Method and apparatus for pervasive authentication domains
First Claim
1. method of sharing security credentials between devices of a user comprising:
- ascertaining at least one personal authentication gateway device of the user from at least one pervasive device of the user, the at least one pervasive device comprising at least one automatic token client application and the at least one personal authentication gateway device comprising at least one token server application;
sending at least one token request from the at least one pervasive device to the at least one personal authentication gateway device, wherein the token request comprises;
a Slave-ID field identifying the pervasive device, a Domain-ID field identifying a pervasive authentication domain, a Nonce-128bit field identifying a random value generate by the pervasive device to protect against Token Request reply attacks, and a Type field, and further wherein the Nonce-128bit field, the Slave-ID field, and the Type field are encrypted using a Triple-DES symmetric cryptographic encryption algorithm; and
receiving a token response at the at least one pervasive device from the at least one personal authentication gateway device only if the at least one pervasive device has been authorized via configuring the at least one personal authentication gateway device to recognize the at least one pervasive device as a registered member of the pervasive authentication domain, wherein the token response comprises;
said Slave-ID field and said Nonce-128bit field from the Token request, a Type field, and a Tokens and Checksum field containing authentication tokens and checksums for integrity, and further wherein the Nonce-128bit field, the Slave ID field, the Type field, and the Tokens and Checksum field are encrypted with triple-DES encryption;
wherein when the security credentials are provided to the at least one authentication gateway device, the at least one pervasive device that has been authorized is enabled to retrieve the at least one authentication token;
wherein the at least one pervasive device is a digital watch adapted with a user interfaces for entering the security credentials, and configured to use a TCP/IP protocol for wireless communication with the personal authentication gateway device; and
wherein the security credentials will expire after a period of 10 minutes from receipt.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatus for enabling a Pervasive Authentication Domain. A Pervasive Authentication Domain allows many registered Pervasive Devices to obtain authentication credentials from a single Personal Authentication Gateway and to use these credentials on behalf of users to enable additional capabilities for the devices. It provides an arrangement for a user to store credentials in one device (the Personal Authentication Gateway), and then make use of those credentials from many authorized Pervasive Devices without re-entering the credentials. It provides a convenient way for a user to share credentials among many devices, particularly when it is not convenient to enter credentials as in a smart wristwatch environment. It further provides an arrangement for disabling access to credentials to devices that appear to be far from the Personal Authentication Gateway as measured by metrics such as communications signal strengths.
-
Citations
10 Claims
-
1. method of sharing security credentials between devices of a user comprising:
-
ascertaining at least one personal authentication gateway device of the user from at least one pervasive device of the user, the at least one pervasive device comprising at least one automatic token client application and the at least one personal authentication gateway device comprising at least one token server application; sending at least one token request from the at least one pervasive device to the at least one personal authentication gateway device, wherein the token request comprises;
a Slave-ID field identifying the pervasive device, a Domain-ID field identifying a pervasive authentication domain, a Nonce-128bit field identifying a random value generate by the pervasive device to protect against Token Request reply attacks, and a Type field, and further wherein the Nonce-128bit field, the Slave-ID field, and the Type field are encrypted using a Triple-DES symmetric cryptographic encryption algorithm; andreceiving a token response at the at least one pervasive device from the at least one personal authentication gateway device only if the at least one pervasive device has been authorized via configuring the at least one personal authentication gateway device to recognize the at least one pervasive device as a registered member of the pervasive authentication domain, wherein the token response comprises;
said Slave-ID field and said Nonce-128bit field from the Token request, a Type field, and a Tokens and Checksum field containing authentication tokens and checksums for integrity, and further wherein the Nonce-128bit field, the Slave ID field, the Type field, and the Tokens and Checksum field are encrypted with triple-DES encryption;wherein when the security credentials are provided to the at least one authentication gateway device, the at least one pervasive device that has been authorized is enabled to retrieve the at least one authentication token; wherein the at least one pervasive device is a digital watch adapted with a user interfaces for entering the security credentials, and configured to use a TCP/IP protocol for wireless communication with the personal authentication gateway device; and wherein the security credentials will expire after a period of 10 minutes from receipt. - View Dependent Claims (2, 3, 4)
-
-
5. An apparatus for sharing security credentials between devices of a user, said apparatus comprising:
-
a processor which executes a discoverer which finds at least one personal authentication gateway device of the user from at least one pervasive device of the user, the at least one pervasive device comprising at least one automatic token client application and the at least one personal authentication gateway device comprising at least one token server application; a token requestor which sends at least one token request from the at least one pervasive device to the at least one personal authentication gateway device, wherein the token request comprises;
a Slave-ID field identifying the pervasive device, a Domain-ID field identifying a pervasive authentication domain, a Nonce-128bit field identifying a random value generate by the pervasive device to protect against Token Request reply attacks, and a Type field, and further wherein the Nonce-128bit field, the Slave-ID field, and the Type field are encrypted using a Triple-DES symmetric cryptographic encryption algorithm;a token responder which accepts at least one token request and sends at least one token response with at least one authentication token to the at least one pervasive device only if the at least one pervasive device has been authorized via configuring the at least one personal authentication gateway device to recognize the at least one pervasive device as a registered member of a the pervasive authentication domain, wherein the token response comprises;
said Slave-ID field and said Nonce-128bit field from the Token request, a Type field, and a Tokens and Checksum field containing authentication tokens and checksums for integrity, and further wherein the Nonce-128bit field, the Slave ID field, the Type field, and the Tokens and Checksum field are encrypted with triple-DES encryption to ensure that only the Automatic Token Client can read the Token Response;wherein when the security credentials are provided to the at least one authentication gateway device, the at least one pervasive device that has been authorized is enabled to retrieve the at least one authentication token, wherein the at least one pervasive device is a digital watch adapted with a user interfaces for entering the security credentials, and configured to use a TCP/IP protocol for wireless communication with the personal authentication gateway device; and wherein the security credentials are designed to expire after a period of 10 minutes from receipt. - View Dependent Claims (6, 7, 8, 9)
-
-
10. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform method steps for sharing security credentials between devices of a user, said method comprising the steps of:
-
ascertaining at least one personal authentication gateway device of the user from at least one pervasive device of the user, the at least one pervasive device comprising at least one automatic token client application and the at least one personal authentication gateway device comprising at least one token server application; sending at least one token request from the at least one pervasive device to the at least one personal authentication gateway device, wherein the token request comprises;
a Slave-ID field identifying the pervasive device, a Domain-ID field identifying a pervasive authentication domain, a Nonce-128bit field identifying a random value generate by the pervasive device to protect against Token Request reply attacks, and a Type field, and further wherein the Nonce-128bit field, the Slave-ID field, and the Type field are encrypted using a Triple-DES symmetric cryptographic encryption algorithm;receiving a token response at the pervasive device from the at least one personal authentication gateway only if the at least one pervasive device has been authorized via configuring the at least one personal authentication gateway device to recognize the at least one pervasive device as a registered member of the pervasive authentication domain, wherein the token response comprises;
said Slave-ID field and said Nonce-128bit field from the Token request, a Type field, and a Tokens and Checksum field containing authentication tokens and checksums for integrity, and further wherein the Nonce-128bit field, the Slave ID field, the Type field, and the Tokens and Checksum field are encrypted with triple-DES encryption to ensure that only the Automatic Token Client can read the Token Response;wherein when the security credentials are provided to the at least one authentication gateway device, the at least one pervasive device that has been authorized is enabled to retrieve at least one authentication token; wherein the at least one pervasive device is a digital watch adapted with a user interfaces for entering the security credentials, and configured to use a TCP/IP protocol for wireless communication with the personal authentication gateway device; and wherein the security credentials are designed to expire after a period of 10 minutes from receipt.
-
Specification