PORTABLE COMPUTERIZED DEVICE ADAPTED FOR AD HOC SECURITY ASSOCIATIONS
First Claim
1. A portable computerized device, comprising:
- a user interface adapted to receive user inputs;
a first computer program operative to run on said portable device and adapted to obtain at least one temporary address for said portable device;
a second computer program operative to run on said portable device and adapted to establish a non-permanent security association between said portable device and a second device, said second computer program comprising a cryptographic data exchange algorithm adapted to cause said portable device and said second device to exchange cryptographic data, said data being substantially unique to said security association;
a third computer program operative to run on said portable device and adapted to seal or encrypt data sent from said portable device using at least one cryptographic key; and
a fourth computer program adapted to identify or validate a user via inputs received via said used interface before said association can be established.
2 Assignments
0 Petitions
Accused Products
Abstract
A portable communications device adapted to provide communication security in, for example, an ad hoc or temporary networked environment. In one embodiment, the network comprises an untrusted medium, and the device includes network security apparatus adapted to create security associations between devices on the network, including mutual authentication. Traffic between the associated devices may be encrypted for e.g., data confidentiality and integrity protection. In one variant, the network security apparatus comprises a software entity disposed at least partly within the software stack of the device. The device may be untrusted (e.g., have an untrusted operating system). User identification or validation may also be provided, for example via inputs received via a user interface.
-
Citations
52 Claims
-
1. A portable computerized device, comprising:
-
a user interface adapted to receive user inputs;
a first computer program operative to run on said portable device and adapted to obtain at least one temporary address for said portable device;
a second computer program operative to run on said portable device and adapted to establish a non-permanent security association between said portable device and a second device, said second computer program comprising a cryptographic data exchange algorithm adapted to cause said portable device and said second device to exchange cryptographic data, said data being substantially unique to said security association;
a third computer program operative to run on said portable device and adapted to seal or encrypt data sent from said portable device using at least one cryptographic key; and
a fourth computer program adapted to identify or validate a user via inputs received via said used interface before said association can be established. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A substantially portable computerized device adapted to permit ad hoc security associations to exist with other computerized devices that may or may not have communicated previously with said portable computerized device, comprising:
-
a first computer program operative to run on said portable device adapted to establish an ad hoc security association between said portable device and another device, said first computer program comprising a cryptographic data exchange algorithm adapted to cause said portable device to transmit cryptographic data generated substantially under control of said portable device while establishing said association;
a second computer program operative to run on said portable device and adapted to encrypt data sent to said another device using at least one cryptographic key; and
a third computer program operative to run on said portable device and adapted to append said data with an appended message element, said appended message element utilized by said another device for at least data integrity. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
-
39. A computerized communications device adapted for coupling to at least one communications channel, comprising:
a first network security apparatus coupled to a communications stack of said computerized device, said first network security apparatus adapted to communicate with other like network security apparatus on a communications channel by establishing an association, wherein said first network security apparatus is configured to perform a plurality of security functions including;
receipt of a message sent between said computerized device and said communications channel;
conversion of said received messages to and from a format utilized by said communications channel;
identification of a user requesting access to said communications channel;
determination of whether said association exists with another network security apparatus device;
transmission of said messages received from said computerized device when said association exists; and
establishment of an association with other like network security apparatus devices when said association does not exist. - View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47, 48, 49)
-
50. A computerized device, comprising:
-
an untrusted operating system;
a first routine operative to run on said computerized device and adapted to obtain at least one address for said computerized device after said computerized device is placed in data communication with at least one another via an untrusted medium;
a second routine operative to run on said computerized device and adapted to establish a security association between said computerized device and a second device, said second computer program comprising an authentication algorithm adapted to cause said computerized device and said second device to exchange cryptographic data, said data being substantially unique to said association and comprising at least one random number;
a third routine operative to run on said computerized device and adapted to seal or encrypt data sent from said computerized device using at least one cryptographic key; and
a fourth routine operative to run on said computerized device and adapted to evaluate data sent from said second device for at least data integrity. - View Dependent Claims (51, 52)
-
Specification