Modifying Security State With Secured Range Detection

US 20170357523A1
Filed: 09/23/2016
Published: 12/14/2017
Est. Priority Date: 06/12/2016
Status: Active Grant

First Claim

Patent Images

1. A method for a first device to modify a security state at a second device, the method comprising:

performing a plurality of ranging operations to compute a plurality of sample distance measurements between the first and second devices;

determining whether the plurality of sample distance measurements meets a set of criteria; and

when the calculated composite distance measurement meets the set of criteria, exchanging a security token with the second device to modify the security state at the second device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.

10 Citations

View as Search Results

32 Claims

1. A method for a first device to modify a security state at a second device, the method comprising:
- performing a plurality of ranging operations to compute a plurality of sample distance measurements between the first and second devices;
  
  determining whether the plurality of sample distance measurements meets a set of criteria; and
  
  when the calculated composite distance measurement meets the set of criteria, exchanging a security token with the second device to modify the security state at the second device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein modifying the security state comprises putting the second device into an unlocked state from a locked state.
  - 3. The method of claim 1, wherein modifying the security state comprises authorizing a set of restricted operations to be performed at the second device.
  - 4. The method of claim 1, wherein performing a ranging operation of the plurality of ranging operations comprises:
    - exchanging codes between the first and second devices;
      
      identifying timestamps for the sending and receiving of the codes; and
      
      computing a sample distance measurement from the identified timestamps.
  - 5. The method of claim 1 further comprising receiving, from the second device, a request to modify the security state at the second device.
  - 6. The method of claim 5, wherein the second device sends the request upon receiving a user input at the second device.
  - 7. The method of claim 5, wherein the second device sends the request upon detecting that the first device is within a particular distance of the second device.
  - 8. The method of claim 1 further comprising determining that the first device should exchange the security token with the second device when the first device is in an unlocked mode.
  - 9. The method of claim 1 further comprising determining that the first device should exchange the security token with the second device upon receiving a user input at the first device.
  - 10. The method of claim 1, wherein determining whether the plurality of sample distance measurements meets the set of criteria comprises:
    - calculating, based on the plurality of sample distance measurements, a confidence level that the first device is within a threshold distance of the second device; and
      
      determining that the plurality of sample distance measurements meets the set of criteria when the confidence level exceeds a threshold value.
  - 11. The method of claim 1, wherein determining whether the plurality of sample distance measurements meets the set of criteria comprises:
    - calculating a composite distance measurement based on the plurality of sample distance measurements; and
      
      determining that the plurality of sample distance measurements meets the set of criteria when the composite distance measurement is within a threshold distance.
  - 12. The method of claim 1, wherein the first device is established as a trusted device through an authorization process with the second device, wherein the first device receives the security token from the second device during the authorization process.
  - 13. The method of claim 1 further comprising establishing a first channel and a different second channel between the first and second devices, wherein the security token is exchanged over the first channel and the plurality of ranging operations are performed over the second channel.
  - 14. The method of claim 13, wherein the first channel is encrypted with a first key and the second channel is encrypted with a different, second key.
  - 15. The method of claim 14, wherein the second key is derived from the first key.
  - 16. The method of claim 13, wherein the first channel uses a first wireless protocol and the second channel uses a different, second wireless protocol.
  - 17. The method of claim 16, wherein the first wireless protocol is a Bluetooth protocol and the second wireless protocol is a Wi-Fi protocol.

18. For a proxy device, a method for establishing a communication connection between a target device and a trusted device, the method comprising:
- announcing an availability of the trusted device;
  
  in response to the announced availability, receiving a first request from the target device; and
  
  upon receiving the first request from the target device, sending a second request to the trusted device, wherein the trusted device establishes the communication connection based on the second request.
- View Dependent Claims (19, 20, 21, 22, 23)
- - 19. The method of claim 18, wherein the communication connection between the target device and the trusted device is for exchanging ranging information to determine whether the target device and the trusted device are within a particular range prior to exchanging authorization information to modify a security state of the target device.
  - 20. The method of claim 18, wherein the proxy device announces the availability of the trusted device using a first wireless protocol and the communication connection established between the target device and the trusted device uses a different, second wireless protocol.
  - 21. The method of claim 20, wherein the second request to the trusted device comprises a request for the trusted device to announce its availability to the target device.
  - 22. The method of claim 20, wherein the proxy device maintains a connection with the trusted device using the first wireless protocol.
  - 23. The method of claim 18, wherein announcing the availability comprises broadcasting an identifier for the target device.

24. A non-transitory machine readable medium storing a program which when executed by a set of processing units of a target device establishes a communication connection between the target device and a trusted device, the program comprising sets of instructions for:
- scanning for availability of a trusted device;
  
  based on the scan, identifying a particular trusted device;
  
  sending a request for the particular trusted device to a proxy device that sends a request to the particular trusted device; and
  
  establishing a communication connection with the particular trusted device.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32)
- - 25. The non-transitory machine readable medium of claim 24, wherein the sets of instructions for scanning, sending, and exchanging are performed using a first wireless protocol, wherein the communication connection is established to use a different, second wireless protocol.
  - 26. The non-transitory machine readable medium of claim 24, wherein upon receiving the request, the proxy device instructs the particular trusted device to initiate a broadcast of its availability.
  - 27. The non-transitory machine readable medium of claim 24, wherein the proxy device is in a locked state and the trusted device is in an unlocked state.
  - 28. The non-transitory machine readable medium of claim 24, wherein the set of instructions for establishing the communication connection comprises a set of instructions for exchanging bootstrap information with the particular trusted device, wherein the bootstrap information identifies a portion of a frequency spectrum for the communication connection.
  - 29. The non-transitory machine readable medium of claim 24, wherein the program further comprises sets of instructions for:
    - receiving input to initiate a change in security state at the target device;
      
      using the established communication connection to perform a set of ranging operations to allow the target device to receive a set of authentication information; and
      
      using the set of authentication information to change the security state at the target device.
  - 30. The non-transitory machine readable medium of claim 29, wherein the change in security state moves the target device from a locked state to an unlocked state.
  - 31. The non-transitory machine readable medium of claim 24, wherein the target device is allowed to receive the set of authentication information when the trusted device is determined to be within a particular threshold distance based on the set of ranging operations.
  - 32. The non-transitory machine readable medium of claim 24, wherein the trusted device sends the set of authentication information when the target device is determined to be within a particular threshold distance based on the set of ranging operations.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Benson, Wade, Krochmal, Marc J., Ledwith, Alexander R., Iarocci, John, Hauck, Jerrold V., Brouwer, Michael, Adler, Mitchell D., Sierra, Yannick L.

Granted Patent

US 11,582,215 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 9/44505   Configuring for program ini...

H04L 2209/80   Wireless network architectu...

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/107   wherein the security polici...

H04L 63/108   when the policy decisions a...

H04L 63/1466   Active attacks involving in...

H04L 9/0822   using key encryption key

H04L 9/085   Secret sharing or secret sp...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/14   using a plurality of keys o...

H04L 9/3226   using a predetermined code,...

H04W 12/041   Key generation or derivation

H04W 12/0431   Key distribution or pre-dis...

H04W 12/06   Authentication

H04W 12/086   using security domains

H04W 8/005   Discovery of network device...

Modifying Security State With Secured Range Detection

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

10 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Modifying Security State With Secured Range Detection

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links