Destroying a secure session maintained by a server on behalf of a connection owner
First Claim
1. A method comprising:
- establishing a secure session on behalf of a connection owner, the secure session being maintained by a server that is connected to a wireless device via a communications network, the connection owner being associated with the wireless device, the secure session defining a context for a secure over-the-air device connection between the connection owner and the server;
while establishing the secure session, storing, on both the server and the wireless device, a registration key and a reset key, in association with the secure session, wherein the reset key differs from the registration key;
using the registration key to authenticate and optionally to encrypt messages of the established secure session exchanged between the wireless device and the server; and
upon determining at the wireless device that the registration key is irretrievable from a memory of the wireless device, generating at the wireless device a request to reset the established secure session, using the reset key to generate at the wireless device a first Message Authentication Code (MAC) from the request, and transmitting the request and the first MAC from the wireless device to the server;
upon receipt of the request and the first MAC at the server, destroying the secure session at the server.
4 Assignments
0 Petitions
Accused Products
Abstract
A method and system for establishing a secure over-the-air (OTA) connection between a connection owner and a server, the connection owner being associated with a wireless device connected to the server via a communications network. A secure session is instantiated on behalf of the connection owner, the secure session being maintained by the server and defining a context for the secure OTA connection. A registration key and a reset key are defined, and stored in association with the secure session on both the server and the wireless device. Access to the secure session is controlled using at least the registration key, and the secure session is maintained on the server only as long as the connection owner has a valid registration key.
20 Citations
17 Claims
-
1. A method comprising:
-
establishing a secure session on behalf of a connection owner, the secure session being maintained by a server that is connected to a wireless device via a communications network, the connection owner being associated with the wireless device, the secure session defining a context for a secure over-the-air device connection between the connection owner and the server; while establishing the secure session, storing, on both the server and the wireless device, a registration key and a reset key, in association with the secure session, wherein the reset key differs from the registration key; using the registration key to authenticate and optionally to encrypt messages of the established secure session exchanged between the wireless device and the server; and upon determining at the wireless device that the registration key is irretrievable from a memory of the wireless device, generating at the wireless device a request to reset the established secure session, using the reset key to generate at the wireless device a first Message Authentication Code (MAC) from the request, and transmitting the request and the first MAC from the wireless device to the server; upon receipt of the request and the first MAC at the server, destroying the secure session at the server. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A server comprising a processor and a computer readable medium for storing software instructions for controlling the processor to:
-
establish, on behalf of a connection owner, a secure session with a wireless device connected to the server over a communications network, the connection owner being associated with the wireless device, the secure session being maintained by the server and defining a context for a secure over-the-air device connection between the connection owner and the server, while establishing the secure session, store in association with the secure session a registration key, a reset key and an identification of the connection owner, wherein the reset key differs from the registration key; use the registration key to authenticate and optionally to encrypt messages of the established secure session exchanged with the wireless device; receive from the wireless device a request to reset the established secure session and a Message Authentication Code (MAC), the request generated by the wireless device upon the wireless device having determined that the registration key is irretrievable from a memory of the wireless device; and upon successfully verifying that the MAC was generated from the request using the reset key, destroy the secure session at the server. - View Dependent Claims (9, 10)
-
-
11. A method performed by a server, the method comprising:
-
establishing, on behalf of a connection owner, a secure session with a wireless device that is connected to the server via a communications network, the connection owner being associated with the wireless device, the secure session being maintained by the server and defining a context for a secure over-the-air device connection between the connection owner and the server; while establishing the secure session, storing in association with the secure session a registration key, a reset key and an identification of the connection owner, wherein the reset key differs from the registration key; using the registration key to authenticate and optionally to encrypt messages of the established secure session exchanged with the wireless device; receiving from the wireless device a request to reset the established secure session and a Message Authentication Code (MAC), the request generated by the wireless device upon the wireless device having determined that the registration key is irretrievable from a memory of the wireless device; and upon successfully verifying that the MAC was generated using the reset key, destroying the secure session at the server. - View Dependent Claims (12, 13)
-
-
14. A method performed by a wireless device, the method comprising:
-
while connected to a server via a communications network, initiating establishment of a secure session on behalf of a connection owner associated with the wireless device, the secure session being maintained by the server and defining a context for a secure over-the-air device connection between the connection owner and the server; while initiating establishment of the secure session, storing in association with the secure session a registration key and a reset key, wherein the reset key differs from the registration key; using the registration key to authenticate and optionally to encrypt messages of the established secure session exchanged between the wireless device and the server; and upon determining that the registration key is irretrievable from a memory of the wireless device, generating a request to reset the established secure session, using the reset key to generate a Message Authentication Code (MAC) from the request, and transmitting the request and the MAC to the server.
-
-
15. A wireless device having data communication capabilities and a memory, the wireless device configured to:
-
connect to a server via a communications network for a secure over-the-air (OTA) device connection between a connection owner and the server, the connection owner being associated with the wireless device; initiate establishment of a secure session on behalf of the connection owner, the secure session being maintained by the server and defining a context for the secure OTA device connection; while initiating establishment of the secure session, store in association with the secure session a registration key and a reset key in the memory, wherein the reset key differs from the registration key; use the registration key to authenticate and optionally to encrypt messages of the established secure session exchanged between the wireless device and the server; and upon determining that the registration key is irretrievable from a memory of the wireless device, use the reset key to generate a Message Authentication Code (MAC) from the request, and transmit the request and the MAC to the server.
-
-
16. A non-transitory computer readable medium comprising software instructions, the software instructions controlling a processor of a server to:
-
establish, on behalf of a connection owner, a secure session with a wireless device that is connected to the server via a communications network, the connection owner being associated with the wireless device, the secure session being maintained by the server and defining a context for a secure over-the-air device connection between the connection owner and the server; while establishing the secure session, store in association with the secure session a registration key, a reset key and an identification of the connection owner, wherein the reset key differs from the registration key; use the registration key to authenticate and optionally to encrypt messages of the established secure session exchanged with the wireless device; and receive from the wireless device a request to reset the established secure session and a Message Authentication Code (MAC) , the request generated by the wireless device upon the wireless device having determined that the registration key is irretrievable from a memory of the wireless device; upon successfully verifying that the MAC was generated using the reset key, destroy the secure session at the server.
-
-
17. A non-transitory computer readable medium comprising software instructions, the software instructions controlling a wireless device to:
-
while connected to a server via a communications network, initiate establishment of a secure session on behalf of a connection owner associated with the wireless device, the secure session being maintained by the server and defining a context for a secure over-the-air device connection between the connection owner and the server; while initiating establishment of the secure session, store in association with the secure session a registration key and a reset key, wherein the reset key differs from the registration key; use the registration key to authenticate and optionally to encrypt messages of the established secure session exchanged between the wireless device and the server; and upon determining that the registration key is irretrievable from a memory of the wireless device, generate a request to reset the established secure session, use the reset key to generate a Message Authentication Code (MAC) from the request, and transmit the request and the MAC to the server.
-
Specification