Secure sharing of personal devices among different users

US 20030065947A1
Filed: 10/01/2001
Published: 04/03/2003
Est. Priority Date: 10/01/2001
Status: Active Grant

First Claim

Patent Images

1. A method of securely sharing personal devices among different users, the method comprising:

a) registering a first personal device utilized by a first primary user with a first registry server;

b) registering a second personal device utilized by a second primary user with a second registry server;

c) launching an application on the first personal device by the first primary user; and

d) facilitating secure migration of the application from the first personal device to the second personal device as a function of security information contained in the first and second registry servers.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A registry architecture for securely sharing personal devices among different users is disclosed. The registry architecture is a distributed architecture that includes at least one registry server communicating over a network with at least one personal device. The architecture provides verification and authorization of users and applications on personal devices registered with the registry server. In addition, secure migration of applications between a first personal device and at least one second personal device may be performed as a function of the registry architecture. Further, the ability to securely share a personal device among different users is provided by identification of potential users of the personal device within the registry architecture.

139 Citations

50 Claims

1. A method of securely sharing personal devices among different users, the method comprising:
- a) registering a first personal device utilized by a first primary user with a first registry server;
  
  b) registering a second personal device utilized by a second primary user with a second registry server;
  
  c) launching an application on the first personal device by the first primary user; and
  
  d) facilitating secure migration of the application from the first personal device to the second personal device as a function of security information contained in the first and second registry servers.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein c) comprises temporarily storing application-related information in a database within the first registry server while the application is running.
  - 3. The method of claim 1, wherein a) and b) comprise identifying at least one privilege level and at least one member within the at least one privilege level.
  - 4. The method of claim 3, wherein a) and b) further comprises entering a member identity, a member linking address to a member'"'"'s registry server and a member public key for the member'"'"'s registry server.
  - 5. The method of claim 1, wherein a) and b) comprise storing the security information locally on the first and second personal devices.
  - 6. The method of claim 5, wherein d) comprises performing the migration with the security information stored in at least one of the first and second personal devices when at least one of the first and second registry servers are unavailable.
  - 7. The method of claim 5, comprising updating the security information stored locally with the security information contained in a database on the first and second registry servers.
  - 8. The method of claim 1, further comprising d) registering a third personal device utilized by a third primary user with a third registry server, wherein the first and third personal devices form a peer group.
  - 9. The method of claim 8, wherein resource capabilities of the second personal device are insufficient to operate the entirety of the application and c) further comprises:
    - multicasting a user name among the peer group;
      
      identifying the privilege level of the first primary user to utilize the third personal device; and
      
      migrating a first portion of the application to the second personal device and a second portion of the application to the third personal device.
  - 10. The method of claim 1, wherein c) comprises:
    - downloading the application; and
      
      verifying a digital signature prior to launching the application.

11. A method of securely migrating an application operating on a first personal device to a second personal device, the method comprising:
- a) initiating the migration;
  
  b) transmitting to the second personal device a list of personal devices associated with a user of the first personal device;
  
  c) authenticating the user with login information entered with a third personal device identified in the list;
  
  d) transmitting authentication approval to the second personal device; and
  
  e) migrating the application from the first personal device to the second personal device.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The method of claim 11, wherein d) comprises:
    - transmitting a privilege level and resource capability of the second personal device to the first personal device; and
      
      confirming the privilege level and resource capability of the second personal device with the first personal device.
  - 13. The method of claim 11, wherein b) comprises:
    - identifying at least one personal device in the list that is specified for entry of login information; and
      
      broadcasting a message to the at least one personal device.
  - 14. The method of claim 11, wherein b) comprises:
    - selecting the third personal device from the list;
      
      transmitting application-related information to the third personal device; and
      
      verifying the application is the same as the application operating on the first personal device as a function of the application-related information.
  - 15. The method of claim 11, wherein d) comprises transmitting a session universal identification to the second personal device.
  - 16. The method of claim 15, further comprising comparing a stored session universal identification with the transmitted session universal identification to verify the application.
  - 17. The method of claim 11, wherein a) comprises transmitting application-related information and a user name from the first personal device to the second personal device.
  - 18. The method of claim 11, wherein a) comprises transmitting at least one of a session universal identification for the application, the name of the application, an application password and a user name from the first personal device to the second personal device.

19. A method of securely migrating an application operating on a first personal device to a second personal device, the method comprising:
- a) transmitting application-related information and a user name from a first personal device to a second personal device;
  
  b) authenticating the first personal device and the application with the second personal device as a function of a registry server;
  
  c) transmitting a privilege level and resource capability of the second personal device to the first personal device;
  
  d) confirming the privilege level and resource capability of the second personal device with the first personal device; and
  
  e) migrating the application from the first personal device to the second personal device.
- View Dependent Claims (20, 21, 22, 23, 24, 25)
- - 20. The method of claim 19, wherein b) comprises:
    - transmitting the user name and application-related information to a third personal device;
      
      entering login information with the third personal device; and
      
      transmitting the login information, the user name and the application-related information to the registry server for authentication.
  - 21. The method of claim 20, further comprising transmitting a migration approval message from the registry server to the second personal device.
  - 22. The method of claim 19, wherein the registry server comprises a group registry server and a subgroup registry server, the subgroup registry server comprising a list of personal devices utilized by a primary user of the first personal device, wherein b) comprises:
    - requesting the list from the group registry server;
      
      multicasting a user name of the primary user to the subgroup registry server;
      
      transmitting the list from the subgroup registry server to the group registry server; and
      
      transmitting the list to the second personal device.
  - 23. The method of claim 22, further comprising transmitting a linking address of the second personal device to the subgroup registry server.
  - 24. The method of claim 22, further comprising transmitting a linking address of the subgroup registry server to the second personal device.
  - 25. The method of claim 19, wherein the registry server comprises at least one of a personal registry server and an organizational registry server.

26. A method of authentication and authorization of an application and a user desiring to migrate the application, the method comprising:
- a) registering a first and second personal device with a registry server;
  
  b) the user launching an application on the first personal device;
  
  c) receiving application-related information from the first personal device at the registry server;
  
  d) enabling the second personal device as a function of the application-related information to receive login information from the user;
  
  e) transmitting to the registry server at least one of the login information and the application-related information; and
  
  f) authenticating the user and the application with the registry server as a function of at least one of the login information and the application-related information to approve the migration.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 27. The method of claim 26, wherein the registry server comprises a database and a) comprises storing a personal device name, a personal device public key and a personal device capability description for each of the first and second personal devices in the database.
  - 28. The method of claim 26, wherein a) comprises storing a linking address of the registry server and a public key of the registry server on the first and second personal devices.
  - 29. The method of claim 26, wherein a) comprises contacting the registry server with the first and second personal devices to transfer registration information therebetween.
  - 30. The method of claim 26, wherein a) comprises establishing privilege levels for potential users, the privilege levels comprising a linking address to a potential user'"'"'s registry server.
  - 31. The method of claim 26, wherein b) comprises encrypting the application-related information with a first personal device private key.
  - 32. The method of claim 26, wherein c) comprises:
    - decrypting the application-related information with a first personal device public key.
  - 33. The method of claim 26, wherein d) comprises:
    - encrypting the application-related information with a registry server private key; and
      
      transmitting the application-related information to the second personal device.
  - 34. The method of claim 26, wherein c) comprises selectively multicasting the application-related information to at least one additional personal device identified in a primary user list.
  - 35. The method of claim 26, further comprising:
    - f) receiving a shutdown message at the registry server;
      
      g) removing the application-related information from the registry server;
      
      h) instructing the second personal device to remove the application-related information; and
      
      i) transmitting a shutdown ok message to the first personal device.

36. A system for sharing personal devices among different users, the system comprising:
- a first personal device and a second personal device;
  
  at least one registry server in communication with the first and second personal devices, the registry server comprising a database, the database comprising security information for at least one of the first and second personal devices, wherein the registry server is operable to authorize execution and secure migration of an application between the first personal device and the second personal device.
- View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50)
- - 37. The system of claim 36, wherein the security information comprises a personal device name, a personal device public key, a personal device capabilities description and at least one privilege level.
  - 38. The system of claim 37, wherein the at least one privilege level comprises at least one member, a linking address to the member'"'"'s registry server and a public key for the member'"'"'s registry server.
  - 39. The system of claim 37, wherein the security information further comprises a primary user list of personal devices, the registry server operable to communicate with personal devices on the primary user list to receive login information.
  - 40. The system of claim 36, wherein the registry server is a personal registry server operable as a register of a personal device owned by an individual owner.
  - 41. The system of claim 36, wherein the registry server is an organizational registry server operable as a register of a personal device owned by an organization.
  - 42. The system of claim 36, wherein the registry server comprises a group registry server and at least one subgroup registry server.
  - 43. The system of claim 42, wherein the security information within the database of the group registry server comprises a subgroup identifier, a linking address to the at least one subgroup registry server and a public key for the at least one subgroup registry server.
  - 44. The system of claim 36, wherein the first personal device is operable to transmit application-related information to the registry server for an application launched on the first personal device, the application-related information comprising a session universal identification for the application, an application name and an application password.
  - 45. The system of claim 44, wherein the first personal device is operable to temporarily store the application-related information while the application is running.
  - 46. The system of claim 44, wherein the registry server is operable to temporarily store the application-related information while the application is running.
  - 47. The system of claim 36, further comprising a third personal device in communication with the registry server and the first and second personal device, the third personal device operable to communicate login information to the registry server for authentication of a user by the registry server.
  - 48. The system of claim 47, wherein the third personal device is operable to communicate an application password, a session universal identification for the application and an application name to the registry server for authentication of the application by the registry server.
  - 49. The system of claim 36, wherein the registry server comprises a first registry server and a second registry server, the first personal device registered within the database of the first registry server and the second personal device registered within the database of the second registry server, the database of the first and second registry servers comprising a linking address operable to provide communication between the first and second registry servers.
  - 50. The system of claim 36, wherein communication between the first and second personal devices and the registry server is over a network, the network comprising at least one of wireless and wireline communication systems.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NTT Docomo Incorporated (Nippon Telegraph and Telephone Corporation)
Original Assignee
NTT Docomo Incorporated (Nippon Telegraph and Telephone Corporation)
Inventors
Song, Yu, Kurakake, Shoji, Chu, Hao-Hua

Granted Patent

US 7,143,443 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 63/04 for providing a confidentia...

H04L 63/08 for authentication of entit...

Secure sharing of personal devices among different users

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

139 Citations

50 Claims

Specification

Solutions

Use Cases

Quick Links

Secure sharing of personal devices among different users

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

139 Citations

50 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links