METHOD AND APPARATUS FOR PERVASIVE AUTHENTICATION DOMAINS

US 20080141357A1
Filed: 10/31/2007
Published: 06/12/2008
Est. Priority Date: 10/14/2003
Status: Active Grant

First Claim

Patent Images

1. A method of enabling at least one pervasive device to retrieve at least one authentication token from at least one personal authentication gateway, the at least one pervasive device comprising at least one automatic token client application and the at least one personal authentication gateway comprising at least one token server application, said method comprising the steps of:

ascertaining at least one personal authentication gateway from the at least one pervasive device;

sending at least one token request from at least one pervasive device to at least one personal authentication gateway; and

receiving a token response at the pervasive device from the at least one personal authentication gateway.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus for enabling a Pervasive Authentication Domain. A Pervasive Authentication Domain allows many registered Pervasive Devices to obtain authentication credentials from a single Personal Authentication Gateway and to use these credentials on behalf of users to enable additional capabilities for the devices. It provides an arrangement for a user to store credentials in one device (the Personal Authentication Gateway), and then make use of those credentials from many authorized Pervasive Devices without re-entering the credentials. It provides a convenient way for a user to share credentials among many devices, particularly when it is not convenient to enter credentials as in a smart wristwatch environment. It further provides an arrangement for disabling access to credentials to devices that appear to be far from the Personal Authentication Gateway as measured by metrics such as communications signal strengths.

35 Citations

View as Search Results

18 Claims

1. A method of enabling at least one pervasive device to retrieve at least one authentication token from at least one personal authentication gateway, the at least one pervasive device comprising at least one automatic token client application and the at least one personal authentication gateway comprising at least one token server application, said method comprising the steps of:
- ascertaining at least one personal authentication gateway from the at least one pervasive device;
  
  sending at least one token request from at least one pervasive device to at least one personal authentication gateway; and
  
  receiving a token response at the pervasive device from the at least one personal authentication gateway.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method according to claim 1, wherein said ascertaining step comprises broadcasting a pervasive authentication domain discovery request message and receiving at least one discovery response message from the at least one personal authentication gateway.
  - 3. The method according to claim 1, wherein said ascertaining step comprises looking up a personal authentication gateway address in configuration settings.
  - 4. The method according to claim 1, wherein the at least one token request comprises a pervasive device identification, a message type, and a protection arrangement for fields of the at least one token request, the protection arrangement being adapted to ensure integrity and confidentiality.
  - 5. The method according to claim 1, wherein said receiving step comprises storing received credentials for use by other applications.
  - 6. The method according to claim 1, furthering comprising the step of registering a pervasive device to be a member of a pervasive authentication domain by registering with a personal authentication gateway.

7. A method of enabling at least one personal authentication gateway to distribute at least one authentication token to at least one authorized pervasive device, the at least one personal authentication gateway comprising at least one token server and the at least one pervasive device comprising at least one automatic token client, said method comprising the steps of:
- receiving at least one token request from at least one pervasive device on at least one personal authentication gateway;
  
  determining whether the pervasive device is authorized to receive authentication tokens; and
  
  sending at least one token response to the at least one pervasive device from at least one personal authentication gateway.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 8. The method according to claim 7, wherein said sending step comprises the at least one personal authentication gateway responding to a pervasive authentication domain discovery message from the at least one pervasive device.
  - 9. The method according to claim 8, wherein:
    - said at least one personal authentication gateway has a pervasive authentication domain;
      
      sending step comprises sending the at least one token response only if the pervasive device identification for the pervasive authentication domain discovery message is a member of the pervasive authentication domain of the at least one personal authentication gateway.
  - 10. The method according to claim 7, wherein said receiving step comprises:
    - determining the pervasive device identification of the at least one token request;
      
      deriving at least one pervasive authentication domain for the at least one pervasive device; and
      
      retrieving at least one authentication token for the pervasive device.
  - 11. The method according to claim 7, wherein the at least one token response sent comprises of a pervasive device identification, the message type, authentication tokens, and a protection arrangement for fields of the at least one token response, the protection arrangement being adapted to ensure integrity and confidentiality.
  - 12. The method according to claim 7, furthering comprising the step of registering a pervasive device, to be a member of a pervasive authentication domain by registering with a personal authentication gateway.
  - 13. The method according to claim 12, wherein said registering step comprises:
    - entering the same random password on the pervasive device and the personal authentication gateway;
      
      generating on the personal authentication gateway an encryption key, Slave_ID_Secret, which is encrypted by the random password;
      
      transferring the protected key to the pervasive device and computing a fingerprint of the protected key on the personal authentication gateway; and
      
      comparing the fingerprint of the received and decrypted protected key on the pervasive device.
  - 14. The method according to claim 13, wherein the encryption key, Slave_ID_Secret, is used as a protection arrangement for token requests and token responses.
  - 15. The method according to claim 10, wherein said determining step comprises validating that the at least one pervasive device has been registered for the at least one pervasive authentication domain.
  - 16. The method according to claim 10, wherein said determining step comprises ascertaining whether the at least one pervasive device is within a given distance of the at least one personal authentication gateway.
  - 17. The method according to claim 10, wherein said determining step comprises ascertaining whether the at least one pervasive device has recently made a previous request.
  - 18. The method according to claim 10, wherein said determining step comprises ascertaining whether the at least one pervasive device has not sent a message indicating that the at least one pervasive device is no longer to be trusted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Deligne, Sabine, Potamianos, Gerasimos, Neti, Chalapathy V.

Granted Patent

US 8,103,871 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/9
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/126   the source of the received ...

METHOD AND APPARATUS FOR PERVASIVE AUTHENTICATION DOMAINS

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

35 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR PERVASIVE AUTHENTICATION DOMAINS

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links