Securing access to an application service based on a proximity token

US 7,865,731 B2
Filed: 08/08/2007
Issued: 01/04/2011
Est. Priority Date: 06/05/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving an instruction at an application service;

generating a command at the application service based upon the instruction;

automatically communicating the command from the application service to a proximity token, via a wireless connection;

determining, at the proximity token, a predetermined distance at which a validated communication can occur;

determining, at the proximity token, that the command from the application service was communicated within the predetermined distance, and, if the command was communicated within the predetermined distance;

transforming the command at the proximity token using a first cryptographic technique;

automatically communicating the transformed command from the proximity token to the application service;

automatically communicating the transformed command from the application service to a security token, the security token being in direct communication with and controlling access to the application service;

recovering the command from the transformed command at the security token using a second cryptographic technique;

executing the recovered command, recovered from the transformed comment, at the security token to produce a result; and

automatically communicating the result from the security token to the application service.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for providing secured access to an application service includes a security token that couples to the application service. The security token performs a first element of a cryptographic technique, such as, for example, encryption or decryption. A proximity token is provided that is associated with the security token. The proximity token performs a second element of the cryptographic technique to validate a communication between the application service and the security token. The proximity token is operable to validate the communication only when the proximity token is located within a predetermined validation distance from the security token or the application service. The security token may perform the first element of the cryptographic technique to verify that the proximity token has validated the communication between the application service and the security token. The system may be configured to provide secured access to the application service when the proximity token validates the communication and to prevent secured access to the application service when the proximity token does not validate the communication.

32 Citations

View as Search Results

26 Claims

1. A computer-implemented method comprising:
- receiving an instruction at an application service;
  
  generating a command at the application service based upon the instruction;
  
  automatically communicating the command from the application service to a proximity token, via a wireless connection;
  
  determining, at the proximity token, a predetermined distance at which a validated communication can occur;
  
  determining, at the proximity token, that the command from the application service was communicated within the predetermined distance, and, if the command was communicated within the predetermined distance;
  
  transforming the command at the proximity token using a first cryptographic technique;
  
  automatically communicating the transformed command from the proximity token to the application service;
  
  automatically communicating the transformed command from the application service to a security token, the security token being in direct communication with and controlling access to the application service;
  
  recovering the command from the transformed command at the security token using a second cryptographic technique;
  
  executing the recovered command, recovered from the transformed comment, at the security token to produce a result; and
  
  automatically communicating the result from the security token to the application service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 23, 24)
- - 2. The computer-implemented method of claim 1, wherein transforming the command at the proximity token using the first cryptographic technique further comprises digitally signing the command at the proximity token.
  - 3. The computer-implemented method of claim 1, wherein transforming the command at the proximity token using the first cryptographic technique further comprises encrypting the command at the proximity token.
  - 4. The computer-implemented method of claim 1, wherein transforming the command at the proximity token using the first cryptographic technique further comprises applying a hashing algorithm to the command at the proximity token.
  - 5. The computer-implemented method of claim 1, wherein recovering the command from the transformed command at the security token using the second cryptographic technique further comprises recovering the command using a cryptographic key shared by the proximity token, or a public key of the proximity token.
  - 6. The computer-implemented method of claim 1, wherein the application service is a mobile telephone, a personal digital assistant, a pen-based computer, a notebook computer, a desktop computer, a workstation, an automated teller machine, a security system, a web browser, an enterprise client, a subscriber identity module toolkit browser, an email client, a synchronization client, an electronic purse or wallet, an instant messaging client, a business productivity application, an operating system, or an operating system kernel.
  - 7. The computer-implemented method of claim 1, wherein the command is communicated to the proximity token via a short message service (SMS) communication, a wireless application protocol (WAP) communication, a transport connection protocol (TCP) communication, an Internet protocol (IP) communication, a World Wide Web (WWW) communication, a local area network (LAN) communication, a wireless LAN (WLAN) communication, a wide area network (WAN) communication, a public switched telephone network (PTSN) communication, an integrated services digital network (ISDN) communication, a digital subscriber line (DSL) communication, an advanced mobile telephone service (AMPS) communication, a global system for mobile communications (GSM) communication, a general packet radio service (GPRS) communication, a code division multiple access (CDMA) communication, a wideband CDMA (WCDMA) communication, a universal mobile telecommunications system (UTMS) communication, a radio communication, a cable communication, or a satellite communication.
  - 8. The computer-implemented method of claim 1, further comprising storing a secret cryptographic key within the security token.
  - 9. The computer-implemented method of claim 1, wherein the first and second cryptographic techniques are the same cryptographic techniques.
  - 23. The computer-implemented method of claim 1, wherein the proximity token determines that the command from the application service was communicated within the predetermined distance based on a received power of the command.
  - 24. The computer-implemented method of claim 1, further comprising:
    - generating, at the proximity token, a proximity message;
      
      broadcasting the proximity message from the proximity token at predetermined intervals;
      
      receiving the proximity message at the application service;
      
      providing the proximity message to the security token from the application service; and
      
      verifying the proximity token as the source of the proximity message at the security token.

10. A computer-implemented method comprising:
- receiving an instruction at an application service;
  
  generating a command at the application service based upon the instruction;
  
  automatically communicating the command to a security token;
  
  executing the command, communicated from the application service, at the security token to produce a result;
  
  modifying the result at the security token using a first cryptographic technique;
  
  automatically communicating the modified result from the security token to a proximity token, via a wireless connection;
  
  determining, at the proximity token, a predetermined distance at which a validated communication can occur;
  
  determining, at the proximity token, that the modified result from the security token was communicated within the predetermined distance, and, if the modified result was communicated within the predetermined distance;
  
  transforming the modified result at the proximity token using a second cryptographic technique;
  
  automatically communicating the transformed result from the proximity token to the security token;
  
  recovering the modified result from the transformed result at the security token based upon a third cryptographic technique;
  
  recovering the result from the recovered modified result at the security token based upon a fourth cryptographic technique; and
  
  automatically communicating the recovered result from the security token to the application service.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 25, 26)
- - 11. The computer-implemented method of claim 10, wherein modifying the result at the security token using the first cryptographic technique further comprises digitally signing the command at the security token.
  - 12. The computer-implemented method of claim 10, wherein modifying the result at the security token using the first cryptographic technique further comprises encrypting the command at the security token.
  - 13. The computer-implemented method of claim 10, wherein modifying the result at the security token using the first cryptographic technique further comprises applying a hashing algorithm to the command at the proximity token.
  - 14. The computer-implemented method of claim 10, wherein recovering the modified result from the transformed result at the security token using the third cryptographic technique further comprises recovering the command using a cryptographic key shared by the security token, or a public key of the security token.
  - 15. The computer-implemented method of claim 10, wherein the application service is a mobile telephone, a personal digital assistant, a pen-based computer, a notebook computer, a desktop computer, a workstation, an automated teller machine, a security system, a web browser, an enterprise client, a subscriber identity module toolkit browser, an email client, a synchronization client, an electronic purse or wallet, an instant messaging client, a business productivity application, an operating system, or an operating system kernel.
  - 16. The computer-implemented method of claim 10, wherein the command is communicated to the proximity token via a short message service (SMS) communication, a wireless application protocol (WAP) communication, a transport connection protocol (TCP) communication, an Internet protocol (IP) communication, a World Wide Web (WWW) communication, a local area network (LAN) communication, a wireless LAN (WLAN) communication, a wide area network (WAN) communication, a public switched telephone network (PTSN) communication, an integrated services digital network (ISDN) communication, a digital subscriber line (DSL) communication, an advanced mobile telephone service (AMPS) communication, a global system for mobile communications (GSM) communication, a general packet radio service (GPRS) communication, a code division multiple access (CDMA) communication, a wideband CDMA (WCDMA) communication, a universal mobile telecommunications system (UTMS) communication, a radio communication, a cable communication, or a satellite communication.
  - 17. The computer-implemented method of claim 10, further comprising storing a secret cryptographic key within the security token.
  - 18. The computer-implemented method of claim 10, wherein the first, second, third, and/or fourth cryptographic techniques are the same cryptographic techniques.
  - 25. The computer-implemented method of claim 10, wherein the proximity token determines that the modified result from the security token was communicated within the predetermined distance based on a received power of the modified result.
  - 26. The computer-implemented method of claim 10, further comprising:
    - generating, at the proximity token, a proximity message;
      
      broadcasting the proximity message from the proximity token at predetermined intervals;
      
      receiving the proximity message at the application service;
      
      providing the proximity message to the security token from the application service; and
      
      verifying the proximity token as the source of the proximity message at the security token.

19. A system comprising:
- an application service, the application service;
  
  receiving an instruction,generating a command based upon the instruction,automatically communicating the command,receiving a transformed command, andautomatically communicating the transformed command;
  
  a proximity token, the proximity token;
  
  receiving the command from the application service, via a wireless connection,determining a predetermined distance at which a validated communication can occur;
  
  determining that the command from the application service was communicated within the predetermined distance, and, if the command was communicated within the predetermined distance;
  
  transforming the command using a first cryptographic technique, andautomatically communicating the transformed command to the application service; and
  
  a security token having a memory and a processor that is in direct communication with and that controls access to the application service, the security token;
  
  receiving the transformed command from the application service,recovering the command from the transformed command using a second cryptographic technique,executing the recovered command, recovered from the transformed command, to produce a result, andautomatically communicating the result to the application service.

20. A system comprising:
- an application service, the application service;
  
  receiving an instruction,generating a command based upon the instruction, andautomatically communicating the command;
  
  a security token having a memory and a processor, the security token;
  
  receiving the command from the application service,executing the command, received from the application service, to produce a result,modifying the result using a first cryptographic technique,automatically communicating the modified result,receiving a transformed result,recovering the modified result from the transformed result based upon a third cryptographic technique,recovering the result from the recovered modified result based upon a fourth cryptographic technique, andautomatically communicating the recovered result to the application service; and
  
  a proximity token, the proximity token;
  
  receiving the modified result from the security token, via a wireless connection,determining a predetermined distance at which a validated communication can occur;
  
  determining that the modified result from the security token was communicated within the predetermined distance, and, if the modified result was communicated within the predetermined distance;
  
  transforming the modified result using a second cryptographic technique, andautomatically communicating the transformed result to the security token.

21. A computer program product, tangibly embodied in a non-transitory machine-readable medium, the computer program product comprising instructions that, when read by a machine, cause a data processing apparatus to:
- receive an instruction at an application service;
  
  generate a command at the application service based upon the instruction;
  
  automatically communicate the command from the application service to a proximity token, via a wireless connection;
  
  determine, at the proximity token, a predetermined distance at which a validated communication can occur;
  
  determine, at the proximity token, that the command from the application service was communicated within the predetermined distance, and, if the command was communicated within the predetermined distance;
  
  transform the command at the proximity token using a first cryptographic technique;
  
  automatically communicate the transformed command from the proximity token to the application service;
  
  automatically communicate the transformed command from the application service to a security token, the security token being in direct communication with and controlling access to the application service;
  
  recover the command from the transformed command at the security token using a second cryptographic technique;
  
  execute the recovered command, recovered from the transformed comment, at the security token to produce a result; and
  
  automatically communicate the result from the security token to the application service.

22. A computer program product, tangibly embodied in a non-transitory machine-readable medium, the computer program product comprising instructions that, when read by a machine, case a data processing apparatus to:
- receive an instruction at an application service;
  
  generate a command at the application service based upon the instruction;
  
  automatically communicate the command to a security token;
  
  execute the command, communicated from the application service, at the security token to produce a result;
  
  modify the result at the security token using a first cryptographic technique;
  
  automatically communicate the modified result from the security token to a proximity token, via a wireless connection;
  
  determine, at the proximity token, a predetermined distance at which a validated communication can occur;
  
  determine, at the proximity token, that the modified result from the security token was communicated within the predetermined distance, and, if the modified result was communicated within the predetermined distance;
  
  transform the modified result at the proximity token using a second cryptographic technique;
  
  automatically communicate the transformed result from the proximity token to the security token;
  
  recover the modified result from the transformed result at the security token based upon a third cryptographic technique;
  
  recover the result from the recovered modified result at the security token based upon a fourth cryptographic technique; and
  
  automatically communicate the recovered result from the security token to the application service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP AG (SAP SE)
Inventors
Kilian-Kehr, Roger
Primary Examiner(s)
Dada; Beemnet W

Application Number

US11/835,938
Publication Number

US 20080046734A1
Time in Patent Office

1,245 Days
Field of Search

713/172, 713/150, 713/168, 713/169, 713/185, 726/9, 726/20
US Class Current

713/172
CPC Class Codes

G06F 21/35   communicating wirelessly

G07C 9/22   in combination with an iden...

H04L 63/0428   wherein the data content is...

H04L 63/0853   using an additional device,...

H04L 63/107   wherein the security polici...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/30   Security of mobile devices;...

H04W 12/64   using geofenced areas

H04W 88/02   Terminal devices

Securing access to an application service based on a proximity token

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

32 Citations

26 Claims

Specification

Use Cases

Quick Links

Others

Securing access to an application service based on a proximity token

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

26 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others