METHOD OF ESTABLISHING A TRUSTED IDENTITY FOR AN AGENT DEVICE

US 20150113592A1
Filed: 10/17/2013
Published: 04/23/2015
Est. Priority Date: 10/17/2013
Status: Active Grant

First Claim

Patent Images

1. A method of establishing a trusted identity for an agent device for performing trusted communication with one or more application providing apparatuses, the method comprising steps of:

(a) determining which of a plurality of authentication models is a selected authentication model to be used for uniquely authenticating the agent device;

(b) generating first authentication information and second authentication information according to the selected authentication model, the first authentication information for uniquely authenticating the identity of the agent device and the second authentication information for verifying that the agent device has the first authentication information;

(c) embedding the first authentication information in the agent device; and

(d) transmitting, to a registry apparatus for maintaining a device registry of agent devices, the second authentication information and authentication model information identifying which of the plurality of authentication models is the selected authentication model used by the agent device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A trusted identity may be established for an agent device for performing trusted communication with one or more application providing apparatuses. The method of establishing the trusted identity includes determining which of a number of authentication models is a selected authentication model to be used for uniquely authenticating the agent device. First and second authentication information is generated according to the selected model. The first authentication information is for uniquely authenticating the identity of the device and the second authentication information is for verifying that the agent device has the first authentication information. The first authentication information is embedded in the agent device while the second authentication information is transmitted to a registry apparatus for maintaining a device of agent devices. Authentication model information identifying which is the selected authentication model is also sent to the registry.

82 Citations

View as Search Results

28 Claims

1. A method of establishing a trusted identity for an agent device for performing trusted communication with one or more application providing apparatuses, the method comprising steps of:
- (a) determining which of a plurality of authentication models is a selected authentication model to be used for uniquely authenticating the agent device;
  
  (b) generating first authentication information and second authentication information according to the selected authentication model, the first authentication information for uniquely authenticating the identity of the agent device and the second authentication information for verifying that the agent device has the first authentication information;
  
  (c) embedding the first authentication information in the agent device; and
  
  (d) transmitting, to a registry apparatus for maintaining a device registry of agent devices, the second authentication information and authentication model information identifying which of the plurality of authentication models is the selected authentication model used by the agent device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The method according to claim 1, wherein the plurality of authentication models provide different levels of security.
  - 3. The method according to claim 1, wherein the method comprises a step of providing authentication resources in the agent device for implementing the selected authentication model.
  - 4. The method according to claim 1, wherein the determining step determines the selected authentication model in dependence on which authentication resources are already provided in the agent device for implementing the selected authentication model.
  - 5. The method according to claim 1, wherein the first authentication information and the second authentication information are generated by an external device separate from the agent device.
  - 6. The method according to claim 5, wherein after the first authentication information has been embedded in the agent device, the external device deletes the first authentication information.
  - 7. The method according to claim 1, wherein the first authentication information and the second authentication information are generated internally by circuitry within the agent device.
  - 8. The method according to claim 1, wherein the embedding comprises providing storage circuitry in the agent device for storing the first authentication information.
  - 9. The method according to claim 1, wherein the embedding comprises storing the first authentication information in storage circuitry provided in the agent device.
  - 10. The method according to claim 1, wherein the first authentication information is embedded in a protected storage region of the agent device.
  - 11. The method according to claim 1, wherein the plurality of authentication models comprise at least one authentication model in which the first authentication information and the second authentication information comprise the same authentication information.
  - 12. The method according to claim 1, wherein the plurality of authentication models comprise at least one authentication model in which the first authentication information comprises different authentication information to the second authentication information.
  - 13. The method according to claim 12, wherein for the at least one authentication model, the first authentication information comprises a private key and the second authentication information comprises a public key different to the private key.
  - 14. The method according to claim 13, wherein for the at least one authentication model, the transmitting step comprises transmitting a digital certificate comprising the public key.
  - 15. The method according to claim 1, wherein the plurality of authentication models comprise at least one authentication model in which the first authentication information and the second authentication information are unchangeable.
  - 16. The method according to claim 1, wherein the plurality of authentication models comprise at least one authentication model in which the first authentication information and second authentication information are changeable.
  - 17. The method according to claim 16, wherein the agent device comprises authentication information generating circuitry for regenerating the first authentication information and the second authentication information.
  - 18. The method according to claim 1, wherein the plurality of authentication models comprise:
    - (i) a first authentication model in which the first and second authentication information comprise the same authentication information and are unchangeable;
      
      (ii) a second authentication model in which the first and second authentication information comprise different authentication information and are unchangeable; and
      
      (iii) a third authentication model in which the first and second authentication information comprise different authentication information and are changeable.
  - 19. The method according to claim 1, wherein the plurality of authentication models comprise at least one authentication model for which the agent device can be reassigned to a different device registry.
  - 20. The method according to claim 1, wherein the agent device comprises a device identifier uniquely identifying the agent device, and the transmitting step further comprises transmitting the device identifier to the registry apparatus.
  - 21. The method according to claim 1, further comprising a step of embedding registry authentication information in the agent device for authenticating the registry apparatus.

22. A registry apparatus for maintaining a device registry of agent devices for performing trusted communication with one or more application providing apparatuses, comprising:
- storage circuitry configured to store the device registry comprising at least one registry entry for a corresponding agent device comprising authentication model information identifying which of a plurality of authentication models is a selected authentication model used for uniquely authenticating the corresponding agent device; and
  
  communication circuitry configured, in response to an authentication model query from an external device requesting the authentication model information for a specified agent device, to transmit to the external device the authentication model information of the registry entry for the specified agent device.
- View Dependent Claims (23, 24)
- - 23. The registry apparatus according to claim 22, wherein each registry entry comprises authentication information for uniquely authenticating the corresponding agent device, and the registry apparatus comprises processing circuitry configured to perform authentication of the corresponding agent device using the authentication information.
  - 24. The registry apparatus according to claim 23, wherein the communication circuitry is configured to transmit application key information to the authenticated agent device and an application providing apparatus if the authentication is successful, the application key for enabling trusted communication between the agent device and the application providing apparatus.

25. A registry apparatus for maintaining a device registry of agent devices for performing trusted communication with one or more application providing apparatuses, comprising:
- storage means for storing the device registry comprising at least one registry entry for a corresponding agent device comprising authentication model information identifying which of a plurality of authentication models is a selected authentication model used for uniquely authenticating the corresponding agent device; and
  
  communication means for transmitting the authentication model information of the registry entry for a specified agent device to an external device in response to an authentication model query from the external device requesting the authentication model information for the specified agent device.
- View Dependent Claims (28)
- - 28. The method of claim 25, further comprising transmitting to the registry apparatus authentication information for uniquely authenticating the agent device.

26. A method for a registry apparatus for maintaining a device registry of agent devices for performing trusted communication with one or more application providing apparatuses, comprising steps of:
- maintaining a device registry comprising at least one registry entry for a corresponding agent device comprising authentication model information identifying which of a plurality of authentication models is a selected authentication model used for uniquely authenticating the corresponding agent device;
  
  receiving from an external device an authentication model query requesting the authentication model information for a specified agent device; and
  
  in response to the authentication model query, transmitting to the external device the authentication model information of the registry entry for the specified agent device.

27. A method of registering an agent device with a device registry of agent devices for performing trusted communication with one or more application providing apparatuses, the method comprising steps of:
- (a) determining which of a plurality of authentication models is a selected authentication model used by the agent device for uniquely authenticating the agent device; and
  
  (b) transmitting, to a registry apparatus for maintaining the device registry, authentication model information identifying which of the plurality of authentication models is the selected authentication model for the agent device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Arm IP Limited
Original Assignee
Arm IP Limited
Inventors
CURTIS, William Allen, Anson, Douglas Miles, Balanza, Kerry McGuire

Granted Patent

US 9,860,235 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/2
CPC Class Codes

H04L 63/06   for supporting key manageme...

H04L 63/0823   using certificates cryptogr...

H04L 63/0869   for achieving mutual authen...

H04L 67/12   specially adapted for propr...

H04W 12/04   Key management, e.g. using ...

H04W 12/068   using credential vaults, e....

H04W 12/35   Protecting application or s...

H04W 4/38   for collecting sensor infor...

H04W 4/60   Subscription-based services...

METHOD OF ESTABLISHING A TRUSTED IDENTITY FOR AN AGENT DEVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

82 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD OF ESTABLISHING A TRUSTED IDENTITY FOR AN AGENT DEVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

82 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links