User authentication system

US 8,166,296 B2
Filed: 08/05/2005
Issued: 04/24/2012
Est. Priority Date: 10/20/2004
Status: Active Grant

First Claim

Patent Images

1. A method for building a first ad hoc network including a plurality of access devices, comprising:

receiving, at an access server configured to establish secure communications between the access server and access devices, first data from a first access device, wherein the first data includes a first credential;

verifying that the first credential is enrolled with the access server;

sending a cryptographic key corresponding to the first credential to the first access device;

receiving, at the access server, a second data from a second access device, wherein the second data includes the first credential;

verifying that the first credential is enrolled with the access server; and

sending, from the access server, the cryptographic key associated with the first credential to the second access device, wherein the first access device and the second access device join the first ad hoc network using the cryptographic key, and wherein the first ad hoc network is cryptographically separate from a second ad hoc network including access devices authenticated to the access server using a second credential.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are provided for users to authenticate themselves to components in a system. The users may securely and efficiently enter credentials into the components. These credentials may be provided to a server in the system with strong authentication that the credentials originate from secure components. The server may then automatically build a network by securely distributing keys to each secure component to which a user presented credentials.

78 Citations

View as Search Results

22 Claims

1. A method for building a first ad hoc network including a plurality of access devices, comprising:
- receiving, at an access server configured to establish secure communications between the access server and access devices, first data from a first access device, wherein the first data includes a first credential;
  
  verifying that the first credential is enrolled with the access server;
  
  sending a cryptographic key corresponding to the first credential to the first access device;
  
  receiving, at the access server, a second data from a second access device, wherein the second data includes the first credential;
  
  verifying that the first credential is enrolled with the access server; and
  
  sending, from the access server, the cryptographic key associated with the first credential to the second access device, wherein the first access device and the second access device join the first ad hoc network using the cryptographic key, and wherein the first ad hoc network is cryptographically separate from a second ad hoc network including access devices authenticated to the access server using a second credential.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, further comprising:
    - enrolling the first credential at the access server; and
      
      associating the first credential with the cryptographic key.
  - 3. The method of claim 2, further comprising cryptographically signing the first credential.
  - 4. The method of claim 3, further comprising using a digital certificate to authenticate the signed first credential.
  - 5. The method of claim 1, further comprising using a digital certificate to verify security functionality associated with the first access device.
  - 6. The method of claim 2, further comprising using a digital certificate to verify proximity of a user to the first access device.
  - 7. The method of claim 1, wherein the verifying comprises comparing the first credential with an enrolled credential.
  - 8. The method of claim 1, wherein a second cryptographic key, associated with the second credential and sent to the first access device by the access server, enables the first access device to connect to the second ad hoc network including access devices corresponding to the second credential.
  - 9. The method of claim 1, further comprising binding the first access device and the second access device using the first credential.
  - 10. The method of claim 1, further comprising:
    - establishing the first ad hoc network based on the first credential.
  - 11. The method of claim 1, wherein the first ad hoc network only includes devices joining the first ad hoc network using the cryptographic key.
  - 12. The method of claim 1, wherein the first credential contains biometric information.
  - 13. The method of claim 12, wherein the first credential contains fingerprint information identifying a user of the first access device.
  - 14. The method of claim 1, wherein the first data includes information from a signal identifying a wireless proximity token, and wherein the information includes the first credential.
  - 15. The method of claim 1, wherein the first access device includes a wireless proximity token reader.

16. A method for building a first ad hoc network, including a first set of access devices, in a plurality of ad hoc networks comprising:
- receiving, at an access server configured to establish secure communications between the access server and access devices, data sent from the first set of access devices, wherein the data sent from each access device in the first set of access devices includes a first credential;
  
  verifying that the first credential is enrolled with the access server; and
  
  sending, to each access device in the first set of access devices, a unique cryptographic key corresponding to the first credential sent by each access device, wherein the cryptographic key enables each access device in the first set of access devices to join, using the cryptographic key, the first ad hoc network including access devices corresponding to the first credential, and wherein the first ad hoc network is cryptographically separate from a second ad hoc network including access devices authenticated to the access server using a second credential sent to the access server from a second set of access devices.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, further comprising enrolling the first credential at the access server, wherein the first credential is associated with a specific user, and wherein the enrolling comprises associating the first credential with the cryptographic key.
  - 18. The method of claim 16, further comprising cryptographically signing the first credential.
  - 19. The method of claim 18, further comprising using a digital certificate to authenticate the signed first credential.
  - 20. The method of claim 16, further comprising binding each access device in each network of access devices.

21. A method for building a plurality of ad hoc networks comprising:
- receiving, at an access server configured to establish secure communications between the access server and access devices, first data, including a first credential, sent from a first plurality of access devices;
  
  verifying the first credential is enrolled with the access server;
  
  sending from the access server, to each access device in the first plurality of access devices, a first cryptographic key corresponding to the first credential, wherein the first cryptographic key enables each access device in the first plurality of access devices to join, using the first cryptographic key, a first ad hoc network including access devices corresponding to the first credential;
  
  receiving second data, including a second credential, sent from a second plurality of access devices;
  
  verifying the second credential is enrolled with the access server; and
  
  sending from the access server, to each access device in the second plurality of access devices, a second cryptographic key corresponding to the second credential, wherein the second cryptographic key enables each access device in the second plurality of access devices to join, using the second cryptographic key, a second ad hoc network that is cryptographically separate from the first ad hoc network.
- View Dependent Claims (22)
- - 22. The method of claim 21, wherein the first ad hoc network only includes devices joining the first ad hoc network using the first cryptographic key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NXP B.V. (NXP Semiconductors NV)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Buer, Mark, Frank, Ed, Seshadri, Nambi
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Nobahar, Abdulhakim

Application Number

US11/197,815
Publication Number

US 20060085844A1
Time in Patent Office

2,454 Days
Field of Search

726 2- 5, 726/21, 726 27- 30, 713/168, 713182-185, 380/255, 380/270, 455/411
US Class Current

713/168
CPC Class Codes

H04L 63/06   for supporting key manageme...

H04L 63/068   using time-dependent keys, ...

H04L 63/0823   using certificates cryptogr...

H04L 63/0861   using biometrical features,...

H04L 63/0884   by delegation of authentica...

H04L 9/30   Public key, i.e. encryption...

H04L 9/321   involving a third party or ...

H04L 9/3263   involving certificates, e.g...

H04W 12/069   using certificates or pre-s...

User authentication system

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

78 Citations

22 Claims

Specification

Use Cases

Quick Links

Others

User authentication system

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

78 Citations

22 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others