Method and apparatus to create trust domains based on proximity
First Claim
1. A method for deploying credential infrastructure, comprising:
- establishing an initial communication link between a first device and a trust domain administrator;
sending preloaded credential information from the first device to the trust domain administrator across the initial communication link;
confirming the preloaded credential information;
sending, from the trust domain administrator to the first device and a second device, an instruction for the first device and the second device to establish a close range communication link with each other;
establishing the close range communication link between the first device and the second device in response to the instruction from the trust domain administrator;
receiving a new credential information at the second device from the trust domain administrator;
sending the new credential information across the close range communication link from the second device to the first device; and
using the new credential information in communication between the first device and the second device transmitted via another communication link that is different from the close range communication link.
1 Assignment
0 Petitions
Accused Products
Abstract
Devices and methods use close range communication links, e.g., near field communication (NFC) links, to authenticate communication devices to one another to create or join a new device to a trust domain. Once two devices establish a close range communication peer-to-peer link the devices exchange credential information that provide an infrastructure for the trust domain. Medium or long range wireless or wired network communication links can then be used for secure and trusted communications. Proximity limits of the close range communication P2P link enables mutual trust to be presumed among devices, providing added security to the process of extending a trust domain and reducing the need for security and authentication signaling. Embodiments provide a variety of methods for extending credential infrastructure among devices. Embodiments further enable simple to use virtual cables that can provide secure point-to-point communications that are configured merely by touching two communication devices together.
120 Citations
14 Claims
-
1. A method for deploying credential infrastructure, comprising:
-
establishing an initial communication link between a first device and a trust domain administrator; sending preloaded credential information from the first device to the trust domain administrator across the initial communication link; confirming the preloaded credential information; sending, from the trust domain administrator to the first device and a second device, an instruction for the first device and the second device to establish a close range communication link with each other; establishing the close range communication link between the first device and the second device in response to the instruction from the trust domain administrator; receiving a new credential information at the second device from the trust domain administrator; sending the new credential information across the close range communication link from the second device to the first device; and using the new credential information in communication between the first device and the second device transmitted via another communication link that is different from the close range communication link. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system, comprising:
-
a network; a first communication device including a first transceiver and a second transceiver, wherein the first transceiver is configured to communicate via the network, and the second transceiver is a close range communication transceiver; and a second communication device including a third transceiver and a fourth transceiver, wherein the third transceiver is configured to communicate via the network, and the fourth transceiver is a close range communication transceiver, wherein the first communication device is configured to; establish an initial communication link across the network with a trust domain administrator via the first transceiver; and send preloaded credential information from the first communication device to the trust domain administrator across the initial communication link, wherein the first and second communication devices are configured to; receive an instruction from the trust domain administrator to establish a close range communication link between the first and second communication devices via the second and fourth transceivers; establish the close range communication link between the first and second communication devices via the second and fourth transceivers in response to the instruction from the trust domain administrator; receive a new credential information at the second communication device from the trust domain administrator; exchange the new credential information between the first and second communication devices via the close range communication link; and establish communications between the first and second communication devices via the first and third transceivers based on the exchanged new credential information.
-
-
13. A medical monitoring system, comprising:
-
a computer, including; a computer processor; a memory coupled to the processor; a first transceiver coupled to the processor; and a second transceiver coupled to the processor, the second transceiver being a close range communication transceiver; and a medical device, including; a medical device processor; a third transceiver coupled to the medical device processor; and a fourth transceiver coupled to the medical device processor, the fourth transceiver being a close range communication transceiver, wherein the medical device processor is configured with software instructions to perform operations comprising; establishing an initial communication link with a hospital server via the third receiver; sending preloaded credential information to the hospital server across the initial communication link; receiving a first instruction from the hospital server to establish a close range communication link with the computer; establishing the close range communication link between the medical device and the computer via the fourth transceiver in response to the received first instruction; receiving a new credential information from the computer over the close range communication link; and using the new credential information in communications between the medical device and the computer using the third transceiver, wherein the computer processor is configured with software instructions to perform operations comprising; receiving a second instruction from the hospital server to establish the close range communication link with the medical device; establishing the close range communication link between the computer and the medical device via the second transceiver in response to the received second instruction; receiving the new credential information from the hospital server; providing the new credential information to the medical device over the close range communication link, and using the new credential information in communications between the computer and the medical device using the first transceiver. - View Dependent Claims (14)
-
Specification