Method and apparatus to create trust domains based on proximity

US 8,522,019 B2
Filed: 02/21/2008
Issued: 08/27/2013
Est. Priority Date: 02/23/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A method for deploying credential infrastructure, comprising:

establishing an initial communication link between a first device and a trust domain administrator;

sending preloaded credential information from the first device to the trust domain administrator across the initial communication link;

confirming the preloaded credential information;

sending, from the trust domain administrator to the first device and a second device, an instruction for the first device and the second device to establish a close range communication link with each other;

establishing the close range communication link between the first device and the second device in response to the instruction from the trust domain administrator;

receiving a new credential information at the second device from the trust domain administrator;

sending the new credential information across the close range communication link from the second device to the first device; and

using the new credential information in communication between the first device and the second device transmitted via another communication link that is different from the close range communication link.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Devices and methods use close range communication links, e.g., near field communication (NFC) links, to authenticate communication devices to one another to create or join a new device to a trust domain. Once two devices establish a close range communication peer-to-peer link the devices exchange credential information that provide an infrastructure for the trust domain. Medium or long range wireless or wired network communication links can then be used for secure and trusted communications. Proximity limits of the close range communication P2P link enables mutual trust to be presumed among devices, providing added security to the process of extending a trust domain and reducing the need for security and authentication signaling. Embodiments provide a variety of methods for extending credential infrastructure among devices. Embodiments further enable simple to use virtual cables that can provide secure point-to-point communications that are configured merely by touching two communication devices together.

120 Citations

View as Search Results

14 Claims

1. A method for deploying credential infrastructure, comprising:
- establishing an initial communication link between a first device and a trust domain administrator;
  
  sending preloaded credential information from the first device to the trust domain administrator across the initial communication link;
  
  confirming the preloaded credential information;
  
  sending, from the trust domain administrator to the first device and a second device, an instruction for the first device and the second device to establish a close range communication link with each other;
  
  establishing the close range communication link between the first device and the second device in response to the instruction from the trust domain administrator;
  
  receiving a new credential information at the second device from the trust domain administrator;
  
  sending the new credential information across the close range communication link from the second device to the first device; and
  
  using the new credential information in communication between the first device and the second device transmitted via another communication link that is different from the close range communication link.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising notifying a user of the receipt of the new credential information.
  - 3. The method of claim 1, further comprising confirming an identity of a user using another separate credential.
  - 4. The method of claim 3, wherein the separate credential is a password.
  - 5. The method of claim 3, wherein the separate credential is biometric data.
  - 6. The method of claim 1, wherein the close range communication link is a near-field communication (NFC) protocol communication link.
  - 7. The method of claim 1, further comprising sending a request to register with a trust domain from the first device to the second device,wherein:
    - the second device is already a member of the trust domain; and
      
      the new credential information is used to secure communication within the trust domain.
  - 8. The method of claim 7, further comprising:
    - forwarding the request to register with the trust domain from the second device to the trust domain administrator; and
      
      sending the new credential information from the trust domain administrator to the second device,wherein sending new credential information across the close range communication link comprises the second device forwarding the received new credential information to the first device across the close range communication link.
  - 9. The method of claim 8, further comprising:
    - prompting a user of the second device to provide a separate credential to the trust domain administrator;
      
      transmitting the separate credential to the trust domain administrator; and
      
      verifying the separate credential at the trust domain administrator,wherein sending the new credential information to the second device is accomplished in response to verifying the separate credential at the trust domain administrator.
  - 10. The method of claim 1, further comprising:
    - sending a credential information from the first device to the second device; and
      
      verifying the credential information,wherein sending new credential information across the close range communication link is accomplished in response to verifying the credential information.
  - 11. The method of claim 1, further comprising:
    - establishing the close range communication link between the first device and a third device; and
      
      sending the new credential information across the close range communication link from the first device to the third device.

12. A system, comprising:
- a network;
  
  a first communication device including a first transceiver and a second transceiver, wherein the first transceiver is configured to communicate via the network, and the second transceiver is a close range communication transceiver; and
  
  a second communication device including a third transceiver and a fourth transceiver, wherein the third transceiver is configured to communicate via the network, and the fourth transceiver is a close range communication transceiver,wherein the first communication device is configured to;
  
  establish an initial communication link across the network with a trust domain administrator via the first transceiver; and
  
  send preloaded credential information from the first communication device to the trust domain administrator across the initial communication link,wherein the first and second communication devices are configured to;
  
  receive an instruction from the trust domain administrator to establish a close range communication link between the first and second communication devices via the second and fourth transceivers;
  
  establish the close range communication link between the first and second communication devices via the second and fourth transceivers in response to the instruction from the trust domain administrator;
  
  receive a new credential information at the second communication device from the trust domain administrator;
  
  exchange the new credential information between the first and second communication devices via the close range communication link; and
  
  establish communications between the first and second communication devices via the first and third transceivers based on the exchanged new credential information.

13. A medical monitoring system, comprising:
- a computer, including;
  
  a computer processor;
  
  a memory coupled to the processor;
  
  a first transceiver coupled to the processor; and
  
  a second transceiver coupled to the processor, the second transceiver being a close range communication transceiver; and
  
  a medical device, including;
  
  a medical device processor;
  
  a third transceiver coupled to the medical device processor; and
  
  a fourth transceiver coupled to the medical device processor, the fourth transceiver being a close range communication transceiver,wherein the medical device processor is configured with software instructions to perform operations comprising;
  
  establishing an initial communication link with a hospital server via the third receiver;
  
  sending preloaded credential information to the hospital server across the initial communication link;
  
  receiving a first instruction from the hospital server to establish a close range communication link with the computer;
  
  establishing the close range communication link between the medical device and the computer via the fourth transceiver in response to the received first instruction;
  
  receiving a new credential information from the computer over the close range communication link; and
  
  using the new credential information in communications between the medical device and the computer using the third transceiver,wherein the computer processor is configured with software instructions to perform operations comprising;
  
  receiving a second instruction from the hospital server to establish the close range communication link with the medical device;
  
  establishing the close range communication link between the computer and the medical device via the second transceiver in response to the received second instruction;
  
  receiving the new credential information from the hospital server;
  
  providing the new credential information to the medical device over the close range communication link, andusing the new credential information in communications between the computer and the medical device using the first transceiver.
- View Dependent Claims (14)
- - 14. The medical monitoring system of claim 13, wherein the hospital server comprises:
    - a server processor; and
      
      a network connection circuit coupled to a network and configured to send signals to and receive data from the computer,wherein the server processor is configured with software instructions to perform operations comprising;
      
      receiving preloaded credential information from the medical device via the initial communication link;
      
      confirming the preloaded credential information from the medical device;
      
      sending the first and second instructions to the computer and the medical device to establish the close range communication link with each other in response to confirming the preloaded credential information;
      
      providing the new credential information to the computer via the network; and
      
      using the new credential information in communications between the hospital server and the computer via the network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Michaelis, Oliver
Primary Examiner(s)
KIM, TAE K

Application Number

US12/035,309
Publication Number

US 20080222711A1
Time in Patent Office

2,014 Days
Field of Search

726/2, 726/3, 726/5, 726/6, 726/7, 709/227, 709/228, 713168-172, 370328-338, 455/422.1, 4554321-4353
US Class Current

713/168
CPC Class Codes

G07C 9/23   by means of a password

G07C 9/257   electronically G07C9/26 tak...

H04L 63/0492   by using a location-limited...

H04L 63/0869   for achieving mutual authen...

H04L 63/18   using different networks or...

H04W 12/06   Authentication

H04W 12/50   Secure pairing of devices

H04W 88/18   Service support devices; Ne...

Method and apparatus to create trust domains based on proximity

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

120 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus to create trust domains based on proximity

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

120 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links