METHOD AND SYSTEM FOR ESTABLISHING A SECURE OVER-THE-AIR (OTA) DEVICE CONNECTION

US 20080065777A1
Filed: 09/07/2007
Published: 03/13/2008
Est. Priority Date: 09/07/2006
Status: Active Grant

First Claim

Patent Images

1. A method for establishing a secure over-the-air (OTA) device connection between a connection owner and a server, the connection owner being associated with a wireless device connected to the server via a communications network, the method comprising:

instantiating a secure session on behalf of the connection owner, the secure session being maintained by the server and defining a context for the secure OTA device connection;

defining a registration key and a reset key, and storing the registration and reset keys in association with the secure session on both the server and the wireless device;

using at least the registration key to control access to the secure session; and

maintaining the secure session only as long as the connection owner has a valid registration key.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for establishing a secure over-the-air (OTA) connection between a connection owner and a server, the connection owner being associated with a wireless device connected to the server via a communications network. A secure session is instantiated on behalf of the connection owner, the secure session being maintained by the server and defining a context for the secure OTA connection. A registration key and a reset key are defined, and stored in association with the secure session on both the server and the wireless device. Access to the secure session is controlled using at least the registration key, and the secure session is maintained on the server only as long as the connection owner has a valid registration key.

39 Citations

View as Search Results

18 Claims

1. A method for establishing a secure over-the-air (OTA) device connection between a connection owner and a server, the connection owner being associated with a wireless device connected to the server via a communications network, the method comprising:
- instantiating a secure session on behalf of the connection owner, the secure session being maintained by the server and defining a context for the secure OTA device connection;
  
  defining a registration key and a reset key, and storing the registration and reset keys in association with the secure session on both the server and the wireless device;
  
  using at least the registration key to control access to the secure session; and
  
  maintaining the secure session only as long as the connection owner has a valid registration key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A method as claimed in claim 1, wherein the connection owner comprises any one of:
    - the wireless device;
      
      a device/application-tuple comprising the wireless device and an application installed on the wireless device; and
      
      a device/application-pair comprising the wireless device, an application installed on the wireless device, and an application executing on a remote server.
  - 3. A method as claimed in claim 1, wherein, during an initial registration process, the step of defining a registration key and a reset key, and storing the registration and reset keys in association with the secure session comprises:
    - receiving a Register message from the connection owner, the Register message containing at least a Registration key generated by the wireless device;
      
      generating a new Registration key and a new Reset key;
      
      storing the new Registration and reset keys in association with the secure session; and
      
      sending a confirmation message containing the new Registration and Reset keys to the wireless device.
  - 4. A method as claimed in claim 1, wherein during a re-registration process, the step of defining a registration key and a reset key, and storing the registration and reset keys in association with the secure session comprises:
    - receiving a Register message from the connection owner, the Register message containing a Message Authentication Code (AC) generated using a selected one of the Registration and Reset keys stored by the wireless device;
      
      validating the MAC against the Registration and Reset keys stored on the server;
      
      upon successful validation;
      
      generating a new Registration key and a new Reset key;
      
      storing the new Registration and reset keys in association with the secure session; and
      
      sending a confirmation message containing the new Registration and Reset keys to the wireless device.
  - 5. A method as claimed in claim 4, wherein the step of validating the MAC against the Registration and Reset keys stored on the server comprises:
    - comparing the MAC against a first checkMAC calculated using the Registration key saved on the server;
      
      if the MAC is equal to first checkMAC, terminating the validation as successful;
      
      if the MAC is not equal to first checkMAC, comparing the MAC against a second checkMAC calculated using the Reset key saved on the server; and
      
      if the MAC is not equal to second checkMAC, terminating the validation as unsuccessful.
  - 6. A method as claimed in claim 5, further comprising, when the MAC is equal to the second checkMAC, resetting the secure OTA connection.
  - 7. A method as claimed in claim 6, wherein the step of resetting the secure OTA connection comprises:
    - removing the secure session; and
      
      instantiating a new secure session on behalf of the connection owner.
  - 8. A method as claimed in claim 1, wherein the step of using at least the registration key to control access to the secure session comprises steps of:
    - receiving a message from the connection owner, the message containing a Message Authentication Code (MAC) generated using at least the Registration key stored by the wireless device;
      
      validating the MAC; and
      
      upon successful validation, processing a payload portion of the message using the secure session.
  - 9. A method as claimed in claim 8, wherein the MAC is calculated using the Registration key alone, and the step of validating the MAC comprises comparing the MAC against a checkMAC calculated using the Registration key.
  - 10. A method as claimed in claim 8, wherein the MAC is calculated using the Registration key in combination with a selected one or more of:
    - at least a portion of the payload; and
      
      one or more fields of a header of the message, and wherein the step of validating the MAC comprises comparing the MAC against a checkMAC calculated using the Registration key in combination with the selected one or more of;
      
      at least a portion of the payload; and
      
      one or more fields of the header of the message.

11. A computer readable medium comprising software instructions for controlling a processor to establish a secure over-the-air (OTA) device connection between a connection owner and a server, the connection owner being associated with a wireless device connected to the server via a communications network, the software instructions controlling the processor to:
- instantiate a secure session on behalf of the connection owner, the secure session being maintained by the server and defining a context for the secure OTA device connection;
  
  define a registration key and a reset key, and storing the registration and reset keys in association with the secure session on both the server and the wireless device;
  
  use at least the registration key to control access to the secure session; and
  
  maintain the secure session only as long as the connection owner has a valid registration key.
- View Dependent Claims (12, 13, 14, 16, 17, 18)
- - 12. A computer readable medium as claimed in claim 11, wherein, during an initial registration process, the software instructions for defining a registration key and a reset key, and storing the registration and reset keys in association with the secure session comprise software instructions for controlling the processor to:
    - receive a Register message from the connection owner, the Register message containing at least a Registration key generated by the wireless device;
      
      generate a new Registration key and a new Reset key;
      
      store the new Registration and reset keys in association with the secure session; and
      
      send a confirmation message containing the new Registration and Reset keys to the wireless device.
  - 13. A computer readable medium as claimed in claim 11, wherein during a re-registration process, the software instructions for defining a registration key and a reset key, and storing the registration and reset keys in association with the secure session, comprise software instructions for controlling the processor to:
    - receive a Register message from the connection owner, the Register message containing a Message Authentication Code (MAC) generated using a selected one of the Registration and Reset keys stored by the wireless device;
      
      validate the MAC against the Registration and Reset keys stored on the server;
      
      upon successful validation;
      
      generate a new Registration key and a new Reset key;
      
      store the new Registration and reset keys in association with the secure session; and
      
      send a confirmation message containing the new Registration and Reset keys to the wireless device.
  - 14. A computer readable medium as claimed in claim 11, wherein the software instructions for using at least the registration key to control access to the secure session comprises software instructions for controlling the processor to:
    - receive a message from the connection owner, the message containing a Message Authentication Code (MAC) generated using at least the Registration key stored by the wireless device;
      
      validate the MAC; and
      
      upon successful validation, process a payload portion of the message using the secure session.
  - 16. A server as claimed in claim 14, wherein, during an initial registration process, the software instructions for defining a registration key and a reset key, and storing the registration and reset keys in association with the secure session comprise software instructions for controlling the processor to:
    - receive a Register message from the connection owner, the Register message containing at least a Registration key generated by the wireless device;
      
      generate a new Registration key and a new Reset key;
      
      store the new Registration and reset keys in association with the secure session; and
      
      send a confirmation message containing the new Registration and Reset keys to the wireless device.
  - 17. A server as claimed in claim 14, wherein during a re-registration process, the software instructions for defining a registration key and a reset key, and storing the registration and reset keys in association with the secure session, comprise software instructions for controlling the processor to:
    - receive a Register message from the connection owner, the Register message containing a Message Authentication Code (MAC) generated using a selected one of the Registration and Reset keys stored by the wireless device;
      
      validate the MAC against the Registration and Reset keys stored on the server;
      
      upon successful validation;
      
      generate a new Registration key and a new Reset key;
      
      store the new Registration and reset keys in association with the secure session; and
      
      send a confirmation message containing the new Registration and Reset keys to the wireless device.
  - 18. A server as claimed in claim 14, wherein the software instructions for using at least the registration key to control access to the secure session comprises software instructions for controlling the processor to:
    - receive a message from the connection owner, the message containing a Message Authentication Code (MAC) generated using at least the Registration key stored by the wireless device;
      
      validate the MAC; and
      
      upon successful validation, process a payload portion of the message using the secure session.

15. A server operatively connected to a communications network for communications with a wireless communications device, the server comprising a processor and a computer readable medium for storing software instructions for controlling the processor to establish a secure over-the-air (OTA) device connection between a connection owner and the server, the connection owner being associated with the wireless device, the software instructions controlling the processor to:
- instantiate a secure session on behalf of the connection owner, the secure session being maintained by the server and defining a context for the secure OTA device connection;
  
  define a registration key and a reset key, and storing the registration and reset keys in association with the secure session on both the server and the wireless device;
  
  use at least the registration key to control access to the secure session; and
  
  maintain the secure session only as long as the connection owner has a valid registration key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Doktorova, Laura, Little, Herbert, Hung, Michael, Vitanov, Kamen, Fritsch, Brindusa, Karmakar, Srimantee, Sherkin, Alexander

Granted Patent

US 8,583,809 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/229
CPC Class Codes

H04L 63/068   using time-dependent keys, ...

H04L 63/0823   using certificates cryptogr...

H04L 63/126   the source of the received ...

H04L 67/14   Session management for real...

H04W 12/041   Key generation or derivation

H04W 12/0431   Key distribution or pre-dis...

H04W 12/0433   Key management protocols

H04W 12/069   using certificates or pre-s...

METHOD AND SYSTEM FOR ESTABLISHING A SECURE OVER-THE-AIR (OTA) DEVICE CONNECTION

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

39 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

METHOD AND SYSTEM FOR ESTABLISHING A SECURE OVER-THE-AIR (OTA) DEVICE CONNECTION

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others