Secure Non-Geospatially Derived Device Presence Information

US 20140053255A1
Filed: 08/17/2013
Published: 02/20/2014
Est. Priority Date: 08/20/2012
Status: Active Grant

First Claim

Patent Images

1. A system enabling a device to determine the presence information of another device over a communication network comprising:

a first device;

an access point coupled to the first device via a firewall, to facilitate and manage communication amongst the many devices connected to the communication network;

the access point coupled to a communications network;

a presence server coupled to the communications network; and

another device connected to the network and available to receive information regarding the presence and status of the first device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention includes a system and method to enable a device to determine the presence information of another device over a secure communication network. First, the device and a presence server establish a secure connection. Next, while the initial secure connection with the presence server is established, the device generates a randomly created token and provides it to the presence server. The token is used as a shared-secret by the device and the presence server to secure future presence communications over a non-secure connection. Next, without the need to again enter a password or establish a secure connection with the presence server, the device uses the shared-secret to sign, encrypt and convey presence information to the presence server over an arbitrary connection. Finally, the presence server may share the first device'"'"'s presence information with another device.

18 Citations

View as Search Results

25 Claims

1. A system enabling a device to determine the presence information of another device over a communication network comprising:
- a first device;
  
  an access point coupled to the first device via a firewall, to facilitate and manage communication amongst the many devices connected to the communication network;
  
  the access point coupled to a communications network;
  
  a presence server coupled to the communications network; and
  
  another device connected to the network and available to receive information regarding the presence and status of the first device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1 wherein the device comprises a smart phone, tablet PC, notebook PC, desktop PC, remote monitoring device, camera, sensor, or any other device that transmits and receives data.
  - 3. The system of claim 1 wherein the presence information indicates status such as the ability and willingness of the device to communicate, whether the device is available for communication, unavailable for communication, how it can be contacted for future communication, should not be disturbed, or the location of the device.
  - 4. The system of claim 1 wherein the presence information data comprises Instant Message and Presence Protocol (IMPP), the common profile for presence and instant messaging (CPP), the Session Initiation Protocol (SIP), the mobile Instant Messaging and Presence Service (IMPS), the XML-based OMA Instant Message and Presence Service (IMPS), or the XML-based Extensible Messaging and Presence Protocol (XMPP).
  - 5. The system of claim 1 wherein the hardware and software components that make up the firewall are contained within the device, access point, presence server, or other components within the communication networks.
  - 6. The system of claim 1 wherein the device connects to the communication network using Wi-Fi, Bluetooth, 3G, 4G, or any similar wireless, or wired communication protocol.
  - 7. The system of claim 1 wherein the access point is integrated within a component of the communication network such as a router.
  - 8. The system of claim 1 wherein the communication network comprises a public or private network such as the Internet, intranet, telecommunications system, or other network capable of transmitting electronic data.
  - 9. The system of claim 1 wherein the presence server comprises the hardware and software components to gather presence information from multiple devices and then to share the presence information between the devices.
  - 10. The system of claim 1 wherein the presence server gathers and distributes the presence information in real time.
  - 11. The system of claim 1 wherein the presence server contains insensitive data and is isolated from sensitive components.
  - 12. The system of claim 1 wherein the devices, presence server, firewalls, and access point include a cryptographic engine comprising hardware and software that utilizes a data encryption algorithm to secure data from unauthorized access.

13. A method enabling a device to determine the presence information of another device over a secure communication network comprising:
- establishing a secure connection between the device and a presence server in which the device and the presence server authenticate each other;
  
  providing a password to establish the initial secure connection with the presence server;
  
  while the initial secure connection with the presence server is established, the device generates a randomly created token and provides it to the presence server over the secure connection;
  
  using the token is used as a shared-secret by the device and the presence server to establish future presence communications over a secure, or non-secure connection;
  
  terminating the initial secure connection;
  
  the device using the token to encrypt, sign, and convey presence information to the presence server over an arbitrary connection without the need to enter a password or establish a secure connection with the presence server; and
  
  the presence server conveying the device'"'"'s presence information to another device.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 14. The method of claim 13, wherein the secure connection is established using provisions and policies to prevent and monitor unauthorized access, misuse, modification, or denial of the communication network and device.
  - 15. The method of claim 13, wherein the device and communication network use authenticating information to gain access to presence information and programs within their authority.
  - 16. The method of claim 13, wherein the authentication information comprises one-factor authentication such as a password, two-factor authentication such as a password and a security token, or three-factor authentication such as a password, security token, and biometric scan.
  - 17. The method of claim 13, wherein the token is secure from being intercepted from malicious devices because it is initially transmitted through the secure tunnel.
  - 18. The method of claim 13, wherein the token comprises any size and value so long as it is statistically optimized to prevent repeated use or collision.
  - 19. The method of claim 13, wherein the presence server associates the token with the device and stores the information for future reference and the device stores the token in persistent memory for future use.
  - 20. The method of claim 13, wherein the presence server will recognize the sender of the data and associate it with the device by retrieving the token and association information from the presence server'"'"'s storage and validating and decrypting the data using the token.
  - 21. The method of claim 13, wherein the device continuously sends presence information secured with the token to the presence server keeping a return path open through the communication network.
  - 22. The method of claim 13, wherein the token expires based on pre-defined ephemeral conditions.
  - 23. The method of claim 22, wherein the expiration time varies depending on the sensitivity of the application.
  - 24. The method of claim 13, wherein the device establishes a new token when the user again provides a password to establish another secure connection with the presence server.
  - 25. The method of claim 13, wherein the token is refreshed each time the device establishes a secure connection with the presence server, even if the original expiration criteria has not been met.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Saife Inc.
Original Assignee
Saife Inc.
Inventors
Lindteigen, Ty Brendan, Jones, James Chester, Patel, Dipen, Payne, Anthony

Granted Patent

US 9,124,574 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/8
CPC Class Codes

H04L 63/02   for separating internal fro...

H04L 63/0435   wherein the sending and rec...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 63/0869   for achieving mutual authen...

H04L 67/54   Presence management, e.g. m...

Secure Non-Geospatially Derived Device Presence Information

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Secure Non-Geospatially Derived Device Presence Information

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links