SYSTEMS, DEVICES, AND METHODS FOR SECURELY TRANSMITTING A SECURITY PARAMETER TO A COMPUTING DEVICE

US 20100262829A1
Filed: 04/08/2009
Published: 10/14/2010
Est. Priority Date: 04/08/2009
Status: Active Grant

First Claim

Patent Images

1. A method of transmitting one or more security parameters to a first computing device from a second computing device, the method performed at the second computing device, the method comprising:

receiving an image or audio signal, wherein the image or audio signal is a representation of first data, the first data comprising a password, wherein the password is not derived from a security parameter stored on the first computing device;

determining the password from the image or audio signal; and

performing a key exchange with the first computing device over a communication channel between the first and second computing devices, wherein second data is exchanged between the first and second computing devices in accordance with a key exchange protocol, such that a key is derived at each of the first and second computing devices using the password, and wherein the one or more security parameters is transmitted to the first computing device during the key exchange;

wherein said performing further comprisescomputing a confirmation value based on at least the one or more security parameters, and using the key derived at the second computing device, andtransmitting the confirmation value to the first computing device, wherein the one or more security parameters are authenticated when the confirmation value is successfully verified at the first computing device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the systems, devices, and methods described herein generally facilitate the secure transmittal of security parameters. In accordance with at least one embodiment, a representation of first data comprising a password is generated at the first computing device as an image or audio signal. The image or audio signal is transmitted from the first computing device to the second computing device. The password is determined from the image or audio signal at the second computing device. A key exchange is performed between the first computing device and the second computing device wherein a key is derived at each of the first and second computing devices. In at least one embodiment, one or more security parameters (e.g. one or more public keys) are exchanged between the first and second computing devices, and techniques for securing the exchange of security parameters or authenticating exchanged security parameters are generally disclosed herein.

83 Citations

View as Search Results

20 Claims

1. A method of transmitting one or more security parameters to a first computing device from a second computing device, the method performed at the second computing device, the method comprising:
- receiving an image or audio signal, wherein the image or audio signal is a representation of first data, the first data comprising a password, wherein the password is not derived from a security parameter stored on the first computing device;
  
  determining the password from the image or audio signal; and
  
  performing a key exchange with the first computing device over a communication channel between the first and second computing devices, wherein second data is exchanged between the first and second computing devices in accordance with a key exchange protocol, such that a key is derived at each of the first and second computing devices using the password, and wherein the one or more security parameters is transmitted to the first computing device during the key exchange;
  
  wherein said performing further comprisescomputing a confirmation value based on at least the one or more security parameters, and using the key derived at the second computing device, andtransmitting the confirmation value to the first computing device, wherein the one or more security parameters are authenticated when the confirmation value is successfully verified at the first computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein said receiving the image or audio signal is performed when the first and second computing devices are in close proximity.
  - 3. The method of claim 1, wherein the confirmation value comprises a keyed-hash message authentication code.
  - 4. The method of claim 1, wherein the one or more security parameters comprise one or more public keys stored on the second computing device.
  - 5. The method of claim 1, wherein the key exchange protocol comprises a SPEKE protocol.
  - 6. The method of claim 1, wherein the image comprises a barcode.
  - 7. The method of claim 1, wherein at the receiving, the image is received via a camera of the second computing device, wherein the camera is configured to process the image after being displayed on a display of the first computing device.
  - 8. The method of claim 1, wherein the audio signal comprises a plurality of audio tones.
  - 9. The method of claim 1, wherein at the receiving, the audio signal is received via a microphone of the second computing device, wherein the microphone is configured to receive the audio signal after being output on a speaker of the first computing device.
  - 10. The method of claim 1, wherein at the receiving, the audio signal is received via a channel established during a phone call between the first computing device and the second computing device.
  - 11. The method of claim 1, wherein the first data further comprises routing data associated with the first computing device.
  - 12. The method of claim 11, further comprising establishing the communication channel by initiating contact with the first computing device using the routing data.
  - 13. The method of claim 11, wherein the routing data comprises a PIN associated with the first computing device, and wherein the communication channel between the first and second computing devices comprises a PIN-to-PIN channel.
  - 14. The method of claim 1, wherein the password comprises a random number or string.
  - 15. The method of claim 1, further comprising receiving one or more second security parameters from the first computing device, receiving a second confirmation value from the first computing device, and verifying the second confirmation value.
  - 16. The method of claim 1, wherein at least one computing device selected from the following group comprises a mobile device:
    - the first computing device, and the second computing device.

17. A second computing device comprising a processor and a memory, the processor configured to execute one or more application modules, said one or more application modules comprising:
- a module configured to receive an image or audio signal, wherein the image or audio signal is a representation of first data, the first data comprising a password, wherein the password is not derived from a security parameter stored on the first computing device;
  
  a module configured to determine the password from the image or audio signal; and
  
  a module configured to perform a key exchange with the first computing device over a communication channel between the first and second computing devices, wherein second data is exchanged between the first and second computing devices in accordance with a key exchange protocol, such that a key is derived at each of the first and second computing devices using the password, and wherein the one or more security parameters is transmitted to the first computing device during the key exchange;
  
  wherein said module configured to perform a key exchange is further configured tocompute a confirmation value based on at least the one or more security parameters, and using the key derived at the second computing device, and totransmit the confirmation value to the first computing, wherein the one or more security parameters are authenticated when the confirmation value is successfully verified at the first computing device.
- View Dependent Claims (18)
- - 18. The second computing device of claim 17, wherein at least one computing device selected from the following group comprises a mobile device:
    - the first computing device, and the second computing device

19. A computer readable storage medium comprising instructions that, when executed by a processor of a second computing device, cause the second computing device to perform acts of a method of transmitting one or more security parameters to a first computing device, the method performed at the second computing device, the acts comprising:
- receiving an image or audio signal, wherein the image or audio signal is a representation of first data, the first data comprising a password, wherein the password is not derived from a security parameter stored on the first computing device;
  
  determining the password from the image or audio signal; and
  
  performing a key exchange with the first computing device over a communication channel between the first and second computing devices, wherein second data is exchanged between the first and second computing devices in accordance with a key exchange protocol, such that a key is derived at each of the first and second computing devices using the password, and wherein the one or more security parameters is transmitted to the first computing device during the key exchange;
  
  wherein said performing further comprisescomputing a confirmation value based on at least the one or more security parameters, and using the key derived at the second computing device, andtransmitting the confirmation value to the first computing device, wherein the one or more security parameters are authenticated when the confirmation value is successfully verified at the first computing device.
- View Dependent Claims (20)
- - 20. The medium of claim 19, wherein at least one computing device selected from the following group comprises a mobile device:
    - the first computing device, and the second computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Brown, Michael S., Little, Herbert A.

Granted Patent

US 8,214,645 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/123   received data contents, e.g...

H04L 63/18   using different networks or...

H04L 9/0816   Key establishment, i.e. cry...

H04L 9/0844   with user authentication or...

H04L 9/3226   using a predetermined code,...

H04W 12/04   Key management, e.g. using ...

H04W 12/10   Integrity

H04W 12/50   Secure pairing of devices

H04W 12/65   Environment-dependent, e.g....

H04W 12/77   Graphical identity

SYSTEMS, DEVICES, AND METHODS FOR SECURELY TRANSMITTING A SECURITY PARAMETER TO A COMPUTING DEVICE

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

83 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS, DEVICES, AND METHODS FOR SECURELY TRANSMITTING A SECURITY PARAMETER TO A COMPUTING DEVICE

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

83 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links