최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
DataON 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Edison 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Kafe 바로가기국가/구분 | United States(US) Patent 등록 |
---|---|
국제특허분류(IPC7판) |
|
출원번호 | US-0694445 (2010-01-27) |
등록번호 | US-8391834 (2013-03-05) |
발명자 / 주소 |
|
출원인 / 주소 |
|
인용정보 | 피인용 횟수 : 104 인용 특허 : 204 |
Security techniques for device assisted services are provided. In some embodiments, secure service measurement and/or control execution partition is provided. In some embodiments, implementing a service profile executed at least in part in a secure execution environment of a processor of a communica
Security techniques for device assisted services are provided. In some embodiments, secure service measurement and/or control execution partition is provided. In some embodiments, implementing a service profile executed at least in part in a secure execution environment of a processor of a communications device for assisting control of the communications device use of a service on a wireless network, in which the service profile includes a plurality of service policy settings, and wherein the service profile is associated with a service plan that provides for access to the service on the wireless network; monitoring use of the service based on the service profile; and verifying the use of the service based on the monitored use of the service.
1. A system, comprising: one or more modems for enabling a communications device to communicate over at least a first wireless network and a second wireless network;one or more processors of the communications device configured to: determine that the communications device is connected to the first w
1. A system, comprising: one or more modems for enabling a communications device to communicate over at least a first wireless network and a second wireless network;one or more processors of the communications device configured to: determine that the communications device is connected to the first wireless network;based on the determination that the communications device is connected to the first wireless network, implement a first service profile executed at least in part in a secure execution environment, the first service profile for assisting control of usage by the communications device of a service over the first wireless network, wherein the service profile includes one or more service policy settings, at least one of the one or more service policy settings for assisting in controlling access to the service over the first wireless network; andmonitor an attempted or successful use of the service over the first wireless network; andmemory of the communications device coupled to the one or more processors and configured to provide the one or more processors with instructions. 2. The system recited in claim 1, wherein the one or more processors of the communications device are further configured to send information about the monitored attempted or successful use of the service to a network element, wherein the information comprises service usage information. 3. The system recited in claim 1, wherein the communications device is a mobile communications device or an intermediate networking device, and the service includes one or more Internet based services. 4. The system recited in claim 1, wherein the communications device includes a modem, and at least one of the one or more processors of the communications device is located in the modem. 5. The system recited in claim 1, wherein the communications device is a mobile communications device, and wherein the service includes one or more Internet based services, and wherein the mobile communications device includes one or more of the following: a mobile phone, a personal digital assistant (PDA), an eBook reader, a music device, an entertainment device, a gaming device, a computer, laptop, a netbook, a tablet, and a home networking system. 6. The system recited in claim 1, wherein the first service profile allows for access to the service with service capabilities that are controlled based on one or more of the following: a period of time, a network address, a service type, a content type, an application type, a bandwidth, and a data usage. 7. The system recited in claim 1, wherein the one or more service policy settings include one or more of the following: an access control setting, a traffic control setting, a billing system setting, a user notification setting, a user notification with acknowledgement setting, a user notification with synchronized service usage information setting, a user privacy setting, a user preference setting, an authentication setting, an admission control setting, an application access setting, a content access setting, a transaction setting, a network management communication setting, and a device management communication setting. 8. The system recited in claim 1, wherein the secure execution environment includes a protected device assisted service execution partition. 9. The system recited in claim 1, wherein the secure execution environment includes a protected device assisted service execution partition, and wherein the protected device assisted service execution partition is implemented at least in part as a hardware partition. 10. The system recited in claim 1, wherein the secure execution environment includes a protected device assisted service execution partition, and wherein the protected device assisted service execution partition is implemented at least in part as a software partition. 11. The system recited in claim 1, wherein the secure execution environment includes a protected device assisted service execution partition, and wherein the protected device assisted service execution partition is implemented at least in part in a virtual machine executed on the one or more processors of the communications device. 12. The system recited in claim 1, wherein the secure execution environment includes a protected device assisted service execution partition, and the one or more processors of the communications device are further configured to: execute one or more device assisted service agents in the protected device assisted service execution partition, wherein the one or more device assisted service agents executed in the protected device assisted service execution partition are in communication with a network element. 13. The system recited in claim 1, wherein the secure execution environment includes a protected device assisted service execution partition, and the one or more processors of the communications device are further configured to: execute one or more device assisted service agents in the protected device assisted service execution partition, wherein the one or more device assisted service agents executed in the protected device assisted service execution partition include a device agent for providing a service usage measure. 14. The system recited in claim 1, wherein the secure execution environment includes a protected device assisted service execution partition, and the one or more processors of the communications device are further configured to: execute one or more device assisted service agents in the protected device assisted service execution partition, wherein the one or more device assisted service agents executed in the protected device assisted service execution partition are in secure communication with a network element, and wherein the secure communication with the network element includes encrypted communications. 15. The system recited in claim 1, wherein the communications device includes a modem, and at least one of the one or more processors of the communications device is located in the modem, and wherein the secure execution environment includes a secure modem execution partition that is implemented using a hardware or software partition, and wherein the one or more processors of the communications device are further configured to: execute one or more device assisted service agents in the secure modem execution partition, wherein the device assisted service agents executed in the secure modem execution partition are in communication with a network element. 16. The system recited in claim 1, wherein the communications device includes a modem, and at least one of the one or more processors of the communications device is located in the modem, and wherein the secure execution environment includes a secure modem execution partition that is implemented using a hardware or software partition, and wherein the one or more processors of the communications device are further configured to: execute one or more device assisted service agents in the secure modem execution partition, wherein the device assisted service agents executed in the secure modem execution partition are in secure communication with a network element, and wherein the secure communication with the network element includes encrypted communications. 17. The system recited in claim 1, wherein the communications device includes a modem, and at least one of the one or more processors of the communications device is located in the modem, and wherein the secure execution environment includes a secure modem execution partition that is implemented using a hardware or software partition, and wherein the one or more processors of the communications device are further configured to: execute one or more device assisted service agents in the secure modem execution partition, wherein one or more device assisted service agents executed in the secure modem execution partition include a modem agent for providing service usage measure. 18. The system recited in claim 1, wherein the one or more processors of the communications device are further configured to: execute a first set of one or more device assisted service agents in a kernel execution partition; andexecute a second set of one or more device assisted service agents in the protected device assisted service execution partition, wherein at least one agent of the second set of one or more device assisted service agents is in communication with a network element. 19. The system recited in claim 1, wherein the one or more processors of the communications device are further configured to: execute a first set of one or more device assisted service agents in an application execution partition;execute a second set of one or more device assisted service agents in a kernel execution partition; andexecute a third set of one or more device assisted service agents in the protected device assisted service execution partition, wherein at least one agent of the third set of one or more device assisted service agents is in communication with a network element. 20. The system recited in claim 1, wherein the one or more processors of the communications device are further configured to: execute a first set of one or more device assisted service agents in an application execution partition;execute a second set of one or more device assisted service agents in a kernel execution partition;execute a third set of one or more device assisted service agents in a modem execution partition; andexecute a fourth set of one or more device assisted service agents in the protected device assisted service execution partition, wherein at least one agent of the fourth set of one or more device assisted service agents is in communication with a network element. 21. The system recited in claim 1, wherein the one or more processors of the communications device are further configured to: execute a first set of one or more device assisted service agents in an application execution partition;execute a second set of one or more device assisted service agents in a kernel execution partition;execute a third set of one or more device assisted service agents in a modem execution partition; andexecute a fourth set of one or more device assisted service agents in the protected device assisted service execution partition, wherein at least one agent of the fourth set of one or more device assisted service agents is in communication with a network element, and wherein the fourth set of one or more device assisted service agents comprises one or more of the following: an application identifier agent, an access control integrity agent, a policy control agent, a policy implementation agent, and a service usage measure agent. 22. The system recited in claim 1, wherein the one or more processors of the communications device are further configured to: execute a first set of one or more device assisted service agents in an application execution partition;execute a second set of one or more device assisted service agents in a kernel execution partition;execute a third set of one or more device assisted service agents in a modem execution partition, wherein the modem execution partition is in communication with the protected device assisted execution partition using a modem local channel; andexecute a fourth set of one or more device assisted service agents in the protected device assisted service execution partition, wherein at least one agent of the fourth set of one or more device assisted service agents is in communication with a network element, and wherein the fourth set of one or more device assisted service agents comprises one or more of the following: an application identifier agent, an access control integrity agent, a policy control agent, a policy implementation agent, and a service usage measure agent. 23. The system recited in claim 1, wherein the one or more processors of the communications device are further configured to: execute a first set of one or more device assisted service agents in an application execution partition;execute a second set of one or more device assisted service agents in a kernel execution partition;execute a third set of one or more device assisted service agents in a modem execution partition, wherein the modem execution partition is in communication with the protected device assisted execution partition using a modem local channel, and wherein at least one agent of the third set of one or more device assisted service agents comprises a service usage measure agent; andexecute a fourth set of one or more device assisted service agents in the protected device assisted service execution partition, wherein at least one agent of the fourth set of one or more device assisted service agents is in communication with a network element, and wherein the fourth set of one or more device assisted service agents comprises one or more of the following: an application identifier agent, an access control integrity agent, a policy control agent, a policy implementation agent, and a service usage measure agent. 24. A method, comprising: determining that a communications device capable of connecting to a first wireless network and to a second wireless network is connected to the first wireless network;based on determining that the communications device is connected to the first wireless network, implementing a first service profile executed at least in part in a secure execution environment of the communications device, the first service profile for assisting control of usage by the communications device of a service over the first wireless network, wherein the service profile includes one or more service policy settings for assisting in controlling access to the service over the first wireless network; andmonitoring an attempted or successful use of the service over the first wireless network. 25. A computer program product, the computer program product being embodied in a non-transitory computer readable storage medium and comprising computer instructions for: determining that a communications device capable of connecting to a first wireless network and to a second wireless network is connected to the first wireless network;based on determining that the communications device is connected to the first wireless network, implementing a first service profile executed at least in part in a secure execution environment of the communications device, the first service profile for assisting control of usage by the communications device of a service over the first wireless network, wherein the service profile includes one or more service policy settings for assisting in controlling access to the service over the first wireless network; andmonitoring an attempted or successful use of the service over the first wireless network. 26. The system recited in claim 1, wherein the first wireless network is a roaming network, and wherein assisting control of usage by the communications device of a service over the first wireless network comprises disallowing communications on the roaming network. 27. The system recited in claim 1, wherein the first wireless network is a roaming network, and wherein assisting control of usage by the communications device of a service over the first wireless network comprises restricting at least an aspect of communications on the roaming network. 28. The system recited in claim 1, wherein the first wireless network is a cellular network, and wherein assisting control of usage by the communications device of a service over the first wireless network comprises disallowing communications on the cellular network. 29. The system recited in claim 1, wherein the first wireless network is a cellular network, and wherein assisting control of usage by the communications device of a service over the first wireless network comprises restricting at least an aspect of communications on the cellular network. 30. The system recited in claim 1, wherein the one or more processors are further configured to: determine that the communications device is connected to the second wireless network; andimplement a second service profile, the second service profile for assisting control of usage by the communications device of the service over the second wireless network. 31. The system recited in claim 30, wherein the one or more service policy settings are one or more first service policy settings, and wherein the second service profile comprises one or more second service policy settings. 32. The system recited in claim 30, wherein the one or more processors are configured to implement the second service profile by executing the second service profile at least in part in the secure execution environment. 33. The system recited in claim 1, wherein the one or more processors are further configured to: determine that the communications device is connected to the second wireless network; andrefrain from implementing the first service profile based on the determination that the communications device is connected to the second wireless network. 34. The system recited in claim 1, wherein assisting control of usage by the communications device of a service over the first wireless network comprises assisting in providing the service with an identified quality of service (QOS). 35. The system recited in claim 1, wherein assisting control of usage by the communications device of a service over the first wireless network comprises assisting in disallowing use of the service. 36. The system recited in claim 1, wherein assisting control of usage by the communications device of a service over the first wireless network comprises assisting in restricting use of the service. 37. The system recited in claim 1, wherein assisting control of usage by the communications device of a service over the first wireless network comprises assisting in applying a traffic shaping to the service. 38. The system recited in claim 1, wherein assisting control of usage by the communications device of a service over the first wireless network comprises assisting in controlling a particular service usage activity. 39. The system recited in claim 38, wherein assisting in controlling a particular service usage activity comprises disallowing the particular service usage activity. 40. The system recited in claim 38, wherein assisting in controlling a particular service usage activity comprises restricting the particular service usage activity. 41. The system recited in claim 38, wherein assisting in controlling a particular service usage activity comprises traffic shaping the particular service usage activity. 42. The system recited in claim 38, wherein in controlling a particular service usage activity comprises assisting in providing an identified quality of service (QOS) to the particular service usage activity. 43. The system recited in claim 38, wherein the particular service usage activity comprises communications associated with a particular application. 44. The system recited in claim 38, wherein the particular service usage activity comprises: communications over a roaming network, communications over a cellular network, communications associated with a particular source or destination, communications associated with a particular traffic type, communications associated with a transaction service, communications associated with an advertising service, communications associated with an application type, communications associated with a particular network communication end point, or communications associated with a particular transaction type. 45. The system recited in claim 44, wherein the particular traffic type comprises best-effort traffic, real-time traffic, voice over Internet protocol (VOIP) traffic, live video traffic, streaming traffic, multi-cast traffic, uni-cast traffic, point-to-point traffic, traffic associated with a file type, traffic associated with an application, traffic with a particular priority, traffic without an assigned priority, traffic associated with the first wireless network, or traffic associated with the second wireless network. 46. The system recited in claim 1, wherein at least a portion of the first service profile is based on a user preference. 47. The system recited in claim 46, further comprising a user interface, and wherein the one or more processors are further configured to obtain the user preference through the user interface. 48. The system recited in claim 1, wherein assisting control of usage by the communications device of a service over the first wireless network comprises providing differentiated quality of service (QOS) to two or more service usage activities. 49. The system recited in claim 48, wherein the differentiated QOS is based on an assigned QOS hierarchy. 50. The system recited in claim 48, wherein at least one of the two or more service usage activities comprises: communications over a roaming network, communications over a cellular network, communications associated with a particular source or destination, communications associated with a particular application, communications associated with a particular traffic type, communications associated with a transaction service, communications associated with an advertising service, communications associated with an application type, communications associated with a particular network communication end point, and communications associated with a particular transaction type. 51. The system recited in claim 50, wherein the particular traffic type comprises best-effort traffic, real-time traffic, voice over Internet protocol (VOIP) traffic, live video traffic, streaming traffic, multi-cast traffic, uni-cast traffic, point-to-point traffic, traffic associated with a file type, traffic associated with an application, traffic with a particular priority, traffic without an assigned priority, or traffic associated with a particular network. 52. The system recited in claim 1, wherein the service is associated with a particular quality of service (QOS), and wherein first service profile assists in providing the service with the particular QOS. 53. The system recited in claim 1, wherein the first service profile assists in authorizing the communications device to use the wireless network. 54. The system recited in claim 1, wherein the one or more processors are further configured to obtain at least a portion of the first service profile from the network element. 55. The system recited in claim 1, wherein the one or more processors are further configured to obtain configuration information from a network element, the configuration information for assisting the one or more processors in modifying or allowing modifications to at least one service policy setting of the one or more service policy settings. 56. The system recited in claim 55, wherein the communications device is an intermediate networking device. 57. The system recited in claim 1, wherein the one or more processors are further configured to obtain at least one of the one or more service policy settings from a network element. 58. The system recited in claim 1, wherein the one or more processors are further configured to send information about the monitored attempted or successful use of the service to a network element. 59. The system recited in claim 58, wherein the one or more processors are further configured to obtain a message from the network element, the message confirming receipt of the information about the monitored attempted or successful use of the service. 60. The system recited in claim 58, wherein the information about the monitored attempted or successful use of the service comprises quality of service (QOS) information. 61. The system recited in claim 58, wherein the network element is a quality of service (QOS) control element. 62. The system recited in claim 1, wherein the one or more processors of the communications device are configured to implement the first service profile based on the monitored attempted or successful use of the service over the first wireless network.
Copyright KISTI. All Rights Reserved.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.