Digital credential with embedded authentication instructions
First Claim
Patent Images
1. A method for transmitting a message including credential information, comprising:
- generating credential information at a sender;
creating a first positive assertion that is associated with a first intermediate bearer node between the sender and a receiver of the credential information;
encapsulating the credential information and the positive assertion into a first packet, wherein the encapsulated credential information comprises;
a first credential class comprising a first access rule; and
an authentication device content class that comprises information for authenticating a device and for verifying that the device is authorized to receive and/or forward the encapsulated credential information; and
sending the first packet to the receiver thereby enabling the receiver to trust and utilize the credential information in connection with maintaining security of a door lock, wherein the receiver corresponds to the door lock, wherein the first intermediate bearer node comprises a mobile phone, wherein the first positive assertion requires the mobile phone to provide the credential information to the door lock, wherein the sender creates the first positive assertion, and wherein the sender creates a second positive assertion for a second intermediate bearer node.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems are provided for sending messages in a security system. In particular, a new message syntax can include one or more positive assertions that may be verified. The receiver of the message or credential may verify all the positive assertions. In other configurations, one or more nodes that relay the message from the sender to the receiver can verify the positive assertions or may create one or more of the positive assertions. In this way, the network or entities used to relay the message can also be checked.
57 Citations
14 Claims
-
1. A method for transmitting a message including credential information, comprising:
- generating credential information at a sender;
creating a first positive assertion that is associated with a first intermediate bearer node between the sender and a receiver of the credential information;
encapsulating the credential information and the positive assertion into a first packet, wherein the encapsulated credential information comprises;
a first credential class comprising a first access rule; and
an authentication device content class that comprises information for authenticating a device and for verifying that the device is authorized to receive and/or forward the encapsulated credential information; and
sending the first packet to the receiver thereby enabling the receiver to trust and utilize the credential information in connection with maintaining security of a door lock, wherein the receiver corresponds to the door lock, wherein the first intermediate bearer node comprises a mobile phone, wherein the first positive assertion requires the mobile phone to provide the credential information to the door lock, wherein the sender creates the first positive assertion, and wherein the sender creates a second positive assertion for a second intermediate bearer node. - View Dependent Claims (2, 3, 4, 5, 6)
- generating credential information at a sender;
-
7. A device, comprising:
- a memory;
a processor in communication with the memory, the processor operable to execute one or more modules, the modules comprising;
an encapsulator/de-capsulator operable to;
receive the first message, wherein the first message comprises;
a credential class comprising an access rule that includes a first positive assertion; and
an authentication device content class that comprises information for authenticating and for verifying that the device is authorized to receive and/or forward information contained in the first message;
de-capsulate the first message to read the first positive assertion in the first message;
provide the first positive assertion to a verifier/authenticator;
the verifier/authenticator operable to;
read the first positive assertion;
analyze the authentication device content class; and
based on the first positive assertion and the analysis of the authentication device content class, conduct an operation associated with the first positive assertion to verify the first message, wherein the first message further comprises credential information for a receiver that that is associated with a door lock, wherein if the first message is verified, the credential information is determined to have successfully passed from a reservation system to the door lock and is, therefore, useable by the receiver to control security of the door lock wherein the verifier/authenticator is further operable to create a second positive assertion, wherein the encapsulator/de-capsulator is further operable to receive the second positive assertion from the verifier/authenticator; and
encapsulate the credential information and the second positive assertion into a second message. - View Dependent Claims (8, 9, 10)
- a memory;
-
11. A non-transitory computer readable medium, stored in a memory and read by a processor of a first intermediate bearer node, comprising:
- a first message comprising;
a first encapsulation comprising;
an authentication device content class that comprises information for authenticating and for verifying that a predetermined user'"'"'s mobile device is authorized to receive and/or forward information contained in the first message; and
a first credential class, the first credential class comprising;
a first access rule species including a first positive assertion, the first positive assertion, when read by the processor, causes the processor to conduct a first operation to verify the authenticity of the first message;
a second encapsulation comprising a second credential class, the second credential class comprising;
a second access rule species including a second positive assertion, the second positive assertion directed to a second intermediate bearer node; and
a credential that is useable by a reader associated with a door lock to control security of the door lock as long as the authenticity of the first message is verified, the predetermined user'"'"'s mobile phone was authenticated and verified as authorized to receive and/or forward the information contained in the first message, and the first message is confirmed to have followed a communication path that includes the predetermined user'"'"'s mobile phone and the door lock. - View Dependent Claims (12, 13, 14)
- a first message comprising;
Specification