Trusted group of a plurality of devices with single sign on, secure authentication

US 8,464,063 B2
Filed: 03/07/2011
Issued: 06/11/2013
Est. Priority Date: 03/10/2010
Status: Active Grant

First Claim

Patent Images

1. A non-transient computer program product including computer executable instructions stored onto a computer readable medium which, when executed by a processor of a computer, causes the computer to perform a method for establishing a trusted group, the instructions comprising:

instructions to define the trusted group including two or more devices;

instructions to receive a session initiation protocol (SIP) registration for a first device;

instructions to receive a subscribe message from the first device to subscribe to the trusted group;

in response to the SIP registration, instructions to send a notification to the first device, the notification providing information of a second device that is already registered and subscribed to the trusted group;

instructions to pass a SIP invite message from the first device to the second device, the SIP invite message including a self signed certificate fingerprint for the first device;

in response to the SIP invite message, passing a 200 OK message from the second device to the first device, wherein the 200 OK message includes a self signed certificate fingerprint for the second device; and

wherein, in response to the 200 OK message, the first device and the second device establish a persistent transport layer security (TLS) connection to pass lock or unlock events between the first device and the second device.

View all claims

21 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system creates a trusted group of devices for single sign on. The trusted group is a set of two or more devices which can communicate securely to exchange information about the states of the devices. The two or more devices can arrange or establish the trusted group through the exchange of credentials or authentication information. After the establishment of the trusted group, the two or more devices may communicate through a secure connection established between the members of the trusted group. Each device may then execute normally and may encounter events that change the status of the device. Information about the locking or unlocking of the computer can be exchanged with the other members of the trusted group and the other members may also lock or unlock in concert.

103 Citations

View as Search Results

20 Claims

1. A non-transient computer program product including computer executable instructions stored onto a computer readable medium which, when executed by a processor of a computer, causes the computer to perform a method for establishing a trusted group, the instructions comprising:
- instructions to define the trusted group including two or more devices;
  
  instructions to receive a session initiation protocol (SIP) registration for a first device;
  
  instructions to receive a subscribe message from the first device to subscribe to the trusted group;
  
  in response to the SIP registration, instructions to send a notification to the first device, the notification providing information of a second device that is already registered and subscribed to the trusted group;
  
  instructions to pass a SIP invite message from the first device to the second device, the SIP invite message including a self signed certificate fingerprint for the first device;
  
  in response to the SIP invite message, passing a 200 OK message from the second device to the first device, wherein the 200 OK message includes a self signed certificate fingerprint for the second device; and
  
  wherein, in response to the 200 OK message, the first device and the second device establish a persistent transport layer security (TLS) connection to pass lock or unlock events between the first device and the second device.
- View Dependent Claims (2, 3, 4, 6, 7, 8)
- - 2. The computer program product as defined in claim 1, further comprising instructions to execute an application for the first device or the second device.
  - 3. The computer program product as defined in claim 2, further comprising instructions to administer a communication from or to the first device or the second device.
  - 4. The computer program product as defined in claim 3, further comprising:
    - instructions to receive, by the first device, an event from the second device of the trusted group over the persistent TLS channel, the event indicating an unlock or lock of the second device; and
      
      based on the event, instructions to unlock or lock the first device of the trusted group.
  - 6. The computer program product as defined in claim 1, wherein the first device is a desktop computer and the second device is a cell phone and further comprising:
    - instructions for the desktop computer to pass the lock event to the cell phone;
      
      in response to receiving the lock event at the cell phone, instructions to ensure that the desktop computer is in physical proximity to the cell phone; and
      
      in response to receiving the lock event and ensuring that the desktop computer is in physical proximity to the cell phone, locking the cell phone.
  - 7. The computer program product as defined in claim 1, further comprising:
    - instructions for the first device to pass the lock event to the second device;
      
      in response to receiving the lock event at the second device, instructions to ensure that the first device is physically located near the second device using IP subnet verification; and
      
      in response to receiving the lock event and ensuring that the first device is physically located near the second device, instructions to lock the second device.
  - 8. The computer program product as defined in claim 1, wherein the first device is a desktop computer and the second device is a cell phone and further comprising:
    - instructions to receive a Bluetooth disconnect trigger from the cell phone;
      
      in response to receiving the Bluetooth disconnect trigger, instructions to pass the lock event to the desktop computer; and
      
      instructions to lock the desktop computer.

5. A trusted group of devices comprising:
- a first communication device comprising;
  
  a memory that stores a lock/unlock application;
  
  a processor in communication with the memory, the processor that executes the lock/unlock application;
  
  a computing device comprising;
  
  a second memory that stores a second lock/unlock application;
  
  a second processor in communication with the second memory, the second processor that executes the second lock/unlock application;
  
  a session manager in communication with the first communication device and the computing device, the session manager that;
  
  receives a session initiation protocol (SIP) registration for the first communications device;
  
  receives a subscribe message from the first communication device to subscribe to a trusted group, the trusted group including the first communication device and the computing device;
  
  in response to the SIP registration, sends a notification to the first communication device, the notification providing information of the computing device that is already registered and subscribed to the trusted group;
  
  passes a SIP invite message from the computing device to the first communication device, the SIP invite message including a self signed certificate fingerprint for the computing device;
  
  in response to the SIP invite message, passes a 200 OK message from the first communication device to the computing device, wherein the 200 OK message includes a self signed certificate fingerprint for the first communication device; and
  
  wherein, in response to the 200 OK message, the first communication device and the computing device establish a persistent transport layer security (TLS) connection to pass lock or unlock events between the first communication device and the computing device.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The trusted group as defined in claim 5, wherein the session manager is executed on a server.
  - 15. The trusted group as defined in claim 5, wherein the session manager is executed on one of the computing device or the first communication device.
  - 16. The trusted group as defined in claim 5, wherein the first communication device is one of a group consisting of a cellular phone, a personal digital assistant, a laptop computer, an IP-enabled desktop telephone, a telephone application executing in a computer system, and a desktop telephone.
  - 17. The trusted group as defined in claim 5, wherein the computing device is one of a group consisting of a personal digital assistant, a laptop computer, a desktop computer, and a server.
  - 18. The trusted group as defined in claim 5, wherein the computing device further:
    - receives an event from the first communication device of the trusted group over the persistent TLS connection, the event indicating an unlock or lock of the first communication device andbased on the event, unlocks or locks the computing device of the trusted group.
  - 19. The trusted group as defined in claim 18, wherein the session managerreceives presence information for the computing device or the first communication device,sends the presence information to the computing device or the first communication device, andwherein the presence information is read by either the computing device or the first communication device to determine if the event should be responded to.
  - 20. The trusted group as defined in claim 19, further comprising a credentials database in communication with the first and second lock/unlock application, the credentials databasestores credentials for the computing device and the first communication device andprovides the stored credentials to the computing device and the first communication device.

9. A method for a secure sign on, comprising:
- establishing, by a first device, a secure communications channel with at least a second device of a trusted group, wherein the secure communications channel is a persistent transport layer security (TLS) connection for communicating events between two or more IP enabled devices of the trusted group and wherein establishing the secure communications channel comprises;
  
  sending a session initiation protocol (SIP) registration to a session manager;
  
  in response to the SIP registration, receiving a notification from the session manager, the notification providing information of another device that is part of the trusted group;
  
  sending a SIP invite message to the other device;
  
  in response to the SIP invite message, receiving a direct socket link for the persistent TLS connection; and
  
  in response to the receiving the direct socket link for the persistent TLS connection, establishing the persistent TLS connection;
  
  receiving, by the first device, an event from the at least one second device of the trusted group over the secure communication channel, the event indicating an unlock of the at least one second device; and
  
  based on the event, unlocking the first device of the trusted group.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method as defined in claim 9, wherein the SIP invite message includes a self signed certificate fingerprint and is the SIP invite is based on a telephone call.
  - 11. The method as defined in claim 9, wherein the event includes unlock credentials.
  - 12. The method as defined in claim 11, further comprising:
    - executing, by the first device, a second event, wherein the second event comprises locking of the first device;
      
      sending the second event to the at least one second device of the trusted group; and
      
      wherein the at least one second device is locked in response to the second event.
  - 13. The method as defined in claim 12, further comprising subscribing to the session manager to receive event messages from the two or more devices comprising the trusted group.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Arlington Technologies, LLC (Dominion Harbor Enterprises, LLC)
Original Assignee
Avaya Incorporated
Inventors
Agarwal, Amit, Balasaygun, Mehmet, Kamble, Swapnil, Sinha, Raj
Primary Examiner(s)
Hoffman, Brandon
Assistant Examiner(s)
AMORIN, CARLOS E

Application Number

US13/042,201
Publication Number

US 20110225426A1
Time in Patent Office

827 Days
Field of Search

None
US Class Current

713/175
CPC Class Codes

G06F 21/41 where a single sign-on prov...

H04L 63/10 for controlling access to d...

Trusted group of a plurality of devices with single sign on, secure authentication

First Claim

21 Assignments

0 Petitions

Accused Products

Abstract

103 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted group of a plurality of devices with single sign on, secure authentication

First Claim

21 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

103 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links