Method of initializing and using a security association for middleware based on physical proximity
First Claim
1. A system comprising:
- a short-range ad hoc network that connects a wireless device to a nearby wireless device, each device including a memory device; and
a processor disposed in communication with the memory device, the processor configured to;
store an application directory in a middleware layer, the directory having at least one entry, each entry including an application program identifier, attributes, and security parameters;
determine a priority for each entry in the application directory;
identify a selected entry based on the priority;
examine the attributes and the security parameters for the selected entry; and
independently establish a security association to support a data communication when the security parameters direct the selected entry to use a secure connection.
4 Assignments
0 Petitions
Accused Products
Abstract
A computer system, method, and computer program product for controlling data communication in an ad-hoc network that connects a wireless device and a nearby wireless device. The method stores an application directory, determines a priority for each entry in the application directory, identifies a selected entry based on the priority, and examines the attributes and security parameters associated with the selected entry. When the security parameters indicate to use a secure connection, the method establishes a security association to support the data communication by querying a database for an existing security association that will satisfy the security parameters. When the query is successful, the method reuses the existing security association. When the query is unsuccessful, the method creates a new security association by establishing a privileged side channel to the nearby wireless device, negotiating the new security association over the privileged side channel, and storing the new security association.
-
Citations
87 Claims
-
1. A system comprising:
-
a short-range ad hoc network that connects a wireless device to a nearby wireless device, each device including a memory device; and a processor disposed in communication with the memory device, the processor configured to; store an application directory in a middleware layer, the directory having at least one entry, each entry including an application program identifier, attributes, and security parameters; determine a priority for each entry in the application directory; identify a selected entry based on the priority; examine the attributes and the security parameters for the selected entry; and independently establish a security association to support a data communication when the security parameters direct the selected entry to use a secure connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method comprising:
-
connecting a wireless device to a nearby wireless device in a short-range network storing an application directory in a memory including a middleware layer, the directory having at least one entry, each entry including an application program identifier, attributes, and security parameters; determining a priority for each entry in the application directory; identifying a selected entry based on the priority; examining the attributes and the security parameters for the selected entry; and independently establishing a security association to support the data communication when the security parameters direct the selected entry to use a secure connection. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
-
41. A computer program product, tangibly stored on a computer-readable medium, such as a removable disc, a hard disk drive, random access memory, flash memory, and read-only memory, executable in a computer system, comprising instructions operable to cause a programmable processor to:
-
store an application directory in a memory including a middleware layer of a device in an ad hoc network, the directory having at least one entry, each entry including an application program identifier, attributes, and security parameters; determine a priority for each entry in the application directory; identify a selected entry based on the priority; examine the attributes and the security parameters for the selected entry; and independently establish a security association to support the data communication when the security parameters direct the selected entry to use a secure connection. - View Dependent Claims (42, 43, 44, 45, 46, 47, 48, 49, 50)
-
-
51. A system comprising:
-
a memory; means for storing an application directory in a the memory including a middleware layer of a device in an ad hoc network, the directory having at least one entry, each entry including an application program identifier, attributes, and security parameters; means for determining a priority for each entry in the application directory; means for identifying a selected entry based on the priority; means for examining the attributes and the security parameters for the selected entry; and means for independently establishing a security association to support the data communication when the security parameters direct the selected entry to use a secure connection. - View Dependent Claims (52, 53, 54, 55, 56, 57, 58, 59, 60)
-
-
61. A system comprising:
-
a short-range ad hoc network that connects a wireless device to a nearby wireless device, each device including a memory device; and a processor disposed in communication with the memory device, the processor configured to; store in a middleware layer in the memory of the wireless device a security association between the wireless device and the nearby wireless device when the nearby wireless device enters the ad-hoc network for a first encounter; store a copy of the security association; remove the security association when the first encounter terminates; and independently establish a secure connection to the nearby wireless device based on the copy of the security association when the nearby wireless device enters the ad-hoc network for a second encounter. - View Dependent Claims (62, 63, 64, 65, 66)
-
-
67. A method comprising:
-
storing a security association in a memory including a middleware layer between wireless device and the nearby wireless device in an ad hoc network when the nearby wireless device enters the ad-hoc network for a first encounter; storing a copy of the security association; removing the security association when the first encounter terminates; and independently establishing a secure connection to the nearby wireless device based on the copy of the security association when the nearby wireless device enters the ad-hoc network for a second encounter. - View Dependent Claims (68, 69, 70, 71, 72)
-
-
73. A computer program product, tangibly stored on a computer-readable medium, such as a removable disc, a hard disk drive, random access memory, flash memory, and read-only memory, executable in a computer system, comprising instructions operable to cause a programmable processor to:
-
store in a memory of a wireless device including a middleware layer in an ad hoc network a security association between the wireless device and nearby wireless device when the nearby wireless device enters the ad-hoc network for a first encounter; store a copy of the security association; remove the security association when the first encounter terminates; and independently establish a secure connection to the nearby wireless device based on the copy of the security association when the nearby wireless device enters the ad-hoc network for a second encounter. - View Dependent Claims (74, 75, 76)
-
-
77. A system comprising:
- a memory;
means for storing in the memory of a wireless device including a middleware a security association between the wireless device and nearby wireless device when the nearby wireless device enters an ad-hoc network for a first encounter; means for storing a copy of the security association; means for removing the security association when the first encounter terminates; and means for independently establishing a secure connection to the nearby wireless device based on the copy of the security association when the nearby wireless device enters the ad-hoc network for a second encounter. - View Dependent Claims (78, 79, 80)
- a memory;
-
81. A video display including a graphical user interface comprising:
-
a first region of the video display connected to the wireless device, the first region including a display list storing at least one previous connection between the wireless device and the nearby wireless device, wherein a user operates an input device connected to the wireless device to identify one of said at least one previous connection as a selected previous connection, and wherein the user operates the input device connected to the wireless device to launch the application program stored in a memory including a middleware layer and associated with the selected previous connection, configure the secure connection using the security parameters associated with the selected previous connection, and communicate over the secure connection with the counterpart application program. - View Dependent Claims (82, 83, 84)
-
-
85. Apparatus, comprising:
-
a first network element for storing an application directory in a memory including a middleware layer, the directory having at least one entry, each entry including an application program identifier, attributes, and security parameters; a second network element for determining a priority for each entry in the application directory; a third network element for identifying a selected entry based on the priority; a fourth network element for examining the attributes and the security parameters for the selected entry; and a fifth network element for independently establishing a security association to support data communication when the security parameters direct the selected entry to use a secure connection.
-
-
86. An apparatus comprising:
-
a memory; a wireless network interface configured to provide a wireless connection with a nearby wireless device; and a processor disposed in communication with the memory device, the processor configured to; store an application directory in a middleware layer, the directory having at least one entry, each entry including at least an application program identifier, attributes, and security parameters; exchange the application directory data with the nearby wireless device over the wireless connection to form a distributed application directory; determine a priority for each entry in the distributed application directory; select an entry based on the priorities determined for each entry in the distributed application directory; examine the attributes and the security parameters associated with the selected entry to establish a data communication for connecting with an application in the nearby device corresponding with the selected entry, and independently establish a security association to support the data communication connection when the selected entry includes security parameters directing use of a secure connection satisfying the security parameters when connecting with the application in the nearby device. - View Dependent Claims (87)
-
Specification