System and method for authenticating the proximity of a wireless token to a computing device

US 8,333,317 B2
Filed: 09/30/2004
Issued: 12/18/2012
Est. Priority Date: 09/30/2003
Status: Active Grant

- Alert
- Pin

First Claim

Patent Images

1. A communication system, comprising:

a proximity reader within a security boundary, configured to receive a radio frequency (RF) signal from a wireless token located within a proximity to the proximity reader and extract a credential from the received RF signal, wherein the wireless token is configured to include a plurality of credentials for accessing different services from one or more service providers;

a secure processor within the security boundary, configured to receive the credential from the proximity reader, to store the credential within the security boundary, and to cryptographically sign or encrypt the credential to allow a service provider system external to the security boundary to authenticate that the credential is from the wireless token; and

an external interface within the security boundary configured to interface with components outside of the security boundary to send the cryptographically signed or encrypted credential to the service provider system in response to a challenge from the service provider system,wherein the security boundary is configured to prevent software that is executing external to the security boundary from accessing the credential extracted from the received RF signal by the proximity reader and stored by the secure processor.

View all claims

5 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

Access to secured services may be controlled based on the proximity of a wireless token to a computing device through which access to the secured services is obtained. An authorized user may be provided access to a service only when a wireless token assigned to the user is in the proximity of the computing device. A user'"'"'s credential may be stored on an RFID token and an RFID reader may be implemented within a security boundary on the computing device. Thus, the credential may be passed to the security boundary without passing through the computing device via software messages or applications. The security boundary may be provided, in part, by incorporating the RFID reader onto the same chip as a cryptographic processing component. Once the information is received by the RFID reader it may be encrypted within the chip. As a result, the information may never be presented in the clear outside of the chip. The cryptographic processing component may cryptographically encrypt/sign the credential received from the token so that assurance may be provided to a service provider that the credentials came from a token that was proximate to the computing device. An RFID reader, cryptographic processing components and a wireless network controller may be implemented on a single chip in a mobile device.

36 Citations

View as Search Results

17 Claims

1. A communication system, comprising:
- a proximity reader within a security boundary, configured to receive a radio frequency (RF) signal from a wireless token located within a proximity to the proximity reader and extract a credential from the received RF signal, wherein the wireless token is configured to include a plurality of credentials for accessing different services from one or more service providers;
  
  a secure processor within the security boundary, configured to receive the credential from the proximity reader, to store the credential within the security boundary, and to cryptographically sign or encrypt the credential to allow a service provider system external to the security boundary to authenticate that the credential is from the wireless token; and
  
  an external interface within the security boundary configured to interface with components outside of the security boundary to send the cryptographically signed or encrypted credential to the service provider system in response to a challenge from the service provider system,wherein the security boundary is configured to prevent software that is executing external to the security boundary from accessing the credential extracted from the received RF signal by the proximity reader and stored by the secure processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 17)
- - 2. The system of claim 1, wherein the proximity reader is an RFID reader.
  - 3. The system of claim 1, wherein the secure processor is an authentication processor.
  - 4. The system of claim 1, wherein the secure processor is a cryptographic processor.
  - 5. The system of claim 1, further comprising:
    - a network interface coupled to the external interface and configured to interface to a network.
  - 6. The system of claim 1, wherein the credential comprises a key.
  - 7. The system of claim 1, wherein the wireless token comprises an RFID device, the RFID device comprising:
    - a data memory for storing the credential;
      
      an RF circuit coupled to the data memory for generating a signal according to the credential; and
      
      an antenna coupled to the RF circuit for transmitting the signal to the proximity reader.
  - 8. The communication system of claim 1, wherein the credential is encrypted and the secure processor is further configured to decrypt the credential.
  - 17. The system of claim 5, wherein the service provider system is coupled to the network and configured to provide access to at least one of data and a data processing service after the credential has been authenticated.

9. A method, comprising:
- receiving, within a security boundary of an access device a radio frequency (RF) signal including a credential from a wireless token within a proximity to the access device, wherein the wireless token includes a plurality of credentials for accessing different services from one or more service providers;
  
  extracting the credential from the RF signal within the security boundary;
  
  cryptographically signing the extracted credential within the security boundary to generate a cryptographic signature to allow a service provider system external to the security boundary to authenticate that the extracted credential is from the wireless token; and
  
  communicating the cryptographic signature outside the security boundary to the service provider system in response to a challenge from the service provider system,wherein the security boundary is configured to prevent software that is executing external to the security boundary from accessing the credential extracted from the RF signal and cryptographically signed.
- View Dependent Claims (10, 11, 12)
- - 10. The method of claim 9, further comprising:
    - authenticating the credential.
  - 11. The method of claim 9, further comprising:
    - verifying the identity of the wireless token based on the credential.
  - 12. The method of claim 9, further comprising:
    - receiving access to a service provided by the service provider system after the the service provider system has authenticated the cryptographic signature.

13. A method, comprising:
- receiving within a security boundary of an access device a radio frequency (RF) signal including a credential from a wireless token within a proximity to the access device, wherein the wireless token includes a plurality of credentials for accessing different services from one or more service providers;
  
  extracting the credential from the RF signal within the security boundary;
  
  cryptographically signing or encrypting the credential to allow a service provider system external to the security boundary to authenticate that the credential is from the wireless token;
  
  authenticating the credential within the security boundary; and
  
  communicating the signed or encrypted credential to the service provider system in response to a challenge from the service provider system,wherein the security boundary is configured to prevent software that is executing external to the security boundary from accessing the credential extracted from the RF signal and cryptographically signed.
- View Dependent Claims (14, 15, 16)
- - 14. The method of claim 13, wherein the cryptographically signing or encrypting the credential further comprises:
    - encrypting the credential within the security boundary and communicating the encrypted credential to the service provider.
  - 15. The method of claim 13, further comprising:
    - providing access to a service provided by the service provider after the signed or encrypted credential has been authenticated by the service provider system.
  - 16. The method of claim 13, further comprising:
    - verifying the identity of the wireless token based on the credential.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
NXP B.V. (NXP Semiconductors NV)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Buer, Mark, Frank, Ed, Seshadri, Nambi
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
WRIGHT, BRYAN F

Application Number

US10/955,806
Publication Number

US 20050105734A1
Time in Patent Office

3,001 Days
Field of Search

726/9
US Class Current

235/380
CPC Class Codes

G06F 21/35   communicating wirelessly

G06Q 20/327   Short range or proximity pa...

G07C 9/20   involving the use of a pass

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/0492   by using a location-limited...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 63/0861   using biometrical features,...

H04L 9/32   including means for verifyi...

H04W 4/021   Services related to particu...

H04W 4/80   Services using short range ...

System and method for authenticating the proximity of a wireless token to a computing device

First Claim

5 Assignments

Litigations

0 Petitions

Accused Products

Abstract

36 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for authenticating the proximity of a wireless token to a computing device

First Claim

5 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links