Systems and methods for dynamic authentication using physical keys

US 20060242692A1
Filed: 04/20/2005
Published: 10/26/2006
Est. Priority Date: 04/20/2005
Status: Active Grant

First Claim

Patent Images

1. A method of dynamic authentication comprising the steps of:

determining a first set of associations between groups of users, user devices and at least one physical key;

determining over a first communications channel, a proposed dynamic association between a guest device and the user of a physical key based on the presence of the physical key. determining over a second communication channel, a user confirmation of the proposed dynamic association;

authenticating the guest device based on the dynamic association, the user confirmation, and the first set of associations for access to at least one of;

information and services associated with the user of the user device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A physical key is used to propose an association between a guest device and user information and services. Contact-based or contact-less connectors are used to establish the proposed association between the physical key and the guest device. The proposed association then communicated to the dynamic authentication system over a first communication channel. The dynamic authentication system determines a user confirmation over a second communications channel based on a user device and previously determined associations between users, user devices and the physical key. The guest device is then authenticated for access to information and/or services associated with the user. The information retrieved from and/or transmitted to the user'"'"'s personal information repository is optionally protected using various transformations. Optional session identifiers supported on the physical key and/or the user device, ensure the protected information is inaccessible when the physical key is removed and/or the predetermined association with the user device is deleted.

85 Citations

View as Search Results

43 Claims

1. A method of dynamic authentication comprising the steps of:
- determining a first set of associations between groups of users, user devices and at least one physical key;
  
  determining over a first communications channel, a proposed dynamic association between a guest device and the user of a physical key based on the presence of the physical key. determining over a second communication channel, a user confirmation of the proposed dynamic association;
  
  authenticating the guest device based on the dynamic association, the user confirmation, and the first set of associations for access to at least one of;
  
  information and services associated with the user of the user device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 26, 27, 28, 29, 30, 31, 32, 33, 38, 39, 43)
- - 2. The method of claim 1, in which the first communications channel is provided by the physical key.
  - 3. The method of claim 1, in which the first communications channel is provided by the guest device.
  - 4. The method of claim 1, in which the physical key is further comprised of at least one of:
    - a contact-based connector and a contact-less connector for connecting to the guest device.
  - 5. The method of claim 4, in which the contact-based connector is at least one of:
    - a USB port;
      
      a Memorystick port;
      
      a serial port;
      
      a parallel port;
      
      a Secure Card port;
      
      a compact flash card port;
      
      a smartcard port and a PC card port.
  - 6. The method of claim 4, in which the contact-less connector is at least one of:
    - a Bluetooth connector;
      
      an RFID connector;
      
      a WiFi connector;
      
      a WiMax connector; and
      
      an infra-red connector.
  - 7. The method of claim 1, in which the user information is transformed before transmission to the guest device.
  - 8. The method of claim 7, in which the transformation is at least one of:
    - a copy-protection transformation applying a digital watermark and a steganographic transformation.
  - 9. The method of claim 1, in which the set of operable user devices are guest devices is determined based on an access control list.
  - 10. The method of claim 1, in which the guest device is at least one of:
    - a land-line telephone, a voice-over-ip telephone, a personal digital assistant;
      
      a enabled music player;
      
      a radio-transmitter;
      
      a digital camera;
      
      a video camera;
      
      a personal music player;
      
      a personal video player, a television;
      
      a printer; and
      
      a computer.
  - 26. The method of dynamic authentication according to claim 1, in which authenticating the guest device comprises the steps of:
    - determining the user associated with the physical key;
      
      determining at least one data service associated with the physical key;
      
      authenticating user access to the data service based on the dynamic authentication of the guest device.
  - 27. The method of claim 26, in which the data service is a repository of information contained on a computer.
  - 28. The method of claim 27, in which the computer is at least one of:
    - a portable computer;
      
      a non-portable computer.
  - 29. The method of claim 28, in which the non-portable computer is at least one of:
    - a server;
      
      a corporate server;
      
      an information repository and a digital library.
  - 30. The method of claim 1, in which the user information and services are encrypted and decrypted based on the authentication.
  - 31. The method of claim 30, in which the decryption is temporary.
  - 32. The method of claim 1, in which the user information and services are located in at least one of:
    - the physical key, the guest device, and a remote location.
  - 33. The method of claim 1, in which the first set of associations is modified to change the authentications rights.
  - 38. The method of claim 1, in which the confirmed dynamic association is associated with a session identifier supported by at least one of the user device and the physical key.
  - 39. The method of claim 1, in which the session identifier is verified at time intervals that are variable.
  - 43. A service authenticated by the method of claim 1.

11. A system of dynamic authentication comprising:
- a memory for storing a first set of associations between groups of users, user devices and at least one physical key;
  
  an input/output circuit that receives a proposed dynamic association between a guest device and the user of a physical key based on the presence of the physical key, in which the proposed dynamic association is received over a first communications channel. a user confirmation of the proposed dynamic association over a second communication channel;
  
  a processor that authenticates the guest device based on the dynamic association, the user confirmation, and the first set of associations for access to at least one of;
  
  information and services associated with the user of the user device.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 34, 35, 36, 37, 40, 41)
- - 12. The system of claim 11, in which the first communications channel is provided by the physical key.
  - 13. The system of claim 11, in which the first communications channel is provided by the guest device.
  - 14. The system of claim 11, in which the physical key is further comprised of at least one of:
    - a contact-based connector and a contact-less connector for connecting to the guest device.
  - 15. The system of claim 14, in which the contact-based connector is at least one of:
    - a USB port;
      
      a Memorystick port;
      
      a serial port;
      
      a parallel port;
      
      a Secure Card port;
      
      a compact flash card port;
      
      a smartcard port and a PC card port.
  - 16. The system of claim 14, in which the contact-less connector is at least one of:
    - a Bluetooth connector;
      
      an RFID connector;
      
      a WiFi connector;
      
      a WiMax connector; and
      
      an infra-red connector.
  - 17. The system of claim 11, in which the user information is transformed before transmission to the guest device.
  - 18. The system of claim 17, in which the transformation is at least one of:
    - a copy-protection transformation applying a digital watermark and a steganographic transformation.
  - 19. The system of claim 11, in which the set of operable user devices are guest devices is determined based on an access control list.
  - 20. The system of claim 11, in which the guest device is at least one of:
    - a land-line telephone, a voice-over-ip telephone, a personal digital assistant;
      
      a enabled music player;
      
      a radio-transmitter;
      
      a digital camera;
      
      a video camera;
      
      a personal music player;
      
      a personal video player, a television;
      
      a printer; and
      
      a computer.
  - 34. The system of claim 11, in which the user information and services are encrypted and decrypted based on the authentication.
  - 35. The system of claim 34, in which the decryption is temporary.
  - 36. The system of claim 11, in which the user information and services are located in at least one of:
    - the physical key, the guest device, and a remote location.
  - 37. The system of claim 11, in which the first set of associations is modified to change the authentications rights.
  - 40. The method of claim 11, in which the confirmed dynamic association is associated with a session identifier supported by at least one of the user device and the physical key.
  - 41. The method of claim 11, in which the session identifier is verified at time intervals that are variable.

21. A carrier wave encoded to transmit a control program, useable to program a computer to dynamically authenticate devices, to a device for executing the program, the control program comprising:
- instructions for determining a first set of associations between groups of users, user devices and at least one physical key;
  
  instructions for determining over a first communications channel, a proposed dynamic association between a guest device and the user of a physical key based on the presence of the physical key;
  
  instructions for determining over a second communication channel, a user confirmation of the proposed dynamic association; and
  
  instructions for authenticating the guest device based on the dynamic association, the user confirmation, and the first set of associations for access to at least one of;
  
  information and services associated with the user of the user device.

22. A computer readable storage medium comprising computer readable program code embodied on the computer readable storage medium, the computer readable program code useable to program a computer to dynamically authenticate devices comprising the steps of:
- determining a first set of associations between groups of users, user devices and at least one physical key;
  
  determining over a first communications channel, a proposed dynamic association between a guest device and the user of a physical key based on the presence of the physical key. determining over a second communication channel, a user confirmation of the proposed dynamic association;
  
  authenticating the guest device based on the dynamic association, the user confirmation, and the first set of associations for access to at least one of;
  
  information and services associated with the user of the user device.

23. A physical key for dynamically authenticating a user to a data service comprising:
- a physical key identifier that identifies the physical key; and
  
  a connector for proposing a dynamic association with a guest device based on the physical key identifier.
- View Dependent Claims (24, 25)
- - 24. The physical key of claim 23, in which the connector is at least one of:
    - a contact-based connector and a contact-less connector.
  - 25. The physical key of claim 23, in which the physical key comprises a first communication link operable to communicate the proposed dynamic association.

42. A physical key useable with a data system comprising:
- an identifier for retrieving previously specified associations between the physical key and at least one user device; and
  
  a connector for proposing a dynamic association with a guest device in which the proposed dynamic association is communicated over a communications link associated with at least one of a physical key and the guest device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujifilm Business Innovation Corp. (Fujifilm Holdings Corporation)
Original Assignee
Fuji Xerox Company Limited (Xerox Holdings Corp.)
Inventors
Hilbert, David, Trevor, Jonathan, Thione, Giovanni L.

Granted Patent

US 7,562,385 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/9
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06F 21/35   communicating wirelessly

G06F 21/43   wireless channels

H04L 63/0853   using an additional device,...

Systems and methods for dynamic authentication using physical keys

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

85 Citations

43 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for dynamic authentication using physical keys

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

85 Citations

43 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links