DATA INTEGRITY FOR PROXIMITY-BASED COMMUNICATION

US 20140141750A1
Filed: 07/11/2011
Published: 05/22/2014
Est. Priority Date: 07/11/2011
Status: Active Grant

First Claim

Patent Images

1. A method for trusted communication among mobile devices, the method comprising:

wirelessly transmitting information from a first mobile device to a second mobile device permitting the second mobile device to detect proximity of the first mobile device;

receiving, at the first mobile device, a message and a first authentication value wirelessly transmitted from the second mobile device directly to the first mobile device in response to the information;

accessing a shared secret value stored at the first mobile device and associated with the second mobile device;

generating a second authentication value at the first mobile device based on the message and the shared secret value; and

verifying integrity of the message based on comparing the first authentication value and the second authentication value.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and computer programs for trusted communication among mobile devices are described. In some aspects, information is wirelessly transmitted from a first mobile device to a second mobile device. The information permits the second mobile device to detect proximity of the first mobile device. In some implementations, the information can be wirelessly transmitted by a proximity-activated wireless interface, such as, for example, a Near Field Communication (NFC) interface. In response to the information, the first mobile device receives a message and a first authentication value wirelessly transmitted from the second mobile device to the first mobile device. A second authentication value is generated at the first mobile device based on the message and the shared secret value. Integrity of the message is verified based on comparing the first authentication value and the second authentication value.

Citations

41 Claims

1. A method for trusted communication among mobile devices, the method comprising:
- wirelessly transmitting information from a first mobile device to a second mobile device permitting the second mobile device to detect proximity of the first mobile device;
  
  receiving, at the first mobile device, a message and a first authentication value wirelessly transmitted from the second mobile device directly to the first mobile device in response to the information;
  
  accessing a shared secret value stored at the first mobile device and associated with the second mobile device;
  
  generating a second authentication value at the first mobile device based on the message and the shared secret value; and
  
  verifying integrity of the message based on comparing the first authentication value and the second authentication value.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, wherein the information is wirelessly transmitted from the first mobile device to the second mobile device by a proximity-activated wireless interface of the first mobile device, and the message and the first authentication value are received at the first mobile device by the proximity-activated wireless interface.
  - 3. The method of claim 2, wherein the proximity-activated wireless interface comprises a Near Field Communication (NFC) interface.
  - 4. The method of claim 1, wherein wirelessly transmitting information from the first mobile device to the second mobile device comprises wirelessly transmitting the information from a tablet device to a mobile telecommunication device by a proximity-activated wireless interface.
  - 5. The method of claim 1, wherein the message comprises a link to content, and the method further comprises automatically displaying the content at the first mobile device in response to verifying the integrity.
  - 6. The method of claim 5, wherein automatically displaying comprises displaying the content at the first mobile device independent of user confirmation at the first mobile device.
  - 7. The method of claim 1, wherein the message comprises a phone number, and the method further comprises automatically initiating a call to the phone number at the first mobile device in response to verifying the integrity.
  - 8. The method of claim 1, wherein verifying the integrity comprises determining whether the first authentication value matches the second authentication value.
  - 9. The method of claim 8, further comprising accepting the message at the first mobile device based on determining that the first authentication value matches the second authentication value.
  - 10. The method of claim 8, further comprising rejecting the message at the first mobile device based on determining that the first authentication value does not match the second authentication value.
  - 11. The method of claim 1, further comprising establishing the shared secret value between the first mobile device and the second mobile device.
  - 12. The method of claim 11, wherein the first mobile device includes a user interface, and establishing the shared secret value between the first mobile device and the second mobile device includes receiving the shared secret value at the first mobile device based on a user interaction with the user interface.
  - 13. The method of claim 11, wherein the first mobile device includes a first wireless communication module and a second wireless communication module, and wherein the message and the first authentication value are received at the first mobile device by the first wireless communication module, and the shared secret value is established based in part on transmitting data from the first mobile device by the second wireless communication module.
  - 14. The method of claim 13, wherein the first wireless communication module transmits wireless signals at a frequency of 13.56 MHz, and the second wireless communication module transmits wireless signals at a second frequency in a range of 2400 MHz to 2480 MHz.
  - 15. The method of claim 13, wherein the first wireless communication module transmits wireless signals at a frequency of 13.56 MHz, and the second wireless communication module transmits wireless signals at a second frequency greater than 1 GHz.
  - 16. The method of claim 11, wherein establishing the shared secret value between the first mobile device and the second mobile device includes:
    - accessing, at the first mobile device, a certificate issued by a certificate authority; and
      
      deriving the shared secret at the first mobile device based on the certificate.
  - 17. The method of claim 1, wherein the second authentication value is generated by evaluating a keyed hashing algorithm based on the message and the shared secret value.
  - 18. The method of claim 1, wherein generating the second authentication value comprises generating a Message Authentication Code (MAC) by evaluating a keyed Hash-based Message Authentication Code (HMAC) algorithm based on the message and the shared secret value.
  - 19. The method of claim 1, further comprising:
    - receiving a timestamp value associated with the first authentication value; and
      
      verifying integrity of the message based on the timestamp value.

20. A mobile device comprising:
- memory operable to store a shared secret value;
  
  a wireless communication interface;
  
  data processing apparatus operable to perform operations comprising;
  
  sending to a second mobile device information permitting the second mobile device to detect proximity of the wireless communication interface;
  
  receiving a message and a first authentication value wirelessly transmitted from the second mobile device directly to the wireless communication interface in response to the information;
  
  generating a second authentication value based on the message and the shared secret value; and
  
  verifying integrity of the message based on comparing the first authentication value and the second authentication value.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 21. The mobile device of claim 20, wherein the wireless communication interface includes a Near Field Communication (NFC) interface.
  - 22. The mobile device of claim 21, wherein the message and the first authentication value are received by the NFC interface.
  - 23. The mobile device of claim 20, wherein the mobile device includes a first wireless communication module comprising the wireless communication interface, wherein the first wireless communication module is operable to communicate with the second mobile device by wireless signals in a first frequency range, and the mobile device further comprises a second wireless communication module operable to communicate with the second mobile device by wireless signals in a second frequency range.
  - 24. The mobile device of claim 20, further comprising a mobile device display, wherein the message comprises a link to content, and the mobile device is configured to automatically display the content on the mobile device display in response to verifying the integrity.
  - 25. The mobile device of claim 24, wherein automatically displaying comprises displaying the content on the mobile device display independent of user confirmation at the mobile device.
  - 26. The mobile device of claim 20, wherein the second authentication value is generated by evaluating a keyed hashing algorithm based on the message and the shared secret value.
  - 27. The mobile device of claim 20, wherein generating the second authentication value comprises generating a Message Authentication Code (MAC) by evaluating a keyed Hash-based Message Authentication Code (HMAC) algorithm based on the message and the shared secret value.
  - 28. The mobile device of claim 20, the operations further comprising:
    - receiving a timestamp value associated with the first authentication value; and
      
      verifying integrity of the message based on the timestamp value.
  - 29. The mobile device of claim 20, wherein the mobile device comprises a mobile telecommunication handset.
  - 30. The mobile device of claim 20, wherein the mobile device comprises a tablet device.

31. A non-transitory computer-readable medium storing instructions that are operable when executed by data processing apparatus to perform operations for trusted communication among mobile devices, the operations comprising:
- wirelessly transmitting information from a first mobile device to a second mobile device permitting the second mobile device to detect proximity of the first mobile device;
  
  receiving, at the first mobile device, a message and a first authentication value wirelessly transmitted from the second mobile device directly to the first mobile device in response to the information;
  
  accessing a shared secret value stored at the first mobile device and associated with the second mobile device;
  
  generating a second authentication value at the first mobile device based on the message and the shared secret value; and
  
  verifying integrity of the message based on comparing the first authentication value and the second authentication value.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
- - 32. The computer-readable medium of claim 31, wherein the information is wirelessly transmitted from the first mobile device by a proximity-activated wireless interface of the first mobile device, and wherein the message and the first authentication value are received by the proximity-activated wireless interface of the first mobile device.
  - 33. The computer-readable medium of claim 32, wherein the proximity-activated wireless interface comprises a Near Field Communication (NFC) interface.
  - 34. The computer-readable medium of claim 31, wherein the message comprises a link to content, and the operations further comprise automatically displaying the content at the first mobile device in response to verifying the integrity.
  - 35. The computer-readable medium of claim 34, wherein automatically displaying comprises displaying the content at the first mobile device independent of user confirmation at the first mobile device.
  - 36. The computer-readable medium of claim 31, further comprising establishing the shared secret value between the first mobile device and the second mobile device.
  - 37. The computer-readable medium of claim 36, wherein the first mobile device includes a user interface, and establishing the shared secret value between the first mobile device and the second mobile device includes receiving the shared secret value at the first mobile device based on a user interaction with the user interface.
  - 38. The computer-readable medium of claim 36, wherein the first mobile device includes a first wireless communication module and a second wireless communication module, and wherein the message and the first authentication value are wirelessly transmitted from the first mobile device by the first wireless communication module, and the shared secret value is established based in part on transmitting data from the first mobile device by the second wireless communication module.
  - 39. The computer-readable medium of claim 31, wherein establishing the shared secret value between the first mobile device and the second mobile device includes:
    - accessing, at the first mobile device, a certificate issued by a certificate authority; and
      
      deriving the shared secret at the first mobile device based on the certificate.
  - 40. The computer-readable medium of claim 31, wherein the second authentication value is generated by evaluating a keyed hashing algorithm based on the message and the shared secret value.
  - 41. The computer-readable medium of claim 31, the operations further comprising:
    - receiving, at the first mobile device, a timestamp value wirelessly transmitted from the second mobile device directly to the first mobile device; and
      
      verifying integrity of the message based on the timestamp value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited, Certicom Corporation (Blackberry Limited)
Inventors
Lazaridis, Mihal, Pecen, Mark E., Vanstone, Scott Alexander, Campagna, Matthew John, Rosati, Anthony

Granted Patent

US 9,654,981 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/411
CPC Class Codes

H04L 63/0492   by using a location-limited...

H04L 63/0823   using certificates cryptogr...

H04L 63/126   the source of the received ...

H04W 12/06   Authentication

H04W 12/10   Integrity

H04W 12/50   Secure pairing of devices

H04W 12/61   Time-dependent

H04W 4/80   Services using short range ...

H04W 92/18   between terminal devices

DATA INTEGRITY FOR PROXIMITY-BASED COMMUNICATION

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

DATA INTEGRITY FOR PROXIMITY-BASED COMMUNICATION

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links