System, method, and apparatus for on-demand limited security credentials in wireless and other communication networks

US 8,458,778 B2
Filed: 01/25/2008
Issued: 06/04/2013
Est. Priority Date: 09/04/2007
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

storing a security credential associated with a communication network on a portable storage device, the portable storage device configured to provide the security credential to at least one communication device, the security credential needed by the at least one communication device to access or use the communication network;

detecting removal of the portable storage device from a specified location;

in response to the removal of the portable storage device from the specified location, starting a timer and allowing the at least one communication device to communicate over the communication network after the at least one communication device has obtained the security credential; and

revoking the security credential after a specified time period has elapsed as indicated by the timer;

wherein allowing the at least one communication device to communicate over the communication network comprises at least one of;

(i) authenticating the at least one communication device or (ii) authorizing the at least one communication device to communicate over the communication network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes storing a security credential associated with a communication network on a portable storage device. The method also includes detecting removal of the portable storage device from a specified location. The method further includes allowing at least one communication device to communicate over the communication network using the security credential. In addition, the method includes revoking the security credential after a specified time period has elapsed. The portable storage device could represent a card, and the specified location could represent a card reader/writer. Also, the communication network could represent a wireless network, and the security credential could represent a cryptographic key.

Citations

20 Claims

1. A method comprising:
- storing a security credential associated with a communication network on a portable storage device, the portable storage device configured to provide the security credential to at least one communication device, the security credential needed by the at least one communication device to access or use the communication network;
  
  detecting removal of the portable storage device from a specified location;
  
  in response to the removal of the portable storage device from the specified location, starting a timer and allowing the at least one communication device to communicate over the communication network after the at least one communication device has obtained the security credential; and
  
  revoking the security credential after a specified time period has elapsed as indicated by the timer;
  
  wherein allowing the at least one communication device to communicate over the communication network comprises at least one of;
  
  (i) authenticating the at least one communication device or (ii) authorizing the at least one communication device to communicate over the communication network.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein:
    - the portable storage device comprises a card; and
      
      the specified location comprises a card reader/writer.
  - 3. The method of claim 1, wherein revoking the security credential comprises revoking the security credential after the timer has expired.
  - 4. The method of claim 1, further comprising determining whether additional time is needed;
    - wherein revoking the security credential comprises revoking the security credential after the specified time period and an additional amount of time have elapsed.
  - 5. The method of claim 1, wherein the at least one communication device is authenticated or authorized with a trust center using the security credential received by the at least one communication device from the portable storage device.
  - 6. The method of claim 1, wherein authenticating the at least one communication device comprises using a wireless node to communicate with the at least one communication device, the wireless node separate from the communication network.
  - 7. The method of claim 1, wherein:
    - the communication network comprises a wireless network; and
      
      the security credential comprises a cryptographic key.

8. A system comprising:
- a communication network; and
  
  a trust center configured to;
  
  store a security credential associated with the communication network on a portable storage device, the portable storage device configured to provide the security credential to at least one communication device, the security credential needed by the at least one communication device to access or use the communication network;
  
  detect removal of the portable storage device from a specified location;
  
  in response to the removal of the portable storage device from the specified location, start a timer and allow the at least one communication device to communicate over the communication network after the at least one communication device has obtained the security credential; and
  
  revoke the security credential after a specified time period has elapsed as indicated by the time;
  
  wherein the trust center is configured to allow the at least one communication device to communicate over the communication network by at least one of;
  
  (i) authenticating the at least one communication device or (ii) authorizing the at least one communication device to communicate over the communication network.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. The system of claim 8, wherein:
    - the portable storage device comprises a card; and
      
      the specified location comprises a card reader/writer.
  - 10. The system of claim 8, wherein the timer is configured to be set to an initial value and to be triggered upon the detection of the removal of the portable storage device from the specified location, the security credential revoked after the timer has expired.
  - 11. The system of claim 8, wherein:
    - the trust center is further configured to determine whether additional time is needed; and
      
      when additional time is needed, the trust center is configured to revoke the security credential after the specified time period and an additional amount of time have elapsed.
  - 12. The system of claim 8, wherein the trust center is configured to authenticate the at least one communication device using a wireless node to communicate with the at least one communication device, the wireless node separate from the communication network.
  - 13. The system of claim 8, wherein:
    - the communication network comprises a wireless network; and
      
      the security credential comprises a cryptographic key.
  - 14. The system of claim 8, further comprising a plurality of process sensors associated with an industrial control and automation system;
    - wherein the at least one communication device is configured to receive data from at least one of the sensors over the communication network.
  - 15. The system of claim 14, wherein the at least one communication device is further configured to provide voice communications to a user.
  - 16. The system of claim 8, wherein:
    - the trust center is configured to allow the at least one communication device to communicate over the communication network by using Medium Access Control (MAC) address/public key pairing; and
      
      the trust center is configured to verify that communications from a particular communication device use an appropriate public key and that the particular communication device has an appropriate MAC address paired to that public key.

17. An apparatus comprising:
- an interface configured to provide access to a portable storage device;
  
  a security credentials controller configured to;
  
  generate a security credential associated with a communication network;
  
  store the security credential on the portable storage device, the portable storage device configured to provide the security credential to at least one communication device, the security credential needed by the at least one communication device to access or use the communication network;
  
  detect removal of the portable storage device from a specified location;
  
  start a timer in response to the removal of the portable storage device from the specified location; and
  
  revoke the security credential after a specified time period has elapsed as indicated by the timer; and
  
  an authentication controller configured to allow, in response to the removal of the portable storage device from a specified location, the at least one communication device to communicate over the communication network after the at least one communication device has obtained the security credential when the security credential is valid, the authentication controller configured to at least one of;
  
  (i) authenticate the at least one communication device or (ii) authorize the at least one communication device to communicate over the communication network.
- View Dependent Claims (18, 19, 20)
- - 18. The apparatus of claim 17, wherein:
    - the portable storage device comprises a card; and
      
      the specified location comprises a card reader/writer.
  - 19. The apparatus of claim 18, wherein the security credentials controller is configured to detect the removal of the portable storage device from the specified location by detecting an event generated in response to the card being removed from the card reader/writer.
  - 20. The apparatus of claim 17, wherein:
    - the communication network comprises a wireless network; and
      
      the security credential comprises a cryptographic key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Honeywell International Inc.
Original Assignee
Honeywell International Inc.
Inventors
Budampati, Ramakrishna S., Kune, Denis Foo, Kolavennu, Soumitri N.
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
LAKHIA, VIRAL S

Application Number

US12/020,093
Publication Number

US 20090064295A1
Time in Patent Office

1,957 Days
Field of Search

726/27, 726/28, 726 4- 6, 713168-170
US Class Current

726/6
CPC Class Codes

H04L 63/067   using one-time keys cryptog...

H04L 63/0853   using an additional device,...

H04L 63/108   when the policy decisions a...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/082   using revocation of authori...

H04W 12/61   Time-dependent

H04W 84/18   Self-organising networks, e...

Y02D 30/70   in wireless communication n...

System, method, and apparatus for on-demand limited security credentials in wireless and other communication networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System, method, and apparatus for on-demand limited security credentials in wireless and other communication networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links