SYSTEM, METHOD AND SECURITY DEVICE FOR AUTHORIZING USE OF A SOFTWARE TOOL

US 20100058053A1
Filed: 08/29/2008
Published: 03/04/2010
Est. Priority Date: 08/29/2008
Status: Active Grant

First Claim

Patent Images

1. A security device, comprising:

at least one communication subsystem for enabling communication between the security device and a first external device, wherein the external device has a software tool executable on the first external device;

a processor coupled to the at least one communication subsystem and configured to control the at least one communication subsystem; and

memory accessible to the processor and storing a key for authorizing use of the software tool, the memory further storing program instructions which, when executed by the processor, cause the processor to execute a security application;

wherein the security application is configured to process an encrypted request received from the first external device to use the software tool and to generate a signed response to the encrypted request, the signed response being signed using the key and comprising authorization information to enable the first external device to prove authorization to a second external device for use of the software tool by the first external device in relation to the second external device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The described embodiments relate generally to methods, systems and security devices for authorizing use of a software tool. Certain embodiments of the invention relate to a security device. The security device comprises at least one communication subsystem for enabling communication between the security device and a first external device, wherein the first external device has a software tool executable on the first external device. The security device further comprises a memory and processor coupled to the at least one communication subsystem and configured to control the at least one communication subsystem. The memory is accessible to the processor and stores a key for authorizing use of the software tool. The memory further stores program instructions which, when executed by the processor, cause the processor to execute a security application.

Citations

31 Claims

1. A security device, comprising:
- at least one communication subsystem for enabling communication between the security device and a first external device, wherein the external device has a software tool executable on the first external device;
  
  a processor coupled to the at least one communication subsystem and configured to control the at least one communication subsystem; and
  
  memory accessible to the processor and storing a key for authorizing use of the software tool, the memory further storing program instructions which, when executed by the processor, cause the processor to execute a security application;
  
  wherein the security application is configured to process an encrypted request received from the first external device to use the software tool and to generate a signed response to the encrypted request, the signed response being signed using the key and comprising authorization information to enable the first external device to prove authorization to a second external device for use of the software tool by the first external device in relation to the second external device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The device of claim 1, wherein the authorization information comprises one or more restrictions regarding use of the software tool.
  - 3. The device of claim 1, wherein the encrypted request is decryptable by the processor using the key.
  - 4. The device of claim 1, wherein the encrypted request comprises a session key, and wherein the signed response comprises the session key in a decrypted form.
  - 5. The device of claim 1, wherein the security application is further configured to determine the software tool from among a plurality of possible software tools based on the encrypted request and to determine the key from among a plurality of keys stored in the memory based on the determined software tool.
  - 6. The device of claim 1, wherein the security application is further configured to determine a validity of the encrypted request and to only generate the signed response if the encrypted request is determined to be valid.
  - 7. The device of claim 6, further comprising a position location subsystem for locating a geographical position of the security device.
  - 8. The device of claim 7, wherein the security application is further configured to use the position location subsystem to determine a location of the device and wherein the security application is further configured to compare the location to one or more permissible geographical areas stored in the memory and to determine that the encrypted request is invalid if the location is outside of the one or more permissible geographical areas.
  - 9. The device of claim 1, wherein the security device comprises a mobile device capable of communicating over at least one wireless area network.

10. A system for authorizing use of a software tool, the system comprising:
- a security device comprising a processor, at least one communication subsystem responsive to the processor and a first memory accessible to the processor, the first memory storing a key for authorizing use of the software tool and storing program instructions which, when executed by the processor, cause the processor to execute a security application;
  
  a computing device comprising a second memory storing the software tool, the computing device being capable of communication with the security device via the at least one communication subsystem; and
  
  a target device in communication with the computing device;
  
  wherein the computing device is configured to transmit an encrypted request to the security device to use the software tool, and wherein the security device is configured to execute the security application to generate a signed response in response to the encrypted request, and to send the signed response to the computing device, the signed response being signed using the key and comprising authorization information to enable the computing device to prove authorization to the target device for use of the software tool in relation to the target device.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein the authorization information comprises one or more restrictions regarding use of the software tool.
  - 12. The system of claim 10, wherein the encrypted request is decryptable by the processor using the key.
  - 13. The system of claim 10, wherein the encrypted request comprises a session key, and wherein the signed response comprises the session key in a decrypted form.
  - 14. The system of claim 10, wherein the security application is further configured to determine the software tool from among a plurality of possible software tools based on the encrypted request and to determine the key from among a plurality of keys stored in the memory based on the determined software tool.
  - 15. The system of claim 10, wherein the security application is further configured to determine a validity of the encrypted request and to only generate the signed response if the encrypted request is determined to be valid.
  - 16. The system of claim 15, wherein the security device comprises a position location subsystem for locating a geographical position of the security device.
  - 17. The system of claim 16, wherein the security application is further configured to use the position location subsystem to determine a location of the device and wherein the security application is further configured to compare the location to one or more permissible geographical areas stored in the memory and to determine that the encrypted request is invalid if the location is outside of the one or more permissible geographical areas.
  - 18. The system of claim 10, wherein the security device comprises a mobile device capable of communicating over at least one wireless area network.

19. A method for authorizing use of a software tool, the method comprising:
- receiving, at a security device, an encrypted request to use the software tool, the encrypted request being received from a first external device;
  
  generating a signed response in response to the encrypted request, the signed response being signed using a key stored in the security device and comprising authorization information to enable the first external device to prove authorization to a second external device for use of the software tool by the first external device in relation to the second external device; and
  
  transmitting the signed response to the first external device.
- View Dependent Claims (20, 21, 22, 23, 24, 25)
- - 20. The method of claim 19, wherein the authorization information comprises one or more restrictions regarding use of the software tool.
  - 21. The method of claim 19, wherein the generating comprises decrypting the encrypted request using the key.
  - 22. The method of claim 19, wherein the encrypted request comprises a session key, and wherein the signed response comprises the session key in a decrypted form.
  - 23. The method of claim 19, further comprising:
    - determining the software tool from among a plurality of possible software tools based on the encrypted request; and
      
      determining the key from among a plurality of keys stored in the memory based on the determined software tool.
  - 24. The method of claim 19, further comprising determining a validity of the encrypted request and only generating the signed response if the encrypted request is determined to be valid.
  - 25. The method of claim 24, further comprising:
    - determining a location of the security device using a position location subsystem of the security device;
      
      comparing the location to one or more permissible geographical areas stored in the security device; and
      
      determining that the encrypted request is invalid if the location is outside of the one or more permissible geographical areas.

26. In a system comprising a computer system, a security device and a target device, wherein the security device and the target device are each in communication with the computer system, a method of authorizing use of a software tool stored in the computer system, the method comprising:
- transmitting from the computer system to the target device an authorization request to use the software tool;
  
  generating at the target device a session key in response to the authorization request;
  
  encrypting the session key with a public key associated with the software tool;
  
  transmitting an encrypted request comprising the encrypted session key to the computer system from the target device;
  
  transmitting the encrypted request to the security device from the computer system;
  
  generating at the security device a signed response in response to the encrypted request, the signed response being signed using a private key stored in the security device, the private key being associated with the software tool, wherein the signed response comprises authorization information to enable the computer system to prove authorization to the target device for use of the software tool by the computer system in relation to the target device; and
  
  transmitting the signed response from the security device to the computer system.
- View Dependent Claims (27, 28, 29, 30, 31)
- - 27. The method of claim 26, wherein the authorization information comprises one or more restrictions regarding use of the software tool.
  - 28. The method of claim 26, wherein the authorization information comprises the session key in a decrypted form.
  - 29. The method of claim 28, further comprising generating, at the computer system, a tool use request comprising the signed response, and transmitting the tool use request to the target device.
  - 30. The method of claim 29, further comprising determining at the target device whether to allow use of the software tool based on the tool use request.
  - 31. The method of claim 29, wherein the tool use request comprises an open channel request for establishing secure communication between the target device and the computer system, wherein the open channel request comprises the decrypted session key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Research In Motion Limited (Blackberry Limited)
Inventors
van der Veen, Sye, Nagy, Thomas, Wood, Robert H., Asthana, Atul

Granted Patent

US 8,646,105 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 2209/80   Wireless

H04L 9/0825   using asymmetric-key encryp...

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

SYSTEM, METHOD AND SECURITY DEVICE FOR AUTHORIZING USE OF A SOFTWARE TOOL

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM, METHOD AND SECURITY DEVICE FOR AUTHORIZING USE OF A SOFTWARE TOOL

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links