Wireless key management for authentication

US 10,142,843 B2
Filed: 02/27/2017
Issued: 11/27/2018
Est. Priority Date: 07/30/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

transmitting, by a mobile device, an encrypted user profile to a locking device, the encrypted user profile including a user key and encrypted by a server using a lock key;

decrypting, by the locking device, the encrypted user profile using the lock key to generate a decrypted user profile and obtain the user key from the decrypted user profile, wherein the lock key is pre-stored on the locking device;

generating, by the mobile device, an encrypted command using the user key;

transmitting, by the mobile device, the encrypted command to the locking device;

decrypting, by the locking device, the encrypted command received from the mobile device using the user key that was obtained from decrypting the encrypted user profile to generate a decrypted command; and

initiating, by the locking device, an action of the locking device as specified by the decrypted command.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are methods, and devices for wireless key management for authentication. One method includes receiving a lock identifier from a locking device; determining that the lock identifier is associated with a user profile, wherein a user profile is authenticated and encrypted by a server using a lock key that is stored by the server and the locking device, and wherein the user profile comprises a user key; transmitting the user profile; decrypting the user profile using the lock key; transmitting a security code; generating an encrypted command comprising the security code and encrypted using the user key; transmitting the command; validating the command. Validating the command can include decrypting using the user key; determining whether the security code is valid; and authenticating using the user key; and initiating, in response to validating, an action of the locking device as specified by the command.

130 Citations

22 Claims

1. A method comprising:
- transmitting, by a mobile device, an encrypted user profile to a locking device, the encrypted user profile including a user key and encrypted by a server using a lock key;
  
  decrypting, by the locking device, the encrypted user profile using the lock key to generate a decrypted user profile and obtain the user key from the decrypted user profile, wherein the lock key is pre-stored on the locking device;
  
  generating, by the mobile device, an encrypted command using the user key;
  
  transmitting, by the mobile device, the encrypted command to the locking device;
  
  decrypting, by the locking device, the encrypted command received from the mobile device using the user key that was obtained from decrypting the encrypted user profile to generate a decrypted command; and
  
  initiating, by the locking device, an action of the locking device as specified by the decrypted command.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising:
    - transmitting, by the locking device, a security code to the mobile device;
      
      generating, by the mobile device, the encrypted command using the user key and the security code;
      
      validating, by the locking device, at least one of the encrypted command or the decrypted command using the security code; and
      
      initiating the action in response to validating the at least one of the encrypted command or the decrypted command.
  - 3. The method of claim 2, wherein the action of the locking device initiated in response to validating the encrypted command comprises activating a physical locking component of the locking device.
  - 4. The method of claim 2, wherein the security code is a sequence number.
  - 5. The method of claim 2, wherein the security code is valid for at least one of a predetermined amount of time after a first use of the security code, a predetermined number of commands involving the security code, a predetermined number of transactions involving the security code, or a predetermined number of communication sessions involving the security code.
  - 6. The method of claim 2, wherein validating the encrypted command further comprises determining whether the action is allowed per user profile permissions.
  - 7. The method of claim 2, further comprising transmitting, by the mobile device, a timestamp of the mobile device, wherein validating the encrypted command from the mobile device further comprises verifying the timestamp by comparing the timestamp to a time maintained by the locking device.
  - 8. The method of claim 7, further comprising at least one of:
    - comparing, by the locking device, the time maintained by the locking device to an access schedule of the decrypted user profile, wherein the access schedule specifies a time when the mobile device can access the locking device;
      
      ordetermining, by the locking device, whether the mobile device is a trusted device by comparing the timestamp to the time maintained by the locking device.
  - 9. The method of claim 1, further comprising:
    - receiving, at the mobile device, a lock identifier from the locking device, the lock identifier associated with the locking device; and
      
      determining, by the mobile device, that the lock identifier is associated with the encrypted user profile on the mobile device by comparing the lock identifier to one or more lock identifiers on the mobile device.
  - 10. The method of claim 9, further comprising:
    - waking the locking device from a sleep function; and
      
      broadcasting, by the locking device, the lock identifier in response to waking from the sleep function.
  - 11. The method of claim 1, further comprising:
    - transmitting, by the mobile device, the encrypted command to the locking device and a timestamp of the mobile device;
      
      comparing, by the locking device, at least one of the timestamp or the time maintained by the locking device to an access schedule of the decrypted user profile, wherein the access schedule specifies a time when the mobile device can access the locking device; and
      
      initiating, by the locking device, an action of the locking device as specified by the decrypted command in response to determining the comparison of the at least one of the timestamp or the time maintained by the locking device indicates the mobile device is currently allowed to access the locking device.
  - 12. The method of claim 1, further comprising:
    - transmitting, by the mobile device, the encrypted command to the locking device and a timestamp of the mobile device;
      
      validating, by the locking device, the encrypted command received from the mobile device or the decrypted command by comparing the timestamp to a time maintained by the locking device to determine whether the mobile device is a trusted device; and
      
      initiating, by the locking device, an action of the locking device as specified by the decrypted command in response to determining that the mobile device is the trusted device.
  - 13. The method of claim 1, wherein the lock key is pre-stored in the locking device and independent of a user associated with the user profile.

14. An electronic locking device, comprising:
- a wireless transceiver;
  
  a memory;
  
  an electronically controllable locking mechanism; and
  
  a processor configured to;
  
  store a lock key in the memory;
  
  receive, via the wireless transceiver, an encrypted user profile from a mobile device, wherein the encrypted user profile is encrypted by a server that is remote from the mobile device and the electronic locking device with a copy of the lock key;
  
  decrypt the encrypted user profile using the lock key to generate a decrypted user profile and obtain a user key from the decrypted user profile;
  
  receive, via the wireless transceiver, an encrypted command from the mobile device encrypted with the user key;
  
  decrypt the encrypted command using the user key obtained from decrypting the encrypted user profile to generate a decrypted command; and
  
  initiate an action of the electronic locking device as specified by the decrypted command.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The electronic locking device of claim 14, wherein the processor is further configured to:
    - transmit, via the wireless transceiver, a security code to the mobile device;
      
      validate at least one of the encrypted command or the decrypted command using the security code, wherein the encrypted command is generated by the mobile device using the user key and the security code; and
      
      initiate the action in response to validating the at least one of the encrypted command or the decrypted command.
  - 16. The electronic locking device of claim 15, wherein validating the encrypted command comprises verifying a timestamp of the mobile device by comparing the timestamp to a time maintained by the electronic locking device.
  - 17. The electronic locking device of claim 16, wherein the processor is further configured to compare an access schedule of the decrypted user profile to the time maintained by the electronic locking device, wherein the access schedule specifies a time when the mobile device can access the electronic locking device.
  - 18. The electronic locking device of claim 15, wherein the security code is a sequence number.
  - 19. The electronic locking device of claim 15, wherein the security code is valid for at least one of a limited time frame or a limited number of uses.
  - 20. The electronic locking device of claim 14, further comprising a GPS device configured to provide location information based on a location of the electronic locking device, wherein the processor is further configured to transmit, via the wireless transceiver, the location information to the mobile device.

21. A computer-readable storage medium having instructions stored thereon that, upon execution by a processor of a mobile device, cause the processor to:
- transmit an encrypted user profile to a locking device, the encrypted user profile including a user key and encrypted by a server using a lock key;
  
  receive a security code from the locking device in response to the locking device decrypting the encrypted user profile using the lock key to obtain the user key;
  
  generate an encrypted command using the security code received from the locking device and the user key, the encrypted command specifying an action to be performed by the locking device; and
  
  transmit the encrypted command to the locking device, wherein the locking device is configured to decrypt the encrypted command to generate a decrypted command to facilitate performing the action specified by the decrypted command.
- View Dependent Claims (22)
- - 22. The computer-readable storage medium of claim 21, whereinthe locking device is configured to validate at least one of the encrypted command or the decrypted command using the security code, and wherein the locking device is configured to decrypt the encrypted command using the user key obtained by decrypting the encrypted user profile.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Master Lock Company LLC (Fortune Brands Innovations, Inc.)
Original Assignee
Master Lock Company LLC (Fortune Brands Innovations, Inc.)
Inventors
Conrad, Nathan, Zhang, Yi, Stefanovic, Nemanja
Primary Examiner(s)
Rashid, Harunur
Assistant Examiner(s)
Taylor, Sakinah White

Application Number

US15/444,076
Publication Number

US 20170236353A1
Time in Patent Office

638 Days
Field of Search

713185
US Class Current
CPC Class Codes

G07C 2009/00404   starting with prompting the...

G07C 2009/00412   the transmitted data signal...

G07C 9/00309   operated with bidirectional...

G07C 9/00571   operated by interacting wit...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/08   Access security

Wireless key management for authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

130 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Wireless key management for authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

130 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links