DEVICE INTRODUCTION AND ACCESS CONTROL FRAMEWORK
First Claim
Patent Images
1. A method for introducing two devices, comprising the steps of:
- activating each device of two devices to initiate an introduction;
reducing a respective strength of each device to an effective range of about five inches or less;
moving the devices toward each other to form an out-of-band channel;
each device detecting a signal of the other device, and simultaneously measuring a signal gradient by simultaneously measuring the signals received on both antennas;
determining if any of the signals diminish according to an acceptable profile; and
rejecting the introduction if any of the signals are not so diminished, and if a signal does have a correct strength gradient, receiving cryptographic material (such as public keys or key identifiers, but not precluding symmetric keys) across the out-of-band channel and subsequently using the cryptographic material to establish secure connection on an in-band channel after introduction.
0 Assignments
0 Petitions
Accused Products
Abstract
In an embodiment, a method includes registering applications and network services for notification of an out-of-band introduction, and using the out-of-band introduction to bootstrap secure in-band provisioning of credentials and policies that are used to control subsequent access and resource sharing on an in-band channel. In another embodiment, an apparatus implements the method.
24 Citations
8 Claims
-
1. A method for introducing two devices, comprising the steps of:
-
activating each device of two devices to initiate an introduction; reducing a respective strength of each device to an effective range of about five inches or less; moving the devices toward each other to form an out-of-band channel; each device detecting a signal of the other device, and simultaneously measuring a signal gradient by simultaneously measuring the signals received on both antennas; determining if any of the signals diminish according to an acceptable profile; and rejecting the introduction if any of the signals are not so diminished, and if a signal does have a correct strength gradient, receiving cryptographic material (such as public keys or key identifiers, but not precluding symmetric keys) across the out-of-band channel and subsequently using the cryptographic material to establish secure connection on an in-band channel after introduction. - View Dependent Claims (2, 3)
-
-
4. A method for establishing trust between a server and a client, comprising the steps of:
-
initiating an introductory process for the server and the client using an out-of-band (OOB) message in an OOB channel; and using in-band messages in an in-band channel to complete the introduction process for the server and the client. - View Dependent Claims (5, 6, 7, 8)
-
Specification