Systems and methods for dynamic authentication using physical keys

US 7,562,385 B2
Filed: 04/20/2005
Issued: 07/14/2009
Est. Priority Date: 04/20/2005
Status: Active Grant

First Claim

Patent Images

1. A method of dynamic authentication of a guest device by an authentication system, the guest device being in communication with a user device controlled by a user, the method at the authentication system comprising:

storing a first set of associations between users, user devices and physical keys;

receiving, over a first communications channel, a proposed dynamic association between the guest device and a physical key based on presence of the physical key at or near the guest device;

determining the user device corresponding to the physical key based on the first set of associations;

receiving, over a second communication channel, a user confirmation of the proposed dynamic association from the user device; and

authenticating the guest device based on the proposed dynamic association, the user confirmation, and the first set of associations for access to at least one of;

information and services associated with the user of the user device,wherein the proposed dynamic association and information received by the guest device exclude information required for completing the authenticating of the guest device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A physical key is used to propose an association between a guest device and user information and services. Contact-based or contact-less connectors are used to establish the proposed association between the physical key and the guest device. The proposed association then communicated to the dynamic authentication system over a first communication channel. The dynamic authentication system determines a user confirmation over a second communications channel based on a user device and previously determined associations between users, user devices and the physical key. The guest device is then authenticated for access to information and/or services associated with the user. The information retrieved from and/or transmitted to the user'"'"'s personal information repository is optionally protected using various transformations. Optional session identifiers supported on the physical key and/or the user device, ensure the protected information is inaccessible when the physical key is removed and/or the predetermined association with the user device is deleted.

59 Citations

View as Search Results

40 Claims

1. A method of dynamic authentication of a guest device by an authentication system, the guest device being in communication with a user device controlled by a user, the method at the authentication system comprising:
- storing a first set of associations between users, user devices and physical keys;
  
  receiving, over a first communications channel, a proposed dynamic association between the guest device and a physical key based on presence of the physical key at or near the guest device;
  
  determining the user device corresponding to the physical key based on the first set of associations;
  
  receiving, over a second communication channel, a user confirmation of the proposed dynamic association from the user device; and
  
  authenticating the guest device based on the proposed dynamic association, the user confirmation, and the first set of associations for access to at least one of;
  
  information and services associated with the user of the user device,wherein the proposed dynamic association and information received by the guest device exclude information required for completing the authenticating of the guest device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method of claim 1, in which the first communications channel is provided by the physical key.
  - 3. The method of claim 1, in which the first communications channel is provided by the guest device.
  - 4. The method of claim 1, in which the physical key is further comprised of at least one of:
    - a contact-based connector and a contact-less connector for connecting to the guest device.
  - 5. The method of claim 4, in which the contact-based connector is at least one of:
    - a USB port;
      
      a Memorystick port;
      
      a serial port;
      
      a parallel port;
      
      a Secure Card port;
      
      a compact flash card port;
      
      a smartcard port and a PC card port.
  - 6. The method of claim 4, in which the contact-less connector is at least one of:
    - a Bluetooth connector;
      
      an RFID connector;
      
      a WiFi connector;
      
      a WiMax connector; and
      
      an infra-red connector.
  - 7. The method of claim 1, in which the user information is transformed before transmission to the guest device.
  - 8. The method of claim 7, in which the transformation is at least one of:
    - a copy-protection transformation applying a digital watermark and a steganographic transformation.
  - 9. The method of claim 1, further comprising:
    - determining a set of operable user devices and guest devices,wherein the set of operable user devices are guest devices is determined based on an access control list.
  - 10. The method of claim 1, in which the guest device is at least one of:
    - a land-line telephone, a voice-over-ip telephone, a personal digital assistant;
      
      a enabled music player;
      
      a radio-transmitter;
      
      a digital camera;
      
      a video camera;
      
      a personal music player;
      
      a personal video player, a television;
      
      a printer; and
      
      a computer.
  - 11. The method of dynamic authentication according to claim 1, in which authenticating the guest device comprises the steps of:
    - determining the user associated with the physical key;
      
      determining at least one data service associated with the physical key;
      
      authenticating user access to the data service based on the dynamic authentication of the guest device.
  - 12. The method of claim 11, in which the data service is a repository of information contained on a computer.
  - 13. The method of claim 12, in which the computer is at least one of:
    - a portable computer;
      
      a non-portable computer.
  - 14. The method of claim 13, in which the non-portable computer is at least one of:
    - a server;
      
      a corporate server;
      
      an information repository and a digital library.
  - 15. The method of claim 1, in which the user information and services are encrypted and decrypted based on the authentication.
  - 16. The method of claim 15, in which the decryption is temporary.
  - 17. The method of claim 1, in which the user information and services are located in at least one of:
    - the physical key, the guest device, and a remote location.
  - 18. The method of claim 1, in which the first set of associations is modified to change the authentications rights.
  - 19. The method of claim 1, in which the confirmed dynamic association is associated with a session identifier supported by at least one of the user device and the physical key.
  - 20. The method of claim 19, wherein the session identifier is verified at time intervals that are variable.

21. A system of dynamic authentication of a guest device comprising:
- a memory for storing a first set of associations between users, user devices and physical keys;
  
  an input/output circuit for receiving, over a first communications channel, a proposed dynamic association between the guest device and a user associated with a physical key based on presence of the physical key at or near the guest device, and for receiving from a user device, associated with the user, a user confirmation of the proposed dynamic association over a second communication channel; and
  
  a processor for determining the user device corresponding to the physical key based on the first set of associations and for authenticating the guest device based on the dynamic association, the user confirmation, and the first set of associations, the guest device being authenticated for receiving at least one of;
  
  information and services associated with the user,wherein the proposed dynamic association and information received by the guest device exclude information required for completing the authenticating of the guest device.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 22. The system of claim 21, in which the first communications channel is provided by the physical key.
  - 23. The system of claim 21, in which the first communications channel is provided by the guest device.
  - 24. The system of claim 21, in which the physical key is further comprised of at least one of:
    - a contact-based connector and a contact-less connector for connecting to the guest device.
  - 25. The system of claim 24, in which the contact-based connector is at least one of:
    - a USB port;
      
      a Memorystick port;
      
      a serial port;
      
      a parallel port;
      
      a Secure Card port;
      
      a compact flash card port;
      
      a smartcard port and a PC card port.
  - 26. The system of claim 24, in which the contact-less connector is at least one of:
    - a Bluetooth connector;
      
      an RFID connector;
      
      a WiFi connector;
      
      a WiMax connector; and
      
      an infra-red connector.
  - 27. The system of claim 21, in which the user information is transformed before transmission to the guest device.
  - 28. The system of claim 27, in which the transformation is at least one of:
    - a copy-protection transformation applying a digital watermark and a steganographic transformation.
  - 29. The system of claim 21,wherein the user device is verified based on a first user-specific access control list, andwherein the guest device is verified based on a second user-specific access control list.
  - 30. The system of claim 21, in which the guest device is at least one of:
    - a land-line telephone, a voice-over-ip telephone, a personal digital assistant;
      
      a enabled music player;
      
      a radio-transmitter;
      
      a digital camera;
      
      a video camera;
      
      a personal music player;
      
      a personal video player, a television;
      
      a printer; and
      
      a computer.
  - 31. The system of claim 21 wherein the physical key includes a physical key identifier that identifies the physical key;
    - and a connector for proposing a dynamic association with a guest device based on the physical key identifier.
  - 32. The system of claim 31, in which the connector is at least one of:
    - a contact-based connector and a contact-less connector.
  - 33. The system of claim 31, in which the physical key comprises a first communication link operable to communicate the proposed dynamic association.
  - 34. The system of claim 21, in which the user information and services are encrypted and decrypted based on the authentication.
  - 35. The system of claim 34, in which the decryption is temporary.
  - 36. The system of claim 21, in which the user information and services are located in at least one of:
    - the physical key, the guest device, and a remote location.
  - 37. The system of claim 21, in which the first set of associations is modified to change the authentications rights.
  - 38. The system of claim 21, wherein the confirmed dynamic association is associated with a session identifier supported by at least one of the user device and the physical key.
  - 39. The system of claim 21, wherein the session identifier is verified at time intervals that are variable.

40. A computer readable storage medium comprising computer readable program code embodied on the computer readable storage medium, the computer readable program code useable to program a computer to dynamically authenticate guest devices by a method comprising:
- storing a first set of associations between users, user devices and physical keys;
  
  receiving over a first communications channel, a proposed dynamic association between a guest device and a physical key based on presence of the physical key at or near the guest device;
  
  determining the user device corresponding to the physical key based on the first set of associations;
  
  receiving over a second communication channel, a user confirmation of the proposed dynamic association from the user device; and
  
  authenticating the guest device based on the proposed dynamic association, the user confirmation, and the first set of associations for access to at least one of;
  
  information and services associated with the user,wherein the proposed dynamic association and information received by the guest device exclude information required for completing the authenticating of the guest device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujifilm Business Innovation Corp. (Fujifilm Holdings Corporation)
Original Assignee
Fuji Xerox Company Limited (Xerox Holdings Corp.)
Inventors
Thione, Giovanni L, Hilbert, David, Trevor, Jonathan
Primary Examiner(s)
Nalven; Andrew L

Application Number

US11/111,348
Publication Number

US 20060242692A1
Time in Patent Office

1,546 Days
Field of Search

726/9
US Class Current

726/9
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06F 21/35   communicating wirelessly

G06F 21/43   wireless channels

H04L 63/0853   using an additional device,...

Systems and methods for dynamic authentication using physical keys

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

59 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for dynamic authentication using physical keys

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

59 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links