Near field communication authentication and validation to access corporate data
First Claim
1. A system for near field communication authentication and validation to access corporate data, comprising:
- a mobile device comprising a near field communication transceiver and a main processor chipset,a security zone architecture embedded in the main processor chipset, the security zone architecture comprising a secure partition of hardware and software resources, which include a plurality of secure partition applications, with a trusted execution environment, wherein the plurality of secure partition applications runs on a first virtual processor that is configured to execute in a time-sliced manner relative to a second virtual processor that runs a plurality of non-secure partition applications;
a memory located within the secure partition of the mobile device that stores private enterprise credentials;
an enterprise server comprising a security zone server security zone architecture, the security zone architecture including a secure partition of hardware and software resources with a trusted execution environment,an enterprise network comprising a domain;
a building access sensor coupled to the enterprise server, wherein the building access sensor comprises a near field communication transceiver;
an application of the plurality of secure partition applications stored in the secure partition on the mobile device and executable in the trusted execution environment on the mobile device, wherein the application,establishes a wireless link to the building access sensor via the near field communication transceiver on the mobile device and the near field communication transceiver on the building access sensor,couples the near field communication transceiver on the mobile device with the memory in the secure partition of the mobile device, andtransmits the private enterprise credentials stored in the memory to the building access sensor via the near field communication transceiver on the mobile device and the near field communication transceiver on the building access sensor; and
an application stored in the secure partition of the enterprise server and executable on the trusted execution environment on the enterprise server, wherein the application,receives the private enterprise credentials via the building access sensor,authorizes access to the building based on the private enterprise credentials,authenticates the user identified by the private enterprise credentials, andgrants the user access to a computer accessing the domain on the enterprise network based on the authentication.
6 Assignments
0 Petitions
Accused Products
Abstract
A system for near field communication authentication (NFC) and validation to access corporate data is provided. The system comprises a mobile phone, an enterprise server, a building access sensor coupled to the server, and an enterprise network comprising a domain. The sensor comprises a NFC transceiver. The phone comprises a NFC transceiver and a trusted security zone which comprises private enterprise credentials and an application, where the application establishes a wireless link to the sensor via the NFC transceiver, couples the NFC transceiver with memory storing the credentials, and transmits the credentials to the sensor via the NFC transceiver. The enterprise server comprises a trusted security zone and an application stored in the trusted security zone, where the application receives the credentials via the sensor, authorizes access to the building based on the credentials, and authenticates the user to the domain on the enterprise network.
210 Citations
20 Claims
-
1. A system for near field communication authentication and validation to access corporate data, comprising:
-
a mobile device comprising a near field communication transceiver and a main processor chipset, a security zone architecture embedded in the main processor chipset, the security zone architecture comprising a secure partition of hardware and software resources, which include a plurality of secure partition applications, with a trusted execution environment, wherein the plurality of secure partition applications runs on a first virtual processor that is configured to execute in a time-sliced manner relative to a second virtual processor that runs a plurality of non-secure partition applications; a memory located within the secure partition of the mobile device that stores private enterprise credentials; an enterprise server comprising a security zone server security zone architecture, the security zone architecture including a secure partition of hardware and software resources with a trusted execution environment, an enterprise network comprising a domain; a building access sensor coupled to the enterprise server, wherein the building access sensor comprises a near field communication transceiver; an application of the plurality of secure partition applications stored in the secure partition on the mobile device and executable in the trusted execution environment on the mobile device, wherein the application, establishes a wireless link to the building access sensor via the near field communication transceiver on the mobile device and the near field communication transceiver on the building access sensor, couples the near field communication transceiver on the mobile device with the memory in the secure partition of the mobile device, and transmits the private enterprise credentials stored in the memory to the building access sensor via the near field communication transceiver on the mobile device and the near field communication transceiver on the building access sensor; and an application stored in the secure partition of the enterprise server and executable on the trusted execution environment on the enterprise server, wherein the application, receives the private enterprise credentials via the building access sensor, authorizes access to the building based on the private enterprise credentials, authenticates the user identified by the private enterprise credentials, and grants the user access to a computer accessing the domain on the enterprise network based on the authentication. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of near field communication authentication and validation to access corporate data, comprising:
-
establishing, by an application of a plurality of secure partition applications, a near field communication wireless link between a building access sensor and a mobile device, wherein the mobile device comprises a main processor chipset with a security zone architecture embedded in the main processor chipset, wherein the security zone architecture comprises a secure partition of hardware and software resources, which include the plurality of secure partition applications, with a trusted execution environment, wherein the plurality of secure partition applications runs on a first virtual processor that is configured to execute in a time-sliced manner relative to a second virtual processor that runs a plurality of non-secure partition applications, and wherein the mobile device further comprises a memory located within the secure partition that stores private enterprise credentials; coupling, by the application of the plurality of secure partition applications, a near field communication transceiver in the mobile phone with the memory in; transmitting, by the application of the plurality of secure partition applications, the private enterprise credentials to the building access sensor via the near field communication wireless link;
receiving, by an application executing on an enterprise server coupled to the building access sensor, the private enterprise credentials wherein the application executes on the enterprise server;authorizing access to the building based on the private enterprise credentials; and authenticating the user identified by the private enterprise credentials to a domain on an enterprise network. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method of near field communication authentication and validation to access corporate data, comprising:
-
establishing, by an application of a plurality of secure partition applications, a near field communication wireless link between a building access sensor and a mobile device, wherein the mobile device comprises a biometric reader and a main processor chipset with a security zone architecture embedded in the main processor chipset, wherein the security zone architecture comprises a secure partition of hardware and software resources, which include the plurality of secure partition applications, with a trusted execution environment, wherein the plurality of secure partition applications runs on a first virtual processor that is configured to execute in a time-sliced manner relative to a second virtual processor that runs a plurality of non-secure partition applications, and wherein the mobile device further comprises a memory located within the secure partition that stores private enterprise credentials; coupling, by the application of the plurality of secure partition applications, a near field communication transceiver in the mobile device with the memory; transmitting, by the application of the plurality of secure partition applications, the private enterprise credentials to the building access sensor via the near field communication wireless link; receiving, by an application executing on an enterprise server coupled to the building access sensor, the private enterprise credentials authorizing access to the building based on the private enterprise credentials; authenticating a user identified by the private enterprise credentials to a domain on an enterprise network; establishing a wireless link between a computer on the enterprise network and the mobile device; and authenticating, by the computer, the user of the mobile device based on identification sent from the biometric reader on the mobile device. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification