公开(公告)号：WO2013070769A3

公开(公告)日：2013-08-22

申请号：PCT/US2012063947

申请日：2012-11-07

Applicant: QUALCOMM INC

Inventor： GANTMAN ALEXANDER ,  BALAKRISHNAN ARUN ,  ROSE GREGORY GORDON

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L67/02 ,  H04L63/1433 ,  H04L63/1466 ,  H04L63/1483 ,  H04L63/168

Abstract: To inhibit cross-site forgery attacks, different types/classes of cookies are used. A first cookie and a second cookie are generated by a web server and provided to a client browser during a web session. The first cookie defines a first set of use conditions for when the first cookie is to be used within the web session. The second cookie defines a second set of use conditions for when the second cookie is to be used within the web session. The client browser determines which (if any) of the first cookie or second cookie to send to the web server based on the use conditions defined within each cookie and the operation(s) sought by the client browser. The web server may grant different or the same privileges to operation(s) being sought by the client browser depending on whether the first or second cookie is sent by the client browser.

Abstract translation: 为了抑制跨站点伪造攻击，使用不同类型/类别的cookie。 第一个cookie和第二个cookie由Web服务器生成，并在Web会话期间提供给客户端浏览器。 第一个cookie定义第一组使用条件，用于第一个cookie在网络会话中使用的时间。 第二个cookie定义了第二组使用条件，用于在网络会话内使用第二个cookie的时间。 客户端浏览器基于每个cookie内定义的使用条件和客户端浏览器所寻求的操作来确定要发送到web服务器的第一个cookie或第二个cookie中的哪个（如果有的话）。 取决于第一个或第二个cookie是否由客户端浏览器发送，web服务器可以向客户端浏览器正在寻找的操作授予不同或相同的特权。

公开(公告)号：WO2010045410A3

公开(公告)日：2010-09-16

申请号：PCT/US2009060760

申请日：2009-10-15

Applicant: QUALCOMM INC ,  ROSE GREGORY GORDON ,  GANTMAN ALEXANDER ,  XIAO LU

Inventor： ROSE GREGORY GORDON ,  GANTMAN ALEXANDER ,  XIAO LU

IPC: H04L29/06 ,  G06F21/00 ,  H04W12/08

CPC classification number: H04L63/102 ,  G06F21/6218

Abstract: Disclosed is a method for transitioning access rights, in a remote station with role-based access control, for an unknown role having access rights defined by a central access control management module. In the method, a role capability table is maintained in the remote station specifying centrally-defined access rights of roles that are interpretable in the remote station. An access request associated with an unknown role that is not interpretable in the remote station is received. The access request includes a role transition list that relates the unknown role to other centrally-defined roles. At least one of the other centrally-defined roles is interpretable in the remote station. A role is selected, from the role transition list, that is interpretable in the remote station for interpreting the unknown role of the access request. Access is granted based on the access request associated with the unknown role using the access rights of the interpretable role selected from the role transition table.

Abstract translation: 公开了一种用于在具有基于角色的访问控制的远程站中对具有由中央访问控制管理模块定义的访问权的未知角色转换访问权的方法。 在该方法中，在远程站中维护角色能力表，以指定在远程站中可解释的角色的集中定义的访问权限。 接收到与远程站无法解释的未知角色相关的访问请求。 访问请求包括角色转换列表，该列表将未知角色与其他集中定义的角色相关联。 至少有一个其他集中定义的角色可在远程站中解释。 从角色转换列表中选择一个角色，该角色在远程工作站中是可解释的，用于解释访问请求的未知角色。 根据角色转换表中选择的可解释角色的访问权限，基于与未知角色相关的访问请求授予访问权限。

公开(公告)号：WO2007114866A3

公开(公告)日：2008-01-24

申请号：PCT/US2006061958

申请日：2006-12-12

Applicant: QUALCOMM INC ,  GANTMAN ALEXANDER ,  ROSE GREGORY GORDON

Inventor： GANTMAN ALEXANDER ,  ROSE GREGORY GORDON

IPC: H04L29/06

CPC classification number: H04L63/083 ,  H04L9/0891 ,  H04L9/3226 ,  H04L9/3242 ,  H04L9/3247 ,  H04L63/068 ,  H04L63/105 ,  H04L63/12 ,  H04L2209/80 ,  H04W12/04 ,  H04W12/06 ,  H04W12/10

Abstract: One feature provides a method for granting authenticated access to off-line, limited-resource mobile devices. A public-private key pair is generated by a service provider and the public key is used to digitally sign a username and (possibly) access privileges to obtain a password for technician. The public key is securely distributed to mobile devices. When off-line, a mobile device may authenticate access to restricted functions of the mobile device by a technician. The technician provides its username, access privileges and password to the mobile device. The mobile device then uses the public key, username and access privileges to verify the password. To invalidate an old username and password, the service provider replaces the public-private key pair with a new public-private key pair.

Abstract translation: 一个功能提供了一种授权对离线有限资源移动设备进行身份验证访问的方法。 公钥 - 私钥对由服务提供商生成，公钥用于对用户名进行数字签名，（可能）访问权限以获得技术人员的密码。 公钥安全地分发到移动设备。 当离线时，移动设备可以由技术人员认证对移动设备的受限功能的访问。 技术人员向移动设备提供用户名，访问权限和密码。 然后，移动设备使用公钥，用户名和访问权限来验证密码。 要使旧的用户名和密码无效，服务提供商将使用新的公钥 - 私钥对替换公钥 - 私钥对。

公开(公告)号：WO2007147149A2

公开(公告)日：2007-12-21

申请号：PCT/US2007071399

申请日：2007-06-15

Applicant: QUALCOMM INC ,  GANTMAN ALEXANDER ,  STEENSTRA JACK

Inventor： GANTMAN ALEXANDER ,  STEENSTRA JACK

CPC classification number: G06F3/0664 ,  G06F3/0605 ,  G06F3/067 ,  H04L63/0272 ,  H04L67/08

Abstract: A universal serial bus (USB) device is provided that includes a USB interface that mimics the operation of a typical USB drive. The USB device provides identification information through its USB interface indicating that it is a storage device. In reality, the USB device does not include a USB drive or storage but rather a communication interface, such as a wired or wireless network interface, that allows the USB device to autonomously connect to and/or map a networked drive. This allows the USB device to establish a secure communication link to a remote storage device over the communication interface. Thus, the USB device allows a terminal to transparently connect to a remote network drive via a USB port, while the remote network drive appears as a local USB drive to the terminal.

Abstract translation: 提供通用串行总线（USB）设备，其包括模拟典型USB驱动器操作的USB接口。 USB设备通过其USB接口提供标识信息，指示它是存储设备。 实际上，USB设备不包括USB驱动器或存储器，而是包括诸如有线或无线网络接口的通信接口，其允许USB设备自主地连接到和/或映射网络驱动器。 这允许USB设备通过通信接口建立到远程存储设备的安全通信链路。 因此，USB设备允许终端通过USB端口透明地连接到远程网络驱动器，而远程网络驱动器作为本地USB驱动器出现到终端。

公开(公告)号：WO2007030093A8

公开(公告)日：2007-05-10

申请号：PCT/US2005031157

申请日：2005-09-01

Applicant: QUALCOMM INC ,  STEENSTRA JACK ,  GANTMAN ALEXANDER ,  TAYLOR KIRK STEVEN ,  CHEN LIREN

Inventor： STEENSTRA JACK ,  GANTMAN ALEXANDER ,  TAYLOR KIRK STEVEN ,  CHEN LIREN

IPC: G06Q30/02 ,  H04L12/56 ,  H04L29/08 ,  H04W4/02 ,  H04W8/18 ,  H04W60/00 ,  H04W64/00

CPC classification number: G09F27/00 ,  G01S19/14 ,  G06Q30/0261 ,  G06Q30/0267 ,  G06Q30/0269 ,  H04L67/04 ,  H04L67/16 ,  H04L67/18 ,  H04L67/306 ,  H04W4/02 ,  H04W8/18 ,  H04W60/00 ,  H04W64/00

Abstract: A system and method for providing a location based service to create a social network, comprising activating a feature from a wireless terminal, registering from the wireless terminal with a location based service associated with the feature, creating a profile of a user of the feature, and displaying advertising based on the profile and based on geographic location of the wireless terminal. A Global Positioning System (GPS) may be used to geographically locate active users of a feature and sponsors of advertising. Advertising is displayed based on geographic location

Abstract translation: 一种用于提供基于位置的服务以创建社交网络的系统和方法，包括从无线终端激活特征，从所述无线终端注册与所述特征相关联的基于位置的服务，创建所述特征的用户的简档， 以及基于所述简档和基于所述无线终端的地理位置来显示广告。 全球定位系统（GPS）可用于地理位置定位特征的活跃用户和广告赞助商。 根据地理位置显示广告

公开(公告)号：WO2005012851A3

公开(公告)日：2006-01-05

申请号：PCT/US2004024562

申请日：2004-07-28

Applicant: QUALCOMM INC ,  GANTMAN ALEXANDER ,  ROSE GREGORY G

Inventor： GANTMAN ALEXANDER ,  ROSE GREGORY G

IPC: G01H20060101 ,  G06F11/00 ,  G06F11/07 ,  H04H1/00 ,  H04H20/91 ,  H04H60/25

CPC classification number: H04H60/25 ,  G06F11/0748 ,  G06F11/0793 ,  H04H20/12 ,  H04H20/91

Abstract: An acoustic channel is used for fault diagnosis, repair, and upgrades. Remote diagnosis uses self-test data encoded into sound waves. Repair data and upgrades are also encoded and transmitted as sound waves.

Abstract translation: 声道用于故障诊断，维修和升级。 远程诊断使用自检数据编码成声波。 修复数据和升级也被编码并作为声波传输。

公开(公告)号：WO2014134414A3

公开(公告)日：2014-11-27

申请号：PCT/US2014019333

申请日：2014-02-28

Applicant: QUALCOMM INC

Inventor： GANTMAN ALEXANDER ,  LANSKY DEDY ,  TSFATY YOSSEF

IPC: H04W88/06 ,  H04W76/02 ,  H04W88/08

CPC classification number: H04W76/025 ,  H04W48/20 ,  H04W88/06 ,  H04W88/08

Abstract: Reciprocal wireless connections may be established between a pair of devices to support failover, load balancing, traffic distribution, or other peer-to-peer connectivity features. Each device of a pair of devices may implement both a local wireless access point and a local wireless station to communicate with the other device of the pair of devices. Establishment of a second wireless connection between the pair of devices may be coordinated using a protocol extension of a first wireless connection. A multiplexing (MUX) component may coordinate traffic among the reciprocal wireless connections.

Abstract translation: 可以在一对设备之间建立交互无线连接，以支持故障转移，负载平衡，流量分配或其他对等连接功能。 一对设备的每个设备可以实现本地无线接入点和本地无线站两者以与一对设备中的另一设备进行通信。 可以使用第一无线连接的协议扩展来协调该对设备之间的第二无线连接的建立。 多路复用（MUX）组件可以协调相互无线连接之间的通信。

公开(公告)号：WO2008112812A3

公开(公告)日：2009-06-25

申请号：PCT/US2008056728

申请日：2008-03-12

Applicant: QUALCOMM INC ,  GANTMAN ALEXANDER ,  ROSE GREGORY G

Inventor： GANTMAN ALEXANDER ,  ROSE GREGORY G

IPC: G06F21/00 ,  H04L29/06

CPC classification number: G06F21/36 ,  G06F21/33 ,  G06F2221/2145 ,  G09C5/00 ,  H04L9/0869 ,  H04L63/12 ,  H04L63/1441 ,  H04L63/1483

Abstract: A visual authentication scheme for websites is provided that binds an image to a website (202) so that a user (204) can by visually authenticate whether he/she is viewing an intended/trusted website. An authentication or cryptographic key (associated with a web page) is rendered as a unique key-identifying image or unique sequence of images. This key-identifying image(s) is then displayed to the user. The user associates this key identifying image with the originator or source of the web page so that the user can easily recognize the originator by glancing at the key-identifying image. The association between the key-identifying image and the cryptographic/authentication key (and thereby the source of the web page) can be achieved similarly to brand awareness.

Abstract translation: 提供用于网站的视觉认证方案，其将图像绑定到网站（202），使得用户（204）可以通过视觉认证他/她是否正在查看预期的/可信的网站。 认证或加密密钥（与网页相关联）被呈现为唯一的密钥识别图像或唯一图像序列。 这个密钥识别图像然后显示给用户。 用户将该密钥识别图像与网页的始发者或来源相关联，使得用户可以通过查看密钥识别图像而容易地识别发起者。 密钥识别图像与加密/认证密钥（以及因此网页的来源）之间的关联可以类似于品牌知名度来实现。

公开(公告)号：WO2008131444A3

公开(公告)日：2009-04-23

申请号：PCT/US2008061341

申请日：2008-04-23

Applicant: QUALCOMM INC ,  ROSE GREGORY GORDON ,  GANTMAN ALEXANDER ,  XIAO LU ,  FIGUEROA DAVID

Inventor： ROSE GREGORY GORDON ,  GANTMAN ALEXANDER ,  XIAO LU ,  FIGUEROA DAVID

IPC: G06F7/58

CPC classification number: G06F7/582 ,  G06F7/588 ,  H04L9/0869

Abstract: A secure seeding and reseeding scheme is provided for pseudorandom number generators by using a pre-stored initialization seed. This scheme initializes a pseudorandom number generator into an unknown state even when entropy collection is unavailable. A primary seed file and a shadow seed file are maintained with initialization seed information in a secure file system. If the primary seed file is corrupted, the pseudorandom number generator is seeded with the content of the shadow seed file. Additionally, a trusted timer or clock may be mixed with the pre-stored initialization seed to add entropy even when the pre-stored seed information has been compromised.

Abstract translation: 通过使用预先存储的初始化种子为伪随机数发生器提供安全的种子和再种植方案。 即使熵收集不可用，该方案将伪随机数发生器初始化为未知状态。 在安全文件系统中，使用初始化种子信息维护主种子文件和影子种子文件。 如果主种子文件被破坏，则伪随机数生成器被种子与影子种子文件的内容。 此外，即使预先存储的种子信息已被破坏，可信任的定时器或时钟可以与预先存储的初始化种子混合以添加熵。

公开(公告)号：WO2008112812A2

公开(公告)日：2008-09-18

申请号：PCT/US2008056728

申请日：2008-03-12

Applicant: QUALCOMM INC ,  GANTMAN ALEXANDER ,  ROSE GREGORY G

Inventor： GANTMAN ALEXANDER ,  ROSE GREGORY G

IPC: G06F21/00

CPC classification number: G06F21/36 ,  G06F21/33 ,  G06F2221/2145 ,  G09C5/00 ,  H04L9/0869 ,  H04L63/12 ,  H04L63/1441 ,  H04L63/1483

Abstract: A visual authentication scheme for websites is provided that binds an image to a website so that a user can by visually authenticate whether he/she is viewing an intended/trusted website. An authentication or cryptographic key (associated with a web page) is rendered as a unique key-identifying image or unique sequence of images. This key-identifying image(s) is then displayed to the user. The user associates this key identifying image with the originator or source of the web page so that the user can easily recognize the originator by glancing at the key-identifying image. The association between the key-identifying image and the cryptographic/authentication key (and thereby the source of the web page) can be achieved similarly to brand awareness.

Abstract translation: 提供了一种用于网站的视觉认证方案，其将图像绑定到网站，使得用户可以通过视觉上验证他/她正在查看预期/受信任的网站。 认证或加密密钥（与网页相关联）被呈现为唯一的密钥识别图像或唯一的图像序列。 然后，该密钥识别图像被显示给用户。 用户将该键识别图像与网页的发起者或源相关联，使得用户可以通过扫视键识别图像来容易地识别始发者。 密钥识别图像和加密/认证密钥（从而网页的源）之间的关联可以类似于品牌知名度来实现。