System and method for authenticating the proximity of a wireless token to a computing device
DCFirst Claim
1. A communication system, comprising:
- a proximity reader within a security boundary, configured to receive a radio frequency (RF) signal from a wireless token located within a proximity to the proximity reader and extract a credential from the received RF signal, wherein the wireless token is configured to include a plurality of credentials for accessing different services from one or more service providers;
a secure processor within the security boundary, configured to receive the credential from the proximity reader, to store the credential within the security boundary, and to cryptographically sign or encrypt the credential to allow a service provider system external to the security boundary to authenticate that the credential is from the wireless token; and
an external interface within the security boundary configured to interface with components outside of the security boundary to send the cryptographically signed or encrypted credential to the service provider system in response to a challenge from the service provider system,wherein the security boundary is configured to prevent software that is executing external to the security boundary from accessing the credential extracted from the received RF signal by the proximity reader and stored by the secure processor.
5 Assignments
Litigations
0 Petitions
Accused Products
Abstract
Access to secured services may be controlled based on the proximity of a wireless token to a computing device through which access to the secured services is obtained. An authorized user may be provided access to a service only when a wireless token assigned to the user is in the proximity of the computing device. A user'"'"'s credential may be stored on an RFID token and an RFID reader may be implemented within a security boundary on the computing device. Thus, the credential may be passed to the security boundary without passing through the computing device via software messages or applications. The security boundary may be provided, in part, by incorporating the RFID reader onto the same chip as a cryptographic processing component. Once the information is received by the RFID reader it may be encrypted within the chip. As a result, the information may never be presented in the clear outside of the chip. The cryptographic processing component may cryptographically encrypt/sign the credential received from the token so that assurance may be provided to a service provider that the credentials came from a token that was proximate to the computing device. An RFID reader, cryptographic processing components and a wireless network controller may be implemented on a single chip in a mobile device.
36 Citations
17 Claims
-
1. A communication system, comprising:
-
a proximity reader within a security boundary, configured to receive a radio frequency (RF) signal from a wireless token located within a proximity to the proximity reader and extract a credential from the received RF signal, wherein the wireless token is configured to include a plurality of credentials for accessing different services from one or more service providers; a secure processor within the security boundary, configured to receive the credential from the proximity reader, to store the credential within the security boundary, and to cryptographically sign or encrypt the credential to allow a service provider system external to the security boundary to authenticate that the credential is from the wireless token; and an external interface within the security boundary configured to interface with components outside of the security boundary to send the cryptographically signed or encrypted credential to the service provider system in response to a challenge from the service provider system, wherein the security boundary is configured to prevent software that is executing external to the security boundary from accessing the credential extracted from the received RF signal by the proximity reader and stored by the secure processor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 17)
-
-
9. A method, comprising:
-
receiving, within a security boundary of an access device a radio frequency (RF) signal including a credential from a wireless token within a proximity to the access device, wherein the wireless token includes a plurality of credentials for accessing different services from one or more service providers; extracting the credential from the RF signal within the security boundary; cryptographically signing the extracted credential within the security boundary to generate a cryptographic signature to allow a service provider system external to the security boundary to authenticate that the extracted credential is from the wireless token; and communicating the cryptographic signature outside the security boundary to the service provider system in response to a challenge from the service provider system, wherein the security boundary is configured to prevent software that is executing external to the security boundary from accessing the credential extracted from the RF signal and cryptographically signed. - View Dependent Claims (10, 11, 12)
-
-
13. A method, comprising:
-
receiving within a security boundary of an access device a radio frequency (RF) signal including a credential from a wireless token within a proximity to the access device, wherein the wireless token includes a plurality of credentials for accessing different services from one or more service providers; extracting the credential from the RF signal within the security boundary; cryptographically signing or encrypting the credential to allow a service provider system external to the security boundary to authenticate that the credential is from the wireless token; authenticating the credential within the security boundary; and communicating the signed or encrypted credential to the service provider system in response to a challenge from the service provider system, wherein the security boundary is configured to prevent software that is executing external to the security boundary from accessing the credential extracted from the RF signal and cryptographically signed. - View Dependent Claims (14, 15, 16)
-
Specification