for securely providing vehicle services data to a vehicle
A computer device, having at least two long-range wireless profiles and coupled with a communication bus of a vehicle, receives a notice that a vehicle-centric download for the computer device, or for a vehicle device coupled to the communication bus, is pending from a remote server. The vehicle computer device determines the size and security requirement associated with the pending download, and a current operational state of the vehicle. If the size or security requirement is low, a consumer-centric profile may be used for the download even if the vehicle is currently being used. If the download file size is large or requires very high security, or if a user is currently using the computer device according to the consumer-centric profile, the computer device may schedule the download to occur after receiving a trigger event occurrence message.
H04B 5/00 - Systèmes de transmission en champ proche, p. ex. systèmes à transmission capacitive ou inductive
H04L 67/12 - Protocoles spécialement adaptés aux environnements propriétaires ou de mise en réseau pour un usage spécial, p. ex. les réseaux médicaux, les réseaux de capteurs, les réseaux dans les véhicules ou les réseaux de mesure à distance
A vehicle processing device authenticates that an authorized user has requested an action by the vehicle and generates an authentication acknowledgement message. At least two security devices being present within the cabin of, or close to, the vehicle during a predetermined period following an authentication trigger event that occurs while the user performs a predetermined sequence of authentication activities (i.e., button presses, operating the vehicle or a part of it, etc.) provides a basis for the authentication acknowledgement message. Typically, information unique to each security device has been associated with the vehicle at a service provider's server. The authentication acknowledgement may include an activation code that results from processing the information, unique to each security device, received from the security devices and other random information, such as date. A service provider's server, or a user device, provides services to, or can access, respectively, the vehicle upon receiving the authentication acknowledgement.
H04W 4/80 - Services utilisant la communication de courte portée, p. ex. la communication en champ proche, l'identification par radiofréquence ou la communication à faible consommation d’énergie
H04W 4/021 - Services concernant des domaines particuliers, p. ex. services de points d’intérêt, services sur place ou géorepères
H04W 4/40 - Services spécialement adaptés à des environnements, à des situations ou à des fins spécifiques pour les véhicules, p. ex. communication véhicule-piétons
H04W 12/30 - Sécurité des dispositifs mobilesSécurité des applications mobiles
H04L 67/12 - Protocoles spécialement adaptés aux environnements propriétaires ou de mise en réseau pour un usage spécial, p. ex. les réseaux médicaux, les réseaux de capteurs, les réseaux dans les véhicules ou les réseaux de mesure à distance
B60R 25/24 - Moyens pour enclencher ou arrêter le système antivol par des éléments d’identification électroniques comportant un code non mémorisé par l’utilisateur
G06F 21/34 - Authentification de l’utilisateur impliquant l’utilisation de dispositifs externes supplémentaires, p. ex. clés électroniques ou cartes à puce intelligentes
G06F 21/35 - Authentification de l’utilisateur impliquant l’utilisation de dispositifs externes supplémentaires, p. ex. clés électroniques ou cartes à puce intelligentes communiquant sans fils
G06F 21/44 - Authentification de programme ou de dispositif
H04W 12/61 - Sécurité dépendant du contexte dépendant du temps
H04W 12/63 - Sécurité dépendant du contexte dépendant de la localisationSécurité dépendant du contexte dépendant de la proximité
A wireless mobile device in a public communication network receives network-initiated signaling or messaging, while operating in a battery-conserving mode, or modes that, keep(s) minimal baseband processing functions awake. The baseband processing functions process incoming signaling or data in a received message to determine whether to act further on information in the incoming message by enabling additional processing capability in the mobile device. The mobile device may have permanent template criteria values, either coded in firmware or implemented in hardware, or temporary template criteria values, stored in RAM or processor registers, that are compared to values of an incoming message or datagram from the mobile network to determine whether to perform additional actions, such as awakening an application processor. Multiple templates may co-exist to allow different incoming datagrams to cause the device to take some additional action, respond, or even ignore information in an incoming datagram or message.
G06F 1/3246 - Économie d’énergie caractérisée par l'action entreprise par mise hors tension initiée par logiciel
G06F 1/3237 - Économie d’énergie caractérisée par l'action entreprise par désactivation de la génération ou de la distribution du signal d’horloge
G06F 1/3287 - Économie d’énergie caractérisée par l'action entreprise par la mise hors tension d’une unité fonctionnelle individuelle dans un ordinateur
11.
Method and system for securely authenticating an electronic user device to a vehicle
A vehicle processing device authenticates that an authorized user has requested an action by the vehicle and generates an authentication acknowledgement message. At least two security devices being present within the cabin of, or close to, the vehicle during a predetermined period following an authentication trigger event that occurs while the user performs a predetermined sequence of authentication activities (i.e., button presses, operating the vehicle or a part of it, etc.) provides a basis for the authentication acknowledgement message. Typically, information unique to each security device has been associated with the vehicle at a service provider's server. The authentication acknowledgement may include an activation code that results from processing the information, unique to each security device, received from the security devices and other random information, such as date. A service provider's server, or a user device, provides services to, or can access, respectively, the vehicle upon receiving the authentication acknowledgement.
H04W 4/80 - Services utilisant la communication de courte portée, p. ex. la communication en champ proche, l'identification par radiofréquence ou la communication à faible consommation d’énergie
H04W 4/021 - Services concernant des domaines particuliers, p. ex. services de points d’intérêt, services sur place ou géorepères
H04W 4/40 - Services spécialement adaptés à des environnements, à des situations ou à des fins spécifiques pour les véhicules, p. ex. communication véhicule-piétons
H04W 12/00 - Dispositions de sécuritéAuthentificationProtection de la confidentialité ou de l'anonymat
H04L 29/08 - Procédure de commande de la transmission, p.ex. procédure de commande du niveau de la liaison
B60R 25/24 - Moyens pour enclencher ou arrêter le système antivol par des éléments d’identification électroniques comportant un code non mémorisé par l’utilisateur
G06F 21/34 - Authentification de l’utilisateur impliquant l’utilisation de dispositifs externes supplémentaires, p. ex. clés électroniques ou cartes à puce intelligentes
G06F 21/35 - Authentification de l’utilisateur impliquant l’utilisation de dispositifs externes supplémentaires, p. ex. clés électroniques ou cartes à puce intelligentes communiquant sans fils
G06F 21/44 - Authentification de programme ou de dispositif
12.
Method and system for managing the providing of different classes of wireless communications services from different mobile networks
A platform in a wireless public land mobile network environment associates a mobile device's unique identifier with a provider of services to the mobile device as well as with the device's anchor network. When the mobile device wirelessly accesses services from a local wireless network while roaming outside of its anchor network's wireless coverage via an APN of the local network, the platform receives electronic data session transaction information records from the local network and replaces the mobile device's unique identifier with a pseudo/replacement unique device identifier that is associated in the platform with the local network and returns the transaction record to the local network instead of to the anchor network.
A computer device, having at least two long-range wireless profiles and coupled with a communication bus of a vehicle, receives a notice that a vehicle-centric download for the computer device, or for a vehicle device coupled to the communication bus, is pending from a remote server. The vehicle computer device determines the size and security requirement associated with the pending download, and a current operational state of the vehicle. If the size or security requirement is low, a consumer-centric profile may be used for the download even if the vehicle is currently being used. If the download file size is large or requires very high security, or if a user is currently using the computer device according to the consumer-centric profile, the computer device may schedule the download to occur after receiving a trigger event occurrence message.
A computer device associated with a vehicle pairs during an initial/setup pairing process with a UE device according to a wireless protocol. The devices exchange and store cryptographic information during pairing. Later, either device may detect/discover that the other is currently in its presence. Presence discovery may trigger the vehicle device to generate and broadcast an operational request message based on the cryptographic information, such as a public key of the UE, stored in the vehicle device. The UE receives the request, and transmits in response a vehicle operation permission message that it generates based on user input and cryptographic information, such as a public key of the vehicle device, stored by the UE during initial/setup pairing. The operational request message may be transmitted as an audio signal and received by a microphone of the UE. The vehicle device receives the permission message and generates an operation instruction based thereon.
B60R 25/24 - Moyens pour enclencher ou arrêter le système antivol par des éléments d’identification électroniques comportant un code non mémorisé par l’utilisateur
G07C 9/00 - Enregistrement de l’entrée ou de la sortie d'une entité isolée
G07C 9/28 - Enregistrement de l’entrée ou de la sortie d'une entité isolée comportant l’utilisation d’un laissez-passer le laissez-passer permettant le repérage ou signalant la présence
15.
Method and system for for low power internetwork communication with machine devices
A wireless mobile device (“UE”) operating in a battery-conserving low-power state processes incoming signaling or data in a received message to determine whether to act further on information in the message by enabling additional processing capability in the UE. A server may generate awaken information derived from a stored secret value that only the UE device and a server that manages the UE can obtain. The awaken information may also be based on a shared value shared between the server and the UE. The UE may separately derive the awaken information and may exit a low power state when awaken information received from the server in an awaken message in a first protocol matches the separately derived awaken information. The server may transmit a fall-back second awaken message in a different protocol than the first protocol if no confirmation is received that the UE received the first awaken message.
G06F 21/81 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur en agissant sur l’alimentation, p. ex. en branchant ou en débranchant l’alimentation, les fonctions de mise en veille ou de reprise
G06F 1/3209 - Surveillance d’une activité à distance, p. ex. au travers de lignes téléphoniques ou de connexions réseau
G06F 1/3246 - Économie d’énergie caractérisée par l'action entreprise par mise hors tension initiée par logiciel
H04W 88/06 - Dispositifs terminaux adapté au fonctionnement dans des réseaux multiples, p. ex. terminaux multi-mode
16.
Method and system for providing telematics services to a machine device
A vehicle processing device authenticates that an authorized user has requested an action by the vehicle, and generates an authentication acknowledgement message. At least two security devices being present within the cabin of, or close to, the vehicle during a predetermined period following an authentication trigger event that occurs while the user performs a predetermined sequence of authentication activities (i.e., button presses, operating the vehicle or a part of it, etc.) provides a basis for the authentication acknowledgement message. Typically, information unique to each security device has been associated with the vehicle at a service provider's server. The authentication acknowledgement may include an activation code that results from processing the information, unique to each security device, received from the security devices and other random information, such as date. A service provider's server, or a user device, provides services to, or can access, respectively, the vehicle upon receiving the authentication acknowledgement.
H04L 29/08 - Procédure de commande de la transmission, p.ex. procédure de commande du niveau de la liaison
B60R 25/24 - Moyens pour enclencher ou arrêter le système antivol par des éléments d’identification électroniques comportant un code non mémorisé par l’utilisateur
G06F 21/34 - Authentification de l’utilisateur impliquant l’utilisation de dispositifs externes supplémentaires, p. ex. clés électroniques ou cartes à puce intelligentes
G06F 21/35 - Authentification de l’utilisateur impliquant l’utilisation de dispositifs externes supplémentaires, p. ex. clés électroniques ou cartes à puce intelligentes communiquant sans fils
G06F 21/44 - Authentification de programme ou de dispositif
H04W 4/80 - Services utilisant la communication de courte portée, p. ex. la communication en champ proche, l'identification par radiofréquence ou la communication à faible consommation d’énergie
H04W 4/021 - Services concernant des domaines particuliers, p. ex. services de points d’intérêt, services sur place ou géorepères
H04W 4/40 - Services spécialement adaptés à des environnements, à des situations ou à des fins spécifiques pour les véhicules, p. ex. communication véhicule-piétons
17.
Method and system for low power internetwork communication with machine devices
A wireless mobile device in a public communication network receives network-initiated signaling or messaging, while operating in a battery-conserving mode, or modes that, keep(s) minimal baseband processing functions awake. The baseband processing functions process incoming signaling or data in a received message to determine whether to act further on information in the incoming message by enabling additional processing capability in the mobile device. The mobile device may have permanent template criteria values, either coded in firmware or implemented in hardware, or temporary template criteria values, stored in RAM or processor registers, that are compared to values of an incoming message or datagram from the mobile network to determine whether to perform additional actions, such as awakening an application processor. Multiple templates may co-exist to allow different incoming datagrams to cause the device to take some additional action, respond, or even ignore information in an incoming datagram or message.
G06F 1/3209 - Surveillance d’une activité à distance, p. ex. au travers de lignes téléphoniques ou de connexions réseau
G06F 1/3246 - Économie d’énergie caractérisée par l'action entreprise par mise hors tension initiée par logiciel
G06F 1/3237 - Économie d’énergie caractérisée par l'action entreprise par désactivation de la génération ou de la distribution du signal d’horloge
G06F 1/3287 - Économie d’énergie caractérisée par l'action entreprise par la mise hors tension d’une unité fonctionnelle individuelle dans un ordinateur
18.
METHOD AND SYSTEM FOR MANAGING THE PROVIDING OF DIFFERENT CLASSES OF WIRELESS COMMUNICATIONS SERVICES FROM DIFFERENT MOBILE NETWORKS
A platform in a wireless public land mobile network environment associates a mobile device's unique identifier with a provider of services to the mobile device as well as with the device's anchor network. When the mobile device wirelessly accesses services from a local wireless network while roaming outside of its anchor network's wireless coverage via an APN of the local network, the platform receives electronic data session transaction information records from the local network and replaces the mobile device's unique identifier with a pseudo/replacement unique device identifier that is associated in the platform with the local network and returns the transaction record to the local network instead of to the anchor network.
G06F 15/173 - Communication entre processeurs utilisant un réseau d'interconnexion, p. ex. matriciel, de réarrangement, pyramidal, en étoile ou ramifié
A platform in a wireless public land mobile network environment associates a mobile device's unique identifier with a provider of services to the mobile device as well as with the device's anchor network. When the mobile device wirelessly accesses services from a local wireless network while roaming outside of its anchor network's wireless coverage via an APN of the local network, the platform receives electronic data session transaction information records from the local network and replaces the mobile device's unique identifier with a pseudo/replacement unique device identifier that is associated in the platform with the local network and returns the transaction record to the local network instead of to the anchor network.
A network platform manages the provisioning of a UE with a dominant identity profile and a recessive identity profile. The dominant profile is associated with a user's existing wireless data plan and the recessive profile corresponds to a data plan of a provider of device, or machine-to-machine, services to the UE. The UE uses the two profiles to transmit separate data contexts on separate respective bearers. When managing two separate bearers, the UE always uses the dominant profile first for managing a handoff to a stronger cell. The UE reports that the new cell that now serves the dominant context is the only cell that has enough strength to support the recessive context, even if other cells near the UE have signals strong enough. This necessarily causes the recessive context to always be handed off to the same cell to which the dominant context has already been handed off.
A network platform manages the provisioning of a UE with a dominant identity profile and a recessive identity profile. The dominant profile is associated with a user's existing wireless data plan and the recessive profile corresponds to a data plan of a provider of device, or machine-to-machine, services to the UE. The UE uses the two profiles to transmit separate data contexts on separate respective bearers. When managing two separate bearers, the UE always uses the dominant profile first for managing a handoff to a stronger cell. The UE reports that the new cell that now serves the dominant context is the only cell that has enough strength to support the recessive context, even if other cells near the UE have signals strong enough. This necessarily causes the recessive context to always be handed off to the same cell to which the dominant context has already been handed off.
Pre Shared Keys (“PSK”) for application and data session security are generated using application authentication secret values stored in a SIM device/card. The SIM internally uses the secret values as inputs to a security algorithm engine, but the secret values are not accessible outside of the SIM. The application authentication secret values cannot be used to authenticate the SIM, or a device that includes the SIM, to a communication network. Rather, symmetric keys and keying material are generated for use by applications outside of the standard and conventional wireless networking uses of a SIM device. Updated PSKs are generated at different network endpoints such that the PSKs are generated individually and separately at the endpoints; the ‘preshared’ keys are not actually shared. Thus, a client endpoint and a server endpoint, or an endpoint associated with the server, independently generate the same PSK without the PSK being transmitted between the endpoints.
H04L 9/22 - Séquence de clé pseudo-aléatoire combinée élément par élément avec la séquence de données avec un générateur de séquence pseudo-aléatoire particulier
H04W 4/60 - Services basés sur un abonnement qui utilisent des serveurs d’applications ou de supports d’enregistrement, p. ex. boîtes à outils d’application SIM
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
23.
Method and system for managing security keys for user and M2M devices in a wireless communication network environment
Pre Shared Keys (“PSK”) for application and data session security are generated using application authentication secret values stored in a SIM device/card. The SIM internally uses the secret values as inputs to a security algorithm engine, but the secret values are not accessible outside of the SIM. The application authentication secret values cannot be used to authenticate the SIM, or a device that includes the SIM, to a communication network. Rather, symmetric keys and keying material are generated for use by applications outside of the standard and conventional wireless networking uses of a SIM device. Updated PSKs are generated at different network endpoints such that the PSKs are generated individually and separately at the endpoints; the ‘preshared’ keys are not actually shared. Thus, a client endpoint and a server endpoint, or an endpoint associated with the server, independently generate the same PSK without the PSK being transmitted between the endpoints.
H04W 4/70 - Services pour la communication de machine à machine ou la communication de type machine
H04W 4/60 - Services basés sur un abonnement qui utilisent des serveurs d’applications ou de supports d’enregistrement, p. ex. boîtes à outils d’application SIM
H04L 9/22 - Séquence de clé pseudo-aléatoire combinée élément par élément avec la séquence de données avec un générateur de séquence pseudo-aléatoire particulier
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
H04W 12/04 - Gestion des clés, p. ex. par architecture d’amorçage générique [GBA]
A vehicle processing device authenticates that an authorized user has requested an action by the vehicle, and generates an authentication acknowledgement message. At least two security devices being present within the cabin of, or close to, the vehicle during a predetermined period following an authentication trigger event that occurs while the user performs a predetermined sequence of authentication activities (i.e., button presses, operating the vehicle or a part of it, etc.) provides a basis for the authentication acknowledgement message. Typically, information unique to each security device has been associated with the vehicle at a service provider's server. The authentication acknowledgement may include an activation code that results from processing the information, unique to each security device, received from the security devices and other random information, such as date. A service provider's server, or a user device, provides services to, or can access, respectively, the vehicle upon receiving the authentication acknowledgement.
H04L 29/08 - Procédure de commande de la transmission, p.ex. procédure de commande du niveau de la liaison
B60R 25/24 - Moyens pour enclencher ou arrêter le système antivol par des éléments d’identification électroniques comportant un code non mémorisé par l’utilisateur
G06F 21/34 - Authentification de l’utilisateur impliquant l’utilisation de dispositifs externes supplémentaires, p. ex. clés électroniques ou cartes à puce intelligentes
G06F 21/35 - Authentification de l’utilisateur impliquant l’utilisation de dispositifs externes supplémentaires, p. ex. clés électroniques ou cartes à puce intelligentes communiquant sans fils
G06F 21/44 - Authentification de programme ou de dispositif
H04W 4/80 - Services utilisant la communication de courte portée, p. ex. la communication en champ proche, l'identification par radiofréquence ou la communication à faible consommation d’énergie
25.
METHOD AND SYSTEM FOR INTERNETWORK COMMUNICATION WITH MACHINE DEVICES
A device of a public communication network initiates an action at a destination UE device of a private communication network by transmitting an action request message to a translating device that has a network/logical connection to both networks. The action request message contains security credentials of the initiating device, but does not contain a network address of the destination UE device. The translating device uses the security credentials of the initiating device contained in the action request message to determine a network address of the private network corresponding to the desired destination UE. The security credentials may also be used to establish a secure connection from the initiating device. The translating device forwards the action request message to the desired destination device at the address associated with the initiator-device security credentials that it received in the action request message. The translating device may be a publish-subscribe broker.
G06F 15/16 - Associations de plusieurs calculateurs numériques comportant chacun au moins une unité arithmétique, une unité programme et un registre, p. ex. pour le traitement simultané de plusieurs programmes
G06F 15/173 - Communication entre processeurs utilisant un réseau d'interconnexion, p. ex. matriciel, de réarrangement, pyramidal, en étoile ou ramifié
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
26.
Method and system for internetwork communication with machine devices
A device of a public communication network initiates an action at a destination UE device of a private communication network by transmitting an action request message to a translating device that has a network/logical connection to both networks. The action request message contains security credentials of the initiating device, but does not contain a network address of the destination UE device. The translating device uses the security credentials of the initiating device contained in the action request message to determine a network address of the private network corresponding to the desired destination UE device. The security credentials may also be used to establish a secure connection from the initiating device. The translating device forwards the action request message to the desired destination device at the address associated with the initiator-device security credentials that it received in the action request message. The translating device may be a publish-subscribe broker.
A vehicle processing device authenticates that an authorized user has requested an action by the vehicle, and generates an authentication acknowledgement message. At least two security devices being present within the cabin of, or close to, the vehicle during a predetermined period following an authentication trigger event that occurs while the user performs a predetermined sequence of authentication activities (i.e., button presses, operating the vehicle or a part of it, etc.) provides a basis for the authentication acknowledgement message. Typically, information unique to each security device has been associated with the vehicle at a service provider's server. The authentication acknowledgement may include an activation code that results from processing the information, unique to each security device, received from the security devices and other random information, such as date. A service provider's server, or a user device, provides services to, or can access, respectively, the vehicle upon receiving the authentication acknowledgement.
G06F 21/35 - Authentification de l’utilisateur impliquant l’utilisation de dispositifs externes supplémentaires, p. ex. clés électroniques ou cartes à puce intelligentes communiquant sans fils
G06F 21/43 - Authentification de l’utilisateur par des canaux séparés pour les données de sécurité par des canaux sans fil
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p. ex. par clés ou règles de contrôle de l’accès
28.
Method and system for securely and automatically obtaining services from a machine device services server
A vehicle processing device authenticates that an authorized user has requested an action by the vehicle, and generates an authentication acknowledgement message. At least two security devices being present within the cabin of, or close to, the vehicle during a predetermined period following an authentication trigger event that occurs while the user performs a predetermined sequence of authentication activities (i.e., button presses, operating the vehicle or a part of it, etc.) provides a basis for the authentication acknowledgement message. Typically, information unique to each security device has been associated with the vehicle at a service provider's server. The authentication acknowledgement may include an activation code that results from processing the information, unique to each security device, received from the security devices and other random information, such as date. A service provider's server, or a user device, provides services to, or can access, respectively, the vehicle upon receiving the authentication acknowledgement.
H04L 29/08 - Procédure de commande de la transmission, p.ex. procédure de commande du niveau de la liaison
B60R 25/24 - Moyens pour enclencher ou arrêter le système antivol par des éléments d’identification électroniques comportant un code non mémorisé par l’utilisateur
G06F 21/34 - Authentification de l’utilisateur impliquant l’utilisation de dispositifs externes supplémentaires, p. ex. clés électroniques ou cartes à puce intelligentes
G06F 21/35 - Authentification de l’utilisateur impliquant l’utilisation de dispositifs externes supplémentaires, p. ex. clés électroniques ou cartes à puce intelligentes communiquant sans fils
G06F 21/44 - Authentification de programme ou de dispositif
brevets
