METHODS AND APPARATUSES FOR LOCATION-BASED ACCESS MANAGEMENT

US 20150244692A1
Filed: 09/04/2012
Published: 08/27/2015
Est. Priority Date: 09/04/2012
Status: Active Grant

First Claim

Patent Images

1-33. -33. (canceled)

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatuses for located-based content access control have been disclosed. A method may comprise: receiving, at a mobile device, from a short distance communication node, an identifier of the node; generating a device key for the mobile device based on the identifier of the node and an identifier of the mobile device; sending to the node the device key and the identifier of the mobile device, at least based on which the mobile device may be authenticated; and receiving, at the mobile device, from the node, one or more content keys, either encrypted or unencrypted, for decrypting content that has been or is to be saved in the mobile device.

55 Citations

View as Search Results

64 Claims

1-33. -33. (canceled)

34. A method, comprising:
- receiving, at a mobile device, from a short distance communication node, an identifier of the node;
  
  generating a device key for the mobile device based on the identifier of the node and an identifier of the mobile device;
  
  sending to the node the device key and the identifier of the mobile device, at least based on which the mobile device may be authenticated; and
  
  receiving, at the mobile device, from the node, one or more content keys, either encrypted or unencrypted, for decrypting content that has been or is to be saved in the mobile device.
- View Dependent Claims (35, 36, 37, 38, 39, 40)
- - 35. The method of claim 34, further comprising disabling at least one of the content keys if a timer for the at least one content key expired.
  - 36. The method of claim 34, wherein the identifier of the node changes over time.
  - 37. The method of claim 34, wherein at least one of the content keys has been encrypted by using an encryption key that is generated based on the device key.
  - 38. The method of claim 34, further comprising:
    - decrypting the content using at least one of the content keys into a random access memory of the mobile device; and
      
      clearing at least a portion of decrypted content from the random access memory once the portion of decrypted content has been rendered.
  - 39. The method of claim 34, further comprising storing the content keys in a dynamic stack memory zone of the mobile device after the content keys are received.
  - 40. The method of claim 34, further comprising:
    - sending to the node an identifier list of content to be decrypted; and
      
      wherein the content keys are directed to identifiers as included in the identifier list.

41. A method, comprising:
- sending, to a mobile device, an identifier of a short distance communication node;
  
  receiving, from the mobile device, a device key for the mobile device and an identifier of the mobile device, wherein the device key is generated based on the identifier of the node and the identifier of the mobile device;
  
  authenticating the mobile device at least based on the device key and the identifier of the mobile device; and
  
  sending, to the mobile device, one or more content keys, either encrypted or unencrypted, for decrypting content that has been or is to be saved in the mobile device.
- View Dependent Claims (42, 43, 44)
- - 42. The method of claim 41, further comprising configuring a timer for at least one of the content keys which disables the at least one of the content keys if the timer expired.
  - 43. The method of claim 41, further comprising updating the identifier of the node after a predefined period of time.
  - 44. The method of claim 41, further comprising:
    - encrypting at least one of the content keys by using an encryption key that is generated based on the device key before the sending of the content keys.

45. An apparatus, comprising:
- a short distance communication module,at least one processor, andat least one memory including computer program code,wherein the at least one memory and the computer program code configured to, with the at least one processor and the short distance communication module, cause the apparatus at least to perform;
  
  receiving, from a short distance communication node, an identifier of the node;
  
  generating a device key for the apparatus based on the identifier of the node and an identifier of the apparatus;
  
  sending, to the node via the short distance communication module, the device key and the identifier of the apparatus, at least based on which the apparatus may be authenticated; and
  
  receiving, from the node via the short distance communication module, one or more content keys, either encrypted or unencrypted, for decrypting content that has been or is to be saved in the apparatus.
- View Dependent Claims (46, 47, 48)
- - 46. The apparatus of claim 45, wherein the apparatus is further caused to perform:
    - disabling at least one of the content keys if a timer for the at least one content key expired.
  - 47. The apparatus of claim 45, wherein at least one of the content keys has been encrypted by using an encryption key that is generated based on the device key.
  - 48. The apparatus of claim 45, wherein the apparatus is further caused to perform:
    - sending to the node an identifier list of content to be decrypted; and
      
      wherein the content keys are directed to identifiers as included in the identifier list.

49. An apparatus, comprising:
- a short distance communication module,at least one processor, andat least one memory including computer program code,wherein the at least one memory and the computer program code configured to, with the at least one processor and the short distance communication module, cause the apparatus at least to perform;
  
  sending, to a mobile device, an identifier of the short distance communication module;
  
  receiving, from the mobile device, a device key for the mobile device and an identifier of the mobile device, wherein the device key is generated based on the identifier of the short distance communication module and the identifier of the mobile device;
  
  authenticating the mobile device at least based on the device key and the identifier of the mobile device; and
  
  sending, to the mobile device, one or more content keys, either encrypted or unencrypted, for decrypting content that has been or is to be saved in the mobile device.
- View Dependent Claims (50, 51, 52, 53)
- - 50. The apparatus of claim 49, wherein the apparatus is further caused to perform:
    - configuring a timer for at least one of the content keys which disables the at least one of the content keys if the timer expired.
  - 51. The apparatus of claim 49, wherein the apparatus is further caused to perform:
    - encrypting at least one of the content keys by using an encryption key that is generated based on the device key before the sending of the content keys.
  - 52. The apparatus of claim 49, wherein the apparatus is further caused to perform:
    - receiving from the mobile device an identifier list of content to be decrypted; and
      
      wherein the content keys are directed to identifiers as included in the identifier list.
  - 53. The apparatus of claim 49, wherein the short distance communication node is a near field communication (NFC) device, and the content keys are stored in the NFC device locally.

54. A non-transitory computer-readable storage media having computer program code stored thereon, the computer program code configured to, when executed, cause an apparatus to perform actions comprising:
- receiving, at a mobile device, from a short distance communication node, an identifier of the node;
  
  generating a device key for the mobile device based on the identifier of the node and an identifier of the mobile device;
  
  sending to the node the device key and the identifier of the mobile device, at least based on which the mobile device may be authenticated; and
  
  receiving, at the mobile device, from the node, one or more content keys, either encrypted or unencrypted, for decrypting content that has been or is to be saved in the mobile device.
- View Dependent Claims (55, 56, 57, 58, 59, 60)
- - 55. The non-transitory computer-readable storage media of claim 54 the actions further comprising disabling at least one of the content keys if a timer for the at least one content key expired.
  - 56. The non-transitory computer-readable storage media of claim 54, wherein the identifier of the node changes over time.
  - 57. The non-transitory computer-readable storage media of claim 54, wherein at least one of the content keys has been encrypted by using an encryption key that is generated based on the device key.
  - 58. The non-transitory computer-readable storage media of claim 54 the actions further comprising:
    - decrypting the content using at least one of the content keys into a random access memory of the mobile device; and
      
      clearing at least a portion of decrypted content from the random access memory once the portion of decrypted content has been rendered.
  - 59. The non-transitory computer-readable storage media of claim 54 the action further comprising storing the content keys in a dynamic stack memory zone of the mobile device after the content keys are received.
  - 60. The non-transitory computer-readable storage media of claim 54 the actions further comprising:
    - sending to the node an identifier list of content to be decrypted; and
      
      wherein the content keys are directed to identifiers as included in the identifier list.

61. A non-transitory computer-readable storage media having computer program code stored thereon, the computer program code configured to, when executed, cause an apparatus to perform actions:
- sending, to a mobile device, an identifier of a short distance communication node;
  
  receiving, from the mobile device, a device key for the mobile device and an identifier of the mobile device, wherein the device key is generated based on the identifier of the node and the identifier of the mobile device;
  
  authenticating the mobile device at least based on the device key and the identifier of the mobile device; and
  
  sending, to the mobile device, one or more content keys, either encrypted or unencrypted, for decrypting content that has been or is to be saved in the mobile device.
- View Dependent Claims (62, 63, 64)
- - 62. The non-transitory computer-readable storage media of claim 61 the actions further comprising configuring a timer for at least one of the content keys which disables the at least one of the content keys if the timer expired.
  - 63. The non-transitory computer-readable storage media of claim 61 the actions further comprising updating the identifier of the node after a predefined period of time.
  - 64. The non-transitory computer-readable storage media of claim 61 the actions further comprising:
    - encrypting at least one of the content keys by using an encryption key that is generated based on the device key before the sending of the content keys.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Technologies Oy (Nokia Corporation)
Inventors
Liu, Wei, Xue, Wenwei

Granted Patent

US 10,200,350 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/10   Protecting distributed prog...

H04L 2463/062   applying encryption of the ...

H04L 2463/101   applying security measures ...

H04L 63/0492   by using a location-limited...

H04L 63/0853   using an additional device,...

H04L 63/108   when the policy decisions a...

H04W 12/04   Key management, e.g. using ...

H04W 12/068   using credential vaults, e....

H04W 12/08   Access security

H04W 4/02   Services making use of loca...

H04W 4/029   Location-based management o...

H04W 4/80   Services using short range ...

METHODS AND APPARATUSES FOR LOCATION-BASED ACCESS MANAGEMENT

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

55 Citations

64 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS AND APPARATUSES FOR LOCATION-BASED ACCESS MANAGEMENT

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

55 Citations

64 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links